Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.44

Version Description

  • Google Authenticator - Two factor Authentication (2FA, OTP) :
  • Added link to WordPress forum in support form
  • Minor bug fix
Download this release

Release Info

Developer twofactorauthentication
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.44
Comparing to
See all releases

Code changes from version 5.4.43 to 5.4.44

Files changed (46) hide show
  1. api/Mo2f_OnPremRedirect.php +343 -343
  2. api/class-customer-common-setup.php +475 -475
  3. api/class-customer-setup.php +33 -33
  4. api/class-rba-attributes.php +183 -183
  5. controllers/PointersManager.php +53 -53
  6. controllers/backup/backup_created_report.php +1 -1
  7. controllers/dashboard_ajax.php +210 -210
  8. controllers/duo_authenticator/duo_authenticator_ajax.php +74 -74
  9. controllers/feedback_footer.php +56 -78
  10. controllers/malware_scanner/scan_malware.php +9 -9
  11. controllers/pointers.php +581 -581
  12. controllers/reports.php +24 -24
  13. controllers/request_christmas_offer.php +47 -47
  14. controllers/request_demo.php +50 -50
  15. controllers/request_offer.php +45 -45
  16. controllers/support.php +0 -23
  17. controllers/tour-model.php +1 -1
  18. controllers/tour/tour_ajax.php +145 -145
  19. controllers/troubleshooting.php +4 -4
  20. controllers/twofa/mo2fa_common_login.php +1588 -1588
  21. controllers/twofa/two_fa_addon.php +5 -5
  22. controllers/twofa/two_fa_custom_form.php +8 -8
  23. controllers/twofa/two_fa_login_option.php +1 -1
  24. controllers/twofa/two_fa_video_guide.php +3 -3
  25. controllers/wpns-loginsecurity-ajax.php +1398 -1398
  26. database/database_functions.php +872 -872
  27. database/database_functions_2fa.php +403 -403
  28. handler/WAF/database/mo-waf-db-common.php +24 -24
  29. handler/WAF/database/mo-waf-db.php +248 -248
  30. handler/WAF/database/mo-waf-plugin-db.php +90 -90
  31. handler/WAF/mo-waf-plugin.php +211 -211
  32. handler/WAF/waf-include.php +91 -91
  33. handler/ajax.php +175 -175
  34. handler/feedback_form.php +210 -210
  35. handler/logger.php +38 -38
  36. handler/login.php +408 -408
  37. handler/mo-block.html +9 -9
  38. handler/mo-waf-plugin.php +409 -409
  39. handler/realtime_ip_block_free.php +51 -51
  40. handler/recaptcha.php +160 -160
  41. handler/twofa/encryption.php +45 -45
  42. handler/twofa/gaonprem.php +250 -250
  43. handler/twofa/setup_twofa.php +1023 -1023
  44. handler/twofa/two_fa_constants.php +454 -454
  45. handler/twofa/two_fa_login.php +402 -402
  46. handler/twofa/two_fa_pass2login.php +0 -998
api/Mo2f_OnPremRedirect.php CHANGED
@@ -1,343 +1,343 @@
1
- <?php
2
- class Mo2f_OnPremRedirect {
3
-
4
- function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
- switch($authType){
6
-
7
- case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
- return $content;
9
- break;
10
- case "KBA": $content = $this->mo2f_kba_onpremise();
11
- return $content;
12
- break;
13
- case "OUT OF BAND EMAIL":
14
- break;
15
- case "EMAIL":
16
- case "OTP OVER EMAIL":
17
- case "OTP_OVER_EMAIL":
18
- return $this->mo2f_otp_over_email($otpToken,$current_user);
19
-
20
-
21
- }
22
-
23
- }
24
-
25
- function mo2f_kba_onpremise(){
26
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
- if(isset($_POST['validate'])){
28
- $user_id = wp_get_current_user()->ID;
29
- }
30
- else{
31
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
- }
33
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
- $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
- $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
- $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
- $questions_challenged = $questions_challenged[0];
38
- $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
- $all_ques_ans = $all_ques_ans[0];
40
- $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
- $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
-
45
- $pass2fa = new Miniorange_Password_2Factor_Login;
46
- $twofa_Settings = new Miniorange_Authentication;
47
- if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
- $content = json_encode($arr);
50
- delete_user_meta( $user_id, 'test_2FA' );
51
- return $content;
52
- }
53
- else {
54
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
- $content = json_encode($arr);
56
- return $content;
57
- }
58
-
59
- }
60
-
61
- function OnpremSendRedirect($useremail,$authType,$currentuser){
62
-
63
- switch($authType){
64
-
65
- case "Email Verification":
66
- case "OUT OF BAND EMAIL":
67
- $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
- return $content;
69
- case "EMAIL":
70
-
71
- case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
- return $content;
73
- case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
- return $content;
75
-
76
- }
77
-
78
- }
79
-
80
- function OnpremSecurityQuestions($user){
81
- $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
- $challenge_questions = array_keys($question_answers[0]);
83
- $random_keys = array_rand($challenge_questions,2);
84
- $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
- $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
- $questions = array($challenge_ques1,$challenge_ques2);
87
- update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
- $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
- return $response;
90
-
91
- }
92
-
93
- function mo2f_google_authenticator_onpremise($otpToken){
94
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
- $gauth_obj= new Google_auth_onpremise();
96
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
- if(is_user_logged_in()){
98
- $user = wp_get_current_user();
99
- $user_id = $user->ID;
100
- }else{
101
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
- }
103
- $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
- $content=$gauth_obj->verifyCode($secret, $otpToken);
105
- return $content;
106
- }
107
- function OnpremOTPOverEMail($current_user,$useremail=false)
108
- {
109
- return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
- }
111
- function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
- {
113
- $count_threshold = 5;
114
- global $Mo2fdbQueries;
115
- if(!isset($current_user) or is_null($current_user))
116
- {
117
- if(is_user_logged_in()){
118
- $current_user = wp_get_current_user();
119
- }else{
120
- $current_user = unserialize($_SESSION['mo2f_current_user']);
121
- }
122
- }
123
-
124
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
- {
126
- $email = get_user_meta($current_user->ID,'tempEmail',true);
127
-
128
- if($email == '' or empty($email))
129
- {
130
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
- }
132
-
133
- }
134
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
- $email = $current_user->user_email;
136
-
137
- delete_user_meta($current_user->ID,'tempEmail');
138
- $subject = '2-Factor Authentication';
139
- $headers = array('Content-Type: text/html; charset=UTF-8');
140
- $otpToken = '';
141
- for($i=1;$i<7;$i++)
142
- {
143
- $otpToken .= rand(0,9);
144
- }
145
- update_user_meta($current_user->ID,$tokenName,$otpToken);
146
- update_user_meta($current_user->ID,$timeName,time());
147
- update_user_meta($current_user->ID,'tempRegEmail',$email);
148
- $message = '<table cellpadding="25" style="margin:0px auto">
149
- <tbody>
150
- <tr>
151
- <td>
152
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
- <tbody>
154
- <tr>
155
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
- </tr>
157
- </tbody>
158
- </table>
159
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
- <tbody>
161
- <tr>
162
- <td>
163
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
- <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
- </div></div></td>
169
- </tr>
170
- </tbody>
171
- </table>
172
- </td>
173
- </tr>
174
- </tbody>
175
- </table>';
176
-
177
- $result = wp_mail($email,$subject,$message,$headers);
178
- if($result){
179
- if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
- Miniorange_Authentication::low_otp_alert("email");
181
- update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
-
184
- }else{
185
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
- }
188
- $content = json_encode($arr);
189
- return $content;
190
-
191
- }
192
-
193
- function mo2f_otp_over_email($otpToken,$current_user)
194
- {
195
- return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
- }
197
- function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
- {
199
- global $Mo2fdbQueries;
200
- if(is_null($current_user))
201
- {
202
- $current_user = wp_get_current_user();
203
- }
204
-
205
- if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
- {
207
- $user_id = $current_user->ID;
208
-
209
-
210
-
211
-
212
- $valid_token = get_user_meta($user_id,$dtoken,true);
213
-
214
-
215
- $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
-
217
-
218
- $time = get_user_meta($user_id,$dtime,true);
219
- $accepted_time = time()-300;
220
-
221
-
222
- if($accepted_time>$time)
223
- {
224
-
225
- delete_user_meta( $user_id, $dtoken );
226
- delete_user_meta( $user_id, $dtime );
227
- delete_user_meta( $user_id,'tempRegEmail');
228
-
229
- $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
- }
231
-
232
- else if($valid_token == $otpToken)
233
- {
234
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
- delete_user_meta( $user_id, $dtoken );
236
- if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
- {
238
- $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
- if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
- $Mo2fdbQueries->update_user_details($user_id,array(
241
- 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
- 'mo2f_user_email'=> $tempRegEmail));
244
- }
245
- delete_user_meta( $user_id,'tempRegEmail');
246
- }
247
- else
248
- {
249
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
- }
251
-
252
- $content = json_encode($arr);
253
- return $content;
254
-
255
- }
256
- }
257
-
258
-
259
- function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
- {
261
-
262
- global $Mo2fdbQueries;
263
-
264
- $email = get_user_meta($current_user->ID,'tempEmail',true);
265
-
266
-
267
- if(empty($email))
268
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
-
270
- $subject = "2-Factor Authentication(Email verification)";
271
- $headers = array('Content-Type: text/html; charset=UTF-8');
272
- $txid = '';
273
- $otpToken = '';
274
- $otpTokenD = '';
275
- for($i=1;$i<7;$i++)
276
- {
277
- $otpToken .= rand(0,9);
278
- $txid .= rand(100,999);
279
- $otpTokenD .= rand(0,9);
280
- }
281
- $otpTokenH = hash('sha512',$otpToken);
282
- $otpTokenDH = hash('sha512', $otpTokenD);
283
- update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
- $userID = hash('sha512',$current_user->ID);
285
- update_site_option($userID,$otpTokenH);
286
- update_site_option($txid,3);
287
- $userIDd = $userID . 'D';
288
- update_site_option($userIDd,$otpTokenDH);
289
-
290
- $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
- $result = wp_mail($email,$subject,$message,$headers);
292
-
293
- $response=array("txId"=>$txid);
294
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
- if($result)
296
- {
297
- $response['status']='SUCCESS';
298
- $time = "time".$txid;
299
- $currentTimeInMillis = round(microtime(true) * 1000);
300
- update_site_option($time,$currentTimeInMillis);
301
- }
302
- else
303
- {
304
- $response['status']='FAILED';
305
- }
306
-
307
- return json_encode($response);
308
- }
309
-
310
- function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
- $url = get_site_option('siteurl').'/wp-login.php?';
312
- $message = '<table cellpadding="25" style="margin:0px auto">
313
- <tbody>
314
- <tr>
315
- <td>
316
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
- <tbody>
318
- <tr>
319
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
- </tr>
321
- </tbody>
322
- </table>
323
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
- <tbody>
325
- <tr>
326
- <td>
327
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
- <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
- <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
- </div></div></td>
334
- </tr>
335
- </tbody>
336
- </table>
337
- </td>
338
- </tr>
339
- </tbody>
340
- </table>';
341
- return $message;
342
- }
343
- }
1
+ <?php
2
+ class Mo2f_OnPremRedirect {
3
+
4
+ function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
+ switch($authType){
6
+
7
+ case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
+ return $content;
9
+ break;
10
+ case "KBA": $content = $this->mo2f_kba_onpremise();
11
+ return $content;
12
+ break;
13
+ case "OUT OF BAND EMAIL":
14
+ break;
15
+ case "EMAIL":
16
+ case "OTP OVER EMAIL":
17
+ case "OTP_OVER_EMAIL":
18
+ return $this->mo2f_otp_over_email($otpToken,$current_user);
19
+
20
+
21
+ }
22
+
23
+ }
24
+
25
+ function mo2f_kba_onpremise(){
26
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
+ if(isset($_POST['validate'])){
28
+ $user_id = wp_get_current_user()->ID;
29
+ }
30
+ else{
31
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
+ }
33
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
+ $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
+ $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
+ $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
+ $questions_challenged = $questions_challenged[0];
38
+ $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
+ $all_ques_ans = $all_ques_ans[0];
40
+ $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
+ $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
+
45
+ $pass2fa = new Miniorange_Password_2Factor_Login;
46
+ $twofa_Settings = new Miniorange_Authentication;
47
+ if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
+ $content = json_encode($arr);
50
+ delete_user_meta( $user_id, 'test_2FA' );
51
+ return $content;
52
+ }
53
+ else {
54
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
+ $content = json_encode($arr);
56
+ return $content;
57
+ }
58
+
59
+ }
60
+
61
+ function OnpremSendRedirect($useremail,$authType,$currentuser){
62
+
63
+ switch($authType){
64
+
65
+ case "Email Verification":
66
+ case "OUT OF BAND EMAIL":
67
+ $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
+ return $content;
69
+ case "EMAIL":
70
+
71
+ case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
+ return $content;
73
+ case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
+ return $content;
75
+
76
+ }
77
+
78
+ }
79
+
80
+ function OnpremSecurityQuestions($user){
81
+ $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
+ $challenge_questions = array_keys($question_answers[0]);
83
+ $random_keys = array_rand($challenge_questions,2);
84
+ $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
+ $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
+ $questions = array($challenge_ques1,$challenge_ques2);
87
+ update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
+ $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
+ return $response;
90
+
91
+ }
92
+
93
+ function mo2f_google_authenticator_onpremise($otpToken){
94
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
+ $gauth_obj= new Google_auth_onpremise();
96
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
+ if(is_user_logged_in()){
98
+ $user = wp_get_current_user();
99
+ $user_id = $user->ID;
100
+ }else{
101
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
+ }
103
+ $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
+ $content=$gauth_obj->verifyCode($secret, $otpToken);
105
+ return $content;
106
+ }
107
+ function OnpremOTPOverEMail($current_user,$useremail=false)
108
+ {
109
+ return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
+ }
111
+ function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
+ {
113
+ $count_threshold = 5;
114
+ global $Mo2fdbQueries;
115
+ if(!isset($current_user) or is_null($current_user))
116
+ {
117
+ if(is_user_logged_in()){
118
+ $current_user = wp_get_current_user();
119
+ }else{
120
+ $current_user = unserialize($_SESSION['mo2f_current_user']);
121
+ }
122
+ }
123
+
124
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
+ {
126
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
127
+
128
+ if($email == '' or empty($email))
129
+ {
130
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
+ }
132
+
133
+ }
134
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
+ $email = $current_user->user_email;
136
+
137
+ delete_user_meta($current_user->ID,'tempEmail');
138
+ $subject = '2-Factor Authentication';
139
+ $headers = array('Content-Type: text/html; charset=UTF-8');
140
+ $otpToken = '';
141
+ for($i=1;$i<7;$i++)
142
+ {
143
+ $otpToken .= rand(0,9);
144
+ }
145
+ update_user_meta($current_user->ID,$tokenName,$otpToken);
146
+ update_user_meta($current_user->ID,$timeName,time());
147
+ update_user_meta($current_user->ID,'tempRegEmail',$email);
148
+ $message = '<table cellpadding="25" style="margin:0px auto">
149
+ <tbody>
150
+ <tr>
151
+ <td>
152
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
+ <tbody>
154
+ <tr>
155
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
+ </tr>
157
+ </tbody>
158
+ </table>
159
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
+ <tbody>
161
+ <tr>
162
+ <td>
163
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
+ <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
+ </div></div></td>
169
+ </tr>
170
+ </tbody>
171
+ </table>
172
+ </td>
173
+ </tr>
174
+ </tbody>
175
+ </table>';
176
+
177
+ $result = wp_mail($email,$subject,$message,$headers);
178
+ if($result){
179
+ if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
+ Miniorange_Authentication::low_otp_alert("email");
181
+ update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
+
184
+ }else{
185
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
+ update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
+ }
188
+ $content = json_encode($arr);
189
+ return $content;
190
+
191
+ }
192
+
193
+ function mo2f_otp_over_email($otpToken,$current_user)
194
+ {
195
+ return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
+ }
197
+ function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
+ {
199
+ global $Mo2fdbQueries;
200
+ if(is_null($current_user))
201
+ {
202
+ $current_user = wp_get_current_user();
203
+ }
204
+
205
+ if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
+ {
207
+ $user_id = $current_user->ID;
208
+
209
+
210
+
211
+
212
+ $valid_token = get_user_meta($user_id,$dtoken,true);
213
+
214
+
215
+ $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
+
217
+
218
+ $time = get_user_meta($user_id,$dtime,true);
219
+ $accepted_time = time()-300;
220
+
221
+
222
+ if($accepted_time>$time)
223
+ {
224
+
225
+ delete_user_meta( $user_id, $dtoken );
226
+ delete_user_meta( $user_id, $dtime );
227
+ delete_user_meta( $user_id,'tempRegEmail');
228
+
229
+ $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
+ }
231
+
232
+ else if($valid_token == $otpToken)
233
+ {
234
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
+ delete_user_meta( $user_id, $dtoken );
236
+ if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
+ {
238
+ $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
+ if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
+ $Mo2fdbQueries->update_user_details($user_id,array(
241
+ 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
+ 'mo2f_user_email'=> $tempRegEmail));
244
+ }
245
+ delete_user_meta( $user_id,'tempRegEmail');
246
+ }
247
+ else
248
+ {
249
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
+ }
251
+
252
+ $content = json_encode($arr);
253
+ return $content;
254
+
255
+ }
256
+ }
257
+
258
+
259
+ function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
+ {
261
+
262
+ global $Mo2fdbQueries;
263
+
264
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
265
+
266
+
267
+ if(empty($email))
268
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
+
270
+ $subject = "2-Factor Authentication(Email verification)";
271
+ $headers = array('Content-Type: text/html; charset=UTF-8');
272
+ $txid = '';
273
+ $otpToken = '';
274
+ $otpTokenD = '';
275
+ for($i=1;$i<7;$i++)
276
+ {
277
+ $otpToken .= rand(0,9);
278
+ $txid .= rand(100,999);
279
+ $otpTokenD .= rand(0,9);
280
+ }
281
+ $otpTokenH = hash('sha512',$otpToken);
282
+ $otpTokenDH = hash('sha512', $otpTokenD);
283
+ update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
+ $userID = hash('sha512',$current_user->ID);
285
+ update_site_option($userID,$otpTokenH);
286
+ update_site_option($txid,3);
287
+ $userIDd = $userID . 'D';
288
+ update_site_option($userIDd,$otpTokenDH);
289
+
290
+ $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
+ $result = wp_mail($email,$subject,$message,$headers);
292
+
293
+ $response=array("txId"=>$txid);
294
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
+ if($result)
296
+ {
297
+ $response['status']='SUCCESS';
298
+ $time = "time".$txid;
299
+ $currentTimeInMillis = round(microtime(true) * 1000);
300
+ update_site_option($time,$currentTimeInMillis);
301
+ }
302
+ else
303
+ {
304
+ $response['status']='FAILED';
305
+ }
306
+
307
+ return json_encode($response);
308
+ }
309
+
310
+ function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
+ $url = get_site_option('siteurl').'/wp-login.php?';
312
+ $message = '<table cellpadding="25" style="margin:0px auto">
313
+ <tbody>
314
+ <tr>
315
+ <td>
316
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
+ <tbody>
318
+ <tr>
319
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
+ </tr>
321
+ </tbody>
322
+ </table>
323
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
+ <tbody>
325
+ <tr>
326
+ <td>
327
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
+ <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
+ <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
+ </div></div></td>
334
+ </tr>
335
+ </tbody>
336
+ </table>
337
+ </td>
338
+ </tr>
339
+ </tbody>
340
+ </table>';
341
+ return $message;
342
+ }
343
+ }
api/class-customer-common-setup.php CHANGED
@@ -1,475 +1,475 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Cloud_Setup {
29
-
30
- public $email;
31
- public $phone;
32
- public $customerKey;
33
- public $transactionId;
34
-
35
- private $auth_mode = 2; // miniorange test or not
36
- private $https_mode = false; // website http or https
37
-
38
-
39
- function check_customer() {
40
- $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
- $email = get_option( "mo2f_email" );
42
- $mo2fApi= new Mo2f_Api();
43
- $fields = array (
44
- 'email' => $email
45
- );
46
- $field_string = json_encode ( $fields );
47
-
48
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
-
50
- $response = $mo2fApi->make_curl_call( $url, $field_string );
51
- return $response;
52
-
53
- }
54
-
55
- function guest_audit() {
56
- $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
- $email = get_option( "mo2f_email" );
58
-
59
- $user = wp_get_current_user();
60
-
61
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
- if (empty($email))
63
- $email = $user->user_email;
64
- }
65
-
66
- $mo2fApi= new Mo2f_Api();
67
- $MoWpnsUtility = new MoWpnsUtility();
68
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
- $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
- $fields = array (
71
- 'emailAddress' => $email,
72
- 'companyName'=>$company,
73
- 'cmsName'=>"WP",
74
- 'applicationType'=>'Two Factor Upgrade',
75
- 'applicationName'=>$applicationName,
76
- 'pluginVersion'=>MO2F_VERSION,
77
- 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
- );
79
-
80
-
81
-
82
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
-
84
- $field_string = json_encode ( $fields );
85
-
86
- $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
- return $response;
88
-
89
- }
90
-
91
- function send_email_alert( $email, $phone, $message ) {
92
-
93
- $url = MO_HOST_NAME . '/moas/api/notify/send';
94
-
95
- $mo2fApi= new Mo2f_Api();
96
- $customerKey = "16555";
97
- $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
-
99
- $currentTimeInMillis = $mo2fApi->get_timestamp();
100
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
- $hashValue = hash( "sha512", $stringToHash );
102
- $fromEmail = $email;
103
- $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
-
105
- global $user;
106
- $user = wp_get_current_user();
107
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
-
110
-
111
- $customer_feature = "";
112
-
113
- if ( $is_ec_with_1_user ) {
114
- $customer_feature = "V1";
115
- }else if ( $is_nc_with_1_user ) {
116
- $customer_feature = "V3";
117
- }
118
-
119
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
-
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
-
123
- $fields = array(
124
- 'customerKey' => $customerKey,
125
- 'sendEmail' => true,
126
- 'email' => array(
127
- 'customerKey' => $customerKey,
128
- 'fromEmail' => $fromEmail,
129
- 'fromName' => 'Xecurify',
130
- 'toEmail' => '2fasupport@xecurify.com',
131
- 'toName' => '2fasupport@xecurify.com',
132
- 'subject' => $subject,
133
- 'content' => $content
134
- ),
135
- );
136
- $field_string = json_encode( $fields );
137
-
138
- $headers = $mo2fApi->get_http_header_array();
139
-
140
- $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
- return $response;
142
-
143
-
144
- }
145
-
146
- function create_customer() {
147
- global $Mo2fdbQueries;
148
- if ( ! MO2f_Utility::is_curl_installed() ) {
149
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
-
151
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
- }
153
-
154
- $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
- $mo2fApi= new Mo2f_Api();
156
- global $user;
157
- $user = wp_get_current_user();
158
- $this->email = get_option( 'mo2f_email' );
159
- $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
- $password = get_option( 'mo2f_password' );
161
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
-
163
- $fields = array(
164
- 'companyName' => $company,
165
- 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
- 'productInterest' => 'API_2FA',
167
- 'email' => $this->email,
168
- 'phone' => $this->phone,
169
- 'password' => $password
170
- );
171
- $field_string = json_encode( $fields );
172
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
-
174
- $content = $mo2fApi->make_curl_call( $url, $field_string );
175
-
176
- return $content;
177
- }
178
-
179
-
180
- function get_customer_key() {
181
- if ( ! MO2f_Utility::is_curl_installed() ) {
182
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
-
184
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
- }
186
-
187
- $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
-
189
- $email = get_option( "mo2f_email" );
190
- $password = get_option( "mo2f_password" );
191
- $mo2fApi= new Mo2f_Api();
192
- $fields = array(
193
- 'email' => $email,
194
- 'password' => $password
195
- );
196
- $field_string = json_encode( $fields );
197
-
198
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
-
200
- $content = $mo2fApi->make_curl_call( $url, $field_string );
201
-
202
- return $content;
203
- }
204
-
205
-
206
- function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
-
208
- if ( ! MO2f_Utility::is_curl_installed()) {
209
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
-
211
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
- }
213
-
214
- $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
- $mo2fApi = new Mo2f_Api();
216
- /* The customer Key provided to you */
217
- $customerKey = $cKey;
218
-
219
- /* The customer API Key provided to you */
220
- $apiKey = $apiKey;
221
-
222
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
- $currentTimeInMillis = $mo2fApi->get_timestamp();
224
-
225
- /* Creating the Hash using SHA-512 algorithm */
226
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
- $hashValue = hash( "sha512", $stringToHash );
228
-
229
- $headers = $mo2fApi->get_http_header_array();
230
-
231
- $fields = '';
232
- if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
- $fields = array(
234
- 'customerKey' => $customerKey,
235
- 'email' => $uKey,
236
- 'authType' => $authType,
237
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
- );
239
- } else if ( $authType == 'SMS' ) {
240
- $authType = "SMS";
241
- $fields = array(
242
- 'customerKey' => $customerKey,
243
- 'phone' => $uKey,
244
- 'authType' => $authType
245
- );
246
- } else {
247
- $fields = array(
248
- 'customerKey' => $customerKey,
249
- 'username' => $uKey,
250
- 'authType' => $authType,
251
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
- );
253
- }
254
-
255
- $field_string = json_encode( $fields );
256
-
257
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
-
259
- $content1 = json_decode($content,true);
260
-
261
- if ( $content1['status'] == "SUCCESS" ) {
262
- if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
- Miniorange_Authentication::low_otp_alert("sms");
264
- }
265
- if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
- Miniorange_Authentication::low_otp_alert("email");
267
- }
268
- }
269
-
270
- return $content;
271
- }
272
-
273
-
274
-
275
-
276
- function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
-
278
- $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
-
280
- $customerKey = $cKey;
281
- $apiKey = $apiKey;
282
- $mo2fApi= new Mo2f_Api();
283
- $currentTimeInMillis = $mo2fApi->get_timestamp();
284
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
- $hashValue = hash( "sha512", $stringToHash );
286
-
287
- $fields = '';
288
- $fields = array(
289
- 'customerId' => $customerKey,
290
- 'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
291
- 'licenseType' => $license_type
292
- );
293
-
294
- $field_string = json_encode( $fields );
295
-
296
- $headers = $mo2fApi->get_http_header_array();
297
-
298
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
299
-
300
-
301
- return $content;
302
- }
303
-
304
- public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
305
-
306
-
307
- $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
308
-
309
- $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
310
-
311
- $postdata = array('mo2f_email'=> $mo2f_user_email,
312
- 'mo2f_domain' =>$site_url,
313
- 'headers'=>$headers['header'],
314
- 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
315
-
316
- $handle = curl_init();
317
-
318
- curl_setopt_array($handle,
319
- array(
320
- CURLOPT_URL => $url,
321
- CURLOPT_POST => true,
322
- CURLOPT_POSTFIELDS => $postdata,
323
- CURLOPT_RETURNTRANSFER => true,
324
- CURLOPT_SSL_VERIFYHOST => FALSE,
325
- CURLOPT_SSL_VERIFYPEER => FALSE,
326
- )
327
- );
328
-
329
- $data = curl_exec($handle);
330
-
331
- curl_close($handle);
332
- return $data;
333
-
334
- }
335
-
336
- public function mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email){
337
- $url = 'https://sitestats.xecurify.com/backupcodeservice/backup_code_validation.php';
338
-
339
- $site_url = site_url();
340
- $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
341
-
342
- $postdata = array('mo2f_otp_token' => $mo2f_backup_code,
343
- 'mo2f_user_email'=> $mo2f_user_email,
344
- 'headers'=>$headers['header'],
345
- 'mo2f_site_url' => $site_url);
346
-
347
- $handle = curl_init();
348
-
349
- curl_setopt_array($handle,
350
- array(
351
- CURLOPT_URL => $url,
352
- CURLOPT_POST => true,
353
- CURLOPT_POSTFIELDS => $postdata,
354
- CURLOPT_RETURNTRANSFER => true,
355
- CURLOPT_SSL_VERIFYHOST => FALSE,
356
- CURLOPT_SSL_VERIFYPEER => FALSE,
357
- )
358
- );
359
-
360
- $data = curl_exec($handle);
361
-
362
- curl_close($handle);
363
-
364
- return $data;
365
- }
366
-
367
-
368
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
369
- $content='';
370
- if ( ! MO2f_Utility::is_curl_installed() ) {
371
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
372
-
373
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
374
- }
375
-
376
- $url = MO_HOST_NAME . '/moas/api/auth/validate';
377
- $mo2fApi= new Mo2f_Api();
378
- /* The customer Key provided to you */
379
- $customerKey = $cKey;
380
-
381
- /* The customer API Key provided to you */
382
- $apiKey = $customerApiKey;
383
-
384
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
385
- $currentTimeInMillis = $mo2fApi->get_timestamp();
386
-
387
- /* Creating the Hash using SHA-512 algorithm */
388
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
389
- $hashValue = hash( "sha512", $stringToHash );
390
-
391
- $headers = $mo2fApi->get_http_header_array();
392
- $fields = '';
393
- if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
394
- /*check for soft token*/
395
- $fields = array(
396
- 'customerKey' => $customerKey,
397
- 'username' => $username,
398
- 'token' => $otpToken,
399
- 'authType' => $authType
400
- );
401
- } else if ( $authType == 'KBA' ) {
402
- $fields = array(
403
- 'txId' => $transactionId,
404
- 'answers' => array(
405
- array(
406
- 'question' => $otpToken[0],
407
- 'answer' => $otpToken[1]
408
- ),
409
- array(
410
- 'question' => $otpToken[2],
411
- 'answer' => $otpToken[3]
412
- )
413
- )
414
- );
415
-
416
- } else {
417
- //*check for otp over sms/email
418
- $fields = array(
419
- 'txId' => $transactionId,
420
- 'token' => $otpToken
421
- );
422
- }
423
- $field_string = json_encode( $fields );
424
-
425
-
426
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
427
- return $content;
428
- }
429
-
430
- function submit_contact_us( $q_email, $q_phone, $query ) {
431
- if ( ! MO2f_Utility::is_curl_installed() ) {
432
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
433
-
434
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
435
- }
436
-
437
- $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
438
- global $user;
439
- $user = wp_get_current_user();
440
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
441
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
442
-
443
- $mo2fApi= new Mo2f_Api();
444
- $customer_feature = "";
445
-
446
- if ( $is_ec_with_1_user ) {
447
- $customer_feature = "V1";
448
- } else if ( $is_nc_with_1_user ) {
449
- $customer_feature = "V3";
450
- }
451
- global $moWpnsUtility;
452
-
453
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
454
- $fields = array(
455
- 'firstName' => $user->user_firstname,
456
- 'lastName' => $user->user_lastname,
457
- 'company' => $_SERVER['SERVER_NAME'],
458
- 'email' => $q_email,
459
- 'ccEmail' => '2fasupport@xecurify.com',
460
- 'phone' => $q_phone,
461
- 'query' => $query
462
- );
463
- $field_string = json_encode( $fields );
464
-
465
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
466
-
467
- $content = $mo2fApi->make_curl_call( $url, $field_string );
468
-
469
- return true;
470
- }
471
-
472
- }
473
-
474
-
475
- ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Cloud_Setup {
29
+
30
+ public $email;
31
+ public $phone;
32
+ public $customerKey;
33
+ public $transactionId;
34
+
35
+ private $auth_mode = 2; // miniorange test or not
36
+ private $https_mode = false; // website http or https
37
+
38
+
39
+ function check_customer() {
40
+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
+ $email = get_option( "mo2f_email" );
42
+ $mo2fApi= new Mo2f_Api();
43
+ $fields = array (
44
+ 'email' => $email
45
+ );
46
+ $field_string = json_encode ( $fields );
47
+
48
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
+
50
+ $response = $mo2fApi->make_curl_call( $url, $field_string );
51
+ return $response;
52
+
53
+ }
54
+
55
+ function guest_audit() {
56
+ $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
+ $email = get_option( "mo2f_email" );
58
+
59
+ $user = wp_get_current_user();
60
+
61
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
+ if (empty($email))
63
+ $email = $user->user_email;
64
+ }
65
+
66
+ $mo2fApi= new Mo2f_Api();
67
+ $MoWpnsUtility = new MoWpnsUtility();
68
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
+ $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
+ $fields = array (
71
+ 'emailAddress' => $email,
72
+ 'companyName'=>$company,
73
+ 'cmsName'=>"WP",
74
+ 'applicationType'=>'Two Factor Upgrade',
75
+ 'applicationName'=>$applicationName,
76
+ 'pluginVersion'=>MO2F_VERSION,
77
+ 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
+ );
79
+
80
+
81
+
82
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
+
84
+ $field_string = json_encode ( $fields );
85
+
86
+ $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
+ return $response;
88
+
89
+ }
90
+
91
+ function send_email_alert( $email, $phone, $message ) {
92
+
93
+ $url = MO_HOST_NAME . '/moas/api/notify/send';
94
+
95
+ $mo2fApi= new Mo2f_Api();
96
+ $customerKey = "16555";
97
+ $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
+
99
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
100
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
+ $hashValue = hash( "sha512", $stringToHash );
102
+ $fromEmail = $email;
103
+ $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
+
105
+ global $user;
106
+ $user = wp_get_current_user();
107
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
+
110
+
111
+ $customer_feature = "";
112
+
113
+ if ( $is_ec_with_1_user ) {
114
+ $customer_feature = "V1";
115
+ }else if ( $is_nc_with_1_user ) {
116
+ $customer_feature = "V3";
117
+ }
118
+
119
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
+
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
+
123
+ $fields = array(
124
+ 'customerKey' => $customerKey,
125
+ 'sendEmail' => true,
126
+ 'email' => array(
127
+ 'customerKey' => $customerKey,
128
+ 'fromEmail' => $fromEmail,
129
+ 'fromName' => 'Xecurify',
130
+ 'toEmail' => '2fasupport@xecurify.com',
131
+ 'toName' => '2fasupport@xecurify.com',
132
+ 'subject' => $subject,
133
+ 'content' => $content
134
+ ),
135
+ );
136
+ $field_string = json_encode( $fields );
137
+
138
+ $headers = $mo2fApi->get_http_header_array();
139
+
140
+ $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
+ return $response;
142
+
143
+
144
+ }
145
+
146
+ function create_customer() {
147
+ global $Mo2fdbQueries;
148
+ if ( ! MO2f_Utility::is_curl_installed() ) {
149
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
+
151
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
+ }
153
+
154
+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
+ $mo2fApi= new Mo2f_Api();
156
+ global $user;
157
+ $user = wp_get_current_user();
158
+ $this->email = get_option( 'mo2f_email' );
159
+ $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
+ $password = get_option( 'mo2f_password' );
161
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
+
163
+ $fields = array(
164
+ 'companyName' => $company,
165
+ 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
+ 'productInterest' => 'API_2FA',
167
+ 'email' => $this->email,
168
+ 'phone' => $this->phone,
169
+ 'password' => $password
170
+ );
171
+ $field_string = json_encode( $fields );
172
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
+
174
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
175
+
176
+ return $content;
177
+ }
178
+
179
+
180
+ function get_customer_key() {
181
+ if ( ! MO2f_Utility::is_curl_installed() ) {
182
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
+
184
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
+ }
186
+
187
+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
+
189
+ $email = get_option( "mo2f_email" );
190
+ $password = get_option( "mo2f_password" );
191
+ $mo2fApi= new Mo2f_Api();
192
+ $fields = array(
193
+ 'email' => $email,
194
+ 'password' => $password
195
+ );
196
+ $field_string = json_encode( $fields );
197
+
198
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
+
200
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
201
+
202
+ return $content;
203
+ }
204
+
205
+
206
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
+
208
+ if ( ! MO2f_Utility::is_curl_installed()) {
209
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
+
211
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
+ }
213
+
214
+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
+ $mo2fApi = new Mo2f_Api();
216
+ /* The customer Key provided to you */
217
+ $customerKey = $cKey;
218
+
219
+ /* The customer API Key provided to you */
220
+ $apiKey = $apiKey;
221
+
222
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
224
+
225
+ /* Creating the Hash using SHA-512 algorithm */
226
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
+ $hashValue = hash( "sha512", $stringToHash );
228
+
229
+ $headers = $mo2fApi->get_http_header_array();
230
+
231
+ $fields = '';
232
+ if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
+ $fields = array(
234
+ 'customerKey' => $customerKey,
235
+ 'email' => $uKey,
236
+ 'authType' => $authType,
237
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
+ );
239
+ } else if ( $authType == 'SMS' ) {
240
+ $authType = "SMS";
241
+ $fields = array(
242
+ 'customerKey' => $customerKey,
243
+ 'phone' => $uKey,
244
+ 'authType' => $authType
245
+ );
246
+ } else {
247
+ $fields = array(
248
+ 'customerKey' => $customerKey,
249
+ 'username' => $uKey,
250
+ 'authType' => $authType,
251
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
+ );
253
+ }
254
+
255
+ $field_string = json_encode( $fields );
256
+
257
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
+
259
+ $content1 = json_decode($content,true);
260
+
261
+ if ( $content1['status'] == "SUCCESS" ) {
262
+ if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
+ Miniorange_Authentication::low_otp_alert("sms");
264
+ }
265
+ if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
+ Miniorange_Authentication::low_otp_alert("email");
267
+ }
268
+ }
269
+
270
+ return $content;
271
+ }
272
+
273
+
274
+
275
+
276
+ function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
+
278
+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
+
280
+ $customerKey = $cKey;
281
+ $apiKey = $apiKey;
282
+ $mo2fApi= new Mo2f_Api();
283
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
284
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
+ $hashValue = hash( "sha512", $stringToHash );
286
+
287
+ $fields = '';
288
+ $fields = array(
289
+ 'customerId' => $customerKey,
290
+ 'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
291
+ 'licenseType' => $license_type
292
+ );
293
+
294
+ $field_string = json_encode( $fields );
295
+
296
+ $headers = $mo2fApi->get_http_header_array();
297
+
298
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
299
+
300
+
301
+ return $content;
302
+ }
303
+
304
+ public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
305
+
306
+
307
+ $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
308
+
309
+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
310
+
311
+ $postdata = array('mo2f_email'=> $mo2f_user_email,
312
+ 'mo2f_domain' =>$site_url,
313
+ 'headers'=>$headers['header'],
314
+ 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
315
+
316
+ $handle = curl_init();
317
+
318
+ curl_setopt_array($handle,
319
+ array(
320
+ CURLOPT_URL => $url,
321
+ CURLOPT_POST => true,
322
+ CURLOPT_POSTFIELDS => $postdata,
323
+ CURLOPT_RETURNTRANSFER => true,
324
+ CURLOPT_SSL_VERIFYHOST => FALSE,
325
+ CURLOPT_SSL_VERIFYPEER => FALSE,
326
+ )
327
+ );
328
+
329
+ $data = curl_exec($handle);
330
+
331
+ curl_close($handle);
332
+ return $data;
333
+
334
+ }
335
+
336
+ public function mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email){
337
+ $url = 'https://sitestats.xecurify.com/backupcodeservice/backup_code_validation.php';
338
+
339
+ $site_url = site_url();
340
+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
341
+
342
+ $postdata = array('mo2f_otp_token' => $mo2f_backup_code,
343
+ 'mo2f_user_email'=> $mo2f_user_email,
344
+ 'headers'=>$headers['header'],
345
+ 'mo2f_site_url' => $site_url);
346
+
347
+ $handle = curl_init();
348
+
349
+ curl_setopt_array($handle,
350
+ array(
351
+ CURLOPT_URL => $url,
352
+ CURLOPT_POST => true,
353
+ CURLOPT_POSTFIELDS => $postdata,
354
+ CURLOPT_RETURNTRANSFER => true,
355
+ CURLOPT_SSL_VERIFYHOST => FALSE,
356
+ CURLOPT_SSL_VERIFYPEER => FALSE,
357
+ )
358
+ );
359
+
360
+ $data = curl_exec($handle);
361
+
362
+ curl_close($handle);
363
+
364
+ return $data;
365
+ }
366
+
367
+
368
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
369
+ $content='';
370
+ if ( ! MO2f_Utility::is_curl_installed() ) {
371
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
372
+
373
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
374
+ }
375
+
376
+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
377
+ $mo2fApi= new Mo2f_Api();
378
+ /* The customer Key provided to you */
379
+ $customerKey = $cKey;
380
+
381
+ /* The customer API Key provided to you */
382
+ $apiKey = $customerApiKey;
383
+
384
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
385
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
386
+
387
+ /* Creating the Hash using SHA-512 algorithm */
388
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
389
+ $hashValue = hash( "sha512", $stringToHash );
390
+
391
+ $headers = $mo2fApi->get_http_header_array();
392
+ $fields = '';
393
+ if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
394
+ /*check for soft token*/
395
+ $fields = array(
396
+ 'customerKey' => $customerKey,
397
+ 'username' => $username,
398
+ 'token' => $otpToken,
399
+ 'authType' => $authType
400
+ );
401
+ } else if ( $authType == 'KBA' ) {
402
+ $fields = array(
403
+ 'txId' => $transactionId,
404
+ 'answers' => array(
405
+ array(
406
+ 'question' => $otpToken[0],
407
+ 'answer' => $otpToken[1]
408
+ ),
409
+ array(
410
+ 'question' => $otpToken[2],
411
+ 'answer' => $otpToken[3]
412
+ )
413
+ )
414
+ );
415
+
416
+ } else {
417
+ //*check for otp over sms/email
418
+ $fields = array(
419
+ 'txId' => $transactionId,
420
+ 'token' => $otpToken
421
+ );
422
+ }
423
+ $field_string = json_encode( $fields );
424
+
425
+
426
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
427
+ return $content;
428
+ }
429
+
430
+ function submit_contact_us( $q_email, $q_phone, $query ) {
431
+ if ( ! MO2f_Utility::is_curl_installed() ) {
432
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
433
+
434
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
435
+ }
436
+
437
+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
438
+ global $user;
439
+ $user = wp_get_current_user();
440
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
441
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
442
+
443
+ $mo2fApi= new Mo2f_Api();
444
+ $customer_feature = "";
445
+
446
+ if ( $is_ec_with_1_user ) {
447
+ $customer_feature = "V1";
448
+ } else if ( $is_nc_with_1_user ) {
449
+ $customer_feature = "V3";
450
+ }
451
+ global $moWpnsUtility;
452
+
453
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
454
+ $fields = array(
455
+ 'firstName' => $user->user_firstname,
456
+ 'lastName' => $user->user_lastname,
457
+ 'company' => $_SERVER['SERVER_NAME'],
458
+ 'email' => $q_email,
459
+ 'ccEmail' => '2fasupport@xecurify.com',
460
+ 'phone' => $q_phone,
461
+ 'query' => $query
462
+ );
463
+ $field_string = json_encode( $fields );
464
+
465
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
466
+
467
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
468
+
469
+ return true;
470
+ }
471
+
472
+ }
473
+
474
+
475
+ ?>
api/class-customer-setup.php CHANGED
@@ -1,34 +1,34 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
- //all parent methods
31
- }
32
-
33
-
34
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+ //all parent methods
31
+ }
32
+
33
+
34
  ?>
api/class-rba-attributes.php CHANGED
@@ -1,184 +1,184 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Miniorange_Rba_Attributes {
29
-
30
- private $auth_mode = 2; // miniorange test or not
31
- private $https_mode = false; // website http or https
32
-
33
- function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
-
35
- if ( ! MO2f_Utility::is_curl_installed() ) {
36
- return $this->get_curl_error_message();
37
- }
38
-
39
- $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
- $customerKey = get_option( 'mo2f_customerKey' );
41
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
- $mo2fApi= new Mo2f_Api();
43
- $http_header_array = $mo2fApi->get_http_header_array();
44
-
45
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
- }
47
-
48
- function get_curl_error_message() {
49
- $message = mo2f_lt( 'Please enable curl extension.' ) .
50
- ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
- mo2f_lt( 'Click here' ) .
52
- ' </a> ' .
53
- mo2f_lt( 'for the steps to enable curl.' );
54
-
55
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
- }
57
-
58
- function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
-
60
- if ( ! MO2f_Utility::is_curl_installed() ) {
61
- return $this->get_curl_error_message();
62
- }
63
-
64
- $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
- $customerKey = get_option( 'mo2f_customerKey' );
66
- $field_string = array(
67
- 'customerKey' => $customerKey,
68
- 'appSecret' => get_option( 'mo2f_app_secret' ),
69
- 'userKey' => $useremail,
70
- 'sessionUuid' => $sessionUuid
71
- );
72
- $mo2fApi= new Mo2f_Api();
73
-
74
- $http_header_array = $mo2fApi->get_http_header_array();
75
-
76
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
- }
78
-
79
- function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
-
81
- if ( ! MO2f_Utility::is_curl_installed() ) {
82
- return $this->get_curl_error_message();
83
- }
84
-
85
- $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
- $customerKey = get_option( 'mo2f_customerKey' );
87
- $field_string = array(
88
- 'customerKey' => $customerKey,
89
- 'userKey' => $useremail,
90
- 'sessionUuid' => $sessionUuid
91
- );
92
- $mo2fApi= new Mo2f_Api();
93
- $http_header_array = $mo2fApi->get_http_header_array();
94
-
95
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
- }
97
-
98
- function mo2f_get_app_secret() {
99
-
100
- if ( ! MO2f_Utility::is_curl_installed() ) {
101
- return $this->get_curl_error_message();
102
- }
103
-
104
- $mo2fApi= new Mo2f_Api();
105
-
106
- $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
- $customerKey = get_option( 'mo2f_customerKey' );
108
- $field_string = array(
109
- 'customerId' => $customerKey
110
- );
111
-
112
- $http_header_array = $mo2fApi->get_http_header_array();
113
-
114
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
- }
116
-
117
- function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
-
119
- if ( ! MO2f_Utility::is_curl_installed() ) {
120
- return $this->get_curl_error_message();
121
- }
122
- $mo2fApi= new Mo2f_Api();
123
- $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
- $customerKey = get_option( 'mo2f_customerKey' );
125
- $field_string = array(
126
- 'customerKey' => $customerKey,
127
- 'username' => $useremail,
128
- 'googleAuthenticatorName' => $googleAuthenticatorName
129
- );
130
-
131
- $http_header_array = $mo2fApi->get_http_header_array();
132
-
133
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
- }
135
-
136
- function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
- if(MO2F_IS_ONPREM){
138
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
- $gauth_obj= new Google_auth_onpremise();
140
- $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
- if($session_id_encrypt){
142
- $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
- }else{
144
- $secret_ga = $secret;
145
- }
146
- $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
- $value = json_decode($content,true);
148
- if($value['status'] == 'SUCCESS'){
149
- $user = wp_get_current_user();
150
- $user_id = $user->ID;
151
- $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
- update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
- update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
- global $Mo2fdbQueries;//might not need this
155
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
- }
157
- }else{
158
- if ( ! MO2f_Utility::is_curl_installed() ) {
159
- return $this->get_curl_error_message();
160
- }
161
-
162
-
163
- $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
- $mo2fApi= new Mo2f_Api();
165
-
166
- $customerKey = get_option( 'mo2f_customerKey' );
167
- $field_string = array(
168
- 'customerKey' => $customerKey,
169
- 'username' => $useremail,
170
- 'secret' => $secret,
171
- 'otpToken' => $otptoken,
172
- 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
- );
174
-
175
- $http_header_array = $mo2fApi->get_http_header_array();
176
- $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
- }
178
-
179
- return $content;
180
- }
181
-
182
- }
183
-
184
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Miniorange_Rba_Attributes {
29
+
30
+ private $auth_mode = 2; // miniorange test or not
31
+ private $https_mode = false; // website http or https
32
+
33
+ function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
+ $customerKey = get_option( 'mo2f_customerKey' );
41
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
+ $mo2fApi= new Mo2f_Api();
43
+ $http_header_array = $mo2fApi->get_http_header_array();
44
+
45
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
+ }
47
+
48
+ function get_curl_error_message() {
49
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
50
+ ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
+ mo2f_lt( 'Click here' ) .
52
+ ' </a> ' .
53
+ mo2f_lt( 'for the steps to enable curl.' );
54
+
55
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
+ }
57
+
58
+ function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
+
60
+ if ( ! MO2f_Utility::is_curl_installed() ) {
61
+ return $this->get_curl_error_message();
62
+ }
63
+
64
+ $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
+ $customerKey = get_option( 'mo2f_customerKey' );
66
+ $field_string = array(
67
+ 'customerKey' => $customerKey,
68
+ 'appSecret' => get_option( 'mo2f_app_secret' ),
69
+ 'userKey' => $useremail,
70
+ 'sessionUuid' => $sessionUuid
71
+ );
72
+ $mo2fApi= new Mo2f_Api();
73
+
74
+ $http_header_array = $mo2fApi->get_http_header_array();
75
+
76
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
+ }
78
+
79
+ function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
+
81
+ if ( ! MO2f_Utility::is_curl_installed() ) {
82
+ return $this->get_curl_error_message();
83
+ }
84
+
85
+ $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
+ $customerKey = get_option( 'mo2f_customerKey' );
87
+ $field_string = array(
88
+ 'customerKey' => $customerKey,
89
+ 'userKey' => $useremail,
90
+ 'sessionUuid' => $sessionUuid
91
+ );
92
+ $mo2fApi= new Mo2f_Api();
93
+ $http_header_array = $mo2fApi->get_http_header_array();
94
+
95
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
+ }
97
+
98
+ function mo2f_get_app_secret() {
99
+
100
+ if ( ! MO2f_Utility::is_curl_installed() ) {
101
+ return $this->get_curl_error_message();
102
+ }
103
+
104
+ $mo2fApi= new Mo2f_Api();
105
+
106
+ $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
+ $customerKey = get_option( 'mo2f_customerKey' );
108
+ $field_string = array(
109
+ 'customerId' => $customerKey
110
+ );
111
+
112
+ $http_header_array = $mo2fApi->get_http_header_array();
113
+
114
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
+ }
116
+
117
+ function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
+
119
+ if ( ! MO2f_Utility::is_curl_installed() ) {
120
+ return $this->get_curl_error_message();
121
+ }
122
+ $mo2fApi= new Mo2f_Api();
123
+ $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
+ $customerKey = get_option( 'mo2f_customerKey' );
125
+ $field_string = array(
126
+ 'customerKey' => $customerKey,
127
+ 'username' => $useremail,
128
+ 'googleAuthenticatorName' => $googleAuthenticatorName
129
+ );
130
+
131
+ $http_header_array = $mo2fApi->get_http_header_array();
132
+
133
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
+ }
135
+
136
+ function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
+ if(MO2F_IS_ONPREM){
138
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
+ $gauth_obj= new Google_auth_onpremise();
140
+ $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
+ if($session_id_encrypt){
142
+ $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
+ }else{
144
+ $secret_ga = $secret;
145
+ }
146
+ $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
+ $value = json_decode($content,true);
148
+ if($value['status'] == 'SUCCESS'){
149
+ $user = wp_get_current_user();
150
+ $user_id = $user->ID;
151
+ $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
+ update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
+ update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
+ global $Mo2fdbQueries;//might not need this
155
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
+ }
157
+ }else{
158
+ if ( ! MO2f_Utility::is_curl_installed() ) {
159
+ return $this->get_curl_error_message();
160
+ }
161
+
162
+
163
+ $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
+ $mo2fApi= new Mo2f_Api();
165
+
166
+ $customerKey = get_option( 'mo2f_customerKey' );
167
+ $field_string = array(
168
+ 'customerKey' => $customerKey,
169
+ 'username' => $useremail,
170
+ 'secret' => $secret,
171
+ 'otpToken' => $otptoken,
172
+ 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
+ );
174
+
175
+ $http_header_array = $mo2fApi->get_http_header_array();
176
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
+ }
178
+
179
+ return $content;
180
+ }
181
+
182
+ }
183
+
184
  ?>
controllers/PointersManager.php CHANGED
@@ -1,54 +1,54 @@
1
- <?php
2
-
3
- class Mo2FAPointersManager {
4
-
5
- private $pfile;
6
- private $version;
7
- private $prefix;
8
- private $pointers = array();
9
-
10
- public function __construct( $file, $version, $prefix ) {
11
- $this->pfile = file_exists( $file ) ? $file : FALSE;
12
- $this->version = str_replace( '.', '_', $version );
13
- $this->prefix = $prefix;
14
- }
15
-
16
- public function parse() {
17
- if ( empty( $this->pfile ) ) return;
18
- $pointers = (array) require_once $this->pfile;
19
- if ( empty($pointers) ) return;
20
- foreach ( $pointers as $i => $pointer ) {
21
- if(is_array($pointer)){
22
- $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
- $this->pointers[$pointer['id']] = (object) $pointer;
24
- }
25
- }
26
- }
27
-
28
- public function filter( $page ) {
29
- if ( empty( $this->pointers ) ) return array();
30
- $uid = get_current_user_id();
31
- $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
-
33
- $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
-
35
-
36
- $good = array();
37
-
38
- foreach( $this->pointers as $i => $pointer ) {
39
- if (
40
- in_array( $i, $active_ids, TRUE ) // is active
41
- && isset( $pointer->where ) // has where
42
- && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
- ) {
44
- $good[] = $pointer;
45
- }
46
- }
47
- $count = count( $good );
48
- if ( $good === 0 ) return array();
49
- foreach( array_values( $good ) as $i => $pointer ) {
50
- $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
- }
52
- return $good;
53
- }
54
  }
1
+ <?php
2
+
3
+ class Mo2FAPointersManager {
4
+
5
+ private $pfile;
6
+ private $version;
7
+ private $prefix;
8
+ private $pointers = array();
9
+
10
+ public function __construct( $file, $version, $prefix ) {
11
+ $this->pfile = file_exists( $file ) ? $file : FALSE;
12
+ $this->version = str_replace( '.', '_', $version );
13
+ $this->prefix = $prefix;
14
+ }
15
+
16
+ public function parse() {
17
+ if ( empty( $this->pfile ) ) return;
18
+ $pointers = (array) require_once $this->pfile;
19
+ if ( empty($pointers) ) return;
20
+ foreach ( $pointers as $i => $pointer ) {
21
+ if(is_array($pointer)){
22
+ $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
+ $this->pointers[$pointer['id']] = (object) $pointer;
24
+ }
25
+ }
26
+ }
27
+
28
+ public function filter( $page ) {
29
+ if ( empty( $this->pointers ) ) return array();
30
+ $uid = get_current_user_id();
31
+ $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
+
33
+ $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
+
35
+
36
+ $good = array();
37
+
38
+ foreach( $this->pointers as $i => $pointer ) {
39
+ if (
40
+ in_array( $i, $active_ids, TRUE ) // is active
41
+ && isset( $pointer->where ) // has where
42
+ && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
+ ) {
44
+ $good[] = $pointer;
45
+ }
46
+ }
47
+ $count = count( $good );
48
+ if ( $good === 0 ) return array();
49
+ foreach( array_values( $good ) as $i => $pointer ) {
50
+ $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
+ }
52
+ return $good;
53
+ }
54
  }
controllers/backup/backup_created_report.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
controllers/dashboard_ajax.php CHANGED
@@ -1,211 +1,211 @@
1
- <?php
2
- class Mo2f_ajax_dashboard
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
- }
7
-
8
- public function mo2f_switch_functions(){
9
- if(isset($_POST) && isset($_POST['option'])){
10
- $tab_count= get_site_option('mo2f_tab_count', 0);
11
- if($tab_count == 5)
12
- update_site_option('mo_2f_switch_all', 1);
13
- else if($tab_count == 0)
14
- update_site_option('mo_2f_switch_all', 0);
15
- $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
- switch(sanitize_text_field($_POST['option']))
17
- {
18
- case "tab_all_switch":
19
- $this->mo2f_handle_all_enable($santizied_post);
20
- break;
21
- case "tab_2fa_switch":
22
- $this->mo2f_handle_2fa_enable($santizied_post);
23
- break;
24
- case "tab_waf_switch":
25
- $this->mo2f_handle_waf_enable($santizied_post);
26
- break;
27
- case "tab_login_switch":
28
- $this->mo2f_handle_login_enable($santizied_post);
29
- break;
30
- case "tab_backup_switch":
31
- $this->mo2f_handle_backup_enable($santizied_post);
32
- break;
33
- case "tab_malware_switch":
34
- $this->mo2f_handle_malware_enable($santizied_post);
35
- break;
36
- case "tab_block_switch":
37
- $this->mo2f_handle_block_enable($santizied_post);
38
- break;
39
-
40
- }
41
- }
42
- }
43
-
44
- public function mo2f_handle_all_enable($POSTED){
45
- $this->mo2f_handle_waf_enable($POSTED);
46
- $this->mo2f_handle_login_enable($POSTED);
47
- $this->mo2f_handle_backup_enable($POSTED);
48
- $this->mo2f_handle_malware_enable($POSTED);
49
- $this->mo2f_handle_block_enable($POSTED);
50
- if($POSTED){
51
- update_option('mo_2f_switch_all',1);
52
- update_site_option('mo2f_tab_count', 5);
53
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
- }
55
- else{
56
- update_option('mo_2f_switch_all', 0);
57
- update_site_option('mo2f_tab_count', 0);
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
- }
60
- }
61
-
62
- public function mo2f_handle_2fa_enable($POSTED){
63
- global $Mo2fdbQueries;
64
- $user= wp_get_current_user();
65
- $user_id= $user->user_ID;
66
- if($POSTED){
67
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
- if(sanitize_text_field($_POST['tab_2fa_switch']))
69
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
- }
71
- else{
72
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
- if(sanitize_text_field($_POST['tab_2fa_switch']))
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
- }
76
- }
77
-
78
- public function mo2f_handle_waf_enable($POSTED){
79
- if($POSTED){
80
- update_site_option('mo_2f_switch_waf', 1);
81
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
- if (isset($_POST['option'] ))
83
- {
84
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
- {
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
- }
88
- }
89
- }
90
- else{
91
- update_site_option('mo_2f_switch_waf', 0);
92
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
- update_option('WAFEnabled', 0);
94
- update_option('WAF','wafDisable');
95
- update_site_option('Rate_limiting', 0);
96
- $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
- $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
- $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
- $filePath = str_replace('\\', '/', $filePath);
100
- $file = file_get_contents($dir_name1);
101
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
- $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
- $cont .= '# END miniOrange WAF'.PHP_EOL;
104
- $file =str_replace($cont,'',$file);
105
- file_put_contents($dir_name1, $file);
106
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
- }
109
- }
110
-
111
- public function mo2f_handle_login_enable($POSTED){
112
- if($POSTED){
113
- update_site_option('mo_2f_switch_loginspam', 1);
114
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
- if (isset($_POST['option'] ))
116
- {
117
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
- }
120
- }
121
- else{
122
- update_site_option('mo_2f_switch_loginspam', 0);
123
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
- update_site_option('mo2f_enable_brute_force', false);
125
- update_site_option('mo_wpns_activate_recaptcha', false);
126
- update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
- update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
- update_site_option('mo2f_enforce_strong_passswords', 0);
131
- update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
- update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
- update_site_option('mo_wpns_enable_social_integration', false);
134
- update_site_option('mo2f_protect_wp_config', 0);
135
- update_site_option('mo2f_prevent_directory_browsing', 0);
136
- update_site_option('mo2f_disable_file_editing', 0);
137
- update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
- update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
- update_site_option('mo2f_htaccess_file', 0);
140
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
- }
143
- }
144
-
145
- public function mo2f_handle_backup_enable($POSTED){
146
- if($POSTED){
147
- update_site_option('mo_2f_switch_backup', 1);
148
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
- if (isset($_POST['option'] ))
150
- {
151
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
- }
154
- }
155
- else{
156
- update_site_option('mo_2f_switch_backup', 0);
157
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
- $handler_obj = new MoBackupSite;
159
- $handler_obj->bl_deactivate();
160
- update_site_option('mo2f_enable_cron_backup', 0);
161
- $handler_obj->file_backup_deactivate();
162
- update_site_option('mo2f_enable_cron_file_backup', 0);
163
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
- }
166
- }
167
-
168
- public function mo2f_handle_malware_enable($POSTED){
169
- if($POSTED){
170
- update_site_option('mo_2f_switch_malware', 1);
171
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
- if (isset($_POST['option'] ))
173
- {
174
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
- }
177
- }else{
178
- update_site_option('mo_2f_switch_malware', 0);
179
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
- }
183
- }
184
-
185
- public function mo2f_handle_block_enable($POSTED){
186
- if($POSTED){
187
- update_site_option('mo_2f_switch_adv_block', 1);
188
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
- if (isset($_POST['option'] ))
190
- {
191
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
- }
194
- }
195
- else{
196
- update_site_option('mo_2f_switch_adv_block', 0);
197
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
- update_site_option('mo_wpns_iprange_count', 0);
199
- update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
- update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
- update_site_option('mo_wpns_referrers', false);
202
- update_site_option('mo_wpns_countrycodes', false);
203
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
- }
206
- }
207
-
208
-
209
- }
210
- new Mo2f_ajax_dashboard();
211
  ?>
1
+ <?php
2
+ class Mo2f_ajax_dashboard
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
+ }
7
+
8
+ public function mo2f_switch_functions(){
9
+ if(isset($_POST) && isset($_POST['option'])){
10
+ $tab_count= get_site_option('mo2f_tab_count', 0);
11
+ if($tab_count == 5)
12
+ update_site_option('mo_2f_switch_all', 1);
13
+ else if($tab_count == 0)
14
+ update_site_option('mo_2f_switch_all', 0);
15
+ $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
+ switch(sanitize_text_field($_POST['option']))
17
+ {
18
+ case "tab_all_switch":
19
+ $this->mo2f_handle_all_enable($santizied_post);
20
+ break;
21
+ case "tab_2fa_switch":
22
+ $this->mo2f_handle_2fa_enable($santizied_post);
23
+ break;
24
+ case "tab_waf_switch":
25
+ $this->mo2f_handle_waf_enable($santizied_post);
26
+ break;
27
+ case "tab_login_switch":
28
+ $this->mo2f_handle_login_enable($santizied_post);
29
+ break;
30
+ case "tab_backup_switch":
31
+ $this->mo2f_handle_backup_enable($santizied_post);
32
+ break;
33
+ case "tab_malware_switch":
34
+ $this->mo2f_handle_malware_enable($santizied_post);
35
+ break;
36
+ case "tab_block_switch":
37
+ $this->mo2f_handle_block_enable($santizied_post);
38
+ break;
39
+
40
+ }
41
+ }
42
+ }
43
+
44
+ public function mo2f_handle_all_enable($POSTED){
45
+ $this->mo2f_handle_waf_enable($POSTED);
46
+ $this->mo2f_handle_login_enable($POSTED);
47
+ $this->mo2f_handle_backup_enable($POSTED);
48
+ $this->mo2f_handle_malware_enable($POSTED);
49
+ $this->mo2f_handle_block_enable($POSTED);
50
+ if($POSTED){
51
+ update_option('mo_2f_switch_all',1);
52
+ update_site_option('mo2f_tab_count', 5);
53
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
+ }
55
+ else{
56
+ update_option('mo_2f_switch_all', 0);
57
+ update_site_option('mo2f_tab_count', 0);
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
+ }
60
+ }
61
+
62
+ public function mo2f_handle_2fa_enable($POSTED){
63
+ global $Mo2fdbQueries;
64
+ $user= wp_get_current_user();
65
+ $user_id= $user->user_ID;
66
+ if($POSTED){
67
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
69
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
+ }
71
+ else{
72
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
+ }
76
+ }
77
+
78
+ public function mo2f_handle_waf_enable($POSTED){
79
+ if($POSTED){
80
+ update_site_option('mo_2f_switch_waf', 1);
81
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
+ if (isset($_POST['option'] ))
83
+ {
84
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
+ {
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
+ }
88
+ }
89
+ }
90
+ else{
91
+ update_site_option('mo_2f_switch_waf', 0);
92
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
+ update_option('WAFEnabled', 0);
94
+ update_option('WAF','wafDisable');
95
+ update_site_option('Rate_limiting', 0);
96
+ $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
+ $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
+ $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
+ $filePath = str_replace('\\', '/', $filePath);
100
+ $file = file_get_contents($dir_name1);
101
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
+ $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
104
+ $file =str_replace($cont,'',$file);
105
+ file_put_contents($dir_name1, $file);
106
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
+ }
109
+ }
110
+
111
+ public function mo2f_handle_login_enable($POSTED){
112
+ if($POSTED){
113
+ update_site_option('mo_2f_switch_loginspam', 1);
114
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
+ if (isset($_POST['option'] ))
116
+ {
117
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
+ }
120
+ }
121
+ else{
122
+ update_site_option('mo_2f_switch_loginspam', 0);
123
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
+ update_site_option('mo2f_enable_brute_force', false);
125
+ update_site_option('mo_wpns_activate_recaptcha', false);
126
+ update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
+ update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
+ update_site_option('mo2f_enforce_strong_passswords', 0);
131
+ update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
+ update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
+ update_site_option('mo_wpns_enable_social_integration', false);
134
+ update_site_option('mo2f_protect_wp_config', 0);
135
+ update_site_option('mo2f_prevent_directory_browsing', 0);
136
+ update_site_option('mo2f_disable_file_editing', 0);
137
+ update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
+ update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
+ update_site_option('mo2f_htaccess_file', 0);
140
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
+ }
143
+ }
144
+
145
+ public function mo2f_handle_backup_enable($POSTED){
146
+ if($POSTED){
147
+ update_site_option('mo_2f_switch_backup', 1);
148
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
+ if (isset($_POST['option'] ))
150
+ {
151
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
+ }
154
+ }
155
+ else{
156
+ update_site_option('mo_2f_switch_backup', 0);
157
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
+ $handler_obj = new MoBackupSite;
159
+ $handler_obj->bl_deactivate();
160
+ update_site_option('mo2f_enable_cron_backup', 0);
161
+ $handler_obj->file_backup_deactivate();
162
+ update_site_option('mo2f_enable_cron_file_backup', 0);
163
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
+ }
166
+ }
167
+
168
+ public function mo2f_handle_malware_enable($POSTED){
169
+ if($POSTED){
170
+ update_site_option('mo_2f_switch_malware', 1);
171
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
+ if (isset($_POST['option'] ))
173
+ {
174
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
+ }
177
+ }else{
178
+ update_site_option('mo_2f_switch_malware', 0);
179
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
+ }
183
+ }
184
+
185
+ public function mo2f_handle_block_enable($POSTED){
186
+ if($POSTED){
187
+ update_site_option('mo_2f_switch_adv_block', 1);
188
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
+ if (isset($_POST['option'] ))
190
+ {
191
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
+ }
194
+ }
195
+ else{
196
+ update_site_option('mo_2f_switch_adv_block', 0);
197
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
+ update_site_option('mo_wpns_iprange_count', 0);
199
+ update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
+ update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
+ update_site_option('mo_wpns_referrers', false);
202
+ update_site_option('mo_wpns_countrycodes', false);
203
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
+ }
206
+ }
207
+
208
+
209
+ }
210
+ new Mo2f_ajax_dashboard();
211
  ?>
controllers/duo_authenticator/duo_authenticator_ajax.php CHANGED
@@ -1,74 +1,74 @@
1
- <?php
2
- class Mo_2f_duo_authenticator
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
-
7
- }
8
-
9
- public function mo2f_duo_authenticator_functions(){
10
- add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
- add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
- }
13
-
14
- public function mo2f_duo_ajax_request(){
15
-
16
- switch ($_POST['call_type']) {
17
- case "check_duo_push_auth_status":
18
- $this->mo2f_check_duo_push_auth_status();
19
- break;
20
- }
21
- }
22
-
23
- public function mo2f_duo_authenticator_ajax(){
24
- switch($_POST['call_type'])
25
- {
26
-
27
- case "check_duo_push_auth_status":
28
- $this->mo2f_check_duo_push_auth_status();
29
- break;
30
- }
31
- }
32
-
33
-
34
- function mo2f_check_duo_push_auth_status(){
35
-
36
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
- {
38
- wp_send_json("ERROR");
39
- exit;
40
- }else{
41
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
- $ikey = get_site_option('mo2f_d_integration_key');
43
- $skey = get_site_option('mo2f_d_secret_key');
44
- $host = get_site_option('mo2f_d_api_hostname');
45
- $current_user = wp_get_current_user();
46
-
47
- $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
- $user_email = get_user_meta($user_id,'current_user_email');
50
- $user_email = isset($user_email[0])? $user_email[0]:'';
51
-
52
- if($user_email == '' || empty($user_email))
53
- $user_email = $current_user->user_email;
54
-
55
- $device['device'] = 'auto';
56
-
57
- $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
-
59
-
60
- if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
-
62
- wp_send_json('SUCCESS');
63
- }else{
64
-
65
- wp_send_json('ERROR');
66
- }
67
- }
68
-
69
-
70
- }
71
-
72
- }
73
- new Mo_2f_duo_authenticator();
74
- ?>
1
+ <?php
2
+ class Mo_2f_duo_authenticator
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
+
7
+ }
8
+
9
+ public function mo2f_duo_authenticator_functions(){
10
+ add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
+ add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
+ }
13
+
14
+ public function mo2f_duo_ajax_request(){
15
+
16
+ switch ($_POST['call_type']) {
17
+ case "check_duo_push_auth_status":
18
+ $this->mo2f_check_duo_push_auth_status();
19
+ break;
20
+ }
21
+ }
22
+
23
+ public function mo2f_duo_authenticator_ajax(){
24
+ switch($_POST['call_type'])
25
+ {
26
+
27
+ case "check_duo_push_auth_status":
28
+ $this->mo2f_check_duo_push_auth_status();
29
+ break;
30
+ }
31
+ }
32
+
33
+
34
+ function mo2f_check_duo_push_auth_status(){
35
+
36
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
+ {
38
+ wp_send_json("ERROR");
39
+ exit;
40
+ }else{
41
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
+ $ikey = get_site_option('mo2f_d_integration_key');
43
+ $skey = get_site_option('mo2f_d_secret_key');
44
+ $host = get_site_option('mo2f_d_api_hostname');
45
+ $current_user = wp_get_current_user();
46
+
47
+ $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
+ $user_email = get_user_meta($user_id,'current_user_email');
50
+ $user_email = isset($user_email[0])? $user_email[0]:'';
51
+
52
+ if($user_email == '' || empty($user_email))
53
+ $user_email = $current_user->user_email;
54
+
55
+ $device['device'] = 'auto';
56
+
57
+ $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
+
59
+
60
+ if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
+
62
+ wp_send_json('SUCCESS');
63
+ }else{
64
+
65
+ wp_send_json('ERROR');
66
+ }
67
+ }
68
+
69
+
70
+ }
71
+
72
+ }
73
+ new Mo_2f_duo_authenticator();
74
+ ?>
controllers/feedback_footer.php CHANGED
@@ -1,79 +1,57 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
- break;
12
- }
13
- }
14
-
15
- $current_user = wp_get_current_user();
16
- $email = get_option("mo2f_email");
17
- $phone = get_option("mo_wpns_admin_phone");
18
-
19
-
20
- /* SUPPORT FORM RELATED FUNCTIONS */
21
-
22
- //Function to handle support form submit
23
-
24
- if(empty($email))
25
- $email = $current_user->user_email;
26
-
27
- function wpns_handle_support_form_new($email,$query,$phone)
28
- {
29
- $call_setup = false;
30
- if(array_key_exists('2fa_setup_call',$_POST)===true){
31
- $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
32
- $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
33
- $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
34
- $call_setup = true;
35
- }
36
- $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
37
-
38
- if(empty($email) || empty($query)){
39
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
40
- return;
41
- }
42
-
43
- $query = sanitize_text_field( $query );
44
- $email = sanitize_text_field( $email );
45
- $phone = sanitize_text_field( $phone );
46
- $contact_us = new MocURL();
47
-
48
- if($send_configuration)
49
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
50
- else
51
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
52
-
53
- if($call_setup == false) {
54
- $query = $query.'<br><br>';
55
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
56
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
57
- } else {
58
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
59
- }
60
- } else {
61
-
62
- $local_timezone='Asia/Kolkata';
63
- $call_datetime=$call_date.$call_time;
64
- $convert_datetime = strtotime ( $call_datetime );
65
- $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
66
- $ist_date->setTimezone(new DateTimeZone($local_timezone));
67
-
68
-
69
- $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
70
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
71
-
72
- }
73
- if(json_last_error() == JSON_ERROR_NONE && $submited){
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
75
- }else{
76
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
77
- }
78
- }
79
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
+ break;
12
+ }
13
+ }
14
+
15
+ $current_user = wp_get_current_user();
16
+ $email = get_option("mo2f_email");
17
+ $phone = get_option("mo_wpns_admin_phone");
18
+
19
+
20
+ /* SUPPORT FORM RELATED FUNCTIONS */
21
+
22
+ //Function to handle support form submit
23
+
24
+ if(empty($email))
25
+ $email = $current_user->user_email;
26
+
27
+ function wpns_handle_support_form_new($email,$query,$phone)
28
+ {
29
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
30
+
31
+ if(empty($email) || empty($query)){
32
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
33
+ return;
34
+ }
35
+
36
+ $query = sanitize_text_field( $query );
37
+ $email = sanitize_text_field( $email );
38
+ $phone = sanitize_text_field( $phone );
39
+ $contact_us = new MocURL();
40
+
41
+ if($send_configuration)
42
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
43
+ else
44
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
45
+
46
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ } else {
49
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
50
+ }
51
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
52
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
53
+ }else{
54
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
55
+ }
56
+ }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
57
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
controllers/malware_scanner/scan_malware.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- update_site_option('mo2f_visit_malware',true);
6
-
7
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
- ?>
9
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ update_site_option('mo2f_visit_malware',true);
6
+
7
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
+ ?>
9
+
controllers/pointers.php CHANGED
@@ -1,581 +1,581 @@
1
- <?php
2
-
3
- $pointers = array();
4
- $tab= 'default';
5
- if(array_key_exists('tab',$_GET))
6
- $tab = $_GET['tab'];
7
-
8
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
-
10
- {
11
- $pointers['default-miniorange-2fa-select-authentication'] = array(
12
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
- 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
- 'isdefault' => 'yes',
16
- 'edge' => 'bottom',
17
- 'align' => 'middle',
18
- 'index' => 'default-miniorange-2fa-select-authentication',
19
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
- );
21
- $pointers['default-miniorange-2fa-configure'] = array(
22
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
- 'anchor_id' => '#GoogleAuthenticator_configuration',
25
- 'isdefault' => 'yes',
26
- 'edge' => 'top',
27
- 'align' => 'left',
28
- 'index' => 'default-miniorange-2fa-configure',
29
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
- );
31
-
32
- $pointers['default-miniorange-2fa-choose_app'] = array(
33
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
- 'anchor_id' => '#mo2f_choose_app_tour',
36
- 'isdefault' => 'yes',
37
- 'edge' => 'left',
38
- 'align' => 'left',
39
- 'index' => 'default-miniorange-2fa-choose_app1',
40
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
- );
42
-
43
- $pointers['default-miniorange-2fa-download_app'] = array(
44
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
- 'anchor_id' => '#links_to_apps_tour',
47
- 'isdefault' => 'yes',
48
- 'edge' => 'left',
49
- 'align' => 'left',
50
- 'index' => 'default-miniorange-2fa-download_app1',
51
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
- );
53
-
54
-
55
- $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
- 'anchor_id' => '#displayGAQrCodeTour',
59
- 'isdefault' => 'yes',
60
- 'edge' => 'left',
61
- 'align' => 'left',
62
- 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
- );
65
- $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
- 'anchor_id' => '#mo2f_change_app_name',
69
- 'isdefault' => 'yes',
70
- 'edge' => 'left',
71
- 'align' => 'left',
72
- 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
- );
75
-
76
- $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
- 'anchor_id' => '#mo2f_scanbarcode_a',
80
- 'isdefault' => 'yes',
81
- 'edge' => 'left',
82
- 'align' => 'left',
83
- 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
- );
86
-
87
- $pointers['default-miniorange-2fa-enter-otp'] = array(
88
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
- 'anchor_id' => '#EnterOTPGATour',
91
- 'isdefault' => 'yes',
92
- 'edge' => 'right',
93
- 'align' => 'left',
94
- 'index' => 'default-miniorange-2fa-enter-otp1',
95
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
- );
97
- $pointers['default-miniorange-2fa-save-otp'] = array(
98
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
- 'anchor_id' => '#SaveOTPGATour',
101
- 'isdefault' => 'yes',
102
- 'edge' => 'right',
103
- 'align' => 'left',
104
- 'index' => 'default-miniorange-2fa-save-otp1',
105
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
- );
107
- $pointers['default-miniorange-2fa-test'] = array(
108
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
- 'anchor_id' => '#test',
111
- 'isdefault' => 'yes',
112
- 'edge' => 'right',
113
- 'align' => 'left',
114
- 'index' => 'default-miniorange-2fa-test',
115
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
- );
117
-
118
- $pointers['default-miniorange-2fa-customizations'] = array(
119
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
- 'anchor_id' => '#disable_two_factor_tour',
122
- 'isdefault' => 'yes',
123
- 'edge' => 'top',
124
- 'align' => 'left',
125
- 'index' => 'default-miniorange-2fa-customizations',
126
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
- );
128
- $pointers['default-miniorange-2fa-inline-registration'] = array(
129
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
- 'anchor_id' => '#mo2f_inline_registration_tour',
132
- 'isdefault' => 'yes',
133
- 'edge' => 'top',
134
- 'align' => 'left',
135
- 'index' => 'default-miniorange-2fa-inline-registration',
136
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
- );
138
- $pointers['default-minorange-2fa-integration'] = array(
139
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
- 'anchor_id' => '#custom_form_2fa_div',
142
- 'isdefault' => 'yes',
143
- 'edge' => 'bottom',
144
- 'align' => 'middle',
145
- 'index' => 'default-minorange-2fa-integration',
146
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
- );
148
- $pointers['default-minorange-2fa-premium-features'] = array(
149
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
- 'anchor_id' => '#custom_login_2fa',
152
- 'isdefault' => 'yes',
153
- 'edge' => 'left',
154
- 'align' => 'left',
155
- 'index' => 'default-minorange-2fa-premium-features',
156
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
- );
158
-
159
- $pointers['default-miniorange-2fa-upgrade'] = array(
160
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
- 'anchor_id' => '#mo_2fa_upgrade_tour',
163
- 'isdefault' => 'yes',
164
- 'edge' => 'top',
165
- 'align' => 'left',
166
- 'index' => 'default-miniorange-2fa-upgrade',
167
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
- );
169
- $pointers['default-miniorange-2fa-support_open'] = array(
170
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
- 'anchor_id' => '#mo_wpns_support_layout_tour',
173
- 'isdefault' => 'yes',
174
- 'edge' => 'bottom',
175
- 'align' => 'right',
176
- 'index' => 'default-miniorange-2fa-support_open',
177
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
- );
179
-
180
-
181
- }
182
- if(get_option('mo2f_tour_firewall') == 1 ){
183
- $pointers['default-miniorange-firewall-level'] = array(
184
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
- 'anchor_id' => '#mo_waf_options_tour',
187
- 'isfirewall'=> 'yes',
188
- 'edge' => 'top',
189
- 'align' => 'left',
190
- 'index' => 'default-miniorange-firewall-level',
191
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
- );
193
- $pointers['default-miniorange-firewall-attacks'] = array(
194
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
- 'anchor_id' => '#mo2f_AttackTypes',
197
- 'isfirewall'=> 'yes',
198
- 'edge' => 'bottom',
199
- 'align' => 'left',
200
- 'index' => 'default-miniorange-firewall-attacks',
201
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
- );
203
- $pointers['default-miniorange-firewall-attack-limit'] = array(
204
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
- 'anchor_id' => '#mo2f_waf_block_after',
207
- 'isfirewall'=> 'yes',
208
- 'edge' => 'bottom',
209
- 'align' => 'left',
210
- 'index' => 'default-miniorange-firewall-attack-limit',
211
- 'align' => 'left',
212
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
- );
214
-
215
- $pointers['default-miniorange-firewall-rate-limit'] = array(
216
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
- 'anchor_id' => '#mo2f_ratelimiting',
219
- 'isfirewall'=> 'yes',
220
- 'edge' => 'top',
221
- 'align' => 'left',
222
- 'index' => 'default-miniorange-firewall-rate-limit',
223
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
- );
225
- $pointers['default-miniorange-firewall-check-attacks'] = array(
226
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
- 'anchor_id' => '#mo2f_firewall_attack_dash',
229
- 'isfirewall'=> 'yes',
230
- 'edge' => 'top',
231
- 'align' => 'left',
232
- 'index' => 'default-miniorange-firewall-check-attacks',
233
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
- );
235
- $pointers['default-miniorange-2fa-upgrade'] = array(
236
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
- 'anchor_id' => '#mo_2fa_upgrade_tour',
239
- 'isfirewall' => 'yes',
240
- 'edge' => 'top',
241
- 'align' => 'left',
242
- 'index' => 'default-miniorange-2fa-upgrade',
243
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
- );
245
-
246
- $pointers['default-miniorange-firewall-support'] = array(
247
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
- 'anchor_id' => '#mo_wpns_support_layout_tour',
250
- 'isfirewall' => 'yes',
251
- 'edge' => 'bottom',
252
- 'align' => 'left',
253
- 'index' => 'default-miniorange-firewall-support',
254
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
- );
256
-
257
- }
258
-
259
- if(get_option('mo2f_tour_malware_scan') ==1){
260
- $pointers['default-miniorange-malware-scan-modes'] = array(
261
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
- 'anchor_id' => '#scan_status_table',
264
- 'ismalware' => 'yes',
265
- 'edge' => 'bottom',
266
- 'align' => 'left',
267
- 'index' => 'default-miniorange-malware-scan-modes',
268
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
- );
270
- $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
- 'anchor_id' => '#mo2f_select_scanning_files',
274
- 'ismalware' => 'yes',
275
- 'edge' => 'bottom',
276
- 'align' => 'left',
277
- 'index' => 'default-miniorange-malware-custom-scan-files',
278
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
- );
280
- $pointers['default-miniorange-malware-scan-reports'] = array(
281
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
- 'anchor_id' => '#scan_report_table',
284
- 'ismalware' => 'yes',
285
- 'edge' => 'top',
286
- 'align' => 'left',
287
- 'index' => 'default-miniorange-malware-scan-reports',
288
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
- );
290
-
291
- $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
- 'anchor_id' => '#mo2f_scan_dash',
295
- 'ismalware' => 'yes',
296
- 'edge' => 'top',
297
- 'align' => 'left',
298
- 'index' => 'default-miniorange-malware-scan-dashboard',
299
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
- );
301
- $pointers['default-miniorange-2fa-upgrade'] = array(
302
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
- 'anchor_id' => '#mo_2fa_upgrade_tour',
305
- 'ismalware' => 'yes',
306
- 'edge' => 'top',
307
- 'align' => 'left',
308
- 'index' => 'default-miniorange-2fa-upgrade',
309
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
- );
311
-
312
- $pointers['default-miniorange-malware-support'] = array(
313
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
- 'anchor_id' => '#mo_wpns_support_layout_tour',
316
- 'ismalware' => 'yes',
317
- 'edge' => 'bottom',
318
- 'align' => 'left',
319
- 'index' => 'default-miniorange-malware-support',
320
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
- );
322
-
323
- }
324
-
325
- if(get_option('mo2f_tour_advance_blocking') ==1){
326
- $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
- 'anchor_id' => '#mo2f_manual_ip_blocking',
330
- 'advcblock' => 'yes',
331
- 'edge' => 'top',
332
- 'align' => 'left',
333
- 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
- );
336
- $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
- 'anchor_id' => '#mo2f_ip_whitelisting',
340
- 'advcblock' => 'yes',
341
- 'edge' => 'top',
342
- 'align' => 'left',
343
- 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
- );
346
-
347
- $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
- 'anchor_id' => '#mo2f_ip_lookup',
351
- 'advcblock' => 'yes',
352
- 'edge' => 'bottom',
353
- 'align' => 'left',
354
- 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
- );
357
-
358
-
359
- $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
- 'anchor_id' => '#mo2f_ip_range_blocking',
363
- 'advcblock' => 'yes',
364
- 'edge' => 'top',
365
- 'align' => 'left',
366
- 'index' => 'default-miniorange-advance-blocking-IP-range',
367
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
- );
369
- $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
- 'anchor_id' => '#mo2f_htaccess_blocking',
373
- 'advcblock' => 'yes',
374
- 'edge' => 'top',
375
- 'align' => 'left',
376
- 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
- );
379
- $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
- 'anchor_id' => '#mo2f_browser_blocking',
383
- 'advcblock' => 'yes',
384
- 'edge' => 'top',
385
- 'align' => 'left',
386
- 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
- );
389
- $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
- 'anchor_id' => '#mo2f_country_blocking',
393
- 'advcblock' => 'yes',
394
- 'edge' => 'bottom',
395
- 'align' => 'left',
396
- 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
- );
399
-
400
- $pointers['default-miniorange-2fa-upgrade'] = array(
401
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
- 'anchor_id' => '#mo_2fa_upgrade_tour',
404
- 'advcblock' => 'yes',
405
- 'edge' => 'top',
406
- 'align' => 'left',
407
- 'index' => 'default-miniorange-2fa-upgrade',
408
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
- );
410
- $pointers['default-miniorange-advance-blocking-support'] = array(
411
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
- 'anchor_id' => '#mo_wpns_support_layout_tour',
414
- 'advcblock' => 'yes',
415
- 'edge' => 'bottom',
416
- 'align' => 'left',
417
- 'index' => 'default-miniorange-advance-blocking-support',
418
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
- );
420
-
421
- }
422
-
423
-
424
- if(get_option('mo2f_tour_backup') == 1 ){
425
- $pointers['default-miniorange-backup-manual-db'] = array(
426
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
- 'anchor_id' => '#mo2f_select_files_backup',
429
- 'isBackup'=> 'yes',
430
- 'edge' => 'top',
431
- 'align' => 'left',
432
- 'index' => 'default-miniorange-backup-manual-db',
433
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
- );
435
- $pointers['default-miniorange-backup-auto-db'] = array(
436
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
- 'anchor_id' => '#mo2f_auto_dbbackup',
439
- 'isBackup'=> 'yes',
440
- 'edge' => 'bottom',
441
- 'align' => 'left',
442
- 'index' => 'default-miniorange-backup-auto-db',
443
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
- );
445
- $pointers['default-miniorange-backup-file'] = array(
446
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
- 'anchor_id' => '#mo2f_schedule_backup_status',
449
- 'isBackup'=> 'yes',
450
- 'edge' => 'top',
451
- 'align' => 'left',
452
- 'index' => 'default-miniorange-backup-file',
453
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
- );
455
- $pointers['default-miniorange-backup-report'] = array(
456
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
- 'anchor_id' => '#backup_report_table',
459
- 'isBackup'=> 'yes',
460
- 'edge' => 'bottom',
461
- 'align' => 'left',
462
- 'index' => 'default-miniorange-backup-report',
463
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
- );
465
-
466
- $pointers['default-miniorange-2fa-upgrade'] = array(
467
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
- 'anchor_id' => '#mo_2fa_upgrade_tour',
470
- 'isBackup' => 'yes',
471
- 'edge' => 'top',
472
- 'align' => 'left',
473
- 'index' => 'default-miniorange-2fa-upgrade',
474
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
- );
476
- $pointers['default-miniorange-backup-support'] = array(
477
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
- 'anchor_id' => '#mo_wpns_support_layout_tour',
480
- 'isBackup' => 'yes',
481
- 'edge' => 'bottom',
482
- 'align' => 'left',
483
- 'index' => 'default-miniorange-backup-support',
484
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
- );
486
-
487
- }
488
-
489
- if(get_option('mo2f_tour_loginSpam') == 1){
490
- $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
- 'anchor_id' => '#mo2f_bruteforce',
494
- 'loginSpam' => 'yes',
495
- 'edge' => 'top',
496
- 'align' => 'left',
497
- 'index' => 'default-miniorange-login-spam-bruteforce',
498
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
- );
500
- $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
- 'anchor_id' => '#mo2f_google_recaptcha',
504
- 'loginSpam' => 'yes',
505
- 'edge' => 'top',
506
- 'align' => 'left',
507
- 'index' => 'default-miniorange-login-spam-recaptcha',
508
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
- );
510
- $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
- 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
- 'loginSpam' => 'yes',
515
- 'edge' => 'bottom',
516
- 'align' => 'left',
517
- 'index' => 'default-miniorange-login-spam-strong-pass',
518
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
- );
520
-
521
- $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
- 'anchor_id' => '#mo2f_block_registration',
525
- 'loginSpam' => 'yes',
526
- 'edge' => 'top',
527
- 'align' => 'left',
528
- 'index' => 'default-miniorange-login-spam-fake-registration',
529
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
- );
531
- $pointers['default-miniorange-login-spam-content'] = array(
532
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
- 'anchor_id' => '#mo2f_content_protection',
535
- 'loginSpam' => 'yes',
536
- 'edge' => 'bottom',
537
- 'align' => 'left',
538
- 'index' => 'default-miniorange-login-spam-content',
539
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
- );
541
- $pointers['default-miniorange-login-spam-block-spam'] = array(
542
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
- 'anchor_id' => '#mo2f_comment_protection',
545
- 'loginSpam' => 'yes',
546
- 'edge' => 'bottom',
547
- 'align' => 'left',
548
- 'index' => 'default-miniorange-login-spam-block-spam',
549
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
- );
551
- $pointers['default-miniorange-2fa-upgrade'] = array(
552
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
- 'anchor_id' => '#mo_2fa_upgrade_tour',
555
- 'loginSpam' => 'yes',
556
- 'edge' => 'top',
557
- 'align' => 'left',
558
- 'index' => 'default-miniorange-2fa-upgrade',
559
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
- );
561
-
562
- $pointers['default-miniorange-login-spam-support'] = array(
563
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
- 'anchor_id' => '#mo_wpns_support_layout_tour',
566
- 'loginSpam' => 'yes',
567
- 'edge' => 'bottom',
568
- 'align' => 'left',
569
- 'index' => 'default-miniorange-login-spam-support',
570
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
- );
572
-
573
-
574
- }
575
-
576
-
577
-
578
-
579
-
580
-
581
- return $pointers;
1
+ <?php
2
+
3
+ $pointers = array();
4
+ $tab= 'default';
5
+ if(array_key_exists('tab',$_GET))
6
+ $tab = $_GET['tab'];
7
+
8
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
+
10
+ {
11
+ $pointers['default-miniorange-2fa-select-authentication'] = array(
12
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
+ 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
+ 'isdefault' => 'yes',
16
+ 'edge' => 'bottom',
17
+ 'align' => 'middle',
18
+ 'index' => 'default-miniorange-2fa-select-authentication',
19
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
+ );
21
+ $pointers['default-miniorange-2fa-configure'] = array(
22
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
+ 'anchor_id' => '#GoogleAuthenticator_configuration',
25
+ 'isdefault' => 'yes',
26
+ 'edge' => 'top',
27
+ 'align' => 'left',
28
+ 'index' => 'default-miniorange-2fa-configure',
29
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
+ );
31
+
32
+ $pointers['default-miniorange-2fa-choose_app'] = array(
33
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
+ 'anchor_id' => '#mo2f_choose_app_tour',
36
+ 'isdefault' => 'yes',
37
+ 'edge' => 'left',
38
+ 'align' => 'left',
39
+ 'index' => 'default-miniorange-2fa-choose_app1',
40
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
+ );
42
+
43
+ $pointers['default-miniorange-2fa-download_app'] = array(
44
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
+ 'anchor_id' => '#links_to_apps_tour',
47
+ 'isdefault' => 'yes',
48
+ 'edge' => 'left',
49
+ 'align' => 'left',
50
+ 'index' => 'default-miniorange-2fa-download_app1',
51
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
+ );
53
+
54
+
55
+ $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
+ 'anchor_id' => '#displayGAQrCodeTour',
59
+ 'isdefault' => 'yes',
60
+ 'edge' => 'left',
61
+ 'align' => 'left',
62
+ 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
+ );
65
+ $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
+ 'anchor_id' => '#mo2f_change_app_name',
69
+ 'isdefault' => 'yes',
70
+ 'edge' => 'left',
71
+ 'align' => 'left',
72
+ 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
+ );
75
+
76
+ $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
+ 'anchor_id' => '#mo2f_scanbarcode_a',
80
+ 'isdefault' => 'yes',
81
+ 'edge' => 'left',
82
+ 'align' => 'left',
83
+ 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
+ );
86
+
87
+ $pointers['default-miniorange-2fa-enter-otp'] = array(
88
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
+ 'anchor_id' => '#EnterOTPGATour',
91
+ 'isdefault' => 'yes',
92
+ 'edge' => 'right',
93
+ 'align' => 'left',
94
+ 'index' => 'default-miniorange-2fa-enter-otp1',
95
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
+ );
97
+ $pointers['default-miniorange-2fa-save-otp'] = array(
98
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
+ 'anchor_id' => '#SaveOTPGATour',
101
+ 'isdefault' => 'yes',
102
+ 'edge' => 'right',
103
+ 'align' => 'left',
104
+ 'index' => 'default-miniorange-2fa-save-otp1',
105
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
+ );
107
+ $pointers['default-miniorange-2fa-test'] = array(
108
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
+ 'anchor_id' => '#test',
111
+ 'isdefault' => 'yes',
112
+ 'edge' => 'right',
113
+ 'align' => 'left',
114
+ 'index' => 'default-miniorange-2fa-test',
115
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
+ );
117
+
118
+ $pointers['default-miniorange-2fa-customizations'] = array(
119
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
+ 'anchor_id' => '#disable_two_factor_tour',
122
+ 'isdefault' => 'yes',
123
+ 'edge' => 'top',
124
+ 'align' => 'left',
125
+ 'index' => 'default-miniorange-2fa-customizations',
126
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
+ );
128
+ $pointers['default-miniorange-2fa-inline-registration'] = array(
129
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
+ 'anchor_id' => '#mo2f_inline_registration_tour',
132
+ 'isdefault' => 'yes',
133
+ 'edge' => 'top',
134
+ 'align' => 'left',
135
+ 'index' => 'default-miniorange-2fa-inline-registration',
136
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
+ );
138
+ $pointers['default-minorange-2fa-integration'] = array(
139
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
+ 'anchor_id' => '#custom_form_2fa_div',
142
+ 'isdefault' => 'yes',
143
+ 'edge' => 'bottom',
144
+ 'align' => 'middle',
145
+ 'index' => 'default-minorange-2fa-integration',
146
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
+ );
148
+ $pointers['default-minorange-2fa-premium-features'] = array(
149
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
+ 'anchor_id' => '#custom_login_2fa',
152
+ 'isdefault' => 'yes',
153
+ 'edge' => 'left',
154
+ 'align' => 'left',
155
+ 'index' => 'default-minorange-2fa-premium-features',
156
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
+ );
158
+
159
+ $pointers['default-miniorange-2fa-upgrade'] = array(
160
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
163
+ 'isdefault' => 'yes',
164
+ 'edge' => 'top',
165
+ 'align' => 'left',
166
+ 'index' => 'default-miniorange-2fa-upgrade',
167
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
+ );
169
+ $pointers['default-miniorange-2fa-support_open'] = array(
170
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
173
+ 'isdefault' => 'yes',
174
+ 'edge' => 'bottom',
175
+ 'align' => 'right',
176
+ 'index' => 'default-miniorange-2fa-support_open',
177
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
+ );
179
+
180
+
181
+ }
182
+ if(get_option('mo2f_tour_firewall') == 1 ){
183
+ $pointers['default-miniorange-firewall-level'] = array(
184
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
+ 'anchor_id' => '#mo_waf_options_tour',
187
+ 'isfirewall'=> 'yes',
188
+ 'edge' => 'top',
189
+ 'align' => 'left',
190
+ 'index' => 'default-miniorange-firewall-level',
191
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
+ );
193
+ $pointers['default-miniorange-firewall-attacks'] = array(
194
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
+ 'anchor_id' => '#mo2f_AttackTypes',
197
+ 'isfirewall'=> 'yes',
198
+ 'edge' => 'bottom',
199
+ 'align' => 'left',
200
+ 'index' => 'default-miniorange-firewall-attacks',
201
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
+ );
203
+ $pointers['default-miniorange-firewall-attack-limit'] = array(
204
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
+ 'anchor_id' => '#mo2f_waf_block_after',
207
+ 'isfirewall'=> 'yes',
208
+ 'edge' => 'bottom',
209
+ 'align' => 'left',
210
+ 'index' => 'default-miniorange-firewall-attack-limit',
211
+ 'align' => 'left',
212
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
+ );
214
+
215
+ $pointers['default-miniorange-firewall-rate-limit'] = array(
216
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
+ 'anchor_id' => '#mo2f_ratelimiting',
219
+ 'isfirewall'=> 'yes',
220
+ 'edge' => 'top',
221
+ 'align' => 'left',
222
+ 'index' => 'default-miniorange-firewall-rate-limit',
223
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
+ );
225
+ $pointers['default-miniorange-firewall-check-attacks'] = array(
226
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
+ 'anchor_id' => '#mo2f_firewall_attack_dash',
229
+ 'isfirewall'=> 'yes',
230
+ 'edge' => 'top',
231
+ 'align' => 'left',
232
+ 'index' => 'default-miniorange-firewall-check-attacks',
233
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
+ );
235
+ $pointers['default-miniorange-2fa-upgrade'] = array(
236
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
239
+ 'isfirewall' => 'yes',
240
+ 'edge' => 'top',
241
+ 'align' => 'left',
242
+ 'index' => 'default-miniorange-2fa-upgrade',
243
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
+ );
245
+
246
+ $pointers['default-miniorange-firewall-support'] = array(
247
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
250
+ 'isfirewall' => 'yes',
251
+ 'edge' => 'bottom',
252
+ 'align' => 'left',
253
+ 'index' => 'default-miniorange-firewall-support',
254
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
+ );
256
+
257
+ }
258
+
259
+ if(get_option('mo2f_tour_malware_scan') ==1){
260
+ $pointers['default-miniorange-malware-scan-modes'] = array(
261
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
+ 'anchor_id' => '#scan_status_table',
264
+ 'ismalware' => 'yes',
265
+ 'edge' => 'bottom',
266
+ 'align' => 'left',
267
+ 'index' => 'default-miniorange-malware-scan-modes',
268
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
+ );
270
+ $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
+ 'anchor_id' => '#mo2f_select_scanning_files',
274
+ 'ismalware' => 'yes',
275
+ 'edge' => 'bottom',
276
+ 'align' => 'left',
277
+ 'index' => 'default-miniorange-malware-custom-scan-files',
278
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
+ );
280
+ $pointers['default-miniorange-malware-scan-reports'] = array(
281
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
+ 'anchor_id' => '#scan_report_table',
284
+ 'ismalware' => 'yes',
285
+ 'edge' => 'top',
286
+ 'align' => 'left',
287
+ 'index' => 'default-miniorange-malware-scan-reports',
288
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
+ );
290
+
291
+ $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
+ 'anchor_id' => '#mo2f_scan_dash',
295
+ 'ismalware' => 'yes',
296
+ 'edge' => 'top',
297
+ 'align' => 'left',
298
+ 'index' => 'default-miniorange-malware-scan-dashboard',
299
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
+ );
301
+ $pointers['default-miniorange-2fa-upgrade'] = array(
302
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
305
+ 'ismalware' => 'yes',
306
+ 'edge' => 'top',
307
+ 'align' => 'left',
308
+ 'index' => 'default-miniorange-2fa-upgrade',
309
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
+ );
311
+
312
+ $pointers['default-miniorange-malware-support'] = array(
313
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
316
+ 'ismalware' => 'yes',
317
+ 'edge' => 'bottom',
318
+ 'align' => 'left',
319
+ 'index' => 'default-miniorange-malware-support',
320
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
+ );
322
+
323
+ }
324
+
325
+ if(get_option('mo2f_tour_advance_blocking') ==1){
326
+ $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
+ 'anchor_id' => '#mo2f_manual_ip_blocking',
330
+ 'advcblock' => 'yes',
331
+ 'edge' => 'top',
332
+ 'align' => 'left',
333
+ 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
+ );
336
+ $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
+ 'anchor_id' => '#mo2f_ip_whitelisting',
340
+ 'advcblock' => 'yes',
341
+ 'edge' => 'top',
342
+ 'align' => 'left',
343
+ 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
+ );
346
+
347
+ $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
+ 'anchor_id' => '#mo2f_ip_lookup',
351
+ 'advcblock' => 'yes',
352
+ 'edge' => 'bottom',
353
+ 'align' => 'left',
354
+ 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
+ );
357
+
358
+
359
+ $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
+ 'anchor_id' => '#mo2f_ip_range_blocking',
363
+ 'advcblock' => 'yes',
364
+ 'edge' => 'top',
365
+ 'align' => 'left',
366
+ 'index' => 'default-miniorange-advance-blocking-IP-range',
367
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
+ );
369
+ $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
+ 'anchor_id' => '#mo2f_htaccess_blocking',
373
+ 'advcblock' => 'yes',
374
+ 'edge' => 'top',
375
+ 'align' => 'left',
376
+ 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
+ );
379
+ $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
+ 'anchor_id' => '#mo2f_browser_blocking',
383
+ 'advcblock' => 'yes',
384
+ 'edge' => 'top',
385
+ 'align' => 'left',
386
+ 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
+ );
389
+ $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
+ 'anchor_id' => '#mo2f_country_blocking',
393
+ 'advcblock' => 'yes',
394
+ 'edge' => 'bottom',
395
+ 'align' => 'left',
396
+ 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
+ );
399
+
400
+ $pointers['default-miniorange-2fa-upgrade'] = array(
401
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
404
+ 'advcblock' => 'yes',
405
+ 'edge' => 'top',
406
+ 'align' => 'left',
407
+ 'index' => 'default-miniorange-2fa-upgrade',
408
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
+ );
410
+ $pointers['default-miniorange-advance-blocking-support'] = array(
411
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
414
+ 'advcblock' => 'yes',
415
+ 'edge' => 'bottom',
416
+ 'align' => 'left',
417
+ 'index' => 'default-miniorange-advance-blocking-support',
418
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
+ );
420
+
421
+ }
422
+
423
+
424
+ if(get_option('mo2f_tour_backup') == 1 ){
425
+ $pointers['default-miniorange-backup-manual-db'] = array(
426
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
+ 'anchor_id' => '#mo2f_select_files_backup',
429
+ 'isBackup'=> 'yes',
430
+ 'edge' => 'top',
431
+ 'align' => 'left',
432
+ 'index' => 'default-miniorange-backup-manual-db',
433
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
+ );
435
+ $pointers['default-miniorange-backup-auto-db'] = array(
436
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
+ 'anchor_id' => '#mo2f_auto_dbbackup',
439
+ 'isBackup'=> 'yes',
440
+ 'edge' => 'bottom',
441
+ 'align' => 'left',
442
+ 'index' => 'default-miniorange-backup-auto-db',
443
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
+ );
445
+ $pointers['default-miniorange-backup-file'] = array(
446
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
+ 'anchor_id' => '#mo2f_schedule_backup_status',
449
+ 'isBackup'=> 'yes',
450
+ 'edge' => 'top',
451
+ 'align' => 'left',
452
+ 'index' => 'default-miniorange-backup-file',
453
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
+ );
455
+ $pointers['default-miniorange-backup-report'] = array(
456
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
+ 'anchor_id' => '#backup_report_table',
459
+ 'isBackup'=> 'yes',
460
+ 'edge' => 'bottom',
461
+ 'align' => 'left',
462
+ 'index' => 'default-miniorange-backup-report',
463
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
+ );
465
+
466
+ $pointers['default-miniorange-2fa-upgrade'] = array(
467
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
470
+ 'isBackup' => 'yes',
471
+ 'edge' => 'top',
472
+ 'align' => 'left',
473
+ 'index' => 'default-miniorange-2fa-upgrade',
474
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
+ );
476
+ $pointers['default-miniorange-backup-support'] = array(
477
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
480
+ 'isBackup' => 'yes',
481
+ 'edge' => 'bottom',
482
+ 'align' => 'left',
483
+ 'index' => 'default-miniorange-backup-support',
484
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
+ );
486
+
487
+ }
488
+
489
+ if(get_option('mo2f_tour_loginSpam') == 1){
490
+ $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
+ 'anchor_id' => '#mo2f_bruteforce',
494
+ 'loginSpam' => 'yes',
495
+ 'edge' => 'top',
496
+ 'align' => 'left',
497
+ 'index' => 'default-miniorange-login-spam-bruteforce',
498
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
+ );
500
+ $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
+ 'anchor_id' => '#mo2f_google_recaptcha',
504
+ 'loginSpam' => 'yes',
505
+ 'edge' => 'top',
506
+ 'align' => 'left',
507
+ 'index' => 'default-miniorange-login-spam-recaptcha',
508
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
+ );
510
+ $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
+ 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
+ 'loginSpam' => 'yes',
515
+ 'edge' => 'bottom',
516
+ 'align' => 'left',
517
+ 'index' => 'default-miniorange-login-spam-strong-pass',
518
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
+ );
520
+
521
+ $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
+ 'anchor_id' => '#mo2f_block_registration',
525
+ 'loginSpam' => 'yes',
526
+ 'edge' => 'top',
527
+ 'align' => 'left',
528
+ 'index' => 'default-miniorange-login-spam-fake-registration',
529
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
+ );
531
+ $pointers['default-miniorange-login-spam-content'] = array(
532
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
+ 'anchor_id' => '#mo2f_content_protection',
535
+ 'loginSpam' => 'yes',
536
+ 'edge' => 'bottom',
537
+ 'align' => 'left',
538
+ 'index' => 'default-miniorange-login-spam-content',
539
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
+ );
541
+ $pointers['default-miniorange-login-spam-block-spam'] = array(
542
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
+ 'anchor_id' => '#mo2f_comment_protection',
545
+ 'loginSpam' => 'yes',
546
+ 'edge' => 'bottom',
547
+ 'align' => 'left',
548
+ 'index' => 'default-miniorange-login-spam-block-spam',
549
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
+ );
551
+ $pointers['default-miniorange-2fa-upgrade'] = array(
552
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
555
+ 'loginSpam' => 'yes',
556
+ 'edge' => 'top',
557
+ 'align' => 'left',
558
+ 'index' => 'default-miniorange-2fa-upgrade',
559
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
+ );
561
+
562
+ $pointers['default-miniorange-login-spam-support'] = array(
563
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
566
+ 'loginSpam' => 'yes',
567
+ 'edge' => 'bottom',
568
+ 'align' => 'left',
569
+ 'index' => 'default-miniorange-login-spam-support',
570
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
+ );
572
+
573
+
574
+ }
575
+
576
+
577
+
578
+
579
+
580
+
581
+ return $pointers;
controllers/reports.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
- global $wpdb;
7
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
-
9
- }
10
-
11
-
12
-
13
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
- global $wpdb;
15
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
-
17
- }
18
-
19
- $mo_wpns_handler = new MoWpnsHandler();
20
- $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
- $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
-
23
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
-
25
  ?>
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
+ global $wpdb;
7
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
+
9
+ }
10
+
11
+
12
+
13
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
+ global $wpdb;
15
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
+
17
+ }
18
+
19
+ $mo_wpns_handler = new MoWpnsHandler();
20
+ $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
+ $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
+
23
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
+
25
  ?>
controllers/request_christmas_offer.php CHANGED
@@ -1,48 +1,48 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_christmas_request_form":
9
- wpns_handle_christmas_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
-
15
- function wpns_handle_christmas_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
- $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $usecase = sanitize_text_field( $usecase );
30
- $email = sanitize_text_field( $email );
31
- $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
- $query .= ' =>';
33
- $query .= ' : ';
34
- $query .= $usecase;
35
- $contact_us = new MocURL();
36
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
-
38
- if(json_last_error() == JSON_ERROR_NONE && $submited)
39
- {
40
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
- return;
42
- }
43
- else{
44
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
- }
46
- }
47
- }
48
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_christmas_request_form":
9
+ wpns_handle_christmas_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
+
15
+ function wpns_handle_christmas_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $usecase = sanitize_text_field( $usecase );
30
+ $email = sanitize_text_field( $email );
31
+ $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
+ $query .= ' =>';
33
+ $query .= ' : ';
34
+ $query .= $usecase;
35
+ $contact_us = new MocURL();
36
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
+
38
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
39
+ {
40
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
+ return;
42
+ }
43
+ else{
44
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
+ }
46
+ }
47
+ }
48
  ?>
controllers/request_demo.php CHANGED
@@ -1,51 +1,51 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_demo_request_form":
9
- wpns_handle_demo_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
-
15
- function wpns_handle_demo_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
- $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
- $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
- return;
22
- }
23
- if(empty($usecase) || empty($email) || empty($demo_plan) )
24
- {
25
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
- return;
27
- }
28
- else{
29
-
30
- $usecase = sanitize_text_field( $usecase );
31
- $email = sanitize_text_field( $email );
32
- $demo_plan = sanitize_text_field($demo_plan);
33
- $query = 'REQUEST FOR DEMO';
34
- $query .= ' =>';
35
- $query .= $demo_plan;
36
- $query .= ' : ';
37
- $query .= $usecase;
38
- $contact_us = new MocURL();
39
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
-
41
- if(json_last_error() == JSON_ERROR_NONE && $submited)
42
- {
43
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
- return;
45
- }
46
- else{
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
- }
49
- }
50
- }
51
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_demo_request_form":
9
+ wpns_handle_demo_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
+
15
+ function wpns_handle_demo_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
+ $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
+ return;
22
+ }
23
+ if(empty($usecase) || empty($email) || empty($demo_plan) )
24
+ {
25
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
+ return;
27
+ }
28
+ else{
29
+
30
+ $usecase = sanitize_text_field( $usecase );
31
+ $email = sanitize_text_field( $email );
32
+ $demo_plan = sanitize_text_field($demo_plan);
33
+ $query = 'REQUEST FOR DEMO';
34
+ $query .= ' =>';
35
+ $query .= $demo_plan;
36
+ $query .= ' : ';
37
+ $query .= $usecase;
38
+ $contact_us = new MocURL();
39
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
+
41
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
42
+ {
43
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
+ return;
45
+ }
46
+ else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ }
49
+ }
50
+ }
51
  ?>
controllers/request_offer.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_offer_request_form":
9
- wpns_handle_offer_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
-
15
- function wpns_handle_offer_request_form($post){
16
- $nonce = sanitize_text_field($post['nonce']);
17
- $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
- $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $query = 'REQUEST FOR SPECIAL OFFERS';
30
- $query .= ' =>';
31
- $query .= ' : ';
32
- $query .= $usecase;
33
- $contact_us = new MocURL();
34
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
-
36
- if(json_last_error() == JSON_ERROR_NONE && $submited)
37
- {
38
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
- return;
40
- }
41
- else{
42
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
- }
44
- }
45
- }
46
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_offer_request_form":
9
+ wpns_handle_offer_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
+
15
+ function wpns_handle_offer_request_form($post){
16
+ $nonce = sanitize_text_field($post['nonce']);
17
+ $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
+ $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $query = 'REQUEST FOR SPECIAL OFFERS';
30
+ $query .= ' =>';
31
+ $query .= ' : ';
32
+ $query .= $usecase;
33
+ $contact_us = new MocURL();
34
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
+
36
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
37
+ {
38
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
+ return;
40
+ }
41
+ else{
42
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
+ }
44
+ }
45
+ }
46
  ?>
controllers/support.php CHANGED
@@ -30,13 +30,6 @@
30
  function wpns_handle_support_form($email,$query,$phone)
31
  {
32
 
33
- $call_setup = false;
34
- if(array_key_exists('2fa_setup_call',$_POST)===true){
35
- $time_zone = sanitize_text_field($_POST['mo_2fa_setup_call_timezone']);
36
- $call_date = sanitize_text_field($_POST['mo_2fa_setup_call_date']);
37
- $call_time = sanitize_text_field($_POST['mo_2fa_setup_call_time']);
38
- $call_setup = true;
39
- }
40
  $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
41
  if(empty($email) || empty($query)){
42
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
@@ -52,27 +45,11 @@
52
  else
53
  $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
54
 
55
-
56
- if($call_setup == false) {
57
- $query = $query.'<br><br>';
58
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
59
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
60
  } else {
61
  $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
62
  }
63
- } else {
64
-
65
- $local_timezone='Asia/Kolkata';
66
- $call_datetime=$call_date.$call_time;
67
- $convert_datetime = strtotime ( $call_datetime );
68
- $ist_date = new DateTime(date ( 'Y-m-d H:i:s' , $convert_datetime ), new DateTimeZone($time_zone));
69
- $ist_date->setTimezone(new DateTimeZone($local_timezone));
70
-
71
-
72
- $query = $query . '<br><br>' .'Meeting Details: '.'('.$time_zone.') '. date('d M, Y H:i',$convert_datetime). ' [IST Time -> '. $ist_date->format('d M, Y H:i').']'.'<br><br>';
73
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query, true),true);
74
-
75
- }
76
  if(json_last_error() == JSON_ERROR_NONE && $submited){
77
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
78
  }else{
30
  function wpns_handle_support_form($email,$query,$phone)
31
  {
32
 
 
 
 
 
 
 
 
33
  $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
34
  if(empty($email) || empty($query)){
35
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
45
  else
46
  $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
47
 
 
 
 
48
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
49
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
50
  } else {
51
  $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
52
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
53
  if(json_last_error() == JSON_ERROR_NONE && $submited){
54
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
55
  }else{
controllers/tour-model.php CHANGED
@@ -290,7 +290,7 @@
290
  </tr>
291
  <tr>
292
  <td>
293
- <textarea id="query" name="query" class="mo_wpns_settings_textarea" style="resize: vertical;width:100%" cols="52" rows="7" onkeyup="mo_wpns_valid(this)" onblur="mo_wpns_valid(this)" onkeypress="mo_wpns_valid(this)" placeholder="Write your query here"></textarea>
294
  </td>
295
  </tr>
296
  </table>
290
  </tr>
291
  <tr>
292
  <td>
293
+ <textarea id="query" name="query" class="mo_wpns_settings_textarea" style="resize: vertical;width:100%" cols="52" rows="7" placeholder="Write your query here"></textarea>
294
  </td>
295
  </tr>
296
  </table>
controllers/tour/tour_ajax.php CHANGED
@@ -1,146 +1,146 @@
1
- <?php
2
- class Mo_wpns_Tour
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
-
7
- }
8
-
9
- public function mo_wpns_save_tour_details(){
10
- if(isset($_REQUEST['page']))
11
- {
12
- switch ($_REQUEST['page']) {
13
- case 'mo_2fa_two_fa':
14
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
- update_option('mo2f_two_factor_tour',1);
16
-
17
- break;
18
- case 'mo_2fa_waf':
19
- if(!get_option('mo2f_tour_firewall'))
20
- update_option('mo2f_tour_firewall',1);
21
- break;
22
- case 'mo_2fa_login_and_spam':
23
- if(!get_option('mo2f_tour_loginSpam'))
24
- update_option('mo2f_tour_loginSpam',1);
25
- break;
26
-
27
- case 'mo_2fa_backup':
28
- if(!get_option('mo2f_tour_backup'))
29
- update_option('mo2f_tour_backup',1);
30
-
31
- break;
32
- case 'mo_2fa_malwarescan':
33
- if(!get_option('mo2f_tour_malware_scan'))
34
- update_option('mo2f_tour_malware_scan',1);
35
-
36
- break;
37
- case 'mo_2fa_advancedblocking':
38
- if(!get_option('mo2f_tour_advance_blocking'))
39
- update_option('mo2f_tour_advance_blocking',1);
40
- break;
41
-
42
- default:
43
- break;
44
- }
45
- }
46
- add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
-
48
- }
49
-
50
- public function mo_wpns_tour(){
51
- switch($_POST['call_type'])
52
- {
53
- case "wpns_enable_tour":
54
- update_option('skip_tour', 0);
55
- break;
56
- case "skip_entire_plugin_tour":
57
- $this->handle_skip_entire_plugin();
58
- break;
59
- case 'entire_plugin_tour_started':
60
- $this->entire_plugin_tour_started();
61
- break;
62
- case "mo2f_close_tour_details":
63
- $this->mo2f_close_tour_details();
64
- break;
65
- case "mo2f_visit_page_tour_details":
66
- $this->mo2f_visit_page_tour_details();
67
- break;
68
- case "mo2f_last_visit_tab":
69
- $this->mo2f_last_visit_tab();
70
- break;
71
- }
72
- }
73
-
74
-
75
- function mo2f_last_visit_tab()
76
- {
77
- $lasttab = sanitize_text_field($_POST['tab']);
78
- update_option('mo2f_tour_tab',$lasttab);
79
- }
80
- function mo2f_visit_page_tour_details()
81
- {
82
- $currentPointer = '';
83
- if(isset($_POST['index']))
84
- $currentPointer = sanitize_text_field($_POST['index']);
85
-
86
- if(strpos($currentPointer, 'support') != false)
87
- {
88
- exit;
89
- }
90
- $uid = get_current_user_id();
91
- $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
- $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
- update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
- }
95
- function entire_plugin_tour_started()
96
- {
97
- update_option('mo2f_tour_started',3);
98
- exit;
99
- }
100
-
101
- function handle_skip_entire_plugin(){
102
- update_option('mo2f_two_factor_tour',-1);
103
- update_option('mo2f_tour_firewall',-1);
104
- update_option('mo2f_tour_malware_scan',-1);
105
- update_option('mo2f_tour_advance_blocking',-1);
106
- update_option('mo2f_tour_backup',-1);
107
- update_option('mo2f_tour_loginSpam',-1);
108
- update_option('mo2f_tour_started',3);
109
- exit;
110
- }
111
-
112
-
113
- function mo2f_close_tour_details()
114
- {
115
- $uid = get_current_user_id();
116
- delete_user_meta($uid,'mo2f_visited_pointers');
117
- $page = $_POST['page'];
118
- $page = sanitize_text_field($page[0]);
119
- update_option('mo2f_tour_tab','');
120
- update_option("yeah",1);
121
- switch ($page) {
122
- case 'toplevel_page_mo_2fa_two_fa':
123
- update_option('mo2f_two_factor_tour',-1);
124
- break;
125
- case 'miniorange-2-factor_page_mo_2fa_waf':
126
- update_option('mo2f_tour_firewall',-1);
127
- break;
128
- case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
- update_option('mo2f_tour_malware_scan',-1);
130
- break;
131
- case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
- update_option('mo2f_tour_advance_blocking',-1);
133
- break;
134
- case 'miniorange-2-factor_page_mo_2fa_backup':
135
- update_option('mo2f_tour_backup',-1);
136
- break;
137
- case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
- update_option('mo2f_tour_loginSpam',-1);
139
- break;
140
- }
141
-
142
- }
143
-
144
- }
145
- new Mo_wpns_Tour();
146
  ?>
1
+ <?php
2
+ class Mo_wpns_Tour
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
+
7
+ }
8
+
9
+ public function mo_wpns_save_tour_details(){
10
+ if(isset($_REQUEST['page']))
11
+ {
12
+ switch ($_REQUEST['page']) {
13
+ case 'mo_2fa_two_fa':
14
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
+ update_option('mo2f_two_factor_tour',1);
16
+
17
+ break;
18
+ case 'mo_2fa_waf':
19
+ if(!get_option('mo2f_tour_firewall'))
20
+ update_option('mo2f_tour_firewall',1);
21
+ break;
22
+ case 'mo_2fa_login_and_spam':
23
+ if(!get_option('mo2f_tour_loginSpam'))
24
+ update_option('mo2f_tour_loginSpam',1);
25
+ break;
26
+
27
+ case 'mo_2fa_backup':
28
+ if(!get_option('mo2f_tour_backup'))
29
+ update_option('mo2f_tour_backup',1);
30
+
31
+ break;
32
+ case 'mo_2fa_malwarescan':
33
+ if(!get_option('mo2f_tour_malware_scan'))
34
+ update_option('mo2f_tour_malware_scan',1);
35
+
36
+ break;
37
+ case 'mo_2fa_advancedblocking':
38
+ if(!get_option('mo2f_tour_advance_blocking'))
39
+ update_option('mo2f_tour_advance_blocking',1);
40
+ break;
41
+
42
+ default:
43
+ break;
44
+ }
45
+ }
46
+ add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
+
48
+ }
49
+
50
+ public function mo_wpns_tour(){
51
+ switch($_POST['call_type'])
52
+ {
53
+ case "wpns_enable_tour":
54
+ update_option('skip_tour', 0);
55
+ break;
56
+ case "skip_entire_plugin_tour":
57
+ $this->handle_skip_entire_plugin();
58
+ break;
59
+ case 'entire_plugin_tour_started':
60
+ $this->entire_plugin_tour_started();
61
+ break;
62
+ case "mo2f_close_tour_details":
63
+ $this->mo2f_close_tour_details();
64
+ break;
65
+ case "mo2f_visit_page_tour_details":
66
+ $this->mo2f_visit_page_tour_details();
67
+ break;
68
+ case "mo2f_last_visit_tab":
69
+ $this->mo2f_last_visit_tab();
70
+ break;
71
+ }
72
+ }
73
+
74
+
75
+ function mo2f_last_visit_tab()
76
+ {
77
+ $lasttab = sanitize_text_field($_POST['tab']);
78
+ update_option('mo2f_tour_tab',$lasttab);
79
+ }
80
+ function mo2f_visit_page_tour_details()
81
+ {
82
+ $currentPointer = '';
83
+ if(isset($_POST['index']))
84
+ $currentPointer = sanitize_text_field($_POST['index']);
85
+
86
+ if(strpos($currentPointer, 'support') != false)
87
+ {
88
+ exit;
89
+ }
90
+ $uid = get_current_user_id();
91
+ $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
+ $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
+ update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
+ }
95
+ function entire_plugin_tour_started()
96
+ {
97
+ update_option('mo2f_tour_started',3);
98
+ exit;
99
+ }
100
+
101
+ function handle_skip_entire_plugin(){
102
+ update_option('mo2f_two_factor_tour',-1);
103
+ update_option('mo2f_tour_firewall',-1);
104
+ update_option('mo2f_tour_malware_scan',-1);
105
+ update_option('mo2f_tour_advance_blocking',-1);
106
+ update_option('mo2f_tour_backup',-1);
107
+ update_option('mo2f_tour_loginSpam',-1);
108
+ update_option('mo2f_tour_started',3);
109
+ exit;
110
+ }
111
+
112
+
113
+ function mo2f_close_tour_details()
114
+ {
115
+ $uid = get_current_user_id();
116
+ delete_user_meta($uid,'mo2f_visited_pointers');
117
+ $page = $_POST['page'];
118
+ $page = sanitize_text_field($page[0]);
119
+ update_option('mo2f_tour_tab','');
120
+ update_option("yeah",1);
121
+ switch ($page) {
122
+ case 'toplevel_page_mo_2fa_two_fa':
123
+ update_option('mo2f_two_factor_tour',-1);
124
+ break;
125
+ case 'miniorange-2-factor_page_mo_2fa_waf':
126
+ update_option('mo2f_tour_firewall',-1);
127
+ break;
128
+ case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
+ update_option('mo2f_tour_malware_scan',-1);
130
+ break;
131
+ case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
+ update_option('mo2f_tour_advance_blocking',-1);
133
+ break;
134
+ case 'miniorange-2-factor_page_mo_2fa_backup':
135
+ update_option('mo2f_tour_backup',-1);
136
+ break;
137
+ case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
+ update_option('mo2f_tour_loginSpam',-1);
139
+ break;
140
+ }
141
+
142
+ }
143
+
144
+ }
145
+ new Mo_wpns_Tour();
146
  ?>
controllers/troubleshooting.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -1,1589 +1,1589 @@
1
- <?php
2
- function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_to = null ) {
3
- ?>
4
- <html>
5
- <head>
6
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
7
- <meta name="viewport" content="width=device-width, initial-scale=1">
8
- <?php
9
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
10
- ?>
11
- </head>
12
- <body>
13
- <div>
14
- <form id="morba_loginform" method="post">
15
- <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
17
- <?php
18
- if ( get_option( 'mo2f_remember_device' ) ) {
19
- ?>
20
- <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
- <?php
22
- echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
23
- echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
24
- echo '<script src="' . plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
25
- echo '<script src="' . plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
26
- echo '<script src="' . plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
27
- echo '<script src="' . plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
28
- echo '<script src="' . plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
29
- echo '<script src="' . plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
30
- echo '<script src="' . plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
31
- }
32
- ?>
33
- <input type="hidden" name="miniorange_attribute_collection_nonce"
34
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' ); ?>"/>
35
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
36
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
37
- </form>
38
- </div>
39
- </body>
40
- </html>
41
- <?php
42
- }
43
-
44
- function miniorange_get_user_role( $user ) {
45
- return $user->roles;
46
- }
47
-
48
- function redirect_user_to( $user, $redirect_to ) {
49
- $roles = $user->roles;
50
- $current_role = array_shift( $roles );
51
- $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
52
- if ( $current_role == 'administrator' ) {
53
- $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
54
- } else {
55
- $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
56
- }
57
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
58
- $redirect = array(
59
- 'redirect' => $redirectUrl,
60
- ) ;
61
-
62
- wp_send_json_success($redirect);
63
- }
64
- else
65
- wp_redirect( $redirectUrl );
66
- }
67
-
68
-
69
- // used in shortcode addon
70
-
71
- function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
72
- if ( empty( $current_roles ) ) {
73
- return 0;
74
- }
75
-
76
- foreach ( $current_roles as $value ) {
77
- if ( get_option( 'mo2fa_' . $value ) ) {
78
- return 1;
79
- }
80
- }
81
-
82
- return 0;
83
- }
84
-
85
- function mo2f_register_profile( $email, $deviceKey, $mo2f_rba_status ) {
86
-
87
- if ( isset( $deviceKey ) && $deviceKey == 'true' ) {
88
- if ( $mo2f_rba_status['status'] == 'WAIT_FOR_INPUT' && $mo2f_rba_status['decision_flag'] ) {
89
- $rba_profile = new Miniorange_Rba_Attributes();
90
- //register profile
91
- json_decode( $rba_profile->mo2f_register_rba_profile( $email, $mo2f_rba_status['sessionUuid'] ), true );
92
-
93
- return true;
94
- } else {
95
- return false;
96
- }
97
- }
98
-
99
- return false;
100
- }
101
-
102
- function mo2f_collect_attributes( $email, $attributes ) {
103
- $mo2f_rba_status = array();
104
- $mo2f_rba_status['decision_flag'] = false;
105
- $mo2f_rba_status['sessionUuid'] = '';
106
-
107
- if ( get_option( 'mo2f_remember_device' ) ) {
108
- $rba_attributes = new Miniorange_Rba_Attributes();
109
- //collect rba attributes
110
- $rba_response = json_decode( $rba_attributes->mo2f_collect_attributes( $email, $attributes ), true );
111
- if ( json_last_error() == JSON_ERROR_NONE ) {
112
- //attributes are collected successfully
113
- if ( $rba_response['status'] == 'SUCCESS' ) {
114
- $sessionUuid = $rba_response['sessionUuid'];
115
- // evaluate the rba risk
116
- $rba_risk_response = json_decode( $rba_attributes->mo2f_evaluate_risk( $email, $sessionUuid ), true );
117
-
118
- if ( json_last_error() == JSON_ERROR_NONE ) {
119
- if ( $rba_risk_response['status'] == 'SUCCESS' || $rba_risk_response['status'] == 'WAIT_FOR_INPUT' ) {
120
-
121
- $mo2f_rba_status['status'] = $rba_risk_response['status'];
122
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
123
- $mo2f_rba_status['decision_flag'] = true;
124
-
125
- } else {
126
- $mo2f_rba_status['status'] = $rba_risk_response['status'];
127
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
128
-
129
- }
130
- } else {
131
- $mo2f_rba_status['status'] = 'JSON_EVALUATE_ERROR';
132
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
133
-
134
- }
135
- } else {
136
- $mo2f_rba_status['status'] = 'ATTR_NOT_COLLECTED';
137
-
138
- }
139
- } else {
140
- $mo2f_rba_status['status'] = 'JSON_ATTR_NOT_COLLECTED';
141
-
142
- }
143
- } else {
144
- $mo2f_rba_status['status'] = 'RBA_NOT_ENABLED';
145
-
146
- }
147
-
148
- return $mo2f_rba_status;
149
- }
150
-
151
- function mo2f_get_user_2ndfactor( $user ) {
152
- global $Mo2fdbQueries;
153
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
154
- $enduser = new Two_Factor_Setup();
155
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $mo2f_user_email ), true );
156
- if ( json_last_error() == JSON_ERROR_NONE ) {
157
- if ( $userinfo['status'] == 'ERROR' ) {
158
- $mo2f_second_factor = 'NONE';
159
- } else if ( $userinfo['status'] == 'SUCCESS' ) {
160
- $mo2f_second_factor = $userinfo['authType'];
161
- } else if ( $userinfo['status'] == 'FAILED' ) {
162
- $mo2f_second_factor = 'USER_NOT_FOUND';
163
- } else {
164
- $mo2f_second_factor = 'NONE';
165
- }
166
- } else {
167
- $mo2f_second_factor = 'NONE';
168
- }
169
-
170
- return $mo2f_second_factor;
171
- }
172
-
173
- function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
174
- $mo2f_forgotphone_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
175
- $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
176
- $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
177
- ?>
178
- <html>
179
- <head>
180
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
181
- <meta name="viewport" content="width=device-width, initial-scale=1">
182
- <?php
183
- echo_js_css_files(); ?>
184
- </head>
185
- <body>
186
- <div class="mo2f_modal" tabindex="-1" role="dialog">
187
- <div class="mo2f-modal-backdrop"></div>
188
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
189
- <div class="login mo_customer_validation-modal-content">
190
- <div class="mo2f_modal-header">
191
- <h4 class="mo2f_modal-title">
192
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
193
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
194
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
195
- <?php echo mo2f_lt( 'How would you like to authenticate yourself?' ); ?>
196
- </h4>
197
- </div>
198
- <div class="mo2f_modal-body">
199
- <?php if ( $mo2f_forgotphone_enabled ) {
200
- if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
201
- <div id="otpMessage" class="mo2fa_display_message_frontend">
202
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
203
- </div>
204
- <?php } ?>
205
- <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
206
- <div class="mo2f_backup_options_div">
207
- <?php if ( $mo2f_email_as_backup_enabled ) { ?>
208
- <input type="radio" name="mo2f_selected_forgotphone_option"
209
- value="One Time Passcode over Email"
210
- checked="checked"/><?php echo mo2f_lt( 'Send a one time passcode to my registered email' ); ?>
211
- <br><br>
212
- <?php }
213
- if ( $mo2f_kba_as_backup_enabled ) { ?>
214
- <input type="radio" name="mo2f_selected_forgotphone_option"
215
- value="KBA"/><?php echo mo2f_lt( 'Answer your Security Questions (KBA)' ); ?>
216
- <?php } ?>
217
- <br><br>
218
- <input type="button" name="miniorange_validate_otp" value="<?php echo mo2f_lt( 'Continue' ); ?>" class="miniorange_validate_otp"
219
- onclick="mo2fselectforgotphoneoption();"/>
220
- </div>
221
- <?php mo2f_customize_logo();
222
- }
223
- ?>
224
- </div>
225
- </div>
226
- </div>
227
- </div>
228
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
229
- class="mo2f_display_none_forms">
230
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
231
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
232
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
233
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
234
- </form>
235
- <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
236
- <input type="hidden" name="mo2f_configured_2FA_method"/>
237
- <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
238
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' ); ?>"/>
239
- <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
240
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
241
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
242
- </form>
243
-
244
- <script>
245
- function mologinback() {
246
- jQuery('#mo2f_backto_mo_loginform').submit();
247
- }
248
-
249
- function mo2fselectforgotphoneoption() {
250
- var option = jQuery('input[name=mo2f_selected_forgotphone_option]:checked').val();
251
- document.getElementById("mo2f_challenge_forgotphone_form").elements[0].value = option;
252
- jQuery('#mo2f_challenge_forgotphone_form').submit();
253
- }
254
- </script>
255
- </body>
256
- </html>
257
- <?php }
258
-
259
- function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
260
- global $moWpnsUtility;
261
- $mo_wpns_config = new MoWpnsHandler();
262
- $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
263
- $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
264
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
265
- MO2f_Utility::mo2f_debug_file('Prompted KBA validation screen'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
266
- ?>
267
- <html>
268
- <head>
269
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
270
- <meta name="viewport" content="width=device-width, initial-scale=1">
271
- <?php
272
- echo_js_css_files(); ?>
273
- </head>
274
- <body>
275
- <div class="mo2f_modal" tabindex="-1" role="dialog">
276
- <div class="mo2f-modal-backdrop"></div>
277
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
278
- <div class="login mo_customer_validation-modal-content">
279
- <div class="mo2f_modal-header">
280
- <h4 class="mo2f_modal-title">
281
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
282
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
283
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
284
- <?php
285
- echo mo2f_lt( 'Validate Security Questions' ); ?>
286
- </h4>
287
- </div>
288
- <div class="mo2f_modal-body">
289
- <div id="kbaSection" class="kbaSectiondiv">
290
- <div id="otpMessage">
291
- <p style="font-size:13px;"
292
- class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? $login_message : __( 'Please answer the following questions:' ); ?></p>
293
- </div>
294
- <form name="f" id="mo2f_submitkba_loginform" method="post">
295
- <div id="mo2f_kba_content">
296
- <p style="font-size:15px;">
297
- <?php $kba_questions = $cookievalue;
298
- echo $kba_questions[0]['question']; ?><br>
299
- <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
300
- required="true" autofocus="true"
301
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
302
- title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
303
- autocomplete="off"><br>
304
- <?php echo $kba_questions[1]['question']; ?><br>
305
- <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
306
- required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
307
- title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
308
- autocomplete="off">
309
-
310
- </p>
311
- </div>
312
- <?php if ( $mo2f_login_option && $mo2f_remember_device_enabled ) {
313
- ?>
314
- <span class="mo2f_rememberdevice">
315
- <input type="checkbox" name="mo2f_trust_device" class="mo2f_trust_device"
316
- id="mo2f_trust_device"/><?php echo mo2f_lt( 'Remember this device.' ); ?>
317
- </span>
318
- <br>
319
- <br>
320
- <?php
321
- }
322
- ?>
323
- <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate"
324
- class="miniorange_kba_validate" style="float:left;"
325
- value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
326
- <input type="hidden" name="miniorange_kba_nonce"
327
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-kba-nonce' ); ?>"/>
328
- <input type="hidden" name="option"
329
- value="miniorange_kba_validate"/>
330
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
331
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
332
- </form>
333
- <br>
334
- </div><br>
335
- <?php
336
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
337
- <div>
338
- <a href="#mo2f_backup_generate">
339
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
340
- </a>
341
- </div>
342
- <?php }else{ ?>
343
- <div>
344
- <a href="#mo2f_backup_option">
345
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
346
- </a>
347
- </div>
348
- <?php }
349
- ?>
350
- <div style="padding:10px;">
351
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
352
- </div>
353
-
354
- <?php
355
- mo2f_customize_logo();
356
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
357
- ?>
358
-
359
- </div>
360
- </div>
361
- </div>
362
- </div>
363
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
364
- class="mo2f_display_none_forms">
365
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
366
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
367
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
368
- </form>
369
-
370
- <script>
371
- function mologinback() {
372
- jQuery('#mo2f_backto_mo_loginform').submit();
373
- }
374
- var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
375
- if(is_ajax){
376
- jQuery('#mo2f_answer_1').keypress(function (e) {
377
- if (e.which == 13) {//Enter key pressed
378
- e.preventDefault();
379
- mo2f_kba_ajax();
380
- }
381
- });
382
- jQuery('#mo2f_answer_2').keypress(function (e) {
383
- if (e.which == 13) {//Enter key pressed
384
- e.preventDefault();
385
- mo2f_kba_ajax();
386
- }
387
- });
388
- jQuery("#miniorange_kba_validate").click(function(e){
389
- e.preventDefault();
390
- mo2f_kba_ajax();
391
- });
392
-
393
- function mo2f_kba_ajax(){
394
- jQuery('#mo2f_answer_1').prop('disabled','true');
395
- jQuery('#mo2f_answer_2').prop('disabled','true');
396
- jQuery('#miniorange_kba_validate').prop('disabled','true');
397
- var data = {
398
- "action" : "mo2f_ajax",
399
- "mo2f_ajax_option" : "mo2f_ajax_kba",
400
- "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
401
- "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
402
- "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
403
- "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
404
- "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
405
- "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
406
- };
407
- jQuery.post(my_ajax_object.ajax_url, data, function(response) {
408
- if ( typeof response.data === "undefined") {
409
- jQuery("html").html(response);
410
- }
411
- else
412
- location.href = response.data.redirect;
413
- });
414
- }
415
- }
416
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
417
- jQuery('#mo2f_backup').submit();
418
- });
419
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
420
- jQuery('#mo2f_create_backup_codes').submit();
421
- });
422
- </script>
423
- </body>
424
-
425
- </html>
426
- <?php
427
- }
428
-
429
- function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
430
- ?>
431
- <html>
432
- <head> <meta charset="utf-8"/>
433
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
434
- <meta name="viewport" content="width=device-width, initial-scale=1">
435
- <?php
436
- echo_js_css_files(); ?>
437
- </head>
438
- <body>
439
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
440
- <div class="mo2f-modal-backdrop"></div>
441
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
442
- <div class="login mo_customer_validation-modal-content">
443
- <div class="mo2f_modal-header">
444
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
445
- <?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
446
- </h4>
447
- </div>
448
- <div class="mo2f_modal-body">
449
- <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
450
- <div id="otpMessage" >
451
-
452
- <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
453
- </div>
454
- <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
455
- <div id="mo2f_kba_content">
456
- <p style="font-size:15px;">
457
- <input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
458
- </p>
459
- </div>
460
- <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
461
- <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
462
- <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
463
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
464
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
465
- </form>
466
- </br>
467
- </div>
468
- <br /><br /><br />
469
- <?php mo2f_customize_logo() ?>
470
- </div>
471
- </div>
472
- </div>
473
- </div>
474
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
475
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
476
- </form>
477
- </body>
478
- <script>
479
- function mologinback(){
480
- jQuery('#mo2f_backto_mo_loginform').submit();
481
- }
482
- </script>
483
- </html>
484
- <?php
485
- }
486
-
487
- function mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id ){
488
-
489
- $mo_wpns_config = new MoWpnsHandler();
490
-
491
- global $Mo2fdbQueries,$txid,$moWpnsUtility;
492
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
493
- $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
494
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
495
- $mo2f_EV_txid = get_user_meta($user_id,'mo2f_EV_txid',true);
496
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
497
-
498
- $current_user = get_user_by('id',$user_id);
499
- MO2f_Utility::mo2f_debug_file('Waiting for duo push notification validation'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
500
- update_user_meta($user_id,'current_user_email',$current_user->user_email);
501
-
502
-
503
- ?>
504
-
505
- <html>
506
- <head>
507
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
508
- <meta name="viewport" content="width=device-width, initial-scale=1">
509
- <?php
510
- echo_js_css_files(); ?>
511
- </head>
512
- <body>
513
- <div class="mo2f_modal" tabindex="-1" role="dialog">
514
- <div class="mo2f-modal-backdrop"></div>
515
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
516
- <div class="login mo_customer_validation-modal-content">
517
- <div class="mo2f_modal-header">
518
- <h4 class="mo2f_modal-title">
519
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
520
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
521
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
522
- <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
523
- </div>
524
- <div class="mo2f_modal-body">
525
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
526
- <div id="otpMessage">
527
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
528
- </div>
529
- <?php } ?>
530
- <div id="pushSection">
531
-
532
- <div>
533
- <center>
534
- <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
535
- </center>
536
- </div>
537
- <div id="showPushImage">
538
- <center>
539
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
540
- </center>
541
- </div>
542
-
543
-
544
- <span style="padding-right:2%;">
545
- <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
546
- <center>
547
- <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
548
- <input type="button" name="miniorange_login_forgotphone"
549
- onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
550
- class="miniorange_login_forgotphone"
551
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
552
- <?php } ?>
553
- &emsp;&emsp;
554
-
555
- </center>
556
- <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
557
- <center>
558
- <a href="#mo2f_alternate_login_kba">
559
- <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive push nitification?' ); ?></p>
560
- </a>
561
- </center>
562
- <?php } ?>
563
- </span>
564
- <center>
565
- <?php
566
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
567
- <div>
568
- <a href="#mo2f_backup_generate">
569
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
570
- </a>
571
- </div>
572
- <?php }else{ ?>
573
- <div>
574
- <a href="#mo2f_backup_option">
575
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
576
- </a>
577
- </div>
578
- <?php }
579
- ?>
580
- <div style="padding:10px;">
581
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
582
- </div>
583
- </center>
584
- </div>
585
-
586
- <?php
587
- mo2f_customize_logo();
588
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
589
- ?>
590
- </div>
591
- </div>
592
- </div>
593
- </div>
594
- <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
595
- class="mo2f_display_none_forms">
596
- <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
597
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' ); ?>"/>
598
- <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
599
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
600
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
601
- <input type="hidden" name="currentMethod" value="emailVer"/>
602
-
603
- </form>
604
- <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
605
- <input type="hidden" name="miniorange_duo_push_validation_nonce"
606
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' ); ?>"/>
607
- <input type="hidden" name="option" value="miniorange_duo_push_validation">
608
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
609
- <input type="hidden" name="tx_type"/>
610
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
611
- <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
612
-
613
- </form>
614
-
615
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
616
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
617
- <input type="hidden" name="miniorange_forgotphone"
618
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
619
- <input type="hidden" name="option" value="miniorange_forgotphone">
620
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
621
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
622
- </form>
623
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
624
- <input type="hidden" name="miniorange_alternate_login_kba_nonce"
625
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
626
- <input type="hidden" name="option" value="miniorange_alternate_login_kba">
627
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
628
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
629
- </form>
630
-
631
- <script>
632
- var timeout;
633
-
634
- pollPushValidation();
635
- function pollPushValidation()
636
- {
637
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
638
- var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
639
- var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
640
- var data={
641
- 'action':'mo2f_duo_ajax_request',
642
- 'call_type':'check_duo_push_auth_status',
643
- 'session_id_encrypt': session_id_encrypt,
644
- 'nonce' : nonce,
645
-
646
-
647
- };
648
-
649
- jQuery.post(ajax_url, data, function(response){
650
-
651
-
652
- if (response == 'SUCCESS') {
653
- jQuery('#mo2f_duo_push_validation_form').submit();
654
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
655
- jQuery('#mo2f_backto_duo_mo_loginform').submit();
656
- } else {
657
- timeout = setTimeout(pollMobileValidation, 3000);
658
- }
659
-
660
- });
661
- }
662
-
663
-
664
-
665
-
666
-
667
-
668
- function mologinforgotphone() {
669
- jQuery('#mo2f_show_forgotphone_loginform').submit();
670
- }
671
-
672
- function mologinback() {
673
- jQuery('#mo2f_backto_duo_mo_loginform').submit();
674
- }
675
-
676
- jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
677
- jQuery('#mo2f_alternate_login_kbaform').submit();
678
- });
679
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
680
- jQuery('#mo2f_backup').submit();
681
- });
682
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
683
- jQuery('#mo2f_create_backup_codes').submit();
684
- });
685
-
686
- </script>
687
- </body>
688
- </html>
689
-
690
- <?php
691
- }
692
-
693
- function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
694
-
695
- $mo_wpns_config = new MoWpnsHandler();
696
- global $Mo2fdbQueries,$txid,$moWpnsUtility;
697
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
698
- $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
699
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
700
- $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
701
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
702
- MO2f_Utility::mo2f_debug_file('Waiting for push notification validation '.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
703
- ?>
704
- <html>
705
- <head>
706
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
707
- <meta name="viewport" content="width=device-width, initial-scale=1">
708
- <?php
709
- echo_js_css_files(); ?>
710
- </head>
711
- <body>
712
- <div class="mo2f_modal" tabindex="-1" role="dialog">
713
- <div class="mo2f-modal-backdrop"></div>
714
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
715
- <div class="login mo_customer_validation-modal-content">
716
- <div class="mo2f_modal-header">
717
- <h4 class="mo2f_modal-title">
718
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
719
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
720
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
721
- <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
722
- </div>
723
- <div class="mo2f_modal-body">
724
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
725
- <div id="otpMessage">
726
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
727
- </div>
728
- <?php } ?>
729
- <div id="pushSection">
730
-
731
- <div>
732
- <center>
733
- <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
734
- </center>
735
- </div>
736
- <div id="showPushImage">
737
- <center>
738
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
739
- </center>
740
- </div>
741
-
742
-
743
- <span style="padding-right:2%;">
744
- <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
745
- <center>
746
- <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
747
- <input type="button" name="miniorange_login_forgotphone"
748
- onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
749
- class="miniorange_login_forgotphone"
750
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
751
- <?php } ?>
752
- &emsp;&emsp;
753
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
754
- id="miniorange_login_offline" class="miniorange_login_offline"
755
- value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
756
- </center>
757
- <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
758
- <center>
759
- <a href="#mo2f_alternate_login_kba">
760
- <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive mail?' ); ?></p>
761
- </a>
762
- </center>
763
- <?php } ?>
764
- </span>
765
- <center>
766
- <?php
767
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
768
- <div>
769
- <a href="#mo2f_backup_generate">
770
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
771
- </a>
772
- </div>
773
- <?php }else{ ?>
774
- <div>
775
- <a href="#mo2f_backup_option">
776
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
777
- </a>
778
- </div>
779
- <?php }
780
- ?>
781
- <div style="padding:10px;">
782
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
783
- </div>
784
- </center>
785
- </div>
786
-
787
- <?php
788
- mo2f_customize_logo();
789
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
790
- ?>
791
- </div>
792
- </div>
793
- </div>
794
- </div>
795
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
796
- class="mo2f_display_none_forms">
797
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
798
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
799
- <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
800
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
801
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
802
- <input type="hidden" name="currentMethod" value="emailVer"/>
803
-
804
- </form>
805
- <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
806
- <input type="hidden" name="miniorange_mobile_validation_nonce"
807
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
808
- <input type="hidden" name="option" value="miniorange_mobile_validation">
809
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
810
- <input type="hidden" name="tx_type"/>
811
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
812
- <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
813
-
814
- </form>
815
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
816
- <input type="hidden" name="miniorange_softtoken"
817
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
818
- <input type="hidden" name="option" value="miniorange_softtoken">
819
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
820
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
821
- </form>
822
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
823
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
824
- <input type="hidden" name="miniorange_forgotphone"
825
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
826
- <input type="hidden" name="option" value="miniorange_forgotphone">
827
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
828
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
829
- </form>
830
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
831
- <input type="hidden" name="miniorange_alternate_login_kba_nonce"
832
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
833
- <input type="hidden" name="option" value="miniorange_alternate_login_kba">
834
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
835
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
836
- </form>
837
-
838
- <script>
839
- var timeout;
840
- var login_status = '<?php echo $login_status;?>';
841
- var calls = 0;
842
- var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
843
-
844
- if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
845
- {
846
- pollPushValidation();
847
- function pollPushValidation()
848
- { calls = calls + 1;
849
- var data = {'txid':'<?php echo $mo2f_EV_txid;?>'};
850
- jQuery.ajax({
851
- url: '<?php echo get_site_option("siteurl"); ?>'+"/wp-login.php",
852
- type: "POST",
853
- data: data,
854
- success: function (result) {
855
-
856
- var status = result;
857
- if (status == 1) {
858
- jQuery('input[name="tx_type"]').val("EV");
859
- jQuery('#mo2f_mobile_validation_form').submit();
860
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
861
- jQuery('#mo2f_backto_mo_loginform').submit();
862
- } else {
863
- if(calls<300)
864
- {
865
- timeout = setTimeout(pollPushValidation, 1000);
866
- }
867
- else
868
- {
869
- jQuery('#mo2f_backto_mo_loginform').submit();
870
- }
871
- }
872
- }
873
- });
874
- }
875
-
876
-
877
- }
878
- else
879
- {
880
- pollPushValidation();
881
- function pollPushValidation() {
882
- var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
883
- var jsonString = "{\"txId\":\"" + transId + "\"}";
884
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
885
-
886
- jQuery.ajax({
887
- url: postUrl,
888
- type: "POST",
889
- dataType: "json",
890
- data: jsonString,
891
- contentType: "application/json; charset=utf-8",
892
- success: function (result) {
893
- var status = JSON.parse(JSON.stringify(result)).status;
894
- if (status == 'SUCCESS') {
895
- jQuery('input[name="tx_type"]').val("PN");
896
- jQuery('#mo2f_mobile_validation_form').submit();
897
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
898
- jQuery('#mo2f_backto_mo_loginform').submit();
899
- } else {
900
- timeout = setTimeout(pollPushValidation, 3000);
901
- }
902
- }
903
- });
904
- }
905
- }
906
-
907
- function mologinoffline() {
908
- jQuery('#mo2f_show_softtoken_loginform').submit();
909
- }
910
-
911
- function mologinforgotphone() {
912
- jQuery('#mo2f_show_forgotphone_loginform').submit();
913
- }
914
-
915
- function mologinback() {
916
- jQuery('#mo2f_backto_mo_loginform').submit();
917
- }
918
-
919
- jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
920
- jQuery('#mo2f_alternate_login_kbaform').submit();
921
- });
922
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
923
- jQuery('#mo2f_backup').submit();
924
- });
925
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
926
- jQuery('#mo2f_create_backup_codes').submit();
927
- });
928
-
929
- </script>
930
- </body>
931
- </html>
932
- <?php
933
- }
934
-
935
- function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
936
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
937
- $mo_wpns_config = new MoWpnsHandler();
938
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
939
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
940
- ?>
941
- <html>
942
- <head>
943
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
944
- <meta name="viewport" content="width=device-width, initial-scale=1">
945
- <?php
946
- echo_js_css_files(); ?>
947
- </head>
948
- <body>
949
- <div class="mo2f_modal" tabindex="-1" role="dialog">
950
- <div class="mo2f-modal-backdrop"></div>
951
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
952
- <div class="login mo_customer_validation-modal-content">
953
- <div class="mo2f_modal-header">
954
- <h4 class="mo2f_modal-title">
955
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
956
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
957
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
958
- <?php echo mo2f_lt( 'Scan QR Code' ); ?></h4>
959
- </div>
960
- <div class="mo2f_modal-body center">
961
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
962
- <div id="otpMessage">
963
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
964
- </div>
965
- <br>
966
- <?php } ?>
967
- <div id="scanQRSection">
968
- <div style="margin-bottom:10%;">
969
- <center>
970
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Identify yourself by scanning the QR code with miniOrange Authenticator app.' ); ?></p>
971
- </center>
972
- </div>
973
- <div id="showQrCode" style="margin-bottom:10%;">
974
- <center><?php echo '<img src="data:image/jpg;base64,' . $qrCode . '" />'; ?></center>
975
- </div>
976
- <span style="padding-right:2%;">
977
- <center>
978
- <?php if ( ! $mo2f_is_new_customer ) { ?>
979
- <?php if ( $mo2f_enable_forgotphone ) { ?>
980
- <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
981
- id="miniorange_login_forgotphone" class="miniorange_login_forgotphone"
982
- style="margin-right:5%;"
983
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
984
- <?php } ?>
985
- &emsp;&emsp;
986
- <?php } ?>
987
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
988
- id="miniorange_login_offline" class="miniorange_login_offline"
989
- value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
990
- </center>
991
- </span>
992
- <?php
993
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
994
- <div>
995
- <a href="#mo2f_backup_generate">
996
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
997
- </a>
998
- </div>
999
- <?php }else{ ?>
1000
- <div>
1001
- <a href="#mo2f_backup_option">
1002
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1003
- </a>
1004
- </div>
1005
- <?php }
1006
- ?>
1007
- <div style="padding:10px;">
1008
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1009
- </div>
1010
- </div>
1011
- <?php
1012
- mo2f_customize_logo();
1013
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1014
- ?>
1015
- </div>
1016
- </div>
1017
- </div>
1018
- </div>
1019
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1020
- class="mo2f_display_none_forms">
1021
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1022
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1023
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1024
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1025
- </form>
1026
- <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1027
- <input type="hidden" name="miniorange_mobile_validation_nonce"
1028
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
1029
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1030
- <input type="hidden" name="option" value="miniorange_mobile_validation">
1031
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1032
- </form>
1033
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1034
- <input type="hidden" name="miniorange_softtoken"
1035
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
1036
- <input type="hidden" name="option" value="miniorange_softtoken">
1037
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1038
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1039
- </form>
1040
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1041
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1042
- <input type="hidden" name="miniorange_forgotphone"
1043
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1044
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1045
- <input type="hidden" name="option" value="miniorange_forgotphone">
1046
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1047
- </form>
1048
-
1049
- <script>
1050
- var timeout;
1051
- pollMobileValidation();
1052
-
1053
- function pollMobileValidation() {
1054
- var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1055
- var jsonString = "{\"txId\":\"" + transId + "\"}";
1056
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
1057
- jQuery.ajax({
1058
- url: postUrl,
1059
- type: "POST",
1060
- dataType: "json",
1061
- data: jsonString,
1062
- contentType: "application/json; charset=utf-8",
1063
- success: function (result) {
1064
- var status = JSON.parse(JSON.stringify(result)).status;
1065
- if (status == 'SUCCESS') {
1066
- var content = "<div id='success'><center><img src='" + "<?php echo plugins_url( 'includes/images/right.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1067
- jQuery("#showQrCode").empty();
1068
- jQuery("#showQrCode").append(content);
1069
- setTimeout(function () {
1070
- jQuery("#mo2f_mobile_validation_form").submit();
1071
- }, 100);
1072
- } else if (status == 'ERROR' || status == 'FAILED') {
1073
- var content = "<div id='error'><center><img src='" + "<?php echo plugins_url( 'includes/images/wrong.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1074
- jQuery("#showQrCode").empty();
1075
- jQuery("#showQrCode").append(content);
1076
- setTimeout(function () {
1077
- jQuery('#mo2f_backto_mo_loginform').submit();
1078
- }, 1000);
1079
- } else {
1080
- timeout = setTimeout(pollMobileValidation, 3000);
1081
- }
1082
- }
1083
- });
1084
- }
1085
-
1086
- function mologinoffline() {
1087
- jQuery('#mo2f_show_softtoken_loginform').submit();
1088
- }
1089
-
1090
- function mologinforgotphone() {
1091
- jQuery('#mo2f_show_forgotphone_loginform').submit();
1092
- }
1093
-
1094
- function mologinback() {
1095
- jQuery('#mo2f_backto_mo_loginform').submit();
1096
- }
1097
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
1098
- jQuery('#mo2f_backup').submit();
1099
- });
1100
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1101
- jQuery('#mo2f_create_backup_codes').submit();
1102
- });
1103
-
1104
- </script>
1105
- </body>
1106
- </html>
1107
- <?php
1108
- }
1109
-
1110
- function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ,$mo2fa_transaction_id = null ) {
1111
- global $Mo2fdbQueries,$moWpnsUtility;
1112
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1113
- $mo_wpns_config = new MoWpnsHandler();
1114
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1115
- $attempts = get_option('mo2f_attempts_before_redirect', 3);
1116
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1117
- $mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
1118
-
1119
- MO2f_Utility::mo2f_debug_file('Prompted 2fa validation screen '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1120
- ?>
1121
- <html>
1122
- <head>
1123
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1124
- <meta name="viewport" content="width=device-width, initial-scale=1">
1125
- <?php
1126
- echo_js_css_files();
1127
- ?>
1128
- </head>
1129
- <body>
1130
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1131
- <div class="mo2f-modal-backdrop"></div>
1132
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1133
- <div class="login mo_customer_validation-modal-content">
1134
- <div class="mo2f_modal-header">
1135
- <h4 class="mo2f_modal-title">
1136
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1137
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1138
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1139
- <?php echo mo2f_lt( 'Validate OTP' ); ?>
1140
- </h4>
1141
- </div>
1142
- <div class="mo2f_modal-body center">
1143
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1144
- <div id="otpMessage">
1145
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1146
- </div>
1147
- <?php } ?><br><?php
1148
- ?>
1149
- <span><b>Attempts left</b>:</span> <?php echo $attempts;?><br>
1150
- <?php if($attempts==1){?>
1151
- <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1152
- <?php }?>
1153
- <br>
1154
- <div id="showOTP">
1155
- <div class="mo2f-login-container">
1156
- <form name="f" id="mo2f_submitotp_loginform" method="post">
1157
- <center>
1158
- <input type="text" name="mo2fa_softtoken" style="height:28px !important;"
1159
- placeholder="<?php echo mo2f_lt( 'Enter code' ); ?>"
1160
- id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true"
1161
- pattern="[0-9]{4,8}"
1162
- title="<?php echo mo2f_lt( 'Only digits within range 4-8 are allowed.' ); ?>"/>
1163
- </center>
1164
- <br>
1165
- <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
1166
- class="miniorange_otp_token_submit"
1167
- value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
1168
- <?php
1169
-
1170
- if($show_back_button == 1)
1171
- {
1172
- ?>
1173
- <input type="button" name="miniorange_otp_token_back" id="miniorange_otp_token_back"
1174
- class="miniorange_otp_token_submit"
1175
- value="<?php echo mo2f_lt( 'Back' ); ?>"/>
1176
- <?php
1177
- }
1178
- ?>
1179
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1180
- <input type="hidden" name="miniorange_soft_token_nonce"
1181
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
1182
- <input type="hidden" name="option" value="miniorange_soft_token">
1183
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1184
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1185
- <?php if($mo2fa_transaction_id!=null){ ?>
1186
- <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1187
- <?php }?>
1188
- </form>
1189
- <?php
1190
- $Kbaset = get_user_meta( $user_id ,'Security Questions' );
1191
- if ( ! $mo2f_is_new_customer ) { ?>
1192
- <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
1193
- <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1194
- id="miniorange_login_forgotphone"
1195
- class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
1196
- <?php } ?>
1197
- <?php }
1198
- if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1199
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1200
- <div>
1201
- <a href="#mo2f_backup_generate">
1202
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1203
- </a>
1204
- </div>
1205
- <?php }else{ ?>
1206
- <div>
1207
- <a href="#mo2f_backup_option">
1208
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1209
- </a>
1210
- </div>
1211
- <?php }
1212
- ?>
1213
-
1214
- <div style="padding:10px;">
1215
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1216
- </div>
1217
- <?php } ?>
1218
- </div>
1219
- </div>
1220
- </center>
1221
- <?php
1222
- mo2f_customize_logo();
1223
- if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1224
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1225
- }
1226
- ?>
1227
- </div>
1228
- </div>
1229
- </div>
1230
- </div>
1231
-
1232
- <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo wp_login_url(); ?>"
1233
- class="mo2f_display_none_forms">
1234
- <input type="hidden" name="miniorange_back_inline_reg_nonce"
1235
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
1236
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1237
- <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1238
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1239
-
1240
- </form>
1241
-
1242
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1243
- class="mo2f_display_none_forms">
1244
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1245
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1246
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1247
- </form>
1248
-
1249
- <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1250
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1251
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1252
- <input type="hidden" name="miniorange_forgotphone"
1253
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1254
- <input type="hidden" name="option" value="miniorange_forgotphone">
1255
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1256
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1257
- </form>
1258
-
1259
- <?php } ?>
1260
-
1261
- <script>
1262
- jQuery('#miniorange_otp_token_back').click(function(){
1263
- jQuery('#mo2f_backto_inline_registration').submit();
1264
- });
1265
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
1266
- jQuery('#mo2f_backup').submit();
1267
- });
1268
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1269
- jQuery('#mo2f_create_backup_codes').submit();
1270
- });
1271
-
1272
- function mologinback() {
1273
- jQuery('#mo2f_backto_mo_loginform').submit();
1274
- }
1275
-
1276
- function mologinforgotphone() {
1277
- jQuery('#mo2f_show_forgotphone_loginform').submit();
1278
- }
1279
- var is_ajax = '<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>';
1280
- if(is_ajax){
1281
- jQuery('#mo2fa_softtoken').keypress(function (e) {
1282
- if (e.which == 13) {//Enter key pressed
1283
- e.preventDefault();
1284
- mo2f_otp_ajax();
1285
- }
1286
- });
1287
- jQuery("#miniorange_otp_token_submit").click(function(e){
1288
- e.preventDefault();
1289
- mo2f_otp_ajax();
1290
- });
1291
-
1292
- function mo2f_otp_ajax(){
1293
- jQuery('#mo2fa_softtoken').prop('disabled','true');
1294
- jQuery('#miniorange_otp_token_submit').prop('disabled','true');
1295
- var data = {
1296
- "action" : "mo2f_ajax",
1297
- "mo2f_ajax_option" : "mo2f_ajax_otp",
1298
- "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
1299
- "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
1300
- "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
1301
- "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
1302
- "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
1303
- };
1304
- jQuery.post(my_ajax_object.ajax_url, data, function(response) {
1305
- if(typeof response.data === "undefined")
1306
- jQuery("html").html(response);
1307
- else if(response.data.reload)
1308
- location.reload( true );
1309
- else
1310
- location.href = response.data.redirect;
1311
- });
1312
- }
1313
- }
1314
- </script>
1315
- </body>
1316
- </html>
1317
- <?php
1318
- }
1319
-
1320
-
1321
- function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1322
- ?>
1323
- <html>
1324
- <head>
1325
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1326
- <meta name="viewport" content="width=device-width, initial-scale=1">
1327
- <?php
1328
- echo_js_css_files();
1329
- ?>
1330
- </head>
1331
- <body>
1332
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1333
- <div class="mo2f-modal-backdrop"></div>
1334
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1335
- <div class="login mo_customer_validation-modal-content">
1336
- <div class="mo2f_modal-header">
1337
- <h4 class="mo2f_modal-title">
1338
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1339
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1340
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1341
-
1342
- <?php echo mo2f_lt( 'Remember Device' ); ?>
1343
- </h4>
1344
- </div>
1345
- <div class="mo2f_modal-body center">
1346
- <div id="mo2f_device_content">
1347
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Do you want to remember this device?' ); ?></p>
1348
- <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();"
1349
- id="miniorange_trust_device_yes" class="mo_green" style="margin-right:5%;"
1350
- value="<?php echo mo2f_lt( 'Yes' ); ?>"/>
1351
- <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();"
1352
- id="miniorange_trust_device_no" class="mo_red"
1353
- value="<?php echo mo2f_lt( 'No' ); ?>"/>
1354
- </div>
1355
- <div id="showLoadingBar" hidden>
1356
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1357
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
1358
- </div>
1359
- <br><br>
1360
- <span>
1361
- <?php echo mo2f_lt( 'Click on ' ); ?>
1362
- <i><b><?php echo mo2f_lt( 'Yes' ); ?></b></i><?php echo mo2f_lt( 'if this is your personal device.' ); ?>
1363
- <br>
1364
- <?php echo mo2f_lt( 'Click on ' ); ?>
1365
- <i><b><?php echo mo2f_lt( 'No ' ); ?></b></i> <?php echo mo2f_lt( 'if this is a public device.' ); ?>
1366
- </span><br><br>
1367
- <?php mo2f_customize_logo() ?>
1368
- </div>
1369
- </div>
1370
- </div>
1371
- </div>
1372
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1373
- class="mo2f_display_none_forms">
1374
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1375
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1376
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1377
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1378
- </form>
1379
- <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1380
- <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1381
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' ); ?>"/>
1382
- <input type="hidden" name="option" value="miniorange_rba_validate">
1383
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1384
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1385
- </form>
1386
- <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1387
- <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1388
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' ); ?>"/>
1389
- <input type="hidden" name="option" value="miniorange_rba_cancle">
1390
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1391
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1392
- </form>
1393
- <script>
1394
- function mologinback() {
1395
- jQuery('#mo2f_backto_mo_loginform').submit();
1396
- }
1397
-
1398
- function mo_check_device_confirm() {
1399
- jQuery('#mo2f_device_content').css("display", "none");
1400
- jQuery('#showLoadingBar').css("display", "block");
1401
- jQuery('#mo2f_trust_device_confirm_form').submit();
1402
- }
1403
-
1404
- function mo_check_device_cancel() {
1405
- jQuery('#mo2f_device_content').css("display", "none");
1406
- jQuery('#showLoadingBar').css("display", "block");
1407
- jQuery('#mo2f_trust_device_cancel_form').submit();
1408
- }
1409
- </script>
1410
- </body>
1411
- </html>
1412
- <?php }
1413
-
1414
- function mo2f_customize_logo() { ?>
1415
- <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1416
- alt="logo"
1417
- src="<?php echo plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__))); ?>"/></a></div>
1418
-
1419
- <?php }
1420
-
1421
- function echo_js_css_files() {
1422
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1423
- echo '<script src="' . plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__)) ) . '" ></script>';
1424
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
1425
- }
1426
-
1427
- function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1428
- global $Mo2fdbQueries;
1429
- if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
1430
- $encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
1431
- $key = get_option( 'mo2f_encryption_key' );
1432
- $codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
1433
- $codes = explode(",", $codes_string);
1434
- delete_user_meta($id, 'chqwetcsdvnvd');
1435
- $result = true;
1436
- }else{
1437
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1438
- if(empty($mo2f_user_email)){
1439
- $currentuser = get_user_by( 'id', $id );
1440
- $mo2f_user_email = $currentuser->user_email;
1441
- }
1442
- $generate_backup_code = new Customer_Cloud_Setup();
1443
- $codes = $generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
1444
-
1445
- if($codes != 'DBConnectionIssue' && $codes != 'UnableToFetchData' && $codes != 'UserLimitReached' && $codes != 'ERROR' && $codes != 'LimitReached' && $codes != 'AllUsed' && $codes != 'invalid_request' ){
1446
- $codes = explode(' ', $codes);
1447
- $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1448
- update_user_meta($id, 'mo_backup_code_generated', 1);
1449
- $code_generated = 'code_generation_successful';
1450
- }else{
1451
- $code_generated = 'code_generation_failed';
1452
- update_user_meta($id, 'error_during_code_generation',$codes);
1453
- }
1454
-
1455
-
1456
- }
1457
- update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1458
- ?>
1459
- <html>
1460
- <head> <meta charset="utf-8"/>
1461
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1462
- <meta name="viewport" content="width=device-width, initial-scale=1">
1463
- <?php
1464
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1465
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) . '" ></script>';
1466
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
1467
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))) . '" />';
1468
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))) . '" />';
1469
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))) . '" />';
1470
- ?>
1471
- <style>
1472
- .mo2f_kba_ques, .mo2f_table_textbox{
1473
- background: whitesmoke none repeat scroll 0% 0%;
1474
- }
1475
- </style>
1476
- </head>
1477
- <body>
1478
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1479
- <div class="mo2f-modal-backdrop"></div>
1480
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1481
- <div class="login mo_customer_validation-modal-content">
1482
- <div class="mo2f_modal-header">
1483
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1484
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1485
- </div>
1486
- <?php if($code_generated == 'code_generation_successful') { ?>
1487
- <div class="mo2f_modal-body center">
1488
-
1489
-
1490
- <h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
1491
-
1492
- <h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
1493
- <br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
1494
-
1495
- <h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
1496
- <br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
1497
- <?php ?>
1498
- <div>
1499
- <div style="display: inline-flex;width: 350px; ">
1500
- <div id="clipboard" style="border: solid;width: 55%;float: left;">
1501
- <?php
1502
- for ($x = 0; $x < sizeof($codes); $x++) {
1503
- $str = $codes[$x];
1504
- echo("<br>".$str." <br>");
1505
- }
1506
-
1507
- $str1="";
1508
- for ($x = 0; $x < sizeof($codes); $x++) {
1509
- $str = $codes[$x];
1510
- $str1.=$str;
1511
- if($x != 4){
1512
- $str1.=',';
1513
- }
1514
- }
1515
- ?>
1516
- </div>
1517
- <div style="width: 50%;float: right;">
1518
- <form name="f" method="post" id="mo2f_users_backup1" action="">
1519
- <input type="hidden" name="option" value="mo2f_users_backup1" />
1520
- <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1521
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1522
- <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1523
-
1524
- <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1525
- </form>
1526
- </div>
1527
-
1528
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1529
- <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1530
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1531
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1532
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1533
- <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1534
- </form>
1535
- </div>
1536
- </div>
1537
-
1538
- <?php
1539
- mo2f_customize_logo() ?>
1540
- </div>
1541
- <?php } else { ?>
1542
- <div style="text-align:center;">
1543
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1544
- <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1545
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1546
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1547
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1548
- <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1549
- </form>
1550
- </div>
1551
- <?php } ?>
1552
- </div>
1553
- </div>
1554
- </div>
1555
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1556
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1557
- </form>
1558
- </body>
1559
- <script>
1560
- function mologinback(){
1561
- jQuery('#mo2f_backto_mo_loginform').submit();
1562
- }
1563
- </script>
1564
- </html>
1565
- <?php
1566
-
1567
-
1568
- }
1569
-
1570
- function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1571
- ?>
1572
- <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1573
- <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1574
- <input type="hidden" name="option" value="miniorange_backup_nonce">
1575
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1576
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1577
- </form>
1578
- <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1579
- <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1580
- <input type="hidden" name="option" value="miniorange_create_backup_codes">
1581
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1582
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1583
- <input type="hidden" name="login_status" value="<?php echo $login_status; ?>" />
1584
- <input type="hidden" name="login_message" value="<?php echo $login_message; ?>" />
1585
- </form>
1586
- <?php
1587
- }
1588
-
1589
  ?>
1
+ <?php
2
+ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_to = null ) {
3
+ ?>
4
+ <html>
5
+ <head>
6
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
7
+ <meta name="viewport" content="width=device-width, initial-scale=1">
8
+ <?php
9
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
10
+ ?>
11
+ </head>
12
+ <body>
13
+ <div>
14
+ <form id="morba_loginform" method="post">
15
+ <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
17
+ <?php
18
+ if ( get_option( 'mo2f_remember_device' ) ) {
19
+ ?>
20
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
+ <?php
22
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
23
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
24
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
25
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
26
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
27
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
28
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
29
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
30
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
31
+ }
32
+ ?>
33
+ <input type="hidden" name="miniorange_attribute_collection_nonce"
34
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' ); ?>"/>
35
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
36
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
37
+ </form>
38
+ </div>
39
+ </body>
40
+ </html>
41
+ <?php
42
+ }
43
+
44
+ function miniorange_get_user_role( $user ) {
45
+ return $user->roles;
46
+ }
47
+
48
+ function redirect_user_to( $user, $redirect_to ) {
49
+ $roles = $user->roles;
50
+ $current_role = array_shift( $roles );
51
+ $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
52
+ if ( $current_role == 'administrator' ) {
53
+ $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
54
+ } else {
55
+ $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
56
+ }
57
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
58
+ $redirect = array(
59
+ 'redirect' => $redirectUrl,
60
+ ) ;
61
+
62
+ wp_send_json_success($redirect);
63
+ }
64
+ else
65
+ wp_redirect( $redirectUrl );
66
+ }
67
+
68
+
69
+ // used in shortcode addon
70
+
71
+ function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
72
+ if ( empty( $current_roles ) ) {
73
+ return 0;
74
+ }
75
+
76
+ foreach ( $current_roles as $value ) {
77
+ if ( get_option( 'mo2fa_' . $value ) ) {
78
+ return 1;
79
+ }
80
+ }
81
+
82
+ return 0;
83
+ }
84
+
85
+ function mo2f_register_profile( $email, $deviceKey, $mo2f_rba_status ) {
86
+
87
+ if ( isset( $deviceKey ) && $deviceKey == 'true' ) {
88
+ if ( $mo2f_rba_status['status'] == 'WAIT_FOR_INPUT' && $mo2f_rba_status['decision_flag'] ) {
89
+ $rba_profile = new Miniorange_Rba_Attributes();
90
+ //register profile
91
+ json_decode( $rba_profile->mo2f_register_rba_profile( $email, $mo2f_rba_status['sessionUuid'] ), true );
92
+
93
+ return true;
94
+ } else {
95
+ return false;
96
+ }
97
+ }
98
+
99
+ return false;
100
+ }
101
+
102
+ function mo2f_collect_attributes( $email, $attributes ) {
103
+ $mo2f_rba_status = array();
104
+ $mo2f_rba_status['decision_flag'] = false;
105
+ $mo2f_rba_status['sessionUuid'] = '';
106
+
107
+ if ( get_option( 'mo2f_remember_device' ) ) {
108
+ $rba_attributes = new Miniorange_Rba_Attributes();
109
+ //collect rba attributes
110
+ $rba_response = json_decode( $rba_attributes->mo2f_collect_attributes( $email, $attributes ), true );
111
+ if ( json_last_error() == JSON_ERROR_NONE ) {
112
+ //attributes are collected successfully
113
+ if ( $rba_response['status'] == 'SUCCESS' ) {
114
+ $sessionUuid = $rba_response['sessionUuid'];
115
+ // evaluate the rba risk
116
+ $rba_risk_response = json_decode( $rba_attributes->mo2f_evaluate_risk( $email, $sessionUuid ), true );
117
+
118
+ if ( json_last_error() == JSON_ERROR_NONE ) {
119
+ if ( $rba_risk_response['status'] == 'SUCCESS' || $rba_risk_response['status'] == 'WAIT_FOR_INPUT' ) {
120
+
121
+ $mo2f_rba_status['status'] = $rba_risk_response['status'];
122
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
123
+ $mo2f_rba_status['decision_flag'] = true;
124
+
125
+ } else {
126
+ $mo2f_rba_status['status'] = $rba_risk_response['status'];
127
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
128
+
129
+ }
130
+ } else {
131
+ $mo2f_rba_status['status'] = 'JSON_EVALUATE_ERROR';
132
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
133
+
134
+ }
135
+ } else {
136
+ $mo2f_rba_status['status'] = 'ATTR_NOT_COLLECTED';
137
+
138
+ }
139
+ } else {
140
+ $mo2f_rba_status['status'] = 'JSON_ATTR_NOT_COLLECTED';
141
+
142
+ }
143
+ } else {
144
+ $mo2f_rba_status['status'] = 'RBA_NOT_ENABLED';
145
+
146
+ }
147
+
148
+ return $mo2f_rba_status;
149
+ }
150
+
151
+ function mo2f_get_user_2ndfactor( $user ) {
152
+ global $Mo2fdbQueries;
153
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
154
+ $enduser = new Two_Factor_Setup();
155
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $mo2f_user_email ), true );
156
+ if ( json_last_error() == JSON_ERROR_NONE ) {
157
+ if ( $userinfo['status'] == 'ERROR' ) {
158
+ $mo2f_second_factor = 'NONE';
159
+ } else if ( $userinfo['status'] == 'SUCCESS' ) {
160
+ $mo2f_second_factor = $userinfo['authType'];
161
+ } else if ( $userinfo['status'] == 'FAILED' ) {
162
+ $mo2f_second_factor = 'USER_NOT_FOUND';
163
+ } else {
164
+ $mo2f_second_factor = 'NONE';
165
+ }
166
+ } else {
167
+ $mo2f_second_factor = 'NONE';
168
+ }
169
+
170
+ return $mo2f_second_factor;
171
+ }
172
+
173
+ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
174
+ $mo2f_forgotphone_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
175
+ $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
176
+ $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
177
+ ?>
178
+ <html>
179
+ <head>
180
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
181
+ <meta name="viewport" content="width=device-width, initial-scale=1">
182
+ <?php
183
+ echo_js_css_files(); ?>
184
+ </head>
185
+ <body>
186
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
187
+ <div class="mo2f-modal-backdrop"></div>
188
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
189
+ <div class="login mo_customer_validation-modal-content">
190
+ <div class="mo2f_modal-header">
191
+ <h4 class="mo2f_modal-title">
192
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
193
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
194
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
195
+ <?php echo mo2f_lt( 'How would you like to authenticate yourself?' ); ?>
196
+ </h4>
197
+ </div>
198
+ <div class="mo2f_modal-body">
199
+ <?php if ( $mo2f_forgotphone_enabled ) {
200
+ if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
201
+ <div id="otpMessage" class="mo2fa_display_message_frontend">
202
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
203
+ </div>
204
+ <?php } ?>
205
+ <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
206
+ <div class="mo2f_backup_options_div">
207
+ <?php if ( $mo2f_email_as_backup_enabled ) { ?>
208
+ <input type="radio" name="mo2f_selected_forgotphone_option"
209
+ value="One Time Passcode over Email"
210
+ checked="checked"/><?php echo mo2f_lt( 'Send a one time passcode to my registered email' ); ?>
211
+ <br><br>
212
+ <?php }
213
+ if ( $mo2f_kba_as_backup_enabled ) { ?>
214
+ <input type="radio" name="mo2f_selected_forgotphone_option"
215
+ value="KBA"/><?php echo mo2f_lt( 'Answer your Security Questions (KBA)' ); ?>
216
+ <?php } ?>
217
+ <br><br>
218
+ <input type="button" name="miniorange_validate_otp" value="<?php echo mo2f_lt( 'Continue' ); ?>" class="miniorange_validate_otp"
219
+ onclick="mo2fselectforgotphoneoption();"/>
220
+ </div>
221
+ <?php mo2f_customize_logo();
222
+ }
223
+ ?>
224
+ </div>
225
+ </div>
226
+ </div>
227
+ </div>
228
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
229
+ class="mo2f_display_none_forms">
230
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
231
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
232
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
233
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
234
+ </form>
235
+ <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
236
+ <input type="hidden" name="mo2f_configured_2FA_method"/>
237
+ <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
238
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' ); ?>"/>
239
+ <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
240
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
241
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
242
+ </form>
243
+
244
+ <script>
245
+ function mologinback() {
246
+ jQuery('#mo2f_backto_mo_loginform').submit();
247
+ }
248
+
249
+ function mo2fselectforgotphoneoption() {
250
+ var option = jQuery('input[name=mo2f_selected_forgotphone_option]:checked').val();
251
+ document.getElementById("mo2f_challenge_forgotphone_form").elements[0].value = option;
252
+ jQuery('#mo2f_challenge_forgotphone_form').submit();
253
+ }
254
+ </script>
255
+ </body>
256
+ </html>
257
+ <?php }
258
+
259
+ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
260
+ global $moWpnsUtility;
261
+ $mo_wpns_config = new MoWpnsHandler();
262
+ $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
263
+ $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
264
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
265
+ MO2f_Utility::mo2f_debug_file('Prompted KBA validation screen'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
266
+ ?>
267
+ <html>
268
+ <head>
269
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
270
+ <meta name="viewport" content="width=device-width, initial-scale=1">
271
+ <?php
272
+ echo_js_css_files(); ?>
273
+ </head>
274
+ <body>
275
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
276
+ <div class="mo2f-modal-backdrop"></div>
277
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
278
+ <div class="login mo_customer_validation-modal-content">
279
+ <div class="mo2f_modal-header">
280
+ <h4 class="mo2f_modal-title">
281
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
282
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
283
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
284
+ <?php
285
+ echo mo2f_lt( 'Validate Security Questions' ); ?>
286
+ </h4>
287
+ </div>
288
+ <div class="mo2f_modal-body">
289
+ <div id="kbaSection" class="kbaSectiondiv">
290
+ <div id="otpMessage">
291
+ <p style="font-size:13px;"
292
+ class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? $login_message : __( 'Please answer the following questions:' ); ?></p>
293
+ </div>
294
+ <form name="f" id="mo2f_submitkba_loginform" method="post">
295
+ <div id="mo2f_kba_content">
296
+ <p style="font-size:15px;">
297
+ <?php $kba_questions = $cookievalue;
298
+ echo $kba_questions[0]['question']; ?><br>
299
+ <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
300
+ required="true" autofocus="true"
301
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
302
+ title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
303
+ autocomplete="off"><br>
304
+ <?php echo $kba_questions[1]['question']; ?><br>
305
+ <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
306
+ required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
307
+ title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
308
+ autocomplete="off">
309
+
310
+ </p>
311
+ </div>
312
+ <?php if ( $mo2f_login_option && $mo2f_remember_device_enabled ) {
313
+ ?>
314
+ <span class="mo2f_rememberdevice">
315
+ <input type="checkbox" name="mo2f_trust_device" class="mo2f_trust_device"
316
+ id="mo2f_trust_device"/><?php echo mo2f_lt( 'Remember this device.' ); ?>
317
+ </span>
318
+ <br>
319
+ <br>
320
+ <?php
321
+ }
322
+ ?>
323
+ <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate"
324
+ class="miniorange_kba_validate" style="float:left;"
325
+ value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
326
+ <input type="hidden" name="miniorange_kba_nonce"
327
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-kba-nonce' ); ?>"/>
328
+ <input type="hidden" name="option"
329
+ value="miniorange_kba_validate"/>
330
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
331
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
332
+ </form>
333
+ <br>
334
+ </div><br>
335
+ <?php
336
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
337
+ <div>
338
+ <a href="#mo2f_backup_generate">
339
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
340
+ </a>
341
+ </div>
342
+ <?php }else{ ?>
343
+ <div>
344
+ <a href="#mo2f_backup_option">
345
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
346
+ </a>
347
+ </div>
348
+ <?php }
349
+ ?>
350
+ <div style="padding:10px;">
351
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
352
+ </div>
353
+
354
+ <?php
355
+ mo2f_customize_logo();
356
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
357
+ ?>
358
+
359
+ </div>
360
+ </div>
361
+ </div>
362
+ </div>
363
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
364
+ class="mo2f_display_none_forms">
365
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
366
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
367
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
368
+ </form>
369
+
370
+ <script>
371
+ function mologinback() {
372
+ jQuery('#mo2f_backto_mo_loginform').submit();
373
+ }
374
+ var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
375
+ if(is_ajax){
376
+ jQuery('#mo2f_answer_1').keypress(function (e) {
377
+ if (e.which == 13) {//Enter key pressed
378
+ e.preventDefault();
379
+ mo2f_kba_ajax();
380
+ }
381
+ });
382
+ jQuery('#mo2f_answer_2').keypress(function (e) {
383
+ if (e.which == 13) {//Enter key pressed
384
+ e.preventDefault();
385
+ mo2f_kba_ajax();
386
+ }
387
+ });
388
+ jQuery("#miniorange_kba_validate").click(function(e){
389
+ e.preventDefault();
390
+ mo2f_kba_ajax();
391
+ });
392
+
393
+ function mo2f_kba_ajax(){
394
+ jQuery('#mo2f_answer_1').prop('disabled','true');
395
+ jQuery('#mo2f_answer_2').prop('disabled','true');
396
+ jQuery('#miniorange_kba_validate').prop('disabled','true');
397
+ var data = {
398
+ "action" : "mo2f_ajax",
399
+ "mo2f_ajax_option" : "mo2f_ajax_kba",
400
+ "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
401
+ "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
402
+ "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
403
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
404
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
405
+ "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
406
+ };
407
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
408
+ if ( typeof response.data === "undefined") {
409
+ jQuery("html").html(response);
410
+ }
411
+ else
412
+ location.href = response.data.redirect;
413
+ });
414
+ }
415
+ }
416
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
417
+ jQuery('#mo2f_backup').submit();
418
+ });
419
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
420
+ jQuery('#mo2f_create_backup_codes').submit();
421
+ });
422
+ </script>
423
+ </body>
424
+
425
+ </html>
426
+ <?php
427
+ }
428
+
429
+ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
430
+ ?>
431
+ <html>
432
+ <head> <meta charset="utf-8"/>
433
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
434
+ <meta name="viewport" content="width=device-width, initial-scale=1">
435
+ <?php
436
+ echo_js_css_files(); ?>
437
+ </head>
438
+ <body>
439
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
440
+ <div class="mo2f-modal-backdrop"></div>
441
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
442
+ <div class="login mo_customer_validation-modal-content">
443
+ <div class="mo2f_modal-header">
444
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
445
+ <?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
446
+ </h4>
447
+ </div>
448
+ <div class="mo2f_modal-body">
449
+ <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
450
+ <div id="otpMessage" >
451
+
452
+ <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
453
+ </div>
454
+ <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
455
+ <div id="mo2f_kba_content">
456
+ <p style="font-size:15px;">
457
+ <input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
458
+ </p>
459
+ </div>
460
+ <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
461
+ <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
462
+ <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
463
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
464
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
465
+ </form>
466
+ </br>
467
+ </div>
468
+ <br /><br /><br />
469
+ <?php mo2f_customize_logo() ?>
470
+ </div>
471
+ </div>
472
+ </div>
473
+ </div>
474
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
475
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
476
+ </form>
477
+ </body>
478
+ <script>
479
+ function mologinback(){
480
+ jQuery('#mo2f_backto_mo_loginform').submit();
481
+ }
482
+ </script>
483
+ </html>
484
+ <?php
485
+ }
486
+
487
+ function mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id ){
488
+
489
+ $mo_wpns_config = new MoWpnsHandler();
490
+
491
+ global $Mo2fdbQueries,$txid,$moWpnsUtility;
492
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
493
+ $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
494
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
495
+ $mo2f_EV_txid = get_user_meta($user_id,'mo2f_EV_txid',true);
496
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
497
+
498
+ $current_user = get_user_by('id',$user_id);
499
+ MO2f_Utility::mo2f_debug_file('Waiting for duo push notification validation'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
500
+ update_user_meta($user_id,'current_user_email',$current_user->user_email);
501
+
502
+
503
+ ?>
504
+
505
+ <html>
506
+ <head>
507
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
508
+ <meta name="viewport" content="width=device-width, initial-scale=1">
509
+ <?php
510
+ echo_js_css_files(); ?>
511
+ </head>
512
+ <body>
513
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
514
+ <div class="mo2f-modal-backdrop"></div>
515
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
516
+ <div class="login mo_customer_validation-modal-content">
517
+ <div class="mo2f_modal-header">
518
+ <h4 class="mo2f_modal-title">
519
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
520
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
521
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
522
+ <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
523
+ </div>
524
+ <div class="mo2f_modal-body">
525
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
526
+ <div id="otpMessage">
527
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
528
+ </div>
529
+ <?php } ?>
530
+ <div id="pushSection">
531
+
532
+ <div>
533
+ <center>
534
+ <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
535
+ </center>
536
+ </div>
537
+ <div id="showPushImage">
538
+ <center>
539
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
540
+ </center>
541
+ </div>
542
+
543
+
544
+ <span style="padding-right:2%;">
545
+ <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
546
+ <center>
547
+ <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
548
+ <input type="button" name="miniorange_login_forgotphone"
549
+ onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
550
+ class="miniorange_login_forgotphone"
551
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
552
+ <?php } ?>
553
+ &emsp;&emsp;
554
+
555
+ </center>
556
+ <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
557
+ <center>
558
+ <a href="#mo2f_alternate_login_kba">
559
+ <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive push nitification?' ); ?></p>
560
+ </a>
561
+ </center>
562
+ <?php } ?>
563
+ </span>
564
+ <center>
565
+ <?php
566
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
567
+ <div>
568
+ <a href="#mo2f_backup_generate">
569
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
570
+ </a>
571
+ </div>
572
+ <?php }else{ ?>
573
+ <div>
574
+ <a href="#mo2f_backup_option">
575
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
576
+ </a>
577
+ </div>
578
+ <?php }
579
+ ?>
580
+ <div style="padding:10px;">
581
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
582
+ </div>
583
+ </center>
584
+ </div>
585
+
586
+ <?php
587
+ mo2f_customize_logo();
588
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
589
+ ?>
590
+ </div>
591
+ </div>
592
+ </div>
593
+ </div>
594
+ <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
595
+ class="mo2f_display_none_forms">
596
+ <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
597
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' ); ?>"/>
598
+ <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
599
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
600
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
601
+ <input type="hidden" name="currentMethod" value="emailVer"/>
602
+
603
+ </form>
604
+ <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
605
+ <input type="hidden" name="miniorange_duo_push_validation_nonce"
606
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' ); ?>"/>
607
+ <input type="hidden" name="option" value="miniorange_duo_push_validation">
608
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
609
+ <input type="hidden" name="tx_type"/>
610
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
611
+ <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
612
+
613
+ </form>
614
+
615
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
616
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
617
+ <input type="hidden" name="miniorange_forgotphone"
618
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
619
+ <input type="hidden" name="option" value="miniorange_forgotphone">
620
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
621
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
622
+ </form>
623
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
624
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce"
625
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
626
+ <input type="hidden" name="option" value="miniorange_alternate_login_kba">
627
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
628
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
629
+ </form>
630
+
631
+ <script>
632
+ var timeout;
633
+
634
+ pollPushValidation();
635
+ function pollPushValidation()
636
+ {
637
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
638
+ var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
639
+ var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
640
+ var data={
641
+ 'action':'mo2f_duo_ajax_request',
642
+ 'call_type':'check_duo_push_auth_status',
643
+ 'session_id_encrypt': session_id_encrypt,
644
+ 'nonce' : nonce,
645
+
646
+
647
+ };
648
+
649
+ jQuery.post(ajax_url, data, function(response){
650
+
651
+
652
+ if (response == 'SUCCESS') {
653
+ jQuery('#mo2f_duo_push_validation_form').submit();
654
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
655
+ jQuery('#mo2f_backto_duo_mo_loginform').submit();
656
+ } else {
657
+ timeout = setTimeout(pollMobileValidation, 3000);
658
+ }
659
+
660
+ });
661
+ }
662
+
663
+
664
+
665
+
666
+
667
+
668
+ function mologinforgotphone() {
669
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
670
+ }
671
+
672
+ function mologinback() {
673
+ jQuery('#mo2f_backto_duo_mo_loginform').submit();
674
+ }
675
+
676
+ jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
677
+ jQuery('#mo2f_alternate_login_kbaform').submit();
678
+ });
679
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
680
+ jQuery('#mo2f_backup').submit();
681
+ });
682
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
683
+ jQuery('#mo2f_create_backup_codes').submit();
684
+ });
685
+
686
+ </script>
687
+ </body>
688
+ </html>
689
+
690
+ <?php
691
+ }
692
+
693
+ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
694
+
695
+ $mo_wpns_config = new MoWpnsHandler();
696
+ global $Mo2fdbQueries,$txid,$moWpnsUtility;
697
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
698
+ $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
699
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
700
+ $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
701
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
702
+ MO2f_Utility::mo2f_debug_file('Waiting for push notification validation '.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
703
+ ?>
704
+ <html>
705
+ <head>
706
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
707
+ <meta name="viewport" content="width=device-width, initial-scale=1">
708
+ <?php
709
+ echo_js_css_files(); ?>
710
+ </head>
711
+ <body>
712
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
713
+ <div class="mo2f-modal-backdrop"></div>
714
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
715
+ <div class="login mo_customer_validation-modal-content">
716
+ <div class="mo2f_modal-header">
717
+ <h4 class="mo2f_modal-title">
718
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
719
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
720
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
721
+ <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
722
+ </div>
723
+ <div class="mo2f_modal-body">
724
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
725
+ <div id="otpMessage">
726
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
727
+ </div>
728
+ <?php } ?>
729
+ <div id="pushSection">
730
+
731
+ <div>
732
+ <center>
733
+ <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
734
+ </center>
735
+ </div>
736
+ <div id="showPushImage">
737
+ <center>
738
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
739
+ </center>
740
+ </div>
741
+
742
+
743
+ <span style="padding-right:2%;">
744
+ <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
745
+ <center>
746
+ <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
747
+ <input type="button" name="miniorange_login_forgotphone"
748
+ onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
749
+ class="miniorange_login_forgotphone"
750
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
751
+ <?php } ?>
752
+ &emsp;&emsp;
753
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
754
+ id="miniorange_login_offline" class="miniorange_login_offline"
755
+ value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
756
+ </center>
757
+ <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
758
+ <center>
759
+ <a href="#mo2f_alternate_login_kba">
760
+ <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive mail?' ); ?></p>
761
+ </a>
762
+ </center>
763
+ <?php } ?>
764
+ </span>
765
+ <center>
766
+ <?php
767
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
768
+ <div>
769
+ <a href="#mo2f_backup_generate">
770
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
771
+ </a>
772
+ </div>
773
+ <?php }else{ ?>
774
+ <div>
775
+ <a href="#mo2f_backup_option">
776
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
777
+ </a>
778
+ </div>
779
+ <?php }
780
+ ?>
781
+ <div style="padding:10px;">
782
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
783
+ </div>
784
+ </center>
785
+ </div>
786
+
787
+ <?php
788
+ mo2f_customize_logo();
789
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
790
+ ?>
791
+ </div>
792
+ </div>
793
+ </div>
794
+ </div>
795
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
796
+ class="mo2f_display_none_forms">
797
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
798
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
799
+ <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
800
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
801
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
802
+ <input type="hidden" name="currentMethod" value="emailVer"/>
803
+
804
+ </form>
805
+ <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
806
+ <input type="hidden" name="miniorange_mobile_validation_nonce"
807
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
808
+ <input type="hidden" name="option" value="miniorange_mobile_validation">
809
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
810
+ <input type="hidden" name="tx_type"/>
811
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
812
+ <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
813
+
814
+ </form>
815
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
816
+ <input type="hidden" name="miniorange_softtoken"
817
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
818
+ <input type="hidden" name="option" value="miniorange_softtoken">
819
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
820
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
821
+ </form>
822
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
823
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
824
+ <input type="hidden" name="miniorange_forgotphone"
825
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
826
+ <input type="hidden" name="option" value="miniorange_forgotphone">
827
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
828
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
829
+ </form>
830
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
831
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce"
832
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
833
+ <input type="hidden" name="option" value="miniorange_alternate_login_kba">
834
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
835
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
836
+ </form>
837
+
838
+ <script>
839
+ var timeout;
840
+ var login_status = '<?php echo $login_status;?>';
841
+ var calls = 0;
842
+ var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
843
+
844
+ if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
845
+ {
846
+ pollPushValidation();
847
+ function pollPushValidation()
848
+ { calls = calls + 1;
849
+ var data = {'txid':'<?php echo $mo2f_EV_txid;?>'};
850
+ jQuery.ajax({
851
+ url: '<?php echo get_site_option("siteurl"); ?>'+"/wp-login.php",
852
+ type: "POST",
853
+ data: data,
854
+ success: function (result) {
855
+
856
+ var status = result;
857
+ if (status == 1) {
858
+ jQuery('input[name="tx_type"]').val("EV");
859
+ jQuery('#mo2f_mobile_validation_form').submit();
860
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
861
+ jQuery('#mo2f_backto_mo_loginform').submit();
862
+ } else {
863
+ if(calls<300)
864
+ {
865
+ timeout = setTimeout(pollPushValidation, 1000);
866
+ }
867
+ else
868
+ {
869
+ jQuery('#mo2f_backto_mo_loginform').submit();
870
+ }
871
+ }
872
+ }
873
+ });
874
+ }
875
+
876
+
877
+ }
878
+ else
879
+ {
880
+ pollPushValidation();
881
+ function pollPushValidation() {
882
+ var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
883
+ var jsonString = "{\"txId\":\"" + transId + "\"}";
884
+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
885
+
886
+ jQuery.ajax({
887
+ url: postUrl,
888
+ type: "POST",
889
+ dataType: "json",
890
+ data: jsonString,
891
+ contentType: "application/json; charset=utf-8",
892
+ success: function (result) {
893
+ var status = JSON.parse(JSON.stringify(result)).status;
894
+ if (status == 'SUCCESS') {
895
+ jQuery('input[name="tx_type"]').val("PN");
896
+ jQuery('#mo2f_mobile_validation_form').submit();
897
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
898
+ jQuery('#mo2f_backto_mo_loginform').submit();
899
+ } else {
900
+ timeout = setTimeout(pollPushValidation, 3000);
901
+ }
902
+ }
903
+ });
904
+ }
905
+ }
906
+
907
+ function mologinoffline() {
908
+ jQuery('#mo2f_show_softtoken_loginform').submit();
909
+ }
910
+
911
+ function mologinforgotphone() {
912
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
913
+ }
914
+
915
+ function mologinback() {
916
+ jQuery('#mo2f_backto_mo_loginform').submit();
917
+ }
918
+
919
+ jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
920
+ jQuery('#mo2f_alternate_login_kbaform').submit();
921
+ });
922
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
923
+ jQuery('#mo2f_backup').submit();
924
+ });
925
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
926
+ jQuery('#mo2f_create_backup_codes').submit();
927
+ });
928
+
929
+ </script>
930
+ </body>
931
+ </html>
932
+ <?php
933
+ }
934
+
935
+ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
936
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
937
+ $mo_wpns_config = new MoWpnsHandler();
938
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
939
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
940
+ ?>
941
+ <html>
942
+ <head>
943
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
944
+ <meta name="viewport" content="width=device-width, initial-scale=1">
945
+ <?php
946
+ echo_js_css_files(); ?>
947
+ </head>
948
+ <body>
949
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
950
+ <div class="mo2f-modal-backdrop"></div>
951
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
952
+ <div class="login mo_customer_validation-modal-content">
953
+ <div class="mo2f_modal-header">
954
+ <h4 class="mo2f_modal-title">
955
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
956
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
957
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
958
+ <?php echo mo2f_lt( 'Scan QR Code' ); ?></h4>
959
+ </div>
960
+ <div class="mo2f_modal-body center">
961
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
962
+ <div id="otpMessage">
963
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
964
+ </div>
965
+ <br>
966
+ <?php } ?>
967
+ <div id="scanQRSection">
968
+ <div style="margin-bottom:10%;">
969
+ <center>
970
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Identify yourself by scanning the QR code with miniOrange Authenticator app.' ); ?></p>
971
+ </center>
972
+ </div>
973
+ <div id="showQrCode" style="margin-bottom:10%;">
974
+ <center><?php echo '<img src="data:image/jpg;base64,' . $qrCode . '" />'; ?></center>
975
+ </div>
976
+ <span style="padding-right:2%;">
977
+ <center>
978
+ <?php if ( ! $mo2f_is_new_customer ) { ?>
979
+ <?php if ( $mo2f_enable_forgotphone ) { ?>
980
+ <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
981
+ id="miniorange_login_forgotphone" class="miniorange_login_forgotphone"
982
+ style="margin-right:5%;"
983
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
984
+ <?php } ?>
985
+ &emsp;&emsp;
986
+ <?php } ?>
987
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
988
+ id="miniorange_login_offline" class="miniorange_login_offline"
989
+ value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
990
+ </center>
991
+ </span>
992
+ <?php
993
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
994
+ <div>
995
+ <a href="#mo2f_backup_generate">
996
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
997
+ </a>
998
+ </div>
999
+ <?php }else{ ?>
1000
+ <div>
1001
+ <a href="#mo2f_backup_option">
1002
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1003
+ </a>
1004
+ </div>
1005
+ <?php }
1006
+ ?>
1007
+ <div style="padding:10px;">
1008
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1009
+ </div>
1010
+ </div>
1011
+ <?php
1012
+ mo2f_customize_logo();
1013
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1014
+ ?>
1015
+ </div>
1016
+ </div>
1017
+ </div>
1018
+ </div>
1019
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1020
+ class="mo2f_display_none_forms">
1021
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1022
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1023
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1024
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1025
+ </form>
1026
+ <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1027
+ <input type="hidden" name="miniorange_mobile_validation_nonce"
1028
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
1029
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1030
+ <input type="hidden" name="option" value="miniorange_mobile_validation">
1031
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1032
+ </form>
1033
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1034
+ <input type="hidden" name="miniorange_softtoken"
1035
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
1036
+ <input type="hidden" name="option" value="miniorange_softtoken">
1037
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1038
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1039
+ </form>
1040
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1041
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1042
+ <input type="hidden" name="miniorange_forgotphone"
1043
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1044
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1045
+ <input type="hidden" name="option" value="miniorange_forgotphone">
1046
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1047
+ </form>
1048
+
1049
+ <script>
1050
+ var timeout;
1051
+ pollMobileValidation();
1052
+
1053
+ function pollMobileValidation() {
1054
+ var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1055
+ var jsonString = "{\"txId\":\"" + transId + "\"}";
1056
+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
1057
+ jQuery.ajax({
1058
+ url: postUrl,
1059
+ type: "POST",
1060
+ dataType: "json",
1061
+ data: jsonString,
1062
+ contentType: "application/json; charset=utf-8",
1063
+ success: function (result) {
1064
+ var status = JSON.parse(JSON.stringify(result)).status;
1065
+ if (status == 'SUCCESS') {
1066
+ var content = "<div id='success'><center><img src='" + "<?php echo plugins_url( 'includes/images/right.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1067
+ jQuery("#showQrCode").empty();
1068
+ jQuery("#showQrCode").append(content);
1069
+ setTimeout(function () {
1070
+ jQuery("#mo2f_mobile_validation_form").submit();
1071
+ }, 100);
1072
+ } else if (status == 'ERROR' || status == 'FAILED') {
1073
+ var content = "<div id='error'><center><img src='" + "<?php echo plugins_url( 'includes/images/wrong.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1074
+ jQuery("#showQrCode").empty();
1075
+ jQuery("#showQrCode").append(content);
1076
+ setTimeout(function () {
1077
+ jQuery('#mo2f_backto_mo_loginform').submit();
1078
+ }, 1000);
1079
+ } else {
1080
+ timeout = setTimeout(pollMobileValidation, 3000);
1081
+ }
1082
+ }
1083
+ });
1084
+ }
1085
+
1086
+ function mologinoffline() {
1087
+ jQuery('#mo2f_show_softtoken_loginform').submit();
1088
+ }
1089
+
1090
+ function mologinforgotphone() {
1091
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
1092
+ }
1093
+
1094
+ function mologinback() {
1095
+ jQuery('#mo2f_backto_mo_loginform').submit();
1096
+ }
1097
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1098
+ jQuery('#mo2f_backup').submit();
1099
+ });
1100
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1101
+ jQuery('#mo2f_create_backup_codes').submit();
1102
+ });
1103
+
1104
+ </script>
1105
+ </body>
1106
+ </html>
1107
+ <?php
1108
+ }
1109
+
1110
+ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ,$mo2fa_transaction_id = null ) {
1111
+ global $Mo2fdbQueries,$moWpnsUtility;
1112
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1113
+ $mo_wpns_config = new MoWpnsHandler();
1114
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1115
+ $attempts = get_option('mo2f_attempts_before_redirect', 3);
1116
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1117
+ $mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
1118
+
1119
+ MO2f_Utility::mo2f_debug_file('Prompted 2fa validation screen '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1120
+ ?>
1121
+ <html>
1122
+ <head>
1123
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1124
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1125
+ <?php
1126
+ echo_js_css_files();
1127
+ ?>
1128
+ </head>
1129
+ <body>
1130
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1131
+ <div class="mo2f-modal-backdrop"></div>
1132
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1133
+ <div class="login mo_customer_validation-modal-content">
1134
+ <div class="mo2f_modal-header">
1135
+ <h4 class="mo2f_modal-title">
1136
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1137
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1138
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1139
+ <?php echo mo2f_lt( 'Validate OTP' ); ?>
1140
+ </h4>
1141
+ </div>
1142
+ <div class="mo2f_modal-body center">
1143
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1144
+ <div id="otpMessage">
1145
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1146
+ </div>
1147
+ <?php } ?><br><?php
1148
+ ?>
1149
+ <span><b>Attempts left</b>:</span> <?php echo $attempts;?><br>
1150
+ <?php if($attempts==1){?>
1151
+ <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1152
+ <?php }?>
1153
+ <br>
1154
+ <div id="showOTP">
1155
+ <div class="mo2f-login-container">
1156
+ <form name="f" id="mo2f_submitotp_loginform" method="post">
1157
+ <center>
1158
+ <input type="text" name="mo2fa_softtoken" style="height:28px !important;"
1159
+ placeholder="<?php echo mo2f_lt( 'Enter code' ); ?>"
1160
+ id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true"
1161
+ pattern="[0-9]{4,8}"
1162
+ title="<?php echo mo2f_lt( 'Only digits within range 4-8 are allowed.' ); ?>"/>
1163
+ </center>
1164
+ <br>
1165
+ <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
1166
+ class="miniorange_otp_token_submit"
1167
+ value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
1168
+ <?php
1169
+
1170
+ if($show_back_button == 1)
1171
+ {
1172
+ ?>
1173
+ <input type="button" name="miniorange_otp_token_back" id="miniorange_otp_token_back"
1174
+ class="miniorange_otp_token_submit"
1175
+ value="<?php echo mo2f_lt( 'Back' ); ?>"/>
1176
+ <?php
1177
+ }
1178
+ ?>
1179
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1180
+ <input type="hidden" name="miniorange_soft_token_nonce"
1181
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
1182
+ <input type="hidden" name="option" value="miniorange_soft_token">
1183
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1184
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1185
+ <?php if($mo2fa_transaction_id!=null){ ?>
1186
+ <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1187
+ <?php }?>
1188
+ </form>
1189
+ <?php
1190
+ $Kbaset = get_user_meta( $user_id ,'Security Questions' );
1191
+ if ( ! $mo2f_is_new_customer ) { ?>
1192
+ <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
1193
+ <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1194
+ id="miniorange_login_forgotphone"
1195
+ class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
1196
+ <?php } ?>
1197
+ <?php }
1198
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1199
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1200
+ <div>
1201
+ <a href="#mo2f_backup_generate">
1202
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1203
+ </a>
1204
+ </div>
1205
+ <?php }else{ ?>
1206
+ <div>
1207
+ <a href="#mo2f_backup_option">
1208
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1209
+ </a>
1210
+ </div>
1211
+ <?php }
1212
+ ?>
1213
+
1214
+ <div style="padding:10px;">
1215
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1216
+ </div>
1217
+ <?php } ?>
1218
+ </div>
1219
+ </div>
1220
+ </center>
1221
+ <?php
1222
+ mo2f_customize_logo();
1223
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1224
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1225
+ }
1226
+ ?>
1227
+ </div>
1228
+ </div>
1229
+ </div>
1230
+ </div>
1231
+
1232
+ <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo wp_login_url(); ?>"
1233
+ class="mo2f_display_none_forms">
1234
+ <input type="hidden" name="miniorange_back_inline_reg_nonce"
1235
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
1236
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1237
+ <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1238
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1239
+
1240
+ </form>
1241
+
1242
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1243
+ class="mo2f_display_none_forms">
1244
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1245
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1246
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1247
+ </form>
1248
+
1249
+ <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1250
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1251
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1252
+ <input type="hidden" name="miniorange_forgotphone"
1253
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1254
+ <input type="hidden" name="option" value="miniorange_forgotphone">
1255
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1256
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1257
+ </form>
1258
+
1259
+ <?php } ?>
1260
+
1261
+ <script>
1262
+ jQuery('#miniorange_otp_token_back').click(function(){
1263
+ jQuery('#mo2f_backto_inline_registration').submit();
1264
+ });
1265
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1266
+ jQuery('#mo2f_backup').submit();
1267
+ });
1268
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1269
+ jQuery('#mo2f_create_backup_codes').submit();
1270
+ });
1271
+
1272
+ function mologinback() {
1273
+ jQuery('#mo2f_backto_mo_loginform').submit();
1274
+ }
1275
+
1276
+ function mologinforgotphone() {
1277
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
1278
+ }
1279
+ var is_ajax = '<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>';
1280
+ if(is_ajax){
1281
+ jQuery('#mo2fa_softtoken').keypress(function (e) {
1282
+ if (e.which == 13) {//Enter key pressed
1283
+ e.preventDefault();
1284
+ mo2f_otp_ajax();
1285
+ }
1286
+ });
1287
+ jQuery("#miniorange_otp_token_submit").click(function(e){
1288
+ e.preventDefault();
1289
+ mo2f_otp_ajax();
1290
+ });
1291
+
1292
+ function mo2f_otp_ajax(){
1293
+ jQuery('#mo2fa_softtoken').prop('disabled','true');
1294
+ jQuery('#miniorange_otp_token_submit').prop('disabled','true');
1295
+ var data = {
1296
+ "action" : "mo2f_ajax",
1297
+ "mo2f_ajax_option" : "mo2f_ajax_otp",
1298
+ "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
1299
+ "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
1300
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
1301
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
1302
+ "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
1303
+ };
1304
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
1305
+ if(typeof response.data === "undefined")
1306
+ jQuery("html").html(response);
1307
+ else if(response.data.reload)
1308
+ location.reload( true );
1309
+ else
1310
+ location.href = response.data.redirect;
1311
+ });
1312
+ }
1313
+ }
1314
+ </script>
1315
+ </body>
1316
+ </html>
1317
+ <?php
1318
+ }
1319
+
1320
+
1321
+ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1322
+ ?>
1323
+ <html>
1324
+ <head>
1325
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1326
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1327
+ <?php
1328
+ echo_js_css_files();
1329
+ ?>
1330
+ </head>
1331
+ <body>
1332
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1333
+ <div class="mo2f-modal-backdrop"></div>
1334
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1335
+ <div class="login mo_customer_validation-modal-content">
1336
+ <div class="mo2f_modal-header">
1337
+ <h4 class="mo2f_modal-title">
1338
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1339
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1340
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1341
+
1342
+ <?php echo mo2f_lt( 'Remember Device' ); ?>
1343
+ </h4>
1344
+ </div>
1345
+ <div class="mo2f_modal-body center">
1346
+ <div id="mo2f_device_content">
1347
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Do you want to remember this device?' ); ?></p>
1348
+ <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();"
1349
+ id="miniorange_trust_device_yes" class="mo_green" style="margin-right:5%;"
1350
+ value="<?php echo mo2f_lt( 'Yes' ); ?>"/>
1351
+ <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();"
1352
+ id="miniorange_trust_device_no" class="mo_red"
1353
+ value="<?php echo mo2f_lt( 'No' ); ?>"/>
1354
+ </div>
1355
+ <div id="showLoadingBar" hidden>
1356
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1357
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
1358
+ </div>
1359
+ <br><br>
1360
+ <span>
1361
+ <?php echo mo2f_lt( 'Click on ' ); ?>
1362
+ <i><b><?php echo mo2f_lt( 'Yes' ); ?></b></i><?php echo mo2f_lt( 'if this is your personal device.' ); ?>
1363
+ <br>
1364
+ <?php echo mo2f_lt( 'Click on ' ); ?>
1365
+ <i><b><?php echo mo2f_lt( 'No ' ); ?></b></i> <?php echo mo2f_lt( 'if this is a public device.' ); ?>
1366
+ </span><br><br>
1367
+ <?php mo2f_customize_logo() ?>
1368
+ </div>
1369
+ </div>
1370
+ </div>
1371
+ </div>
1372
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1373
+ class="mo2f_display_none_forms">
1374
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1375
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1376
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1377
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1378
+ </form>
1379
+ <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1380
+ <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1381
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' ); ?>"/>
1382
+ <input type="hidden" name="option" value="miniorange_rba_validate">
1383
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1384
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1385
+ </form>
1386
+ <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1387
+ <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1388
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' ); ?>"/>
1389
+ <input type="hidden" name="option" value="miniorange_rba_cancle">
1390
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1391
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1392
+ </form>
1393
+ <script>
1394
+ function mologinback() {
1395
+ jQuery('#mo2f_backto_mo_loginform').submit();
1396
+ }
1397
+
1398
+ function mo_check_device_confirm() {
1399
+ jQuery('#mo2f_device_content').css("display", "none");
1400
+ jQuery('#showLoadingBar').css("display", "block");
1401
+ jQuery('#mo2f_trust_device_confirm_form').submit();
1402
+ }
1403
+
1404
+ function mo_check_device_cancel() {
1405
+ jQuery('#mo2f_device_content').css("display", "none");
1406
+ jQuery('#showLoadingBar').css("display", "block");
1407
+ jQuery('#mo2f_trust_device_cancel_form').submit();
1408
+ }
1409
+ </script>
1410
+ </body>
1411
+ </html>
1412
+ <?php }
1413
+
1414
+ function mo2f_customize_logo() { ?>
1415
+ <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1416
+ alt="logo"
1417
+ src="<?php echo plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__))); ?>"/></a></div>
1418
+
1419
+ <?php }
1420
+
1421
+ function echo_js_css_files() {
1422
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1423
+ echo '<script src="' . plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__)) ) . '" ></script>';
1424
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
1425
+ }
1426
+
1427
+ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1428
+ global $Mo2fdbQueries;
1429
+ if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
1430
+ $encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
1431
+ $key = get_option( 'mo2f_encryption_key' );
1432
+ $codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
1433
+ $codes = explode(",", $codes_string);
1434
+ delete_user_meta($id, 'chqwetcsdvnvd');
1435
+ $result = true;
1436
+ }else{
1437
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1438
+ if(empty($mo2f_user_email)){
1439
+ $currentuser = get_user_by( 'id', $id );
1440
+ $mo2f_user_email = $currentuser->user_email;
1441
+ }
1442
+ $generate_backup_code = new Customer_Cloud_Setup();
1443
+ $codes = $generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
1444
+
1445
+ if($codes != 'DBConnectionIssue' && $codes != 'UnableToFetchData' && $codes != 'UserLimitReached' && $codes != 'ERROR' && $codes != 'LimitReached' && $codes != 'AllUsed' && $codes != 'invalid_request' ){
1446
+ $codes = explode(' ', $codes);
1447
+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1448
+ update_user_meta($id, 'mo_backup_code_generated', 1);
1449
+ $code_generated = 'code_generation_successful';
1450
+ }else{
1451
+ $code_generated = 'code_generation_failed';
1452
+ update_user_meta($id, 'error_during_code_generation',$codes);
1453
+ }
1454
+
1455
+
1456
+ }
1457
+ update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1458
+ ?>
1459
+ <html>
1460
+ <head> <meta charset="utf-8"/>
1461
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1462
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1463
+ <?php
1464
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1465
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) . '" ></script>';
1466
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
1467
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))) . '" />';
1468
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))) . '" />';
1469
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))) . '" />';
1470
+ ?>
1471
+ <style>
1472
+ .mo2f_kba_ques, .mo2f_table_textbox{
1473
+ background: whitesmoke none repeat scroll 0% 0%;
1474
+ }
1475
+ </style>
1476
+ </head>
1477
+ <body>
1478
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1479
+ <div class="mo2f-modal-backdrop"></div>
1480
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1481
+ <div class="login mo_customer_validation-modal-content">
1482
+ <div class="mo2f_modal-header">
1483
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1484
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1485
+ </div>
1486
+ <?php if($code_generated == 'code_generation_successful') { ?>
1487
+ <div class="mo2f_modal-body center">
1488
+
1489
+
1490
+ <h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
1491
+
1492
+ <h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
1493
+ <br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
1494
+
1495
+ <h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
1496
+ <br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
1497
+ <?php ?>
1498
+ <div>
1499
+ <div style="display: inline-flex;width: 350px; ">
1500
+ <div id="clipboard" style="border: solid;width: 55%;float: left;">
1501
+ <?php
1502
+ for ($x = 0; $x < sizeof($codes); $x++) {
1503
+ $str = $codes[$x];
1504
+ echo("<br>".$str." <br>");
1505
+ }
1506
+
1507
+ $str1="";
1508
+ for ($x = 0; $x < sizeof($codes); $x++) {
1509
+ $str = $codes[$x];
1510
+ $str1.=$str;
1511
+ if($x != 4){
1512
+ $str1.=',';
1513
+ }
1514
+ }
1515
+ ?>
1516
+ </div>
1517
+ <div style="width: 50%;float: right;">
1518
+ <form name="f" method="post" id="mo2f_users_backup1" action="">
1519
+ <input type="hidden" name="option" value="mo2f_users_backup1" />
1520
+ <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1521
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1522
+ <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1523
+
1524
+ <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1525
+ </form>
1526
+ </div>
1527
+
1528
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1529
+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1530
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1531
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1532
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1533
+ <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1534
+ </form>
1535
+ </div>
1536
+ </div>
1537
+
1538
+ <?php
1539
+ mo2f_customize_logo() ?>
1540
+ </div>
1541
+ <?php } else { ?>
1542
+ <div style="text-align:center;">
1543
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1544
+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1545
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1546
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1547
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1548
+ <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1549
+ </form>
1550
+ </div>
1551
+ <?php } ?>
1552
+ </div>
1553
+ </div>
1554
+ </div>
1555
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1556
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1557
+ </form>
1558
+ </body>
1559
+ <script>
1560
+ function mologinback(){
1561
+ jQuery('#mo2f_backto_mo_loginform').submit();
1562
+ }
1563
+ </script>
1564
+ </html>
1565
+ <?php
1566
+
1567
+
1568
+ }
1569
+
1570
+ function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1571
+ ?>
1572
+ <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1573
+ <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1574
+ <input type="hidden" name="option" value="miniorange_backup_nonce">
1575
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1576
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1577
+ </form>
1578
+ <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1579
+ <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1580
+ <input type="hidden" name="option" value="miniorange_create_backup_codes">
1581
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1582
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1583
+ <input type="hidden" name="login_status" value="<?php echo $login_status; ?>" />
1584
+ <input type="hidden" name="login_message" value="<?php echo $login_message; ?>" />
1585
+ </form>
1586
+ <?php
1587
+ }
1588
+
1589
  ?>
controllers/twofa/two_fa_addon.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
- global $Mo2fdbQueries;
3
- $current_user = wp_get_current_user();
4
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
1
+ <?php
2
+ global $Mo2fdbQueries;
3
+ $current_user = wp_get_current_user();
4
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
controllers/twofa/two_fa_custom_form.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
- $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
- $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
- $is_custom = get_site_option('mo2f_custom_reg_custom');
7
- $is_registered = get_site_option('mo2f_customerkey');
8
-
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
1
+ <?php
2
+
3
+ $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
+ $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
+ $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
+ $is_custom = get_site_option('mo2f_custom_reg_custom');
7
+ $is_registered = get_site_option('mo2f_customerkey');
8
+
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
controllers/twofa/two_fa_login_option.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
controllers/twofa/two_fa_video_guide.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
-
4
 
1
+ <?php
2
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
+
4
 
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -1,1398 +1,1398 @@
1
- <?php
2
- class wpns_ajax
3
- {
4
- function __construct(){
5
- //add comment here
6
- add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
- add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
- }
9
-
10
- function mo_login_security_ajax(){
11
-
12
- add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
- add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
- add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
- }
16
-
17
- function mo2f_ajax(){
18
- $GLOBALS['mo2f_is_ajax_request'] = true;
19
- switch ($_POST['mo2f_ajax_option']) {
20
- case "mo2f_ajax_kba":
21
- $this->mo2f_ajax_kba();break;
22
- case "mo2f_ajax_login":
23
- $this->mo2f_ajax_login(); break;
24
- case "mo2f_ajax_otp":
25
- $this->mo2f_ajax_otp(); break;
26
- }
27
- }
28
- function mo2fa_elementor_ajax_fun()
29
- {
30
-
31
- if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
- $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
- wp_send_json('ERROR');
35
- }
36
- if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
- {
38
- $info = array();
39
- $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
- $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
- $info['remember'] = false;
42
- $user_signon = wp_signon($info, false);
43
- if (is_wp_error($user_signon)) {
44
- wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
- }
46
- }
47
- }
48
- }
49
- function wpns_login_security(){
50
- switch($_POST['wpns_loginsecurity_ajax'])
51
- {
52
- case "wpns_bruteforce_form":
53
- $this->wpns_handle_bf_configuration_form(); break;
54
- case "wpns_save_captcha":
55
- $this->wpns_captcha_settings();break;
56
- case "save_strong_password":
57
- $this->wpns_strong_password_settings();break;
58
- case 'wpns_ManualIPBlock_form':
59
- $this->wpns_handle_IP_blocking();break;
60
- case 'wpns_WhitelistIP_form':
61
- $this->wpns_whitelist_ip(); break;
62
- case 'wpns_waf_settings_form':
63
- $this->wpns_waf_settings_form(); break;
64
- case 'wpns_waf_rate_limiting_form':
65
- $this->wpns_waf_rate_limiting_form(); break;
66
- case 'wpns_waf_realtime_ip_block_free':
67
- $this->wpns_waf_realtime_ip_block_free();break;
68
- case 'wpns_ip_lookup':
69
- $this->wpns_ip_lookup(); break;
70
- case 'wpns_all_plans':
71
- $this->wpns_all_plans(); break;
72
- case 'wpns_logout_form':
73
- $this->wpns_logout_form(); break;
74
- case 'wpns_check_transaction':
75
- $this->wpns_check_transaction(); break;
76
- case 'waf_settings_mail_form_notify':
77
- $this->waf_settings_mail_form_notify(); break;
78
- case 'waf_settings_IP_mail_form':
79
- $this->waf_settings_IP_mail_form();break;
80
- case 'update_plan':
81
- $this->update_plan(); break;
82
- }
83
- }
84
-
85
- function update_plan(){
86
- $mo2f_all_plannames = $_POST['planname'];
87
- $mo_2fa_plan_type = $_POST['planType'];
88
- update_option('mo2f_planname', $mo2f_all_plannames);
89
- if ($mo2f_all_plannames == 'addon_plan')
90
- {
91
- update_option('mo2f_planname', 'addon_plan');
92
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
- }
94
- elseif ($mo2f_all_plannames == '2fa_plan')
95
- {
96
- update_option('mo2f_planname', '2fa_plan');
97
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
- }
99
- }
100
-
101
-
102
- function mo2f_ajax_otp(){
103
- $obj = new Miniorange_Password_2Factor_Login();
104
- $obj->check_miniorange_soft_token($_POST);
105
- }
106
- function mo2f_ajax_kba(){
107
- $obj = new Miniorange_Password_2Factor_Login();
108
- $obj->check_kba_validation($_POST);
109
- }
110
-
111
- function wpns_check_transaction()
112
- {
113
- $customerT = new Customer_Cloud_Setup();
114
-
115
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
116
- if($content['status'] == 'SUCCESS')
117
- {
118
- update_site_option('mo2f_license_type','PREMIUM');
119
- }
120
- else
121
- {
122
- update_site_option('mo2f_license_type','DEMO');
123
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
- }
125
- if(isset($content['smsRemaining']))
126
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
- else if($content['status'] =='SUCCESS')
128
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
-
130
-
131
- if(isset($content['emailRemaining']))
132
- {
133
- $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
- if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
- {
136
- $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
- if($available_transaction>30)
138
- $currentTransaction = $currentTransaction-$available_transaction;
139
-
140
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
- }
143
-
144
- }
145
-
146
- }
147
-
148
- function mo2f_ajax_login()
149
- {
150
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
- {
152
- wp_send_json("ERROR");
153
- exit;
154
- }
155
- else
156
- {
157
- $username = sanitize_text_field($_POST['username']);
158
- $password = sanitize_text_field($_POST['password'] );
159
- apply_filters( 'authenticate', null, $username, $password );
160
- }
161
- }
162
- function wpns_logout_form()
163
- {
164
- global $moWpnsUtility;
165
- if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
- delete_option('mo2f_email');
167
- }
168
- delete_option('mo2f_customerKey');
169
- delete_option('mo2f_api_key');
170
- delete_option('mo2f_customer_token');
171
- delete_option('mo_wpns_transactionId');
172
- delete_site_option('EmailTransactionCurrent');
173
- delete_option('mo_wpns_registration_status');
174
- delete_option( 'mo_2factor_admin_registration_status' );
175
-
176
- $two_fa_settings = new Miniorange_Authentication();
177
- $two_fa_settings->mo_auth_deactivate();
178
-
179
- }
180
- // It is the new line added for the database updation
181
- function waf_settings_mail_form_notify()
182
- {
183
- $nonce = sanitize_text_field($_POST['nonce']);
184
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
- wp_send_json('ERROR');
186
- return;
187
- }
188
- if(isset($_POST['S_mail']))
189
- {
190
- $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
- update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
- wp_send_json('true');
193
- }
194
- else{
195
- wp_send_json('false');
196
-
197
- }
198
- }
199
- function waf_settings_IP_mail_form()
200
- {
201
- $nonce = sanitize_text_field($_POST['nonce']);
202
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
- wp_send_json('ERROR');
204
- return;
205
- }
206
- $mo2f_mail_noyifying_IP = sanitize_text_field($_POST['Smail']);
207
- update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
- if($mo2f_mail_noyifying_IP == "on"){
209
- wp_send_json('true');
210
- }
211
- else if($mo2f_mail_noyifying_IP == ""){
212
- wp_send_json('false');
213
- }
214
- }
215
- function wpns_all_plans()
216
- {
217
- $mo2f_all_plannames = $_POST['planname'];
218
- $mo_2fa_plan_type = $_POST['planType'];
219
- update_option('mo2f_planname', $mo2f_all_plannames);
220
- if ($mo2f_all_plannames == 'addon_plan')
221
- {
222
- update_option('mo2f_planname', 'addon_plan');
223
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
- }
225
- elseif ($mo2f_all_plannames == '2fa_plan')
226
- {
227
- update_option('mo2f_planname', '2fa_plan');
228
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
- }
230
- }
231
- function wpns_handle_bf_configuration_form(){
232
-
233
- $nonce = $_POST['nonce'];
234
- if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
- wp_send_json('ERROR');
236
- return;
237
- }
238
- $brute_force = $_POST['bf_enabled/disabled'];
239
- if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
- $login_attempts = $_POST['allwed_login_attempts'];
241
- $blocking_type = $_POST['time_of_blocking_type'];
242
- $blocking_value = isset($_POST['time_of_blocking_val']) ? $_POST['time_of_blocking_val'] : false;
243
- $show_login_attempts= $_POST['show_remaining_attempts'];
244
- if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
- if($brute_force == 'on' && $login_attempts == "" ){
246
- wp_send_json('empty');
247
- return;
248
- }
249
- update_option( 'mo2f_enable_brute_force' , $brute_force );
250
- update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
- update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
- update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
- update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
- if($brute_force == "on"){
255
- update_site_option('bruteforce_notification_option',1);
256
- wp_send_json('true');
257
- }
258
- else if($brute_force == ""){
259
- wp_send_json('false');
260
- }
261
-
262
- }
263
- function wpns_handle_IP_blocking()
264
- {
265
-
266
- global $mo2f_dirName;
267
- if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
268
- {
269
- echo "NonceDidNotMatch";
270
- exit;
271
- }
272
- else
273
- {
274
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
275
- }
276
- }
277
- function wpns_whitelist_ip()
278
- {
279
- global $mo2f_dirName;
280
- if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
281
- {
282
- echo "NonceDidNotMatch";
283
- exit;
284
- }
285
- else
286
- {
287
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
288
- }
289
- }
290
-
291
- function wpns_ip_lookup()
292
- {
293
-
294
- if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
295
- {
296
- echo "NonceDidNotMatch";
297
- exit;
298
- }
299
- else
300
- {
301
- $ip = $_POST['IP'];
302
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
303
- {
304
- echo("INVALID_IP_FORMAT");
305
- exit;
306
- }
307
- else if(! filter_var($ip, FILTER_VALIDATE_IP)){
308
- echo("INVALID_IP");
309
- exit;
310
- }
311
- $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
312
- $hostname = gethostbyaddr($result["geoplugin_request"]);
313
- try{
314
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
315
- $timeoffset = $timeoffset/3600;
316
-
317
- }catch(Exception $e){
318
- $result["geoplugin_timezone"]="";
319
- $timeoffset="";
320
- }
321
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
322
- if($result['geoplugin_request']==$ip) {
323
-
324
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
325
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
326
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
327
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
328
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
329
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
330
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
331
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
332
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
333
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
334
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
335
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
336
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
337
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
338
-
339
- $result['ipDetails'] = $ipLookUpTemplate;
340
- }else{
341
- $result["ipDetails"]["status"]="ERROR";
342
- }
343
- wp_send_json( $result );
344
- }
345
- }
346
- function wpns_waf_settings_form()
347
- {
348
- $dir_name = dirname(__FILE__);
349
- $dir_name1 = explode('wp-content', $dir_name);
350
- $dir_name = $dir_name1[0];
351
- $filepath = str_replace('\\', '/', $dir_name1[0]);
352
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
353
-
354
- if(!file_exists($fileName))
355
- {
356
- $file = fopen($fileName, "a+");
357
- $string = "<?php".PHP_EOL;
358
- $string .= '$SQL=1;'.PHP_EOL;
359
- $string .= '$XSS=1;'.PHP_EOL;
360
- $string .= '$RCE=0;'.PHP_EOL;
361
- $string .= '$LFI=0;'.PHP_EOL;
362
- $string .= '$RFI=0;'.PHP_EOL;
363
- $string .= '$RateLimiting=1;'.PHP_EOL;
364
- $string .= '$RequestsPMin=120;'.PHP_EOL;
365
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
366
- $string .= '?>'.PHP_EOL;
367
-
368
- fwrite($file, $string);
369
- fclose($file);
370
- }
371
- else
372
- {
373
- if(!is_writable($fileName) or !is_readable($fileName))
374
- {
375
- echo "FilePermissionDenied";
376
- exit;
377
- }
378
- }
379
-
380
- if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
381
- {
382
- var_dump("NonceDidNotMatch");
383
- exit;
384
- }
385
- else
386
- {
387
- switch ($_POST['optionValue']) {
388
- case "SQL":
389
- $this->savesql(); break;
390
- case "XSS":
391
- $this->savexss(); break;
392
- case "RCE":
393
- $this->saverce(); break;
394
- case "RFI":
395
- $this->saverfi(); break;
396
- case "LFI":
397
- $this->savelfi(); break;
398
- case "WAF":
399
- $this->saveWAF(); break;
400
- case "HWAF":
401
- $this->saveHWAF(); break;
402
- case "backupHtaccess":
403
- $this->backupHtaccess(); break;
404
- case "limitAttack":
405
- $this->limitAttack(); break;
406
- default:
407
- break;
408
- }
409
-
410
- }
411
-
412
- }
413
- function wpns_waf_realtime_ip_block_free()
414
- {
415
- $nonce = sanitize_text_field($_POST['nonce']);
416
- if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
417
- {
418
- echo "NonceDidNotMatch";
419
- exit;
420
- }
421
- else
422
- {
423
- $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
424
-
425
- if($mo2f_realtime_ip_block_free == 'on')
426
- {
427
- update_site_option('mo2f_realtime_ip_block_free',1);
428
- if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
429
- wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
430
- }
431
- wp_send_json('realtime_block_free_enable');
432
- }
433
- else
434
- {
435
- update_site_option('mo2f_realtime_ip_block_free',0);
436
- $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
437
- wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
438
- wp_send_json('realtime_block_free_disable');
439
- }
440
-
441
-
442
- }
443
-
444
- }
445
- function wpns_waf_rate_limiting_form()
446
- {
447
- if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
448
- {
449
- echo "NonceDidNotMatch";
450
- exit;
451
- }
452
- else
453
- {
454
- if(get_site_option('WAFEnabled') != 1)
455
- {
456
- echo "WAFNotEnabled";
457
- exit;
458
- }
459
-
460
- if($_POST['Requests']!='')
461
- {
462
- if(is_numeric($_POST['Requests']))
463
- {
464
- $dir_name = dirname(__FILE__);
465
- $dir_name1 = explode('wp-content', $dir_name);
466
- $dir_name = $dir_name1[0];
467
- $filepath = str_replace('\\', '/', $dir_name1[0]);
468
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
469
-
470
- $file = file_get_contents($fileName);
471
- $data = $file;
472
-
473
- $req = sanitize_text_field($_POST['Requests']);
474
- if($req >1)
475
- {
476
- update_option('Rate_request',$req);
477
- if(isset($_POST['rateCheck']))
478
- {
479
- if($_POST['rateCheck'] == 'on')
480
- {
481
- update_option('Rate_limiting','1');
482
- echo "RateEnabled";
483
- if(strpos($file, 'RateLimiting')!=false)
484
- {
485
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
486
- $data = $file;
487
- file_put_contents($fileName,$file);
488
-
489
- }
490
- else
491
- {
492
- $content = explode('?>', $file);
493
- $file = $content[0];
494
- $file .= PHP_EOL;
495
- $file .= '$RateLimiting=1;'.PHP_EOL;
496
- $file .='?>';
497
- file_put_contents($fileName,$file);
498
- $data = $file;
499
- }
500
-
501
-
502
- }
503
- }
504
- else
505
- {
506
- update_option('Rate_limiting','0');
507
- echo "Ratedisabled";
508
- if(strpos($file, 'RateLimiting')!=false)
509
- {
510
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
511
- $data = $file;
512
- file_put_contents($fileName,$file);
513
- }
514
- else
515
- {
516
- $content = explode('?>', $file);
517
- $file = $content[0];
518
- $file .= PHP_EOL;
519
- $file .= '$RateLimiting=0;'.PHP_EOL;
520
- $file .='?>';
521
- file_put_contents($fileName,$file);
522
- $data = $file;
523
- }
524
-
525
- }
526
-
527
-
528
- $file = $data;
529
- if(strpos($file, 'RequestsPMin')!=false)
530
- {
531
- $content = explode(PHP_EOL, $file);
532
- $con = '';
533
- $len = sizeof($content);
534
-
535
- for($i=0;$i<$len;$i++)
536
- {
537
- if(strpos($content[$i], 'RequestsPMin')!=false)
538
- {
539
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
540
- }
541
- else
542
- {
543
- $con .= $content[$i].PHP_EOL;
544
- }
545
- }
546
-
547
- file_put_contents($fileName,$con);
548
- $data = $con;
549
-
550
- }
551
-
552
- else
553
- {
554
- $content = explode('?>', $file);
555
- $file = $content[0];
556
- $file .= PHP_EOL;
557
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
558
- $file .='?>';
559
- file_put_contents($fileName,$file);
560
- $data = $file;
561
- }
562
-
563
- if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
564
- {
565
- update_option('actionRateL',1);
566
-
567
- $file = $data;
568
- if(strpos($file, 'actionRateL')!=false)
569
- {
570
- $content = explode(PHP_EOL, $file);
571
- $con = '';
572
- foreach ($content as $line => $lineV) {
573
- if(strpos($lineV, 'actionRateL')!=false)
574
- {
575
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
576
- }
577
- else
578
- {
579
- $con .= $lineV.PHP_EOL;
580
- }
581
- }
582
- file_put_contents($fileName,$con);
583
- }
584
- else
585
- {
586
- $content = explode('?>', $file);
587
- $file = $content[0];
588
- $file .= PHP_EOL;
589
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
590
- $file .='?>';
591
- file_put_contents($fileName,$file);
592
- $file = $data;
593
- }
594
- }
595
- else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
596
- {
597
-
598
- $file = $data;
599
- update_option('actionRateL',0);
600
- if(strpos($file, 'actionRateL')!=false)
601
- {
602
- $content = explode(PHP_EOL, $file);
603
- $con = '';
604
- foreach ($content as $line => $lineV) {
605
- if(strpos($lineV, 'actionRateL')!=false)
606
- {
607
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
608
- }
609
- else
610
- {
611
- $con .= $lineV.PHP_EOL;
612
- }
613
- }
614
- file_put_contents($fileName,$con);
615
- }
616
- else
617
- {
618
- $content = explode('?>', $file);
619
- $file = $content[0];
620
- $file .= PHP_EOL;
621
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
622
- $file .='?>';
623
- file_put_contents($fileName,$file);
624
- }
625
- }
626
-
627
- }
628
- exit;
629
- }
630
-
631
-
632
-
633
- }
634
- echo("Error");
635
- exit;
636
- }
637
-
638
-
639
- }
640
-
641
- private function saveWAF()
642
- {
643
- if(isset($_POST['pluginWAF']))
644
- {
645
- if($_POST['pluginWAF']=='on')
646
- {
647
- update_option('WAF','PluginLevel');
648
- update_option('WAFEnabled','1');
649
- echo("PWAFenabled");exit;
650
- }
651
- }
652
- else
653
- {
654
- update_option('WAFEnabled','0');
655
- update_option('WAF','wafDisable');
656
- echo("PWAFdisabled");exit;
657
- }
658
- }
659
- private function saveHWAF()
660
- {
661
- if(!function_exists('mysqli_connect'))
662
- {
663
- echo "mysqliDoesNotExit";
664
- exit;
665
- }
666
- if(isset($_POST['htaccessWAF']))
667
- {
668
- if($_POST['htaccessWAF']=='on')
669
- {
670
- update_option('WAF','HtaccessLevel');
671
- update_option('WAFEnabled','1');
672
- $dir_name = dirname(__FILE__);
673
- $dirN = $dir_name;
674
- $dirN = str_replace('\\', '/', $dirN);
675
- $dirN = str_replace('controllers', 'handler', $dirN);
676
-
677
- $dir_name1 = explode('wp-content', $dir_name);
678
- $dir_name = $dir_name1[0];
679
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
680
- $dir_name .='.htaccess';
681
- $file = file_get_contents($dir_name);
682
- if(strpos($file, 'php_value auto_prepend_file')!=false)
683
- {
684
- echo("WAFConflicts");
685
- exit;
686
- }
687
-
688
- $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
689
- $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
690
- $cont .= '# END miniOrange WAF'.PHP_EOL;
691
- file_put_contents($dir_name, $cont);
692
-
693
- $filecontent = file_get_contents($dir_name);
694
-
695
- $dir_name = dirname(__FILE__);
696
- $dir_name1 = explode('wp-content', $dir_name);
697
- $dir_name = $dir_name1[0];
698
- $filepath = str_replace('\\', '/', $dir_name1[0]);
699
- $fileName = $filepath.'mo-check.php';
700
- $file = fopen($fileName, 'w+');
701
- $dir_name = dirname(__FILE__);
702
- $filepath = str_replace('\\', '/', $dir_name);
703
- $filepath = explode('controllers', $filepath);
704
- $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
705
-
706
- $string = '<?php'.PHP_EOL;
707
- $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
708
- $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
709
- $string .= '?>'.PHP_EOL;
710
-
711
- fwrite($file, $string);
712
- fclose($file);
713
-
714
- if(strpos($filecontent,'mo-check.php')!=false)
715
- {
716
- echo "HWAFEnabled";
717
- exit;
718
- }
719
- else
720
- {
721
- echo "HWAFEnabledFailed";
722
- exit;
723
- }
724
- }
725
- }
726
- else
727
- {
728
- update_option('WAF','wafDisable');
729
- if(isset($_POST['pluginWAF']))
730
- {
731
- if($_POST['pluginWAF'] == 'on')
732
- {
733
- update_option('WAFEnabled',1);
734
- update_option('WAF','PluginLevel');
735
- }
736
- }
737
- else
738
- update_option('WAFEnabled',0);
739
- $dir_name = dirname(__FILE__);
740
- $dirN = $dir_name;
741
- $dirN = str_replace('\\', '/', $dirN);
742
- $dirN = explode('wp-content', $dirN);
743
- $dir_name1 = explode('wp-content', $dir_name);
744
- $dir_name = $dir_name1[0];
745
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
746
- $dir_name00 = $dir_name1;
747
- $dir_name1 .='.htaccess';
748
- $file = file_get_contents($dir_name1);
749
-
750
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
751
- $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
752
- $cont .= '# END miniOrange WAF'.PHP_EOL;
753
- $file =str_replace($cont,'',$file);
754
- file_put_contents($dir_name1, $file);
755
-
756
- $filecontent = file_get_contents($dir_name1);
757
- if(strpos($filecontent,'mo-check.php')==false)
758
- {
759
- echo "HWAFdisabled";
760
- exit;
761
- }
762
- else
763
- {
764
- echo "HWAFdisabledFailed";
765
- exit;
766
- }
767
- }
768
-
769
-
770
- }
771
- private function savesql()
772
- {
773
- if(isset($_POST['SQL']))
774
- {
775
- if($_POST['SQL']=='on')
776
- {
777
- update_option('SQLInjection',1);
778
- $dir_name = dirname(__FILE__);
779
- $dir_name1 = explode('wp-content', $dir_name);
780
- $dir_name = $dir_name1[0];
781
- $filepath = str_replace('\\', '/', $dir_name1[0]);
782
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
783
-
784
- $file = file_get_contents($fileName);
785
- if(strpos($file, 'SQL')!=false)
786
- {
787
- $file = str_replace('$SQL=0;', '$SQL=1;', $file);
788
- file_put_contents($fileName,$file);
789
- }
790
- else
791
- {
792
- $content = explode('?>', $file);
793
- $file = $content[0];
794
- $file .= PHP_EOL;
795
- $file .= '$SQL=1;'.PHP_EOL;
796
- $file .='?>';
797
- file_put_contents($fileName,$file);
798
- }
799
- echo("SQLenable");
800
- exit;
801
-
802
- }
803
- }
804
- else
805
- {
806
- update_option('SQLInjection',0);
807
-
808
- $dir_name = dirname(__FILE__);
809
- $dir_name1 = explode('wp-content', $dir_name);
810
- $dir_name = $dir_name1[0];
811
- $filepath = str_replace('\\', '/', $dir_name1[0]);
812
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
813
-
814
- $file = file_get_contents($fileName);
815
- if(strpos($file, '$SQL')!=false)
816
- {
817
- $file = str_replace('$SQL=1;', '$SQL=0;', $file);
818
- file_put_contents($fileName,$file);
819
- }
820
- else
821
- {
822
- $content = explode('?>', $file);
823
- $file = $content[0];
824
- $file .= PHP_EOL;
825
- $file .= '$SQL=0;'.PHP_EOL;
826
- $file .='?>';
827
- file_put_contents($fileName,$file);
828
- }
829
-
830
- echo("SQLdisable");
831
- exit;
832
-
833
- }
834
-
835
- }
836
- private function saverce()
837
- {
838
- if(isset($_POST['RCE']))
839
- {
840
- if($_POST['RCE']=='on')
841
- {
842
- update_option('RCEAttack',1);
843
-
844
- $dir_name = dirname(__FILE__);
845
- $dir_name1 = explode('wp-content', $dir_name);
846
- $dir_name = $dir_name1[0];
847
- $filepath = str_replace('\\', '/', $dir_name1[0]);
848
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
849
-
850
- $file = file_get_contents($fileName);
851
- if(strpos($file, 'RCE')!=false)
852
- {
853
- $file = str_replace('$RCE=0;', '$RCE=1;', $file);
854
- file_put_contents($fileName,$file);
855
- }
856
- else
857
- {
858
- $content = explode('?>', $file);
859
- $file = $content[0];
860
- $file .= PHP_EOL;
861
- $file .= '$RCE=1;'.PHP_EOL;
862
- $file .='?>';
863
- file_put_contents($fileName,$file);
864
- }
865
- echo("RCEenable");
866
- exit;
867
- }
868
- }
869
- else
870
- {
871
- update_option('RCEAttack',0);
872
-
873
- $dir_name = dirname(__FILE__);
874
- $dir_name1 = explode('wp-content', $dir_name);
875
- $dir_name = $dir_name1[0];
876
- $filepath = str_replace('\\', '/', $dir_name1[0]);
877
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
878
-
879
- $file = file_get_contents($fileName);
880
- if(strpos($file, '$RCE')!=false)
881
- {
882
- $file = str_replace('$RCE=1;', '$RCE=0;', $file);
883
- file_put_contents($fileName,$file);
884
- }
885
- else
886
- {
887
- $content = explode('?>', $file);
888
- $file = $content[0];
889
- $file .= PHP_EOL;
890
- $file .= '$RCE=0;'.PHP_EOL;
891
- $file .='?>';
892
- file_put_contents($fileName,$file);
893
- }
894
- echo("RCEdisable");
895
- exit;
896
-
897
- }
898
-
899
- }
900
- private function savexss()
901
- {
902
- if(isset($_POST['XSS']))
903
- {
904
- if($_POST['XSS']=='on')
905
- {
906
- update_option('XSSAttack',1);
907
- $dir_name = dirname(__FILE__);
908
- $dir_name1 = explode('wp-content', $dir_name);
909
- $dir_name = $dir_name1[0];
910
- $filepath = str_replace('\\', '/', $dir_name1[0]);
911
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
912
-
913
- $file = file_get_contents($fileName);
914
- if(strpos($file, 'XSS')!=false)
915
- {
916
- $file = str_replace('$XSS=0;', '$XSS=1;', $file);
917
- file_put_contents($fileName,$file);
918
- }
919
- else
920
- {
921
- $content = explode('?>', $file);
922
- $file = $content[0];
923
- $file .= PHP_EOL;
924
- $file .= '$XSS=1;'.PHP_EOL;
925
- $file .='?>';
926
- file_put_contents($fileName,$file);
927
- }
928
- echo("XSSenable");
929
- exit;
930
- }
931
- }
932
- else
933
- {
934
- update_option('XSSAttack',0);
935
- $dir_name = dirname(__FILE__);
936
- $dir_name1 = explode('wp-content', $dir_name);
937
- $dir_name = $dir_name1[0];
938
- $filepath = str_replace('\\', '/', $dir_name1[0]);
939
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
940
-
941
- $file = file_get_contents($fileName);
942
- if(strpos($file, '$XSS')!=false)
943
- {
944
- $file = str_replace('$XSS=1;', '$XSS=0;', $file);
945
- file_put_contents($fileName,$file);
946
- }
947
- else
948
- {
949
- $content = explode('?>', $file);
950
- $file = $content[0];
951
- $file .= PHP_EOL;
952
- $file .= '$XSS=0;'.PHP_EOL;
953
- $file .='?>';
954
- file_put_contents($fileName,$file);
955
- }
956
- echo("XSSdisable");
957
- exit;
958
- }
959
-
960
- }
961
- private function savelfi()
962
- {
963
- if(isset($_POST['LFI']))
964
- {
965
- if($_POST['LFI']=='on')
966
- {
967
- update_option('LFIAttack',1);
968
- $dir_name = dirname(__FILE__);
969
- $dir_name1 = explode('wp-content', $dir_name);
970
- $dir_name = $dir_name1[0];
971
- $filepath = str_replace('\\', '/', $dir_name1[0]);
972
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
973
-
974
- $file = file_get_contents($fileName);
975
- if(strpos($file, 'LFI')!=false)
976
- {
977
- $file = str_replace("LFI=0;", "LFI=1;", $file);
978
- file_put_contents($fileName,$file);
979
- }
980
- else
981
- {
982
- $content = explode('?>', $file);
983
- $file = $content[0];
984
- $file .= PHP_EOL;
985
- $file .= '$LFI=1;'.PHP_EOL;
986
- $file .='?>';
987
- file_put_contents($fileName,$file);
988
- }
989
- $file = file_get_contents($fileName);
990
-
991
- echo("LFIenable");
992
- exit;
993
- }
994
- }
995
- else
996
- {
997
- update_option('LFIAttack',0);
998
- $dir_name = dirname(__FILE__);
999
- $dir_name1 = explode('wp-content', $dir_name);
1000
- $dir_name = $dir_name1[0];
1001
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1002
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1003
-
1004
- $file = file_get_contents($fileName);
1005
- if(strpos($file, '$LFI')!=false)
1006
- {
1007
- $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1008
- file_put_contents($fileName,$file);
1009
- }
1010
- else
1011
- {
1012
- $content = explode('?>', $file);
1013
- $file = $content[0];
1014
- $file .= PHP_EOL;
1015
- $file .= '$LFI=0;'.PHP_EOL;
1016
- $file .='?>';
1017
- file_put_contents($fileName,$file);
1018
- }
1019
- echo("LFIdisable");
1020
- exit;
1021
- }
1022
-
1023
- }
1024
- private function saverfi()
1025
- {
1026
- if(isset($_POST['RFI']))
1027
- {
1028
- if($_POST['RFI']=='on')
1029
- {
1030
- update_option('RFIAttack',1);
1031
- $dir_name = dirname(__FILE__);
1032
- $dir_name1 = explode('wp-content', $dir_name);
1033
- $dir_name = $dir_name1[0];
1034
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1035
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1036
-
1037
- $file = file_get_contents($fileName);
1038
- if(strpos($file, 'RFI')!=false)
1039
- {
1040
- $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1041
- file_put_contents($fileName,$file);
1042
- }
1043
- else
1044
- {
1045
- $content = explode('?>', $file);
1046
- $file = $content[0];
1047
- $file .= PHP_EOL;
1048
- $file .= '$RFI=1;'.PHP_EOL;
1049
- $file .='?>';
1050
- file_put_contents($fileName,$file);
1051
- }
1052
- echo("RFIenable");
1053
- exit;
1054
- }
1055
- }
1056
- else
1057
- {
1058
- update_option('RFIAttack',0);
1059
- $dir_name = dirname(__FILE__);
1060
- $dir_name1 = explode('wp-content', $dir_name);
1061
- $dir_name = $dir_name1[0];
1062
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1063
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1064
-
1065
- $file = file_get_contents($fileName);
1066
- if(strpos($file, '$RFI')!=false)
1067
- {
1068
- $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1069
- file_put_contents($fileName,$file);
1070
- }
1071
- else
1072
- {
1073
- $content = explode('?>', $file);
1074
- $file = $content[0];
1075
- $file .= PHP_EOL;
1076
- $file .= '$RFI=0;'.PHP_EOL;
1077
- $file .='?>';
1078
- file_put_contents($fileName,$file);
1079
- }
1080
- echo("RFIdisable");
1081
- exit;
1082
- }
1083
-
1084
- }
1085
- private function saveRateL()
1086
- {
1087
-
1088
- if($_POST['time']!='' && $_POST['req']!='')
1089
- {
1090
- if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1091
- {
1092
- $dir_name = dirname(__FILE__);
1093
- $dir_name1 = explode('wp-content', $dir_name);
1094
- $dir_name = $dir_name1[0];
1095
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1096
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1097
-
1098
- $file = file_get_contents($fileName);
1099
- $data = $file;
1100
- $time = sanitize_text_field($_POST['time']);
1101
- $req = sanitize_text_field($_POST['req']);
1102
- if($time>0 && $req >0)
1103
- {
1104
- update_option('Rate_time',$time);
1105
- update_option('Rate_request',$req);
1106
- update_option('Rate_limiting','1');
1107
-
1108
- if(strpos($file, 'RateLimiting')!=false)
1109
- {
1110
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1111
- $data = $file;
1112
- file_put_contents($fileName,$file);
1113
- }
1114
- else
1115
- {
1116
- $content = explode('?>', $file);
1117
- $file = $content[0];
1118
- $file .= PHP_EOL;
1119
- $file .= '$RateLimiting=1;'.PHP_EOL;
1120
- $file .='?>';
1121
- file_put_contents($fileName,$file);
1122
- $data = $file;
1123
- }
1124
-
1125
- $file = $data;
1126
- if(strpos($file, 'RequestsPMin')!=false)
1127
- {
1128
- $content = explode(PHP_EOL, $file);
1129
- $con = '';
1130
- $len = sizeof($content);
1131
-
1132
- for($i=0;$i<$len;$i++)
1133
- {
1134
- if(strpos($content[$i], 'RequestsPMin')!=false)
1135
- {
1136
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1137
- }
1138
- else
1139
- {
1140
- $con .= $content[$i].PHP_EOL;
1141
- }
1142
- }
1143
-
1144
- file_put_contents($fileName,$con);
1145
- $data = $con;
1146
-
1147
- }
1148
-
1149
- else
1150
- {
1151
- $content = explode('?>', $file);
1152
- $file = $content[0];
1153
- $file .= PHP_EOL;
1154
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1155
- $file .='?>';
1156
- file_put_contents($fileName,$file);
1157
- $data = $file;
1158
- }
1159
-
1160
-
1161
-
1162
- if($_POST['action']=='BlockIP')
1163
- {
1164
- update_option('actionRateL',1);
1165
-
1166
- $file = $data;
1167
- if(strpos($file, 'actionRateL')!=false)
1168
- {
1169
- $content = explode(PHP_EOL, $file);
1170
- $con = '';
1171
- foreach ($content as $line => $lineV) {
1172
- if(strpos($lineV, 'actionRateL')!=false)
1173
- {
1174
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
1175
- }
1176
- else
1177
- {
1178
- $con .= $lineV.PHP_EOL;
1179
- }
1180
- }
1181
- file_put_contents($fileName,$con);
1182
- }
1183
- else
1184
- {
1185
- $content = explode('?>', $file);
1186
- $file = $content[0];
1187
- $file .= PHP_EOL;
1188
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1189
- $file .='?>';
1190
- file_put_contents($fileName,$file);
1191
- $file = $data;
1192
- }
1193
- }
1194
- elseif($_POST['action']=='ThrottleIP')
1195
- {
1196
- $file = $data;
1197
- update_option('actionRateL',0);
1198
- if(strpos($file, 'actionRateL')!=false)
1199
- {
1200
- $content = explode(PHP_EOL, $file);
1201
- $con = '';
1202
- foreach ($content as $line => $lineV) {
1203
- if(strpos($lineV, 'actionRateL')!=false)
1204
- {
1205
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1206
- }
1207
- else
1208
- {
1209
- $con .= $lineV.PHP_EOL;
1210
- }
1211
- }
1212
- file_put_contents($fileName,$con);
1213
- }
1214
- else
1215
- {
1216
- $content = explode('?>', $file);
1217
- $file = $content[0];
1218
- $file .= PHP_EOL;
1219
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1220
- $file .='?>';
1221
- file_put_contents($fileName,$file);
1222
- }
1223
- }
1224
-
1225
- }
1226
-
1227
- }
1228
-
1229
- }
1230
-
1231
- }
1232
- private function disableRL()
1233
- {
1234
- update_option('Rate_limiting',0);
1235
-
1236
- $dir_name = dirname(__FILE__);
1237
- $dir_name1 = explode('wp-content', $dir_name);
1238
- $dir_name = $dir_name1[0];
1239
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1240
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1241
- $file = file_get_contents($fileName);
1242
-
1243
- if(strpos($file, 'RateLimiting')!=false)
1244
- {
1245
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1246
- file_put_contents($fileName,$file);
1247
- }
1248
- else
1249
- {
1250
- $content = explode('?>', $file);
1251
- $file = $content[0];
1252
- $file .= PHP_EOL;
1253
- $file .= '$RateLimiting=0;'.PHP_EOL;
1254
- $file .='?>';
1255
- file_put_contents($fileName,$file);
1256
- }
1257
-
1258
- }
1259
- private function backupHtaccess()
1260
- {
1261
- if(isset($_POST['htaccessWAF']))
1262
- {
1263
- if($_POST['htaccessWAF']=='on')
1264
- {
1265
- $dir_name = dirname(__FILE__);
1266
- $dirN = $dir_name;
1267
- $dirN = str_replace('\\', '/', $dirN);
1268
- $dir_name1 = explode('wp-content', $dir_name);
1269
- $dir_name = $dir_name1[0];
1270
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1271
- $dir_name =$dir_name1.'.htaccess';
1272
- $file = file_get_contents($dir_name);
1273
- $dir_backup = $dir_name1.'htaccess';
1274
- $handle = fopen($dir_backup, 'c+');
1275
- fwrite($handle,$file);
1276
- }
1277
- }
1278
- }
1279
- private function limitAttack()
1280
- {
1281
- if(isset($_POST['limitAttack']))
1282
- {
1283
- $value = sanitize_text_field($_POST['limitAttack']);
1284
- if($value>1)
1285
- {
1286
- update_option('limitAttack',$value);
1287
- echo "limitSaved";
1288
- exit;
1289
- }
1290
- else
1291
- {
1292
- echo "limitIsLT1";
1293
- exit;
1294
- }
1295
-
1296
- }
1297
- }
1298
-
1299
-
1300
-
1301
- function wpns_captcha_settings(){
1302
-
1303
- $nonce=sanitize_text_field($_POST['nonce']);
1304
- if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1305
- wp_send_json('ERROR');
1306
- return;
1307
- }
1308
-
1309
- $site_key = sanitize_text_field($_POST['site_key']);
1310
- $secret_key = sanitize_text_field($_POST['secret_key']);
1311
- $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1312
- $login_form_captcha = sanitize_text_field($_POST['login_form']);
1313
- $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1314
-
1315
- if((isset($_POST['version'])))
1316
- {
1317
- $mo2f_g_version = sanitize_text_field($_POST['version']);
1318
- }
1319
- else $mo2f_g_version='reCAPTCHA_v3';
1320
-
1321
- if($enable_captcha == 'true') $enable_captcha = "on";
1322
- else if($enable_captcha == 'false') $enable_captcha = "";
1323
-
1324
- if($login_form_captcha == 'true') $login_form_captcha = "on";
1325
- else if($login_form_captcha == 'false') $login_form_captcha = "";
1326
-
1327
- if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1328
- else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1329
-
1330
- if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1331
- wp_send_json('empty');
1332
- return;
1333
- }
1334
-
1335
-
1336
- if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1337
- wp_send_json('version_select');
1338
- return;
1339
- }
1340
- if($mo2f_g_version=='reCAPTCHA_v2')
1341
- {
1342
-
1343
- update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1344
- update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1345
- }
1346
- if($mo2f_g_version=='reCAPTCHA_v3')
1347
- {
1348
-
1349
- update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1350
- update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1351
- }
1352
-
1353
- update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1354
- update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1355
-
1356
-
1357
- if($enable_captcha == "on"){
1358
- update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1359
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1360
- update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1361
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1362
- update_site_option('recaptcha_notification_option',1);
1363
- wp_send_json('true');
1364
- }
1365
- else if($enable_captcha == ""){
1366
- update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1367
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1368
- update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1369
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1370
- wp_send_json('false');
1371
- }
1372
-
1373
- }
1374
-
1375
- function wpns_strong_password_settings(){
1376
- $nonce = $_POST['nonce'];
1377
- if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1378
- wp_send_json('ERROR');
1379
- return;
1380
- }
1381
- $enable_strong_pass = $_POST['enable_strong_pass'];
1382
- if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1383
- $strong_pass_accounts = $_POST['accounts_strong_pass'];
1384
- update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1385
- update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1386
- if($enable_strong_pass){
1387
- update_option('mo_wpns_enable_rename_login_url',"");
1388
- wp_send_json('true');
1389
- }
1390
- else{
1391
- wp_send_json('false');
1392
- }
1393
- }
1394
-
1395
- }
1396
- new wpns_ajax;
1397
-
1398
- ?>
1
+ <?php
2
+ class wpns_ajax
3
+ {
4
+ function __construct(){
5
+ //add comment here
6
+ add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
+ add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
+ }
9
+
10
+ function mo_login_security_ajax(){
11
+
12
+ add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
+ add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
+ add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
+ }
16
+
17
+ function mo2f_ajax(){
18
+ $GLOBALS['mo2f_is_ajax_request'] = true;
19
+ switch ($_POST['mo2f_ajax_option']) {
20
+ case "mo2f_ajax_kba":
21
+ $this->mo2f_ajax_kba();break;
22
+ case "mo2f_ajax_login":
23
+ $this->mo2f_ajax_login(); break;
24
+ case "mo2f_ajax_otp":
25
+ $this->mo2f_ajax_otp(); break;
26
+ }
27
+ }
28
+ function mo2fa_elementor_ajax_fun()
29
+ {
30
+
31
+ if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
+ $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
+ wp_send_json('ERROR');
35
+ }
36
+ if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
+ {
38
+ $info = array();
39
+ $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
+ $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
+ $info['remember'] = false;
42
+ $user_signon = wp_signon($info, false);
43
+ if (is_wp_error($user_signon)) {
44
+ wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
+ }
46
+ }
47
+ }
48
+ }
49
+ function wpns_login_security(){
50
+ switch($_POST['wpns_loginsecurity_ajax'])
51
+ {
52
+ case "wpns_bruteforce_form":
53
+ $this->wpns_handle_bf_configuration_form(); break;
54
+ case "wpns_save_captcha":
55
+ $this->wpns_captcha_settings();break;
56
+ case "save_strong_password":
57
+ $this->wpns_strong_password_settings();break;
58
+ case 'wpns_ManualIPBlock_form':
59
+ $this->wpns_handle_IP_blocking();break;
60
+ case 'wpns_WhitelistIP_form':
61
+ $this->wpns_whitelist_ip(); break;
62
+ case 'wpns_waf_settings_form':
63
+ $this->wpns_waf_settings_form(); break;
64
+ case 'wpns_waf_rate_limiting_form':
65
+ $this->wpns_waf_rate_limiting_form(); break;
66
+ case 'wpns_waf_realtime_ip_block_free':
67
+ $this->wpns_waf_realtime_ip_block_free();break;
68
+ case 'wpns_ip_lookup':
69
+ $this->wpns_ip_lookup(); break;
70
+ case 'wpns_all_plans':
71
+ $this->wpns_all_plans(); break;
72
+ case 'wpns_logout_form':
73
+ $this->wpns_logout_form(); break;
74
+ case 'wpns_check_transaction':
75
+ $this->wpns_check_transaction(); break;
76
+ case 'waf_settings_mail_form_notify':
77
+ $this->waf_settings_mail_form_notify(); break;
78
+ case 'waf_settings_IP_mail_form':
79
+ $this->waf_settings_IP_mail_form();break;
80
+ case 'update_plan':
81
+ $this->update_plan(); break;
82
+ }
83
+ }
84
+
85
+ function update_plan(){
86
+ $mo2f_all_plannames = $_POST['planname'];
87
+ $mo_2fa_plan_type = $_POST['planType'];
88
+ update_option('mo2f_planname', $mo2f_all_plannames);
89
+ if ($mo2f_all_plannames == 'addon_plan')
90
+ {
91
+ update_option('mo2f_planname', 'addon_plan');
92
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
+ }
94
+ elseif ($mo2f_all_plannames == '2fa_plan')
95
+ {
96
+ update_option('mo2f_planname', '2fa_plan');
97
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
+ }
99
+ }
100
+
101
+
102
+ function mo2f_ajax_otp(){
103
+ $obj = new Miniorange_Password_2Factor_Login();
104
+ $obj->check_miniorange_soft_token($_POST);
105
+ }
106
+ function mo2f_ajax_kba(){
107
+ $obj = new Miniorange_Password_2Factor_Login();
108
+ $obj->check_kba_validation($_POST);
109
+ }
110
+
111
+ function wpns_check_transaction()
112
+ {
113
+ $customerT = new Customer_Cloud_Setup();
114
+
115
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
116
+ if($content['status'] == 'SUCCESS')
117
+ {
118
+ update_site_option('mo2f_license_type','PREMIUM');
119
+ }
120
+ else
121
+ {
122
+ update_site_option('mo2f_license_type','DEMO');
123
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
+ }
125
+ if(isset($content['smsRemaining']))
126
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
+ else if($content['status'] =='SUCCESS')
128
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
+
130
+
131
+ if(isset($content['emailRemaining']))
132
+ {
133
+ $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
+ if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
+ {
136
+ $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
+ if($available_transaction>30)
138
+ $currentTransaction = $currentTransaction-$available_transaction;
139
+
140
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
+ }
143
+
144
+ }
145
+
146
+ }
147
+
148
+ function mo2f_ajax_login()
149
+ {
150
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
+ {
152
+ wp_send_json("ERROR");
153
+ exit;
154
+ }
155
+ else
156
+ {
157
+ $username = sanitize_text_field($_POST['username']);
158
+ $password = sanitize_text_field($_POST['password'] );
159
+ apply_filters( 'authenticate', null, $username, $password );
160
+ }
161
+ }
162
+ function wpns_logout_form()
163
+ {
164
+ global $moWpnsUtility;
165
+ if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
+ delete_option('mo2f_email');
167
+ }
168
+ delete_option('mo2f_customerKey');
169
+ delete_option('mo2f_api_key');
170
+ delete_option('mo2f_customer_token');
171
+ delete_option('mo_wpns_transactionId');
172
+ delete_site_option('EmailTransactionCurrent');
173
+ delete_option('mo_wpns_registration_status');
174
+ delete_option( 'mo_2factor_admin_registration_status' );
175
+
176
+ $two_fa_settings = new Miniorange_Authentication();
177
+ $two_fa_settings->mo_auth_deactivate();
178
+
179
+ }
180
+ // It is the new line added for the database updation
181
+ function waf_settings_mail_form_notify()
182
+ {
183
+ $nonce = sanitize_text_field($_POST['nonce']);
184
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
+ wp_send_json('ERROR');
186
+ return;
187
+ }
188
+ if(isset($_POST['S_mail']))
189
+ {
190
+ $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
+ update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
+ wp_send_json('true');
193
+ }
194
+ else{
195
+ wp_send_json('false');
196
+
197
+ }
198
+ }
199
+ function waf_settings_IP_mail_form()
200
+ {
201
+ $nonce = sanitize_text_field($_POST['nonce']);
202
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
+ wp_send_json('ERROR');
204
+ return;
205
+ }
206
+ $mo2f_mail_noyifying_IP = sanitize_text_field($_POST['Smail']);
207
+ update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
+ if($mo2f_mail_noyifying_IP == "on"){
209
+ wp_send_json('true');
210
+ }
211
+ else if($mo2f_mail_noyifying_IP == ""){
212
+ wp_send_json('false');
213
+ }
214
+ }
215
+ function wpns_all_plans()
216
+ {
217
+ $mo2f_all_plannames = $_POST['planname'];
218
+ $mo_2fa_plan_type = $_POST['planType'];
219
+ update_option('mo2f_planname', $mo2f_all_plannames);
220
+ if ($mo2f_all_plannames == 'addon_plan')
221
+ {
222
+ update_option('mo2f_planname', 'addon_plan');
223
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
+ }
225
+ elseif ($mo2f_all_plannames == '2fa_plan')
226
+ {
227
+ update_option('mo2f_planname', '2fa_plan');
228
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
+ }
230
+ }
231
+ function wpns_handle_bf_configuration_form(){
232
+
233
+ $nonce = $_POST['nonce'];
234
+ if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
+ wp_send_json('ERROR');
236
+ return;
237
+ }
238
+ $brute_force = $_POST['bf_enabled/disabled'];
239
+ if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
+ $login_attempts = $_POST['allwed_login_attempts'];
241
+ $blocking_type = $_POST['time_of_blocking_type'];
242
+ $blocking_value = isset($_POST['time_of_blocking_val']) ? $_POST['time_of_blocking_val'] : false;
243
+ $show_login_attempts= $_POST['show_remaining_attempts'];
244
+ if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
+ if($brute_force == 'on' && $login_attempts == "" ){
246
+ wp_send_json('empty');
247
+ return;
248
+ }
249
+ update_option( 'mo2f_enable_brute_force' , $brute_force );
250
+ update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
+ update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
+ update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
+ update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
+ if($brute_force == "on"){
255
+ update_site_option('bruteforce_notification_option',1);
256
+ wp_send_json('true');
257
+ }
258
+ else if($brute_force == ""){
259
+ wp_send_json('false');
260
+ }
261
+
262
+ }
263
+ function wpns_handle_IP_blocking()
264
+ {
265
+
266
+ global $mo2f_dirName;
267
+ if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
268
+ {
269
+ echo "NonceDidNotMatch";
270
+ exit;
271
+ }
272
+ else
273
+ {
274
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
275
+ }
276
+ }
277
+ function wpns_whitelist_ip()
278
+ {
279
+ global $mo2f_dirName;
280
+ if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
281
+ {
282
+ echo "NonceDidNotMatch";
283
+ exit;
284
+ }
285
+ else
286
+ {
287
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
288
+ }
289
+ }
290
+
291
+ function wpns_ip_lookup()
292
+ {
293
+
294
+ if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
295
+ {
296
+ echo "NonceDidNotMatch";
297
+ exit;
298
+ }
299
+ else
300
+ {
301
+ $ip = $_POST['IP'];
302
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
303
+ {
304
+ echo("INVALID_IP_FORMAT");
305
+ exit;
306
+ }
307
+ else if(! filter_var($ip, FILTER_VALIDATE_IP)){
308
+ echo("INVALID_IP");
309
+ exit;
310
+ }
311
+ $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
312
+ $hostname = gethostbyaddr($result["geoplugin_request"]);
313
+ try{
314
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
315
+ $timeoffset = $timeoffset/3600;
316
+
317
+ }catch(Exception $e){
318
+ $result["geoplugin_timezone"]="";
319
+ $timeoffset="";
320
+ }
321
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
322
+ if($result['geoplugin_request']==$ip) {
323
+
324
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
325
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
326
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
327
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
328
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
329
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
330
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
331
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
332
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
333
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
334
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
335
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
336
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
337
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
338
+
339
+ $result['ipDetails'] = $ipLookUpTemplate;
340
+ }else{
341
+ $result["ipDetails"]["status"]="ERROR";
342
+ }
343
+ wp_send_json( $result );
344
+ }
345
+ }
346
+ function wpns_waf_settings_form()
347
+ {
348
+ $dir_name = dirname(__FILE__);
349
+ $dir_name1 = explode('wp-content', $dir_name);
350
+ $dir_name = $dir_name1[0];
351
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
352
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
353
+
354
+ if(!file_exists($fileName))
355
+ {
356
+ $file = fopen($fileName, "a+");
357
+ $string = "<?php".PHP_EOL;
358
+ $string .= '$SQL=1;'.PHP_EOL;
359
+ $string .= '$XSS=1;'.PHP_EOL;
360
+ $string .= '$RCE=0;'.PHP_EOL;
361
+ $string .= '$LFI=0;'.PHP_EOL;
362
+ $string .= '$RFI=0;'.PHP_EOL;
363
+ $string .= '$RateLimiting=1;'.PHP_EOL;
364
+ $string .= '$RequestsPMin=120;'.PHP_EOL;
365
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
366
+ $string .= '?>'.PHP_EOL;
367
+
368
+ fwrite($file, $string);
369
+ fclose($file);
370
+ }
371
+ else
372
+ {
373
+ if(!is_writable($fileName) or !is_readable($fileName))
374
+ {
375
+ echo "FilePermissionDenied";
376
+ exit;
377
+ }
378
+ }
379
+
380
+ if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
381
+ {
382
+ var_dump("NonceDidNotMatch");
383
+ exit;
384
+ }
385
+ else
386
+ {
387
+ switch ($_POST['optionValue']) {
388
+ case "SQL":
389
+ $this->savesql(); break;
390
+ case "XSS":
391
+ $this->savexss(); break;
392
+ case "RCE":
393
+ $this->saverce(); break;
394
+ case "RFI":
395
+ $this->saverfi(); break;
396
+ case "LFI":
397
+ $this->savelfi(); break;
398
+ case "WAF":
399
+ $this->saveWAF(); break;
400
+ case "HWAF":
401
+ $this->saveHWAF(); break;
402
+ case "backupHtaccess":
403
+ $this->backupHtaccess(); break;
404
+ case "limitAttack":
405
+ $this->limitAttack(); break;
406
+ default:
407
+ break;
408
+ }
409
+
410
+ }
411
+
412
+ }
413
+ function wpns_waf_realtime_ip_block_free()
414
+ {
415
+ $nonce = sanitize_text_field($_POST['nonce']);
416
+ if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
417
+ {
418
+ echo "NonceDidNotMatch";
419
+ exit;
420
+ }
421
+ else
422
+ {
423
+ $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
424
+
425
+ if($mo2f_realtime_ip_block_free == 'on')
426
+ {
427
+ update_site_option('mo2f_realtime_ip_block_free',1);
428
+ if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
429
+ wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
430
+ }
431
+ wp_send_json('realtime_block_free_enable');
432
+ }
433
+ else
434
+ {
435
+ update_site_option('mo2f_realtime_ip_block_free',0);
436
+ $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
437
+ wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
438
+ wp_send_json('realtime_block_free_disable');
439
+ }
440
+
441
+
442
+ }
443
+
444
+ }
445
+ function wpns_waf_rate_limiting_form()
446
+ {
447
+ if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
448
+ {
449
+ echo "NonceDidNotMatch";
450
+ exit;
451
+ }
452
+ else
453
+ {
454
+ if(get_site_option('WAFEnabled') != 1)
455
+ {
456
+ echo "WAFNotEnabled";
457
+ exit;
458
+ }
459
+
460
+ if($_POST['Requests']!='')
461
+ {
462
+ if(is_numeric($_POST['Requests']))
463
+ {
464
+ $dir_name = dirname(__FILE__);
465
+ $dir_name1 = explode('wp-content', $dir_name);
466
+ $dir_name = $dir_name1[0];
467
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
468
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
469
+
470
+ $file = file_get_contents($fileName);
471
+ $data = $file;
472
+
473
+ $req = sanitize_text_field($_POST['Requests']);
474
+ if($req >1)
475
+ {
476
+ update_option('Rate_request',$req);
477
+ if(isset($_POST['rateCheck']))
478
+ {
479
+ if($_POST['rateCheck'] == 'on')
480
+ {
481
+ update_option('Rate_limiting','1');
482
+ echo "RateEnabled";
483
+ if(strpos($file, 'RateLimiting')!=false)
484
+ {
485
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
486
+ $data = $file;
487
+ file_put_contents($fileName,$file);
488
+
489
+ }
490
+ else
491
+ {
492
+ $content = explode('?>', $file);
493
+ $file = $content[0];
494
+ $file .= PHP_EOL;
495
+ $file .= '$RateLimiting=1;'.PHP_EOL;
496
+ $file .='?>';
497
+ file_put_contents($fileName,$file);
498
+ $data = $file;
499
+ }
500
+
501
+
502
+ }
503
+ }
504
+ else
505
+ {
506
+ update_option('Rate_limiting','0');
507
+ echo "Ratedisabled";
508
+ if(strpos($file, 'RateLimiting')!=false)
509
+ {
510
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
511
+ $data = $file;
512
+ file_put_contents($fileName,$file);
513
+ }
514
+ else
515
+ {
516
+ $content = explode('?>', $file);
517
+ $file = $content[0];
518
+ $file .= PHP_EOL;
519
+ $file .= '$RateLimiting=0;'.PHP_EOL;
520
+ $file .='?>';
521
+ file_put_contents($fileName,$file);
522
+ $data = $file;
523
+ }
524
+
525
+ }
526
+
527
+
528
+ $file = $data;
529
+ if(strpos($file, 'RequestsPMin')!=false)
530
+ {
531
+ $content = explode(PHP_EOL, $file);
532
+ $con = '';
533
+ $len = sizeof($content);
534
+
535
+ for($i=0;$i<$len;$i++)
536
+ {
537
+ if(strpos($content[$i], 'RequestsPMin')!=false)
538
+ {
539
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
540
+ }
541
+ else
542
+ {
543
+ $con .= $content[$i].PHP_EOL;
544
+ }
545
+ }
546
+
547
+ file_put_contents($fileName,$con);
548
+ $data = $con;
549
+
550
+ }
551
+
552
+ else
553
+ {
554
+ $content = explode('?>', $file);
555
+ $file = $content[0];
556
+ $file .= PHP_EOL;
557
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
558
+ $file .='?>';
559
+ file_put_contents($fileName,$file);
560
+ $data = $file;
561
+ }
562
+
563
+ if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
564
+ {
565
+ update_option('actionRateL',1);
566
+
567
+ $file = $data;
568
+ if(strpos($file, 'actionRateL')!=false)
569
+ {
570
+ $content = explode(PHP_EOL, $file);
571
+ $con = '';
572
+ foreach ($content as $line => $lineV) {
573
+ if(strpos($lineV, 'actionRateL')!=false)
574
+ {
575
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
576
+ }
577
+ else
578
+ {
579
+ $con .= $lineV.PHP_EOL;
580
+ }
581
+ }
582
+ file_put_contents($fileName,$con);
583
+ }
584
+ else
585
+ {
586
+ $content = explode('?>', $file);
587
+ $file = $content[0];
588
+ $file .= PHP_EOL;
589
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
590
+ $file .='?>';
591
+ file_put_contents($fileName,$file);
592
+ $file = $data;
593
+ }
594
+ }
595
+ else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
596
+ {
597
+
598
+ $file = $data;
599
+ update_option('actionRateL',0);
600
+ if(strpos($file, 'actionRateL')!=false)
601
+ {
602
+ $content = explode(PHP_EOL, $file);
603
+ $con = '';
604
+ foreach ($content as $line => $lineV) {
605
+ if(strpos($lineV, 'actionRateL')!=false)
606
+ {
607
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
608
+ }
609
+ else
610
+ {
611
+ $con .= $lineV.PHP_EOL;
612
+ }
613
+ }
614
+ file_put_contents($fileName,$con);
615
+ }
616
+ else
617
+ {
618
+ $content = explode('?>', $file);
619
+ $file = $content[0];
620
+ $file .= PHP_EOL;
621
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
622
+ $file .='?>';
623
+ file_put_contents($fileName,$file);
624
+ }
625
+ }
626
+
627
+ }
628
+ exit;
629
+ }
630
+
631
+
632
+
633
+ }
634
+ echo("Error");
635
+ exit;
636
+ }
637
+
638
+
639
+ }
640
+
641
+ private function saveWAF()
642
+ {
643
+ if(isset($_POST['pluginWAF']))
644
+ {
645
+ if($_POST['pluginWAF']=='on')
646
+ {
647
+ update_option('WAF','PluginLevel');
648
+ update_option('WAFEnabled','1');
649
+ echo("PWAFenabled");exit;
650
+ }
651
+ }
652
+ else
653
+ {
654
+ update_option('WAFEnabled','0');
655
+ update_option('WAF','wafDisable');
656
+ echo("PWAFdisabled");exit;
657
+ }
658
+ }
659
+ private function saveHWAF()
660
+ {
661
+ if(!function_exists('mysqli_connect'))
662
+ {
663
+ echo "mysqliDoesNotExit";
664
+ exit;
665
+ }
666
+ if(isset($_POST['htaccessWAF']))
667
+ {
668
+ if($_POST['htaccessWAF']=='on')
669
+ {
670
+ update_option('WAF','HtaccessLevel');
671
+ update_option('WAFEnabled','1');
672
+ $dir_name = dirname(__FILE__);
673
+ $dirN = $dir_name;
674
+ $dirN = str_replace('\\', '/', $dirN);
675
+ $dirN = str_replace('controllers', 'handler', $dirN);
676
+
677
+ $dir_name1 = explode('wp-content', $dir_name);
678
+ $dir_name = $dir_name1[0];
679
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
680
+ $dir_name .='.htaccess';
681
+ $file = file_get_contents($dir_name);
682
+ if(strpos($file, 'php_value auto_prepend_file')!=false)
683
+ {
684
+ echo("WAFConflicts");
685
+ exit;
686
+ }
687
+
688
+ $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
689
+ $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
690
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
691
+ file_put_contents($dir_name, $cont);
692
+
693
+ $filecontent = file_get_contents($dir_name);
694
+
695
+ $dir_name = dirname(__FILE__);
696
+ $dir_name1 = explode('wp-content', $dir_name);
697
+ $dir_name = $dir_name1[0];
698
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
699
+ $fileName = $filepath.'mo-check.php';
700
+ $file = fopen($fileName, 'w+');
701
+ $dir_name = dirname(__FILE__);
702
+ $filepath = str_replace('\\', '/', $dir_name);
703
+ $filepath = explode('controllers', $filepath);
704
+ $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
705
+
706
+ $string = '<?php'.PHP_EOL;
707
+ $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
708
+ $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
709
+ $string .= '?>'.PHP_EOL;
710
+
711
+ fwrite($file, $string);
712
+ fclose($file);
713
+
714
+ if(strpos($filecontent,'mo-check.php')!=false)
715
+ {
716
+ echo "HWAFEnabled";
717
+ exit;
718
+ }
719
+ else
720
+ {
721
+ echo "HWAFEnabledFailed";
722
+ exit;
723
+ }
724
+ }
725
+ }
726
+ else
727
+ {
728
+ update_option('WAF','wafDisable');
729
+ if(isset($_POST['pluginWAF']))
730
+ {
731
+ if($_POST['pluginWAF'] == 'on')
732
+ {
733
+ update_option('WAFEnabled',1);
734
+ update_option('WAF','PluginLevel');
735
+ }
736
+ }
737
+ else
738
+ update_option('WAFEnabled',0);
739
+ $dir_name = dirname(__FILE__);
740
+ $dirN = $dir_name;
741
+ $dirN = str_replace('\\', '/', $dirN);
742
+ $dirN = explode('wp-content', $dirN);
743
+ $dir_name1 = explode('wp-content', $dir_name);
744
+ $dir_name = $dir_name1[0];
745
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
746
+ $dir_name00 = $dir_name1;
747
+ $dir_name1 .='.htaccess';
748
+ $file = file_get_contents($dir_name1);
749
+
750
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
751
+ $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
752
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
753
+ $file =str_replace($cont,'',$file);
754
+ file_put_contents($dir_name1, $file);
755
+
756
+ $filecontent = file_get_contents($dir_name1);
757
+ if(strpos($filecontent,'mo-check.php')==false)
758
+ {
759
+ echo "HWAFdisabled";
760
+ exit;
761
+ }
762
+ else
763
+ {
764
+ echo "HWAFdisabledFailed";
765
+ exit;
766
+ }
767
+ }
768
+
769
+
770
+ }
771
+ private function savesql()
772
+ {
773
+ if(isset($_POST['SQL']))
774
+ {
775
+ if($_POST['SQL']=='on')
776
+ {
777
+ update_option('SQLInjection',1);
778
+ $dir_name = dirname(__FILE__);
779
+ $dir_name1 = explode('wp-content', $dir_name);
780
+ $dir_name = $dir_name1[0];
781
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
782
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
783
+
784
+ $file = file_get_contents($fileName);
785
+ if(strpos($file, 'SQL')!=false)
786
+ {
787
+ $file = str_replace('$SQL=0;', '$SQL=1;', $file);
788
+ file_put_contents($fileName,$file);
789
+ }
790
+ else
791
+ {
792
+ $content = explode('?>', $file);
793
+ $file = $content[0];
794
+ $file .= PHP_EOL;
795
+ $file .= '$SQL=1;'.PHP_EOL;
796
+ $file .='?>';
797
+ file_put_contents($fileName,$file);
798
+ }
799
+ echo("SQLenable");
800
+ exit;
801
+
802
+ }
803
+ }
804
+ else
805
+ {
806
+ update_option('SQLInjection',0);
807
+
808
+ $dir_name = dirname(__FILE__);
809
+ $dir_name1 = explode('wp-content', $dir_name);
810
+ $dir_name = $dir_name1[0];
811
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
812
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
813
+
814
+ $file = file_get_contents($fileName);
815
+ if(strpos($file, '$SQL')!=false)
816
+ {
817
+ $file = str_replace('$SQL=1;', '$SQL=0;', $file);
818
+ file_put_contents($fileName,$file);
819
+ }
820
+ else
821
+ {
822
+ $content = explode('?>', $file);
823
+ $file = $content[0];
824
+ $file .= PHP_EOL;
825
+ $file .= '$SQL=0;'.PHP_EOL;
826
+ $file .='?>';
827
+ file_put_contents($fileName,$file);
828
+ }
829
+
830
+ echo("SQLdisable");
831
+ exit;
832
+
833
+ }
834
+
835
+ }
836
+ private function saverce()
837
+ {
838
+ if(isset($_POST['RCE']))
839
+ {
840
+ if($_POST['RCE']=='on')
841
+ {
842
+ update_option('RCEAttack',1);
843
+
844
+ $dir_name = dirname(__FILE__);
845
+ $dir_name1 = explode('wp-content', $dir_name);
846
+ $dir_name = $dir_name1[0];
847
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
848
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
849
+
850
+ $file = file_get_contents($fileName);
851
+ if(strpos($file, 'RCE')!=false)
852
+ {
853
+ $file = str_replace('$RCE=0;', '$RCE=1;', $file);
854
+ file_put_contents($fileName,$file);
855
+ }
856
+ else
857
+ {
858
+ $content = explode('?>', $file);
859
+ $file = $content[0];
860
+ $file .= PHP_EOL;
861
+ $file .= '$RCE=1;'.PHP_EOL;
862
+ $file .='?>';
863
+ file_put_contents($fileName,$file);
864
+ }
865
+ echo("RCEenable");
866
+ exit;
867
+ }
868
+ }
869
+ else
870
+ {
871
+ update_option('RCEAttack',0);
872
+
873
+ $dir_name = dirname(__FILE__);
874
+ $dir_name1 = explode('wp-content', $dir_name);
875
+ $dir_name = $dir_name1[0];
876
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
877
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
878
+
879
+ $file = file_get_contents($fileName);
880
+ if(strpos($file, '$RCE')!=false)
881
+ {
882
+ $file = str_replace('$RCE=1;', '$RCE=0;', $file);
883
+ file_put_contents($fileName,$file);
884
+ }
885
+ else
886
+ {
887
+ $content = explode('?>', $file);
888
+ $file = $content[0];
889
+ $file .= PHP_EOL;
890
+ $file .= '$RCE=0;'.PHP_EOL;
891
+ $file .='?>';
892
+ file_put_contents($fileName,$file);
893
+ }
894
+ echo("RCEdisable");
895
+ exit;
896
+
897
+ }
898
+
899
+ }
900
+ private function savexss()
901
+ {
902
+ if(isset($_POST['XSS']))
903
+ {
904
+ if($_POST['XSS']=='on')
905
+ {
906
+ update_option('XSSAttack',1);
907
+ $dir_name = dirname(__FILE__);
908
+ $dir_name1 = explode('wp-content', $dir_name);
909
+ $dir_name = $dir_name1[0];
910
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
911
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
912
+
913
+ $file = file_get_contents($fileName);
914
+ if(strpos($file, 'XSS')!=false)
915
+ {
916
+ $file = str_replace('$XSS=0;', '$XSS=1;', $file);
917
+ file_put_contents($fileName,$file);
918
+ }
919
+ else
920
+ {
921
+ $content = explode('?>', $file);
922
+ $file = $content[0];
923
+ $file .= PHP_EOL;
924
+ $file .= '$XSS=1;'.PHP_EOL;
925
+ $file .='?>';
926
+ file_put_contents($fileName,$file);
927
+ }
928
+ echo("XSSenable");
929
+ exit;
930
+ }
931
+ }
932
+ else
933
+ {
934
+ update_option('XSSAttack',0);
935
+ $dir_name = dirname(__FILE__);
936
+ $dir_name1 = explode('wp-content', $dir_name);
937
+ $dir_name = $dir_name1[0];
938
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
939
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
940
+
941
+ $file = file_get_contents($fileName);
942
+ if(strpos($file, '$XSS')!=false)
943
+ {
944
+ $file = str_replace('$XSS=1;', '$XSS=0;', $file);
945
+ file_put_contents($fileName,$file);
946
+ }
947
+ else
948
+ {
949
+ $content = explode('?>', $file);
950
+ $file = $content[0];
951
+ $file .= PHP_EOL;
952
+ $file .= '$XSS=0;'.PHP_EOL;
953
+ $file .='?>';
954
+ file_put_contents($fileName,$file);
955
+ }
956
+ echo("XSSdisable");
957
+ exit;
958
+ }
959
+
960
+ }
961
+ private function savelfi()
962
+ {
963
+ if(isset($_POST['LFI']))
964
+ {
965
+ if($_POST['LFI']=='on')
966
+ {
967
+ update_option('LFIAttack',1);
968
+ $dir_name = dirname(__FILE__);
969
+ $dir_name1 = explode('wp-content', $dir_name);
970
+ $dir_name = $dir_name1[0];
971
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
972
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
973
+
974
+ $file = file_get_contents($fileName);
975
+ if(strpos($file, 'LFI')!=false)
976
+ {
977
+ $file = str_replace("LFI=0;", "LFI=1;", $file);
978
+ file_put_contents($fileName,$file);
979
+ }
980
+ else
981
+ {
982
+ $content = explode('?>', $file);
983
+ $file = $content[0];
984
+ $file .= PHP_EOL;
985
+ $file .= '$LFI=1;'.PHP_EOL;
986
+ $file .='?>';
987
+ file_put_contents($fileName,$file);
988
+ }
989
+ $file = file_get_contents($fileName);
990
+
991
+ echo("LFIenable");
992
+ exit;
993
+ }
994
+ }
995
+ else
996
+ {
997
+ update_option('LFIAttack',0);
998
+ $dir_name = dirname(__FILE__);
999
+ $dir_name1 = explode('wp-content', $dir_name);
1000
+ $dir_name = $dir_name1[0];
1001
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1002
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1003
+
1004
+ $file = file_get_contents($fileName);
1005
+ if(strpos($file, '$LFI')!=false)
1006
+ {
1007
+ $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1008
+ file_put_contents($fileName,$file);
1009
+ }
1010
+ else
1011
+ {
1012
+ $content = explode('?>', $file);
1013
+ $file = $content[0];
1014
+ $file .= PHP_EOL;
1015
+ $file .= '$LFI=0;'.PHP_EOL;
1016
+ $file .='?>';
1017
+ file_put_contents($fileName,$file);
1018
+ }
1019
+ echo("LFIdisable");
1020
+ exit;
1021
+ }
1022
+
1023
+ }
1024
+ private function saverfi()
1025
+ {
1026
+ if(isset($_POST['RFI']))
1027
+ {
1028
+ if($_POST['RFI']=='on')
1029
+ {
1030
+ update_option('RFIAttack',1);
1031
+ $dir_name = dirname(__FILE__);
1032
+ $dir_name1 = explode('wp-content', $dir_name);
1033
+ $dir_name = $dir_name1[0];
1034
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1035
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1036
+
1037
+ $file = file_get_contents($fileName);
1038
+ if(strpos($file, 'RFI')!=false)
1039
+ {
1040
+ $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1041
+ file_put_contents($fileName,$file);
1042
+ }
1043
+ else
1044
+ {
1045
+ $content = explode('?>', $file);
1046
+ $file = $content[0];
1047
+ $file .= PHP_EOL;
1048
+ $file .= '$RFI=1;'.PHP_EOL;
1049
+ $file .='?>';
1050
+ file_put_contents($fileName,$file);
1051
+ }
1052
+ echo("RFIenable");
1053
+ exit;
1054
+ }
1055
+ }
1056
+ else
1057
+ {
1058
+ update_option('RFIAttack',0);
1059
+ $dir_name = dirname(__FILE__);
1060
+ $dir_name1 = explode('wp-content', $dir_name);
1061
+ $dir_name = $dir_name1[0];
1062
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1063
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1064
+
1065
+ $file = file_get_contents($fileName);
1066
+ if(strpos($file, '$RFI')!=false)
1067
+ {
1068
+ $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1069
+ file_put_contents($fileName,$file);
1070
+ }
1071
+ else
1072
+ {
1073
+ $content = explode('?>', $file);
1074
+ $file = $content[0];
1075
+ $file .= PHP_EOL;
1076
+ $file .= '$RFI=0;'.PHP_EOL;
1077
+ $file .='?>';
1078
+ file_put_contents($fileName,$file);
1079
+ }
1080
+ echo("RFIdisable");
1081
+ exit;
1082
+ }
1083
+
1084
+ }
1085
+ private function saveRateL()
1086
+ {
1087
+
1088
+ if($_POST['time']!='' && $_POST['req']!='')
1089
+ {
1090
+ if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1091
+ {
1092
+ $dir_name = dirname(__FILE__);
1093
+ $dir_name1 = explode('wp-content', $dir_name);
1094
+ $dir_name = $dir_name1[0];
1095
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1096
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1097
+
1098
+ $file = file_get_contents($fileName);
1099
+ $data = $file;
1100
+ $time = sanitize_text_field($_POST['time']);
1101
+ $req = sanitize_text_field($_POST['req']);
1102
+ if($time>0 && $req >0)
1103
+ {
1104
+ update_option('Rate_time',$time);
1105
+ update_option('Rate_request',$req);
1106
+ update_option('Rate_limiting','1');
1107
+
1108
+ if(strpos($file, 'RateLimiting')!=false)
1109
+ {
1110
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1111
+ $data = $file;
1112
+ file_put_contents($fileName,$file);
1113
+ }
1114
+ else
1115
+ {
1116
+ $content = explode('?>', $file);
1117
+ $file = $content[0];
1118
+ $file .= PHP_EOL;
1119
+ $file .= '$RateLimiting=1;'.PHP_EOL;
1120
+ $file .='?>';
1121
+ file_put_contents($fileName,$file);
1122
+ $data = $file;
1123
+ }
1124
+
1125
+ $file = $data;
1126
+ if(strpos($file, 'RequestsPMin')!=false)
1127
+ {
1128
+ $content = explode(PHP_EOL, $file);
1129
+ $con = '';
1130
+ $len = sizeof($content);
1131
+
1132
+ for($i=0;$i<$len;$i++)
1133
+ {
1134
+ if(strpos($content[$i], 'RequestsPMin')!=false)
1135
+ {
1136
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1137
+ }
1138
+ else
1139
+ {
1140
+ $con .= $content[$i].PHP_EOL;
1141
+ }
1142
+ }
1143
+
1144
+ file_put_contents($fileName,$con);
1145
+ $data = $con;
1146
+
1147
+ }
1148
+
1149
+ else
1150
+ {
1151
+ $content = explode('?>', $file);
1152
+ $file = $content[0];
1153
+ $file .= PHP_EOL;
1154
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1155
+ $file .='?>';
1156
+ file_put_contents($fileName,$file);
1157
+ $data = $file;
1158
+ }
1159
+
1160
+
1161
+
1162
+ if($_POST['action']=='BlockIP')
1163
+ {
1164
+ update_option('actionRateL',1);
1165
+
1166
+ $file = $data;
1167
+ if(strpos($file, 'actionRateL')!=false)
1168
+ {
1169
+ $content = explode(PHP_EOL, $file);
1170
+ $con = '';
1171
+ foreach ($content as $line => $lineV) {
1172
+ if(strpos($lineV, 'actionRateL')!=false)
1173
+ {
1174
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
1175
+ }
1176
+ else
1177
+ {
1178
+ $con .= $lineV.PHP_EOL;
1179
+ }
1180
+ }
1181
+ file_put_contents($fileName,$con);
1182
+ }
1183
+ else
1184
+ {
1185
+ $content = explode('?>', $file);
1186
+ $file = $content[0];
1187
+ $file .= PHP_EOL;
1188
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1189
+ $file .='?>';
1190
+ file_put_contents($fileName,$file);
1191
+ $file = $data;
1192
+ }
1193
+ }
1194
+ elseif($_POST['action']=='ThrottleIP')
1195
+ {
1196
+ $file = $data;
1197
+ update_option('actionRateL',0);
1198
+ if(strpos($file, 'actionRateL')!=false)
1199
+ {
1200
+ $content = explode(PHP_EOL, $file);
1201
+ $con = '';
1202
+ foreach ($content as $line => $lineV) {
1203
+ if(strpos($lineV, 'actionRateL')!=false)
1204
+ {
1205
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1206
+ }
1207
+ else
1208
+ {
1209
+ $con .= $lineV.PHP_EOL;
1210
+ }
1211
+ }
1212
+ file_put_contents($fileName,$con);
1213
+ }
1214
+ else
1215
+ {
1216
+ $content = explode('?>', $file);
1217
+ $file = $content[0];
1218
+ $file .= PHP_EOL;
1219
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1220
+ $file .='?>';
1221
+ file_put_contents($fileName,$file);
1222
+ }
1223
+ }
1224
+
1225
+ }
1226
+
1227
+ }
1228
+
1229
+ }
1230
+
1231
+ }
1232
+ private function disableRL()
1233
+ {
1234
+ update_option('Rate_limiting',0);
1235
+
1236
+ $dir_name = dirname(__FILE__);
1237
+ $dir_name1 = explode('wp-content', $dir_name);
1238
+ $dir_name = $dir_name1[0];
1239
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1240
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1241
+ $file = file_get_contents($fileName);
1242
+
1243
+ if(strpos($file, 'RateLimiting')!=false)
1244
+ {
1245
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1246
+ file_put_contents($fileName,$file);
1247
+ }
1248
+ else
1249
+ {
1250
+ $content = explode('?>', $file);
1251
+ $file = $content[0];
1252
+ $file .= PHP_EOL;
1253
+ $file .= '$RateLimiting=0;'.PHP_EOL;
1254
+ $file .='?>';
1255
+ file_put_contents($fileName,$file);
1256
+ }
1257
+
1258
+ }
1259
+ private function backupHtaccess()
1260
+ {
1261
+ if(isset($_POST['htaccessWAF']))
1262
+ {
1263
+ if($_POST['htaccessWAF']=='on')
1264
+ {
1265
+ $dir_name = dirname(__FILE__);
1266
+ $dirN = $dir_name;
1267
+ $dirN = str_replace('\\', '/', $dirN);
1268
+ $dir_name1 = explode('wp-content', $dir_name);
1269
+ $dir_name = $dir_name1[0];
1270
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1271
+ $dir_name =$dir_name1.'.htaccess';
1272
+ $file = file_get_contents($dir_name);
1273
+ $dir_backup = $dir_name1.'htaccess';
1274
+ $handle = fopen($dir_backup, 'c+');
1275
+ fwrite($handle,$file);
1276
+ }
1277
+ }
1278
+ }
1279
+ private function limitAttack()
1280
+ {
1281
+ if(isset($_POST['limitAttack']))
1282
+ {
1283
+ $value = sanitize_text_field($_POST['limitAttack']);
1284
+ if($value>1)
1285
+ {
1286
+ update_option('limitAttack',$value);
1287
+ echo "limitSaved";
1288
+ exit;
1289
+ }
1290
+ else
1291
+ {
1292
+ echo "limitIsLT1";
1293
+ exit;
1294
+ }
1295
+
1296
+ }
1297
+ }
1298
+
1299
+
1300
+
1301
+ function wpns_captcha_settings(){
1302
+
1303
+ $nonce=sanitize_text_field($_POST['nonce']);
1304
+ if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1305
+ wp_send_json('ERROR');
1306
+ return;
1307
+ }
1308
+
1309
+ $site_key = sanitize_text_field($_POST['site_key']);
1310
+ $secret_key = sanitize_text_field($_POST['secret_key']);
1311
+ $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1312
+ $login_form_captcha = sanitize_text_field($_POST['login_form']);
1313
+ $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1314
+
1315
+ if((isset($_POST['version'])))
1316
+ {
1317
+ $mo2f_g_version = sanitize_text_field($_POST['version']);
1318
+ }
1319
+ else $mo2f_g_version='reCAPTCHA_v3';
1320
+
1321
+ if($enable_captcha == 'true') $enable_captcha = "on";
1322
+ else if($enable_captcha == 'false') $enable_captcha = "";
1323
+
1324
+ if($login_form_captcha == 'true') $login_form_captcha = "on";
1325
+ else if($login_form_captcha == 'false') $login_form_captcha = "";
1326
+
1327
+ if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1328
+ else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1329
+
1330
+ if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1331
+ wp_send_json('empty');
1332
+ return;
1333
+ }
1334
+
1335
+
1336
+ if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1337
+ wp_send_json('version_select');
1338
+ return;
1339
+ }
1340
+ if($mo2f_g_version=='reCAPTCHA_v2')
1341
+ {
1342
+
1343
+ update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1344
+ update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1345
+ }
1346
+ if($mo2f_g_version=='reCAPTCHA_v3')
1347
+ {
1348
+
1349
+ update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1350
+ update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1351
+ }
1352
+
1353
+ update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1354
+ update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1355
+
1356
+
1357
+ if($enable_captcha == "on"){
1358
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1359
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1360
+ update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1361
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1362
+ update_site_option('recaptcha_notification_option',1);
1363
+ wp_send_json('true');
1364
+ }
1365
+ else if($enable_captcha == ""){
1366
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1367
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1368
+ update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1369
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1370
+ wp_send_json('false');
1371
+ }
1372
+
1373
+ }
1374
+
1375
+ function wpns_strong_password_settings(){
1376
+ $nonce = $_POST['nonce'];
1377
+ if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1378
+ wp_send_json('ERROR');
1379
+ return;
1380
+ }
1381
+ $enable_strong_pass = $_POST['enable_strong_pass'];
1382
+ if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1383
+ $strong_pass_accounts = $_POST['accounts_strong_pass'];
1384
+ update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1385
+ update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1386
+ if($enable_strong_pass){
1387
+ update_option('mo_wpns_enable_rename_login_url',"");
1388
+ wp_send_json('true');
1389
+ }
1390
+ else{
1391
+ wp_send_json('false');
1392
+ }
1393
+ }
1394
+
1395
+ }
1396
+ new wpns_ajax;
1397
+
1398
+ ?>
database/database_functions.php CHANGED
@@ -1,873 +1,873 @@
1
- <?php
2
-
3
- require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
-
5
- class MoWpnsDB
6
- {
7
- private $transactionTable;
8
- private $blockedIPsTable;
9
- private $whitelistIPsTable;
10
- private $emailAuditTable;
11
- private $malwarereportTable;
12
- private $scanreportdetails;
13
- private $skipfiles;
14
- private $hashfile;
15
-
16
- function __construct()
17
- {
18
- global $wpdb;
19
- $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
- $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
- $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
- $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
- $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
- $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
- $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
- $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
- $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
- $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
- $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
- $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
- $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
- }
33
-
34
- function mo_plugin_activate()
35
- {
36
- global $wpdb;
37
- if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
- $this->generate_tables();
40
- } else {
41
- $current_db_version = get_option('mo_wpns_dbversion');
42
- if($current_db_version < MoWpnsConstants::DB_VERSION){
43
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
-
45
- }
46
- }
47
- }
48
-
49
- function generate_tables(){
50
- global $wpdb;
51
-
52
- $tableName = $this->transactionTable;
53
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
- {
55
- $sql = "CREATE TABLE " . $tableName . " (
56
- `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
- `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
- dbDelta($sql);
59
- }
60
-
61
- $tableName = $this->blockedIPsTable;
62
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
- {
64
- $sql = "CREATE TABLE " . $tableName . " (
65
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
- `created_timestamp` int, UNIQUE KEY id (id) );";
67
- dbDelta($sql);
68
- }
69
-
70
-
71
- $tableName = $this->whitelistIPsTable;
72
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
- {
74
- $sql = "CREATE TABLE " . $tableName . " (
75
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
- dbDelta($sql);
77
- }
78
-
79
- $tableName = $this->backupdetails;
80
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
- {
82
- $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
- `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
- dbDelta($sql);
85
- }
86
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
- if(is_null($result)){
88
- $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
- $results1 = $wpdb->query($sql);
90
- }
91
-
92
- $tableName = $this->emailAuditTable;
93
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
- {
95
- $sql = "CREATE TABLE " . $tableName . " (
96
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
- dbDelta($sql);
98
- }
99
- $tableName = $this->IPrateDetails;
100
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
- {
102
- $sql = "CREATE TABLE " . $tableName . " (
103
- ip varchar(20) , time bigint );";
104
- dbDelta($sql);
105
- }
106
-
107
- $tableName = $this->attackLogs;
108
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
- {
110
- $sql = "create table ". $tableName ." (
111
- ip varchar(20),
112
- type varchar(20),
113
- time bigint,
114
- input mediumtext );";
115
- //dbDelta($sql);
116
- $results = $wpdb->get_results($sql);
117
-
118
- }
119
- $tableName = $this->malwarereportTable;
120
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
- {
122
- $sql = "CREATE TABLE " . $tableName . " (
123
- `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
- dbDelta($sql);
125
- }
126
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
- if(is_null($result)){
128
- $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
- $results1 = $wpdb->query($sql);
130
- $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
- $resluts = $wpdb->query($sql1);
132
- }
133
-
134
-
135
- $tableName = $this->scanreportdetails;
136
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
- {
138
- $sql = "CREATE TABLE " . $tableName . " (
139
- `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
- dbDelta($sql);
141
- }
142
-
143
- $tableName = $this->skipfiles;
144
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
- {
146
- $sql = "CREATE TABLE " . $tableName . " (
147
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
- dbDelta($sql);
149
- }
150
-
151
- $tableName = $this->filescan;
152
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
- {
154
- $sql = "CREATE TABLE " . $tableName . " (
155
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
- dbDelta($sql);
157
- }
158
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
- if(is_null($result)){
160
- $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
- $results1 = $wpdb->query($sql);
162
- }
163
-
164
- $tableName = $this->hashfile;
165
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
- {
167
- $sql = "CREATE TABLE " . $tableName . " (
168
- `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
- dbDelta($sql);
170
- }
171
-
172
- $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
- $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
- $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
- if(empty($row1) && empty($row1) && empty($row1)){
176
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
- if($result){
178
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
- foreach ($report_ids as $key => $value) {
180
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
- $result = $this->mo_wpns_get_scan_count($scan_detail);
182
- $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
- }
184
- }
185
- }
186
- $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
- if(empty($rowhash)){
188
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
- }
190
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
- if(empty($result)){
192
- $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
- $results1 = $wpdb->query($sql);
194
- $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
- $resluts = $wpdb->query($sql1);
196
- }
197
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
- if(empty($result)){
199
- $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
- $results1 = $wpdb->query($sql);
201
- $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
- $resluts = $wpdb->query($sql1);
203
- }
204
- }
205
-
206
- function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
- global $wpdb;
208
- $wpdb->insert(
209
- $this->backupdetails,
210
- array(
211
- 'backup_id' =>$backup_id,
212
- 'file_name' =>$file_name,
213
- 'created_timestamp'=> $backup_created_timestamp,
214
- 'plugin_path' => $plugin_path
215
- ));
216
- }
217
-
218
- function get_table_content(){
219
- global $wpdb;
220
- return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
- }
222
-
223
- function get_number_of_plugin_backup(){
224
- global $wpdb;
225
-
226
- $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
- $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
- $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
- $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
- $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
- $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
-
233
- return $array;
234
- }
235
-
236
- function delete_file($id){
237
- global $wpdb;
238
- $wpdb->query(
239
- "DELETE FROM ".$this->backupdetails."
240
- WHERE id = ".$id
241
- );
242
- return;
243
- }
244
-
245
- function row_exist($id){
246
- global $wpdb;
247
- $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
- return $is_exist;
249
- }
250
-
251
- function get_ip_blocked_count($ipAddress)
252
- {
253
- global $wpdb;
254
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
- }
256
- function get_total_blocked_ips()
257
- {
258
- global $wpdb;
259
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
- }
261
- function get_total_manual_blocked_ips()
262
- {
263
- global $wpdb;
264
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
- }
266
- function get_total_blocked_ips_waf()
267
- {
268
- global $wpdb;
269
- $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
- return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
- }
272
- function get_blocked_attack_count($attack)
273
- {
274
- global $wpdb;
275
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
- }
277
-
278
- function get_count_of_blocked_ips(){
279
- global $wpdb;
280
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
- }
282
-
283
-
284
- function get_blocked_ip($entryid)
285
- {
286
- global $wpdb;
287
- return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
- }
289
-
290
- function get_blocked_ip_list()
291
- {
292
- global $wpdb;
293
- return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
- }
295
-
296
- function get_blocked_ips_realtime()
297
- {
298
- global $wpdb;
299
- return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
- }
301
- function get_blocked_attack_list($tableName)
302
- {
303
- global $wpdb;
304
- $tableName = $wpdb->base_prefix.$tableName;
305
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
- }
307
-
308
- function get_blocked_sqli_list()
309
- {
310
- global $wpdb;
311
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
- }
313
- function get_blocked_rfi_list()
314
- {
315
- global $wpdb;
316
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
- }
318
- function get_blocked_lfi_list()
319
- {
320
- global $wpdb;
321
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
- }
323
- function get_blocked_rce_list()
324
- {
325
- global $wpdb;
326
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
- }
328
- function get_blocked_xss_list()
329
- {
330
- global $wpdb;
331
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
- }
333
-
334
- function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
- {
336
- global $wpdb;
337
- $wpdb->insert(
338
- $this->blockedIPsTable,
339
- array(
340
- 'ip_address' => $ipAddress,
341
- 'reason' => $reason,
342
- 'blocked_for_time' => $blocked_for_time,
343
- 'created_timestamp' => current_time( 'timestamp' )
344
- )
345
- );
346
- return;
347
- }
348
-
349
- function delete_blocked_ip($entryid)
350
- {
351
- global $wpdb;
352
- $wpdb->query(
353
- "DELETE FROM ".$this->blockedIPsTable."
354
- WHERE id = ".$entryid
355
- );
356
- return;
357
- }
358
-
359
- function get_whitelisted_ip_count($ipAddress)
360
- {
361
- global $wpdb;
362
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
- }
364
-
365
- function insert_whitelisted_ip($ipAddress)
366
- {
367
- global $wpdb;
368
- $wpdb->insert(
369
- $this->whitelistIPsTable,
370
- array(
371
- 'ip_address' => $ipAddress,
372
- 'created_timestamp' => current_time( 'timestamp' )
373
- )
374
- );
375
- }
376
-
377
- function get_number_of_whitelisted_ips(){
378
- global $wpdb;
379
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
- }
381
-
382
- function delete_whitelisted_ip($entryid)
383
- {
384
- global $wpdb;
385
- $wpdb->query(
386
- "DELETE FROM ".$this->whitelistIPsTable."
387
- WHERE id = ".$entryid
388
- );
389
- return;
390
- }
391
-
392
- function get_whitelisted_ips_list()
393
- {
394
- global $wpdb;
395
- return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
- }
397
-
398
- function get_email_audit_count($ipAddress,$username)
399
- {
400
- global $wpdb;
401
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
- username='".$username."'" );
403
- }
404
-
405
- function insert_email_audit($ipAddress,$username,$reason)
406
- {
407
- global $wpdb;
408
- $wpdb->insert(
409
- $this->emailAuditTable,
410
- array(
411
- 'ip_address' => $ipAddress,
412
- 'username' => $username,
413
- 'reason' => $reason,
414
- 'created_timestamp' => current_time( 'timestamp' )
415
- )
416
- );
417
- return;
418
- }
419
-
420
- function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
- {
422
- global $wpdb;
423
- $data = array(
424
- 'ip_address' => $ipAddress,
425
- 'username' => $username,
426
- 'type' => $type,
427
- 'status' => $status,
428
- 'created_timestamp' => current_time( 'timestamp' )
429
- );
430
- $data['url'] = is_null($url) ? '' : $url;
431
- $wpdb->insert( $this->transactionTable, $data);
432
- return;
433
- }
434
-
435
- function get_transasction_list()
436
- {
437
- global $wpdb;
438
- return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
439
- }
440
-
441
- function get_login_transaction_report()
442
- {
443
- global $wpdb;
444
- return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
445
- }
446
-
447
- function get_error_transaction_report()
448
- {
449
- global $wpdb;
450
- return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
451
- }
452
-
453
- function update_transaction_table($where,$update)
454
- {
455
- global $wpdb;
456
-
457
- $sql = "UPDATE ".$this->transactionTable." SET ";
458
- $i = 0;
459
- foreach($update as $key=>$value)
460
- {
461
- if($i%2!=0)
462
- $sql .= ' , ';
463
- $sql .= $key."='".$value."'";
464
- $i++;
465
- }
466
- $sql .= " WHERE ";
467
- $i = 0;
468
- foreach($where as $key=>$value)
469
- {
470
- if($i%2!=0)
471
- $sql .= ' AND ';
472
- $sql .= $key."='".$value."'";
473
- $i++;
474
- }
475
-
476
- $wpdb->query($sql);
477
- return;
478
- }
479
-
480
- function get_count_of_attacks_blocked(){
481
- global $wpdb;
482
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
483
- }
484
-
485
- function get_failed_transaction_count($ipAddress)
486
- {
487
- global $wpdb;
488
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
489
- AND status = '".MoWpnsConstants::FAILED."'" );
490
- }
491
-
492
- function delete_transaction($ipAddress)
493
- {
494
- global $wpdb;
495
- $wpdb->query(
496
- "DELETE FROM ".$this->transactionTable."
497
- WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
498
- );
499
- return;
500
- }
501
-
502
- function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
503
- global $wpdb;
504
- $wpdb->insert(
505
- $this->malwarereportTable,
506
- array(
507
- 'scan_mode' => $scan_type,
508
- 'scanned_folders' => $folderNames,
509
- 'scanned_files' => 0,
510
- 'start_timestamp' => $start_timestamp,
511
- 'malware_count' => 0,
512
- 'repo_issues' => $repo_check_status_code,
513
- 'malicious_links' => 0
514
- )
515
- );
516
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
517
- if($result){
518
- $record = $result[0];
519
- return $record->id;
520
- }
521
- }
522
-
523
- function mo2f_update_net_issue($reportid){
524
- global $wpdb;
525
- $wpdb->update(
526
- $this->malwarereportTable,
527
- array(
528
- 'net_connection' => 1
529
- ),
530
- array(
531
- 'id' => $reportid
532
- )
533
- );
534
- }
535
-
536
- function mo2f_update_repo_issue($reportid, $issue){
537
- global $wpdb;
538
- $wpdb->update(
539
- $this->malwarereportTable,
540
- array(
541
- 'repo_key' => $issue
542
- ),
543
- array(
544
- 'id' => $reportid
545
- )
546
- );
547
- }
548
-
549
- function add_report_details($reportid, $filename, $report){
550
- global $wpdb;
551
- $wpdb->insert(
552
- $this->scanreportdetails,
553
- array(
554
- 'report_id' => $reportid,
555
- 'filename' => $filename,
556
- 'report' => serialize($report),
557
- 'created_timestamp' => current_time('timestamp')
558
- )
559
- );
560
- }
561
-
562
- function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
563
- global $wpdb;
564
- $wpdb->query(
565
- "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
566
- );
567
- }
568
-
569
- function count_files(){
570
- global $wpdb;
571
- $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
572
- return $sql[0]->scan_count;
573
- }
574
-
575
- function count_malicious_files(){
576
- global $wpdb;
577
- $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
578
- return $sql[0]->total_mal;
579
- }
580
-
581
- function count_files_last_scan($reportid){
582
- global $wpdb;
583
- $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
584
- return $sql[0]->scanned_files;
585
- }
586
-
587
- function count_malicious_last_scan($reportid){
588
- global $wpdb;
589
- $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
590
- return $sql[0]->mal_file;
591
- }
592
-
593
- function check_hash($hash_of_file){
594
- global $wpdb;
595
- $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
596
- $result=$wpdb->get_results( $sql );
597
- return $result;
598
- }
599
-
600
- function insert_hash($source_file_path,$hash_of_file, $scan_data){
601
- global $wpdb;
602
- $source_file_path = addslashes($source_file_path);
603
- $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
604
- $res=$wpdb->query( $query );
605
- }
606
-
607
- function update_hash($source_file_path, $hash_of_file, $scan_data){
608
- global $wpdb;
609
- $source_file_path = addslashes($source_file_path);
610
- $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
611
- $res=$wpdb->query( $query );
612
- }
613
-
614
- function delete_hash($source_file_path){
615
- global $wpdb;
616
- $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
617
- $res=$wpdb->query( $query );
618
- }
619
-
620
- function get_infected_file($filename){
621
- global $wpdb;
622
- $filename = addslashes($filename);
623
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
624
- return $result;
625
- }
626
-
627
- function insert_files_in_parts($file_path_array){
628
- global $wpdb;
629
- if(!empty($file_path_array)){
630
- $size=sizeof($file_path_array);
631
- $default=0;
632
- $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
633
- for ($i=1; $i <= $size ; $i++) {
634
- $value= $file_path_array[$i];
635
- $file_path = $value['file'];
636
- $file_path = addslashes($file_path);
637
- $hash_value= md5($file_path);
638
- $repo_key = $value['key'];
639
- $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
640
- if($i < $size){
641
- $query.= ",";
642
- }
643
- }
644
- $query.=";";
645
- $res=$wpdb->query( $query );
646
- }
647
- }
648
-
649
- function update_files_scan($file_path_array, $file_count){
650
- global $wpdb;
651
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
652
- for ($i=0; $i < $file_count ; $i++) {
653
- $value= $file_path_array[$i]->path;
654
- $value = addslashes($value);
655
- $value = md5($value);
656
- $query.= "('".$value."', 1)";
657
- if($i < $file_count-1){
658
- $query.= ",";
659
- }
660
- }
661
- $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
662
- $res=$wpdb->query( $query );
663
- }
664
-
665
- function update_files_scan_ext_link($file_path_array, $file_count){
666
- global $wpdb;
667
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
668
- for ($i=0; $i < $file_count ; $i++) {
669
- $value= $file_path_array[$i]->path;
670
- $value = addslashes($value);
671
- $value = md5($value);
672
- $query.= "('".$value."', 1)";
673
- if($i < $file_count-1){
674
- $query.= ",";
675
- }
676
- }
677
- $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
678
- $res=$wpdb->query( $query );
679
- }
680
-
681
- function update_files_scan_repo($file_path_array, $file_count){
682
- global $wpdb;
683
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
684
- for ($i=0; $i < $file_count ; $i++) {
685
- $value= $file_path_array[$i]->path;
686
- $value = addslashes($value);
687
- $value = md5($value);
688
- $query.= "('".$value."', 1)";
689
- if($i < $file_count-1){
690
- $query.= ",";
691
- }
692
- }
693
- $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
694
- $res=$wpdb->query( $query );
695
- }
696
-
697
- function get_files_in_parts(){
698
- global $wpdb;
699
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
700
- $result=$wpdb->get_results($sql);
701
- return $result;
702
- }
703
-
704
- function get_files_for_link(){
705
- global $wpdb;
706
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
707
- $result=$wpdb->get_results($sql);
708
- return $result;
709
- }
710
-
711
- function get_files_for_repo($repo_key){
712
- global $wpdb;
713
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
714
- $result=$wpdb->get_results($sql);
715
- return $result;
716
- }
717
-
718
- function delete_files_parts(){
719
- global $wpdb;
720
- $sql= "TRUNCATE TABLE ".$this->filescan.";";
721
- $res=$wpdb->query($sql);
722
- }
723
-
724
- function get_last_id(){
725
- global $wpdb;
726
- $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
727
- return $result;
728
- }
729
-
730
- function get_report_with_id($reportid){
731
- global $wpdb;
732
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
733
- return $result;
734
- }
735
-
736
- function delete_report($reportid){
737
- global $wpdb;
738
- $wpdb->query(
739
- "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
740
- );
741
- $warning_count=0;
742
- $malware_count=0;
743
- $last_id=$this->get_last_id();
744
- $send_id=$last_id[0]->max;
745
- if(!is_null($send_id)){
746
- $res = $this->get_report_with_id($send_id);
747
- $record = $res[0];
748
- if($record->malware_count >= 0){
749
- $malware_count = $record->malware_count;
750
- }
751
- if($record->repo_issues < 0){
752
- $warning_count = $record->malicious_links;
753
- }else{
754
- $warning_count = $record->repo_issues + $record->malicious_links;
755
- }
756
- }
757
-
758
- update_option('mo_wpns_infected_files', $malware_count);
759
- update_option('mo_wpns_warning_files', $warning_count);
760
-
761
- }
762
-
763
- function get_report(){
764
- global $wpdb;
765
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
766
- return $result;
767
- }
768
-
769
- function get_vulnerable_files_count_for_reportid($reportid){
770
- global $wpdb;
771
- $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
772
- return $result;
773
- }
774
-
775
- function ignorefile($filename){
776
- $signature = md5_file($filename);
777
- global $wpdb;
778
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
779
- if($result){
780
- $wpdb->query(
781
- "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
782
- );
783
- } else {
784
- $wpdb->insert(
785
- $this->skipfiles,
786
- array(
787
- 'path' => $filename,
788
- 'signature' => $signature,
789
- 'created_timestamp' => current_time('timestamp')
790
- )
791
- );
792
- }
793
- }
794
-
795
- function ignorechangedfile($recordId){
796
- global $wpdb;
797
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
798
- if($result){
799
- $record = $result[0];
800
- $signature = md5_file($record->path);
801
- $wpdb->query(
802
- "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
803
- );
804
- }
805
- }
806
-
807
- function getlistofignorefiles(){
808
- global $wpdb;
809
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
810
- return $result;
811
- }
812
-
813
- function get_detail_report_with_id($reportid){
814
- global $wpdb;
815
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
816
- return $result;
817
- }
818
-
819
- function mo_wpns_upgrade_process_complete(){
820
- $current_db_version = get_option('mo_wpns_dbversion');
821
- if($current_db_version < MoWpnsConstants::DB_VERSION){
822
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
823
- $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
824
- if(empty($row)){
825
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
826
- if($result){
827
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
828
- foreach ($report_ids as $key => $value) {
829
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
830
- $result = $this->mo_wpns_get_scan_count($scan_detail);
831
- $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
832
- }
833
- }
834
- }
835
- $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
836
- if(empty($rowhash)){
837
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
838
- }
839
- }
840
- }
841
-
842
- function mo_wpns_get_scan_count($result){
843
- $scan_count = 0;
844
- $repo_count = 0;
845
- $link_count = 0;
846
- $total = 0;
847
- foreach ($result as $key => $value) {
848
- $total+=1;
849
- $temp = unserialize($result[$key]->report);
850
- if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
851
- $scan_count++;
852
- $repo_count++;
853
- $link_count++;
854
- }else if(isset($temp['scan'])&&isset($temp['repo'])){
855
- $scan_count++;
856
- $repo_count++;
857
- }else if(isset($temp['scan'])&&isset($temp['extl'])){
858
- $scan_count++;
859
- $link_count++;
860
- }else if(isset($temp['repo'])&&isset($temp['extl'])){
861
- $repo_count++;
862
- $link_count++;
863
- }else if(isset($temp['scan'])){
864
- $scan_count++;
865
- }else if(isset($temp['repo'])){
866
- $repo_count++;
867
- }else if(isset($temp['extl'])){
868
- $link_count++;
869
- }
870
- }
871
- return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
872
- }
873
  }
1
+ <?php
2
+
3
+ require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
+
5
+ class MoWpnsDB
6
+ {
7
+ private $transactionTable;
8
+ private $blockedIPsTable;
9
+ private $whitelistIPsTable;
10
+ private $emailAuditTable;
11
+ private $malwarereportTable;
12
+ private $scanreportdetails;
13
+ private $skipfiles;
14
+ private $hashfile;
15
+
16
+ function __construct()
17
+ {
18
+ global $wpdb;
19
+ $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
+ $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
+ $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
+ $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
+ $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
+ $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
+ $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
+ $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
+ $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
+ $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
+ $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
+ $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
+ $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
+ }
33
+
34
+ function mo_plugin_activate()
35
+ {
36
+ global $wpdb;
37
+ if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
+ $this->generate_tables();
40
+ } else {
41
+ $current_db_version = get_option('mo_wpns_dbversion');
42
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
43
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
+
45
+ }
46
+ }
47
+ }
48
+
49
+ function generate_tables(){
50
+ global $wpdb;
51
+
52
+ $tableName = $this->transactionTable;
53
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
+ {
55
+ $sql = "CREATE TABLE " . $tableName . " (
56
+ `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
+ `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
+ dbDelta($sql);
59
+ }
60
+
61
+ $tableName = $this->blockedIPsTable;
62
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
+ {
64
+ $sql = "CREATE TABLE " . $tableName . " (
65
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
+ `created_timestamp` int, UNIQUE KEY id (id) );";
67
+ dbDelta($sql);
68
+ }
69
+
70
+
71
+ $tableName = $this->whitelistIPsTable;
72
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
+ {
74
+ $sql = "CREATE TABLE " . $tableName . " (
75
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
+ dbDelta($sql);
77
+ }
78
+
79
+ $tableName = $this->backupdetails;
80
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
+ {
82
+ $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
+ `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
+ dbDelta($sql);
85
+ }
86
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
+ if(is_null($result)){
88
+ $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
+ $results1 = $wpdb->query($sql);
90
+ }
91
+
92
+ $tableName = $this->emailAuditTable;
93
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
+ {
95
+ $sql = "CREATE TABLE " . $tableName . " (
96
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
+ dbDelta($sql);
98
+ }
99
+ $tableName = $this->IPrateDetails;
100
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
+ {
102
+ $sql = "CREATE TABLE " . $tableName . " (
103
+ ip varchar(20) , time bigint );";
104
+ dbDelta($sql);
105
+ }
106
+
107
+ $tableName = $this->attackLogs;
108
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
+ {
110
+ $sql = "create table ". $tableName ." (
111
+ ip varchar(20),
112
+ type varchar(20),
113
+ time bigint,
114
+ input mediumtext );";
115
+ //dbDelta($sql);
116
+ $results = $wpdb->get_results($sql);
117
+
118
+ }
119
+ $tableName = $this->malwarereportTable;
120
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
+ {
122
+ $sql = "CREATE TABLE " . $tableName . " (
123
+ `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
+ dbDelta($sql);
125
+ }
126
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
+ if(is_null($result)){
128
+ $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
+ $results1 = $wpdb->query($sql);
130
+ $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
+ $resluts = $wpdb->query($sql1);
132
+ }
133
+
134
+
135
+ $tableName = $this->scanreportdetails;
136
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
+ {
138
+ $sql = "CREATE TABLE " . $tableName . " (
139
+ `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
+ dbDelta($sql);
141
+ }
142
+
143
+ $tableName = $this->skipfiles;
144
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
+ {
146
+ $sql = "CREATE TABLE " . $tableName . " (
147
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
+ dbDelta($sql);
149
+ }
150
+
151
+ $tableName = $this->filescan;
152
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
+ {
154
+ $sql = "CREATE TABLE " . $tableName . " (
155
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
+ dbDelta($sql);
157
+ }
158
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
+ if(is_null($result)){
160
+ $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
+ $results1 = $wpdb->query($sql);
162
+ }
163
+
164
+ $tableName = $this->hashfile;
165
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
+ {
167
+ $sql = "CREATE TABLE " . $tableName . " (
168
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
+ dbDelta($sql);
170
+ }
171
+
172
+ $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
+ $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
+ $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
+ if(empty($row1) && empty($row1) && empty($row1)){
176
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
+ if($result){
178
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
+ foreach ($report_ids as $key => $value) {
180
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
182
+ $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
+ }
184
+ }
185
+ }
186
+ $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
+ if(empty($rowhash)){
188
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
+ }
190
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
+ if(empty($result)){
192
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
+ $results1 = $wpdb->query($sql);
194
+ $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
+ $resluts = $wpdb->query($sql1);
196
+ }
197
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
+ if(empty($result)){
199
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
+ $results1 = $wpdb->query($sql);
201
+ $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
+ $resluts = $wpdb->query($sql1);
203
+ }
204
+ }
205
+
206
+ function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
+ global $wpdb;
208
+ $wpdb->insert(
209
+ $this->backupdetails,
210
+ array(
211
+ 'backup_id' =>$backup_id,
212
+ 'file_name' =>$file_name,
213
+ 'created_timestamp'=> $backup_created_timestamp,
214
+ 'plugin_path' => $plugin_path
215
+ ));
216
+ }
217
+
218
+ function get_table_content(){
219
+ global $wpdb;
220
+ return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
+ }
222
+
223
+ function get_number_of_plugin_backup(){
224
+ global $wpdb;
225
+
226
+ $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
+ $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
+ $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
+ $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
+ $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
+ $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
+
233
+ return $array;
234
+ }
235
+
236
+ function delete_file($id){
237
+ global $wpdb;
238
+ $wpdb->query(
239
+ "DELETE FROM ".$this->backupdetails."
240
+ WHERE id = ".$id
241
+ );
242
+ return;
243
+ }
244
+
245
+ function row_exist($id){
246
+ global $wpdb;
247
+ $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
+ return $is_exist;
249
+ }
250
+
251
+ function get_ip_blocked_count($ipAddress)
252
+ {
253
+ global $wpdb;
254
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
+ }
256
+ function get_total_blocked_ips()
257
+ {
258
+ global $wpdb;
259
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
+ }
261
+ function get_total_manual_blocked_ips()
262
+ {
263
+ global $wpdb;
264
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
+ }
266
+ function get_total_blocked_ips_waf()
267
+ {
268
+ global $wpdb;
269
+ $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
+ return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
+ }
272
+ function get_blocked_attack_count($attack)
273
+ {
274
+ global $wpdb;
275
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
+ }
277
+
278
+ function get_count_of_blocked_ips(){
279
+ global $wpdb;
280
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
+ }
282
+
283
+
284
+ function get_blocked_ip($entryid)
285
+ {
286
+ global $wpdb;
287
+ return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
+ }
289
+
290
+ function get_blocked_ip_list()
291
+ {
292
+ global $wpdb;
293
+ return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
+ }
295
+
296
+ function get_blocked_ips_realtime()
297
+ {
298
+ global $wpdb;
299
+ return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
+ }
301
+ function get_blocked_attack_list($tableName)
302
+ {
303
+ global $wpdb;
304
+ $tableName = $wpdb->base_prefix.$tableName;
305
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
+ }
307
+
308
+ function get_blocked_sqli_list()
309
+ {
310
+ global $wpdb;
311
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
+ }
313
+ function get_blocked_rfi_list()
314
+ {
315
+ global $wpdb;
316
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
+ }
318
+ function get_blocked_lfi_list()
319
+ {
320
+ global $wpdb;
321
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
+ }
323
+ function get_blocked_rce_list()
324
+ {
325
+ global $wpdb;
326
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
+ }
328
+ function get_blocked_xss_list()
329
+ {
330
+ global $wpdb;
331
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
+ }
333
+
334
+ function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
+ {
336
+ global $wpdb;
337
+ $wpdb->insert(
338
+ $this->blockedIPsTable,
339
+ array(
340
+ 'ip_address' => $ipAddress,
341
+ 'reason' => $reason,
342
+ 'blocked_for_time' => $blocked_for_time,
343
+ 'created_timestamp' => current_time( 'timestamp' )
344
+ )
345
+ );
346
+ return;
347
+ }
348
+
349
+ function delete_blocked_ip($entryid)
350
+ {
351
+ global $wpdb;
352
+ $wpdb->query(
353
+ "DELETE FROM ".$this->blockedIPsTable."
354
+ WHERE id = ".$entryid
355
+ );
356
+ return;
357
+ }
358
+
359
+ function get_whitelisted_ip_count($ipAddress)
360
+ {
361
+ global $wpdb;
362
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
+ }
364
+
365
+ function insert_whitelisted_ip($ipAddress)
366
+ {
367
+ global $wpdb;
368
+ $wpdb->insert(
369
+ $this->whitelistIPsTable,
370
+ array(
371
+ 'ip_address' => $ipAddress,
372
+ 'created_timestamp' => current_time( 'timestamp' )
373
+ )
374
+ );
375
+ }
376
+
377
+ function get_number_of_whitelisted_ips(){
378
+ global $wpdb;
379
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
+ }
381
+
382
+ function delete_whitelisted_ip($entryid)
383
+ {
384
+ global $wpdb;
385
+ $wpdb->query(
386
+ "DELETE FROM ".$this->whitelistIPsTable."
387
+ WHERE id = ".$entryid
388
+ );
389
+ return;
390
+ }
391
+
392
+ function get_whitelisted_ips_list()
393
+ {
394
+ global $wpdb;
395
+ return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
+ }
397
+
398
+ function get_email_audit_count($ipAddress,$username)
399
+ {
400
+ global $wpdb;
401
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
+ username='".$username."'" );
403
+ }
404
+
405
+ function insert_email_audit($ipAddress,$username,$reason)
406
+ {
407
+ global $wpdb;
408
+ $wpdb->insert(
409
+ $this->emailAuditTable,
410
+ array(
411
+ 'ip_address' => $ipAddress,
412
+ 'username' => $username,
413
+ 'reason' => $reason,
414
+ 'created_timestamp' => current_time( 'timestamp' )
415
+ )
416
+ );
417
+ return;
418
+ }
419
+
420
+ function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
+ {
422
+ global $wpdb;
423
+ $data = array(
424
+ 'ip_address' => $ipAddress,
425
+ 'username' => $username,
426
+ 'type' => $type,
427
+ 'status' => $status,
428
+ 'created_timestamp' => current_time( 'timestamp' )
429
+ );
430
+ $data['url'] = is_null($url) ? '' : $url;
431
+ $wpdb->insert( $this->transactionTable, $data);
432
+ return;
433
+ }
434
+
435
+ function get_transasction_list()
436
+ {
437
+ global $wpdb;
438
+ return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
439
+ }
440
+
441
+ function get_login_transaction_report()
442
+ {
443
+ global $wpdb;
444
+ return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
445
+ }
446
+
447
+ function get_error_transaction_report()
448
+ {
449
+ global $wpdb;
450
+ return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
451
+ }
452
+
453
+ function update_transaction_table($where,$update)
454
+ {
455
+ global $wpdb;
456
+
457
+ $sql = "UPDATE ".$this->transactionTable." SET ";
458
+ $i = 0;
459
+ foreach($update as $key=>$value)
460
+ {
461
+ if($i%2!=0)
462
+ $sql .= ' , ';
463
+ $sql .= $key."='".$value."'";
464
+ $i++;
465
+ }
466
+ $sql .= " WHERE ";
467
+ $i = 0;
468
+ foreach($where as $key=>$value)
469
+ {
470
+ if($i%2!=0)
471
+ $sql .= ' AND ';
472
+ $sql .= $key."='".$value."'";
473
+ $i++;
474
+ }
475
+
476
+ $wpdb->query($sql);
477
+ return;
478
+ }
479
+
480
+ function get_count_of_attacks_blocked(){
481
+ global $wpdb;
482
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
483
+ }
484
+
485
+ function get_failed_transaction_count($ipAddress)
486
+ {
487
+ global $wpdb;
488
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
489
+ AND status = '".MoWpnsConstants::FAILED."'" );
490
+ }
491
+
492
+ function delete_transaction($ipAddress)
493
+ {
494
+ global $wpdb;
495
+ $wpdb->query(
496
+ "DELETE FROM ".$this->transactionTable."
497
+ WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
498
+ );
499
+ return;
500
+ }
501
+
502
+ function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
503
+ global $wpdb;
504
+ $wpdb->insert(
505
+ $this->malwarereportTable,
506
+ array(
507
+ 'scan_mode' => $scan_type,
508
+ 'scanned_folders' => $folderNames,
509
+ 'scanned_files' => 0,
510
+ 'start_timestamp' => $start_timestamp,
511
+ 'malware_count' => 0,
512
+ 'repo_issues' => $repo_check_status_code,
513
+ 'malicious_links' => 0
514
+ )
515
+ );
516
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
517
+ if($result){
518
+ $record = $result[0];
519
+ return $record->id;
520
+ }
521
+ }
522
+
523
+ function mo2f_update_net_issue($reportid){
524
+ global $wpdb;
525
+ $wpdb->update(
526
+ $this->malwarereportTable,
527
+ array(
528
+ 'net_connection' => 1
529
+ ),
530
+ array(
531
+ 'id' => $reportid
532
+ )
533
+ );
534
+ }
535
+
536
+ function mo2f_update_repo_issue($reportid, $issue){
537
+ global $wpdb;
538
+ $wpdb->update(
539
+ $this->malwarereportTable,
540
+ array(
541
+ 'repo_key' => $issue
542
+ ),
543
+ array(
544
+ 'id' => $reportid
545
+ )
546
+ );
547
+ }
548
+
549
+ function add_report_details($reportid, $filename, $report){
550
+ global $wpdb;
551
+ $wpdb->insert(
552
+ $this->scanreportdetails,
553
+ array(
554
+ 'report_id' => $reportid,
555
+ 'filename' => $filename,
556
+ 'report' => serialize($report),
557
+ 'created_timestamp' => current_time('timestamp')
558
+ )
559
+ );
560
+ }
561
+
562
+ function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
563
+ global $wpdb;
564
+ $wpdb->query(
565
+ "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
566
+ );
567
+ }
568
+
569
+ function count_files(){
570
+ global $wpdb;
571
+ $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
572
+ return $sql[0]->scan_count;
573
+ }
574
+
575
+ function count_malicious_files(){
576
+ global $wpdb;
577
+ $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
578
+ return $sql[0]->total_mal;
579
+ }
580
+
581
+ function count_files_last_scan($reportid){
582
+ global $wpdb;
583
+ $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
584
+ return $sql[0]->scanned_files;
585
+ }
586
+
587
+ function count_malicious_last_scan($reportid){
588
+ global $wpdb;
589
+ $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
590
+ return $sql[0]->mal_file;
591
+ }
592
+
593
+ function check_hash($hash_of_file){
594
+ global $wpdb;
595
+ $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
596
+ $result=$wpdb->get_results( $sql );
597
+ return $result;
598
+ }
599
+
600
+ function insert_hash($source_file_path,$hash_of_file, $scan_data){
601
+ global $wpdb;
602
+ $source_file_path = addslashes($source_file_path);
603
+ $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
604
+ $res=$wpdb->query( $query );
605
+ }
606
+
607
+ function update_hash($source_file_path, $hash_of_file, $scan_data){
608
+ global $wpdb;
609
+ $source_file_path = addslashes($source_file_path);
610
+ $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
611
+ $res=$wpdb->query( $query );
612
+ }
613
+
614
+ function delete_hash($source_file_path){
615
+ global $wpdb;
616
+ $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
617
+ $res=$wpdb->query( $query );
618
+ }
619
+
620
+ function get_infected_file($filename){
621
+ global $wpdb;
622
+ $filename = addslashes($filename);
623
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
624
+ return $result;
625
+ }
626
+
627
+ function insert_files_in_parts($file_path_array){
628
+ global $wpdb;
629
+ if(!empty($file_path_array)){
630
+ $size=sizeof($file_path_array);
631
+ $default=0;
632
+ $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
633
+ for ($i=1; $i <= $size ; $i++) {
634
+ $value= $file_path_array[$i];
635
+ $file_path = $value['file'];
636
+ $file_path = addslashes($file_path);
637
+ $hash_value= md5($file_path);
638
+ $repo_key = $value['key'];
639
+ $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
640
+ if($i < $size){
641
+ $query.= ",";
642
+ }
643
+ }
644
+ $query.=";";
645
+ $res=$wpdb->query( $query );
646
+ }
647
+ }
648
+
649
+ function update_files_scan($file_path_array, $file_count){
650
+ global $wpdb;
651
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
652
+ for ($i=0; $i < $file_count ; $i++) {
653
+ $value= $file_path_array[$i]->path;
654
+ $value = addslashes($value);
655
+ $value = md5($value);
656
+ $query.= "('".$value."', 1)";
657
+ if($i < $file_count-1){
658
+ $query.= ",";
659
+ }
660
+ }
661
+ $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
662
+ $res=$wpdb->query( $query );
663
+ }
664
+
665
+ function update_files_scan_ext_link($file_path_array, $file_count){
666
+ global $wpdb;
667
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
668
+ for ($i=0; $i < $file_count ; $i++) {
669
+ $value= $file_path_array[$i]->path;
670
+ $value = addslashes($value);
671
+ $value = md5($value);
672
+ $query.= "('".$value."', 1)";
673
+ if($i < $file_count-1){
674
+ $query.= ",";
675
+ }
676
+ }
677
+ $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
678
+ $res=$wpdb->query( $query );
679
+ }
680
+
681
+ function update_files_scan_repo($file_path_array, $file_count){
682
+ global $wpdb;
683
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
684
+ for ($i=0; $i < $file_count ; $i++) {
685
+ $value= $file_path_array[$i]->path;
686
+ $value = addslashes($value);
687
+ $value = md5($value);
688
+ $query.= "('".$value."', 1)";
689
+ if($i < $file_count-1){
690
+ $query.= ",";
691
+ }
692
+ }
693
+ $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
694
+ $res=$wpdb->query( $query );
695
+ }
696
+
697
+ function get_files_in_parts(){
698
+ global $wpdb;
699
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
700
+ $result=$wpdb->get_results($sql);
701
+ return $result;
702
+ }
703
+
704
+ function get_files_for_link(){
705
+ global $wpdb;
706
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
707
+ $result=$wpdb->get_results($sql);
708
+ return $result;
709
+ }
710
+
711
+ function get_files_for_repo($repo_key){
712
+ global $wpdb;
713
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
714
+ $result=$wpdb->get_results($sql);
715
+ return $result;
716
+ }
717
+
718
+ function delete_files_parts(){
719
+ global $wpdb;
720
+ $sql= "TRUNCATE TABLE ".$this->filescan.";";
721
+ $res=$wpdb->query($sql);
722
+ }
723
+
724
+ function get_last_id(){
725
+ global $wpdb;
726
+ $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
727
+ return $result;
728
+ }
729
+
730
+ function get_report_with_id($reportid){
731
+ global $wpdb;
732
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
733
+ return $result;
734
+ }
735
+
736
+ function delete_report($reportid){
737
+ global $wpdb;
738
+ $wpdb->query(
739
+ "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
740
+ );
741
+ $warning_count=0;
742
+ $malware_count=0;
743
+ $last_id=$this->get_last_id();
744
+ $send_id=$last_id[0]->max;
745
+ if(!is_null($send_id)){
746
+ $res = $this->get_report_with_id($send_id);
747
+ $record = $res[0];
748
+ if($record->malware_count >= 0){
749
+ $malware_count = $record->malware_count;
750
+ }
751
+ if($record->repo_issues < 0){
752
+ $warning_count = $record->malicious_links;
753
+ }else{
754
+ $warning_count = $record->repo_issues + $record->malicious_links;
755
+ }
756
+ }
757
+
758
+ update_option('mo_wpns_infected_files', $malware_count);
759
+ update_option('mo_wpns_warning_files', $warning_count);
760
+
761
+ }
762
+
763
+ function get_report(){
764
+ global $wpdb;
765
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
766
+ return $result;
767
+ }
768
+
769
+ function get_vulnerable_files_count_for_reportid($reportid){
770
+ global $wpdb;
771
+ $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
772
+ return $result;
773
+ }
774
+
775
+ function ignorefile($filename){
776
+ $signature = md5_file($filename);
777
+ global $wpdb;
778
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
779
+ if($result){
780
+ $wpdb->query(
781
+ "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
782
+ );
783
+ } else {
784
+ $wpdb->insert(
785
+ $this->skipfiles,
786
+ array(
787
+ 'path' => $filename,
788
+ 'signature' => $signature,
789
+ 'created_timestamp' => current_time('timestamp')
790
+ )
791
+ );
792
+ }
793
+ }
794
+
795
+ function ignorechangedfile($recordId){
796
+ global $wpdb;
797
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
798
+ if($result){
799
+ $record = $result[0];
800
+ $signature = md5_file($record->path);
801
+ $wpdb->query(
802
+ "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
803
+ );
804
+ }
805
+ }
806
+
807
+ function getlistofignorefiles(){
808
+ global $wpdb;
809
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
810
+ return $result;
811
+ }
812
+
813
+ function get_detail_report_with_id($reportid){
814
+ global $wpdb;
815
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
816
+ return $result;
817
+ }
818
+
819
+ function mo_wpns_upgrade_process_complete(){
820
+ $current_db_version = get_option('mo_wpns_dbversion');
821
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
822
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
823
+ $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
824
+ if(empty($row)){
825
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
826
+ if($result){
827
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
828
+ foreach ($report_ids as $key => $value) {
829
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
830
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
831
+ $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
832
+ }
833
+ }
834
+ }
835
+ $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
836
+ if(empty($rowhash)){
837
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
838
+ }
839
+ }
840
+ }
841
+
842
+ function mo_wpns_get_scan_count($result){
843
+ $scan_count = 0;
844
+ $repo_count = 0;
845
+ $link_count = 0;
846
+ $total = 0;
847
+ foreach ($result as $key => $value) {
848
+ $total+=1;
849
+ $temp = unserialize($result[$key]->report);
850
+ if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
851
+ $scan_count++;
852
+ $repo_count++;
853
+ $link_count++;
854
+ }else if(isset($temp['scan'])&&isset($temp['repo'])){
855
+ $scan_count++;
856
+ $repo_count++;
857
+ }else if(isset($temp['scan'])&&isset($temp['extl'])){
858
+ $scan_count++;
859
+ $link_count++;
860
+ }else if(isset($temp['repo'])&&isset($temp['extl'])){
861
+ $repo_count++;
862
+ $link_count++;
863
+ }else if(isset($temp['scan'])){
864
+ $scan_count++;
865
+ }else if(isset($temp['repo'])){
866
+ $repo_count++;
867
+ }else if(isset($temp['extl'])){
868
+ $link_count++;
869
+ }
870
+ }
871
+ return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
872
+ }
873
  }
database/database_functions_2fa.php CHANGED
@@ -1,403 +1,403 @@
1
- <?php
2
-
3
- require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
4
-
5
- class Mo2fDB {
6
- private $userDetailsTable;
7
- private $userLoginInfoTable;
8
-
9
- function __construct() {
10
- global $wpdb;
11
- $this->userDetailsTable = $wpdb->prefix . 'mo2f_user_details';
12
- $this->userLoginInfoTable = $wpdb->prefix . 'mo2f_user_login_info';
13
- }
14
-
15
- function mo_plugin_activate() {
16
- global $wpdb;
17
- if ( ! get_option( 'mo2f_dbversion' ) ) {
18
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
19
- $this->generate_tables();
20
- } else {
21
- $current_db_version = get_option( 'mo2f_dbversion' );
22
- if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
23
-
24
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
25
- $this->generate_tables();
26
- }
27
- //update the tables based on DB_VERSION.
28
- }
29
- }
30
-
31
- function generate_tables() {
32
- global $wpdb;
33
-
34
- $tableName = $this->userDetailsTable;
35
-
36
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
37
-
38
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
39
- `user_id` bigint NOT NULL,
40
- `mo2f_OTPOverSMS_config_status` tinyint,
41
- `mo2f_miniOrangePushNotification_config_status` tinyint,
42
- `mo2f_miniOrangeQRCodeAuthentication_config_status` tinyint,
43
- `mo2f_miniOrangeSoftToken_config_status` tinyint,
44
- `mo2f_AuthyAuthenticator_config_status` tinyint,
45
- `mo2f_EmailVerification_config_status` tinyint,
46
- `mo2f_SecurityQuestions_config_status` tinyint,
47
- `mo2f_GoogleAuthenticator_config_status` tinyint,
48
- `mo2f_OTPOverEmail_config_status` tinyint,
49
- `mo2f_OTPOverTelegram_config_status` tinyint,
50
- `mo2f_OTPOverWhatsapp_config_status` tinyint,
51
- `mo2f_DuoAuthenticator_config_status` tinyint,
52
- `mobile_registration_status` tinyint,
53
- `mo2f_2factor_enable_2fa_byusers` tinyint DEFAULT 1,
54
- `mo2f_configured_2FA_method` mediumtext NOT NULL ,
55
- `mo2f_user_phone` mediumtext NOT NULL ,
56
- `mo2f_user_email` mediumtext NOT NULL,
57
- `user_registration_with_miniorange` mediumtext NOT NULL,
58
- `mo_2factor_user_registration_status` mediumtext NOT NULL,
59
- UNIQUE KEY user_id (user_id) );";
60
-
61
- dbDelta( $sql );
62
- }
63
- add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
64
- add_site_option( 'bGltaXRSZWFjaGVk' ,0);
65
- add_site_option( base64_encode('totalUsersCloud'),0);
66
- add_site_option(base64_encode('remainingWhatsapptransactions'),30);
67
-
68
-
69
-
70
-
71
- $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
72
- $check_if_column_exists_tel = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverTelegram_config_status" );
73
- $check_if_column_exists_duo = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_DuoAuthenticator_config_status" );
74
-
75
- if ( ! $check_if_column_exists ) {
76
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo2f_OTPOverEmail_config_status` tinyint";
77
- $this->execute_add_column( $query );
78
-
79
- }
80
- if(!$check_if_column_exists_tel)
81
- {
82
- $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
83
- `mo2f_OTPOverTelegram_config_status` tinyint,
84
- `mo2f_OTPOverWhatsapp_config_status` tinyint);";
85
- $this->execute_add_column( $query );
86
- }
87
- if(!$check_if_column_exists_duo)
88
- {
89
- $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
90
- `mo2f_DuoAuthenticator_config_status` tinyint);";
91
- $this->execute_add_column( $query );
92
- }
93
-
94
-
95
- $tableName = $this->userLoginInfoTable;
96
-
97
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
98
-
99
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
100
- `session_id` mediumtext NOT NULL,
101
- `mo2f_login_message` mediumtext NOT NULL ,
102
- `mo2f_current_user_id` tinyint NOT NULL ,
103
- `mo2f_1stfactor_status` mediumtext NOT NULL ,
104
- `mo_2factor_login_status` mediumtext NOT NULL ,
105
- `mo2f_transactionId` mediumtext NOT NULL ,
106
- `mo_2_factor_kba_questions` longtext NOT NULL ,
107
- `mo2f_rba_status` longtext NOT NULL ,
108
- `secret_ga` mediumtext NOT NULL,
109
- `ga_qrCode` mediumtext NOT NULL,
110
- `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
111
- PRIMARY KEY (`session_id`(100)));";
112
-
113
- dbDelta( $sql );
114
- }
115
-
116
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
117
-
118
- if ( ! $check_if_column_exists ) {
119
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
120
- $this->execute_add_column( $query );
121
-
122
- }
123
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "secret_ga" );
124
-
125
- if ( ! $check_if_column_exists ) {
126
- $query = "ALTER TABLE `$tableName` ADD COLUMN `secret_ga` mediumtext NOT NULL";
127
- $this->execute_add_column( $query );
128
-
129
- }
130
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "ga_qrCode" );
131
-
132
- if ( ! $check_if_column_exists ) {
133
- $query = "ALTER TABLE `$tableName` ADD COLUMN `ga_qrCode` mediumtext NOT NULL";
134
- $this->execute_add_column( $query );
135
-
136
- }
137
-
138
- }
139
- function get_current_user_email($id)
140
- {
141
- global $wpdb;
142
- $sql = 'select user_email from wp_users where ID='.$id.';';
143
- return $wpdb->get_var($sql);
144
- }
145
- function database_table_issue(){
146
-
147
- global $wpdb;
148
- $tableName = $this->userLoginInfoTable;
149
-
150
- if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
151
-
152
- $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
153
- `session_id` mediumtext NOT NULL,
154
- `mo2f_login_message` mediumtext NOT NULL ,
155
- `mo2f_current_user_id` tinyint NOT NULL ,
156
- `mo2f_1stfactor_status` mediumtext NOT NULL ,
157
- `mo_2factor_login_status` mediumtext NOT NULL ,
158
- `mo2f_transactionId` mediumtext NOT NULL ,
159
- `mo_2_factor_kba_questions` longtext NOT NULL ,
160
- `mo2f_rba_status` longtext NOT NULL ,
161
- `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
162
- PRIMARY KEY (`session_id`(100)));";
163
- dbDelta( $sql );
164
- }
165
-
166
- $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
167
-
168
- if ( ! $check_if_column_exists ) {
169
- $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
170
- $this->execute_add_column( $query );
171
-
172
- }
173
-
174
- }
175
-
176
-
177
- function insert_user( $user_id ) {
178
- global $wpdb;
179
- $sql = "INSERT INTO $this->userDetailsTable (user_id) VALUES($user_id) ON DUPLICATE KEY UPDATE user_id=$user_id";
180
- $wpdb->query( $sql );
181
- }
182
-
183
- function drop_table( $table_name ) {
184
- global $wpdb;
185
- $sql = "DROP TABLE $table_name";
186
- $wpdb->query( $sql );
187
- }
188
-
189
-
190
- function get_user_detail( $column_name, $user_id ) {
191
- global $wpdb;
192
- $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userDetailsTable . " WHERE user_id = " . $user_id . ";" );
193
- $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
194
-
195
- return $value == '' ? '' : $value[ $column_name ];
196
- }
197
-
198
- function delete_user_details( $user_id ) {
199
- global $wpdb;
200
- $wpdb->query(
201
- "DELETE FROM " . $this->userDetailsTable . "
202
- WHERE user_id = " . $user_id
203
- );
204
-
205
- return;
206
- }
207
- function get_no_of_2fa_users() {
208
- global $wpdb;
209
- $count=$wpdb->query(
210
- "SELECT * FROM ". $this->userDetailsTable
211
- );
212
- return $count;
213
- }
214
-
215
- function get_all_user_2fa_methods() {
216
- global $wpdb;
217
- $all_methods = [];
218
- $methods=$wpdb->get_results(
219
- "SELECT `mo2f_configured_2FA_method` FROM ". $this->userDetailsTable,ARRAY_A
220
- );
221
- foreach($methods as $method){
222
- array_push($all_methods,$method['mo2f_configured_2FA_method']);
223
- }
224
- return implode(',',$all_methods);
225
- }
226
-
227
- function check_if_table_exists( ) {
228
- global $wpdb;
229
- $does_table_exist= $wpdb->query(
230
- "SHOW TABLES LIKE '" . $this->userDetailsTable . "';"
231
- );
232
-
233
- return $does_table_exist;
234
- }
235
-
236
- function check_if_user_column_exists($user_id){
237
- global $wpdb;
238
- $value = $wpdb->query(
239
- "SELECT * FROM " . $this->userDetailsTable . "
240
- WHERE user_id = " . $user_id
241
- );
242
-
243
- return $value;
244
-
245
- }
246
-
247
- function check_if_column_exists( $table_type, $column_name ){
248
-
249
- if($table_type == "user_login_info_table")
250
- $table = $this->userLoginInfoTable;
251
- else if($table_type == "mo2f_user_details")
252
- $table = $this->userDetailsTable;
253
- global $wpdb;
254
- $sql="SHOW COLUMNS FROM " . $table . "
255
- LIKE '" . $column_name . "'";
256
- $value = $wpdb->query($sql);
257
-
258
- return $value;
259
-
260
- }
261
-
262
- function update_user_details( $user_id, $update ) {
263
- global $wpdb;
264
- $count = count( $update );
265
- $sql = "UPDATE " . $this->userDetailsTable . " SET ";
266
- $i = 1;
267
- foreach ( $update as $key => $value ) {
268
-
269
- $sql .= $key . "='" . $value . "'";
270
- if ( $i < $count ) {
271
- $sql .= ' , ';
272
- }
273
- $i ++;
274
- }
275
- $sql .= " WHERE user_id=" . $user_id . ";";
276
- $wpdb->query( $sql );
277
-
278
- return;
279
-
280
- }
281
-
282
- function insert_user_login_session( $session_id ) {
283
- global $wpdb;
284
- $sql = "INSERT INTO $this->userLoginInfoTable (session_id) VALUES('$session_id') ON DUPLICATE KEY UPDATE session_id='$session_id'";
285
-
286
- $wpdb->query( $sql );
287
- $sql = "DELETE FROM $this->userLoginInfoTable WHERE ts_created < DATE_ADD(NOW(),INTERVAL - 2 MINUTE);";
288
- $wpdb->query( $sql );
289
- }
290
-
291
- function save_user_login_details( $session_id, $user_values ) {
292
- global $wpdb;
293
- $count = count( $user_values );
294
- $sql = "UPDATE " . $this->userLoginInfoTable . " SET ";
295
- $i = 1;
296
- foreach ( $user_values as $key => $value ) {
297
-
298
- $sql .= $key . "='" . $value . "'";
299
- if ( $i < $count ) {
300
- $sql .= ' , ';
301
- }
302
- $i ++;
303
- }
304
- $sql .= " WHERE session_id='" . $session_id . "';";
305
- $wpdb->query( $sql );
306
-
307
- return;
308
-
309
- }
310
-
311
- function execute_add_column ( $query ){
312
- global $wpdb;
313
- $wpdb->query( $query );
314
-
315
- return;
316
- }
317
-
318
- function get_user_login_details( $column_name, $session_id ) {
319
- global $wpdb;
320
- $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userLoginInfoTable . " WHERE session_id = '" . $session_id . "';" );
321
- $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
322
-
323
- return $value == '' ? '' : $value[ $column_name ];
324
- }
325
-
326
- function delete_user_login_sessions($session_id ) {
327
- global $wpdb;
328
- $wpdb->query(
329
- "DELETE FROM " . $this->userLoginInfoTable . "
330
- WHERE session_id='$session_id';"
331
- );
332
-
333
- return;
334
- }
335
- function check_user_limit_exceeded($user_id){
336
-
337
- global $wpdb;
338
- $value = $wpdb->query(
339
- "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
340
- WHERE meta_key = 'currentMethod'"
341
- );
342
-
343
- $user_already_configured = $wpdb->query(
344
- "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
345
- WHERE meta_key = 'currentMethod' and user_id =".$user_id);
346
-
347
- if($value < 3 || $user_already_configured){
348
- return false;
349
- }
350
- else{
351
- return true;
352
- }
353
- }
354
- function check_alluser_limit_exceeded($user_id){
355
-
356
- global $wpdb;
357
- $value = $wpdb->query(
358
- "SELECT * FROM ".$this->userDetailsTable
359
- );
360
- $user_already_configured = $wpdb->query(
361
- "SELECT * FROM ".$this->userDetailsTable ." WHERE user_id =".$user_id );
362
-
363
- if($value < 3 || $user_already_configured){
364
- return false;
365
- }
366
- else{
367
- return true;
368
- }
369
- }
370
-
371
- function get_all_onprem_userids(){
372
-
373
- global $wpdb;
374
- $value = $wpdb->get_results(
375
- "SELECT * FROM ".$wpdb->base_prefix ."usermeta
376
- WHERE meta_key = 'currentMethod'"
377
- );
378
-
379
-
380
- foreach ($value as $row){
381
-
382
- if(isset($row->user_id)){
383
-
384
- $this->insert_user( $row->user_id);
385
-
386
- $this->update_user_details( $row->user_id,
387
- array(
388
- 'mo2f_GoogleAuthenticator_config_status' => get_user_meta($row->user_id,'Google Authenticator',true),
389
- 'mo2f_SecurityQuestions_config_status' => get_user_meta($row->user_id,'Security Questions',true),
390
- 'mo2f_EmailVerification_config_status' => get_user_meta($row->user_id,'Email Verification',true),
391
- 'mo2f_AuthyAuthenticator_config_status' =>0,
392
- 'mo2f_user_email' => get_user_meta($row->user_id,'email',true),
393
- 'mo2f_user_phone' => '',
394
- 'user_registration_with_miniorange' => '',
395
- 'mobile_registration_status' => '',
396
- 'mo2f_configured_2FA_method' => get_user_meta($row->user_id,'currentMethod',true),
397
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
398
- ) );
399
- }
400
- }
401
- }
402
-
403
- }
1
+ <?php
2
+
3
+ require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
4
+
5
+ class Mo2fDB {
6
+ private $userDetailsTable;
7
+ private $userLoginInfoTable;
8
+
9
+ function __construct() {
10
+ global $wpdb;
11
+ $this->userDetailsTable = $wpdb->prefix . 'mo2f_user_details';
12
+ $this->userLoginInfoTable = $wpdb->prefix . 'mo2f_user_login_info';
13
+ }
14
+
15
+ function mo_plugin_activate() {
16
+ global $wpdb;
17
+ if ( ! get_option( 'mo2f_dbversion' ) ) {
18
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
19
+ $this->generate_tables();
20
+ } else {
21
+ $current_db_version = get_option( 'mo2f_dbversion' );
22
+ if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
23
+
24
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
25
+ $this->generate_tables();
26
+ }
27
+ //update the tables based on DB_VERSION.
28
+ }
29
+ }
30
+
31
+ function generate_tables() {
32
+ global $wpdb;
33
+
34
+ $tableName = $this->userDetailsTable;
35
+
36
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
37
+
38
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
39
+ `user_id` bigint NOT NULL,
40
+ `mo2f_OTPOverSMS_config_status` tinyint,
41
+ `mo2f_miniOrangePushNotification_config_status` tinyint,
42
+ `mo2f_miniOrangeQRCodeAuthentication_config_status` tinyint,
43
+ `mo2f_miniOrangeSoftToken_config_status` tinyint,
44
+ `mo2f_AuthyAuthenticator_config_status` tinyint,
45
+ `mo2f_EmailVerification_config_status` tinyint,
46
+ `mo2f_SecurityQuestions_config_status` tinyint,
47
+ `mo2f_GoogleAuthenticator_config_status` tinyint,
48
+ `mo2f_OTPOverEmail_config_status` tinyint,
49
+ `mo2f_OTPOverTelegram_config_status` tinyint,
50
+ `mo2f_OTPOverWhatsapp_config_status` tinyint,
51
+ `mo2f_DuoAuthenticator_config_status` tinyint,
52
+ `mobile_registration_status` tinyint,
53
+ `mo2f_2factor_enable_2fa_byusers` tinyint DEFAULT 1,
54
+ `mo2f_configured_2FA_method` mediumtext NOT NULL ,
55
+ `mo2f_user_phone` mediumtext NOT NULL ,
56
+ `mo2f_user_email` mediumtext NOT NULL,
57
+ `user_registration_with_miniorange` mediumtext NOT NULL,
58
+ `mo_2factor_user_registration_status` mediumtext NOT NULL,
59
+ UNIQUE KEY user_id (user_id) );";
60
+
61
+ dbDelta( $sql );
62
+ }
63
+ add_site_option( 'cmVtYWluaW5nT1RQ' ,30);
64
+ add_site_option( 'bGltaXRSZWFjaGVk' ,0);
65
+ add_site_option( base64_encode('totalUsersCloud'),0);
66
+ add_site_option(base64_encode('remainingWhatsapptransactions'),30);
67
+
68
+
69
+
70
+
71
+ $check_if_column_exists = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverEmail_config_status" );
72
+ $check_if_column_exists_tel = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_OTPOverTelegram_config_status" );
73
+ $check_if_column_exists_duo = $this->check_if_column_exists( 'mo2f_user_details', "mo2f_DuoAuthenticator_config_status" );
74
+
75
+ if ( ! $check_if_column_exists ) {
76
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo2f_OTPOverEmail_config_status` tinyint";
77
+ $this->execute_add_column( $query );
78
+
79
+ }
80
+ if(!$check_if_column_exists_tel)
81
+ {
82
+ $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
83
+ `mo2f_OTPOverTelegram_config_status` tinyint,
84
+ `mo2f_OTPOverWhatsapp_config_status` tinyint);";
85
+ $this->execute_add_column( $query );
86
+ }
87
+ if(!$check_if_column_exists_duo)
88
+ {
89
+ $query = "ALTER TABLE " . $tableName . " ADD COLUMN (
90
+ `mo2f_DuoAuthenticator_config_status` tinyint);";
91
+ $this->execute_add_column( $query );
92
+ }
93
+
94
+
95
+ $tableName = $this->userLoginInfoTable;
96
+
97
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
98
+
99
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
100
+ `session_id` mediumtext NOT NULL,
101
+ `mo2f_login_message` mediumtext NOT NULL ,
102
+ `mo2f_current_user_id` tinyint NOT NULL ,
103
+ `mo2f_1stfactor_status` mediumtext NOT NULL ,
104
+ `mo_2factor_login_status` mediumtext NOT NULL ,
105
+ `mo2f_transactionId` mediumtext NOT NULL ,
106
+ `mo_2_factor_kba_questions` longtext NOT NULL ,
107
+ `mo2f_rba_status` longtext NOT NULL ,
108
+ `secret_ga` mediumtext NOT NULL,
109
+ `ga_qrCode` mediumtext NOT NULL,
110
+ `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
111
+ PRIMARY KEY (`session_id`(100)));";
112
+
113
+ dbDelta( $sql );
114
+ }
115
+
116
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
117
+
118
+ if ( ! $check_if_column_exists ) {
119
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
120
+ $this->execute_add_column( $query );
121
+
122
+ }
123
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "secret_ga" );
124
+
125
+ if ( ! $check_if_column_exists ) {
126
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `secret_ga` mediumtext NOT NULL";
127
+ $this->execute_add_column( $query );
128
+
129
+ }
130
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "ga_qrCode" );
131
+
132
+ if ( ! $check_if_column_exists ) {
133
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `ga_qrCode` mediumtext NOT NULL";
134
+ $this->execute_add_column( $query );
135
+
136
+ }
137
+
138
+ }
139
+ function get_current_user_email($id)
140
+ {
141
+ global $wpdb;
142
+ $sql = 'select user_email from wp_users where ID='.$id.';';
143
+ return $wpdb->get_var($sql);
144
+ }
145
+ function database_table_issue(){
146
+
147
+ global $wpdb;
148
+ $tableName = $this->userLoginInfoTable;
149
+
150
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName) {
151
+
152
+ $sql = "CREATE TABLE IF NOT EXISTS " . $tableName . " (
153
+ `session_id` mediumtext NOT NULL,
154
+ `mo2f_login_message` mediumtext NOT NULL ,
155
+ `mo2f_current_user_id` tinyint NOT NULL ,
156
+ `mo2f_1stfactor_status` mediumtext NOT NULL ,
157
+ `mo_2factor_login_status` mediumtext NOT NULL ,
158
+ `mo2f_transactionId` mediumtext NOT NULL ,
159
+ `mo_2_factor_kba_questions` longtext NOT NULL ,
160
+ `mo2f_rba_status` longtext NOT NULL ,
161
+ `ts_created` TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
162
+ PRIMARY KEY (`session_id`(100)));";
163
+ dbDelta( $sql );
164
+ }
165
+
166
+ $check_if_column_exists = $this->check_if_column_exists( "user_login_info_table", "mo_2factor_login_status" );
167
+
168
+ if ( ! $check_if_column_exists ) {
169
+ $query = "ALTER TABLE `$tableName` ADD COLUMN `mo_2factor_login_status` mediumtext NOT NULL";
170
+ $this->execute_add_column( $query );
171
+
172
+ }
173
+
174
+ }
175
+
176
+
177
+ function insert_user( $user_id ) {
178
+ global $wpdb;
179
+ $sql = "INSERT INTO $this->userDetailsTable (user_id) VALUES($user_id) ON DUPLICATE KEY UPDATE user_id=$user_id";
180
+ $wpdb->query( $sql );
181
+ }
182
+
183
+ function drop_table( $table_name ) {
184
+ global $wpdb;
185
+ $sql = "DROP TABLE $table_name";
186
+ $wpdb->query( $sql );
187
+ }
188
+
189
+
190
+ function get_user_detail( $column_name, $user_id ) {
191
+ global $wpdb;
192
+ $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userDetailsTable . " WHERE user_id = " . $user_id . ";" );
193
+ $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
194
+
195
+ return $value == '' ? '' : $value[ $column_name ];
196
+ }
197
+
198
+ function delete_user_details( $user_id ) {
199
+ global $wpdb;
200
+ $wpdb->query(
201
+ "DELETE FROM " . $this->userDetailsTable . "
202
+ WHERE user_id = " . $user_id
203
+ );
204
+
205
+ return;
206
+ }
207
+ function get_no_of_2fa_users() {
208
+ global $wpdb;
209
+ $count=$wpdb->query(
210
+ "SELECT * FROM ". $this->userDetailsTable
211
+ );
212
+ return $count;
213
+ }
214
+
215
+ function get_all_user_2fa_methods() {
216
+ global $wpdb;
217
+ $all_methods = [];
218
+ $methods=$wpdb->get_results(
219
+ "SELECT `mo2f_configured_2FA_method` FROM ". $this->userDetailsTable,ARRAY_A
220
+ );
221
+ foreach($methods as $method){
222
+ array_push($all_methods,$method['mo2f_configured_2FA_method']);
223
+ }
224
+ return implode(',',$all_methods);
225
+ }
226
+
227
+ function check_if_table_exists( ) {
228
+ global $wpdb;
229
+ $does_table_exist= $wpdb->query(
230
+ "SHOW TABLES LIKE '" . $this->userDetailsTable . "';"
231
+ );
232
+
233
+ return $does_table_exist;
234
+ }
235
+
236
+ function check_if_user_column_exists($user_id){
237
+ global $wpdb;
238
+ $value = $wpdb->query(
239
+ "SELECT * FROM " . $this->userDetailsTable . "
240
+ WHERE user_id = " . $user_id
241
+ );
242
+
243
+ return $value;
244
+
245
+ }
246
+
247
+ function check_if_column_exists( $table_type, $column_name ){
248
+
249
+ if($table_type == "user_login_info_table")
250
+ $table = $this->userLoginInfoTable;
251
+ else if($table_type == "mo2f_user_details")
252
+ $table = $this->userDetailsTable;
253
+ global $wpdb;
254
+ $sql="SHOW COLUMNS FROM " . $table . "
255
+ LIKE '" . $column_name . "'";
256
+ $value = $wpdb->query($sql);
257
+
258
+ return $value;
259
+
260
+ }
261
+
262
+ function update_user_details( $user_id, $update ) {
263
+ global $wpdb;
264
+ $count = count( $update );
265
+ $sql = "UPDATE " . $this->userDetailsTable . " SET ";
266
+ $i = 1;
267
+ foreach ( $update as $key => $value ) {
268
+
269
+ $sql .= $key . "='" . $value . "'";
270
+ if ( $i < $count ) {
271
+ $sql .= ' , ';
272
+ }
273
+ $i ++;
274
+ }
275
+ $sql .= " WHERE user_id=" . $user_id . ";";
276
+ $wpdb->query( $sql );
277
+
278
+ return;
279
+
280
+ }
281
+
282
+ function insert_user_login_session( $session_id ) {
283
+ global $wpdb;
284
+ $sql = "INSERT INTO $this->userLoginInfoTable (session_id) VALUES('$session_id') ON DUPLICATE KEY UPDATE session_id='$session_id'";
285
+
286
+ $wpdb->query( $sql );
287
+ $sql = "DELETE FROM $this->userLoginInfoTable WHERE ts_created < DATE_ADD(NOW(),INTERVAL - 2 MINUTE);";
288
+ $wpdb->query( $sql );
289
+ }
290
+
291
+ function save_user_login_details( $session_id, $user_values ) {
292
+ global $wpdb;
293
+ $count = count( $user_values );
294
+ $sql = "UPDATE " . $this->userLoginInfoTable . " SET ";
295
+ $i = 1;
296
+ foreach ( $user_values as $key => $value ) {
297
+
298
+ $sql .= $key . "='" . $value . "'";
299
+ if ( $i < $count ) {
300
+ $sql .= ' , ';
301
+ }
302
+ $i ++;
303
+ }
304
+ $sql .= " WHERE session_id='" . $session_id . "';";
305
+ $wpdb->query( $sql );
306
+
307
+ return;
308
+
309
+ }
310
+
311
+ function execute_add_column ( $query ){
312
+ global $wpdb;
313
+ $wpdb->query( $query );
314
+
315
+ return;
316
+ }
317
+
318
+ function get_user_login_details( $column_name, $session_id ) {
319
+ global $wpdb;
320
+ $user_column_detail = $wpdb->get_results( "SELECT " . $column_name . " FROM " . $this->userLoginInfoTable . " WHERE session_id = '" . $session_id . "';" );
321
+ $value = empty( $user_column_detail ) ? '' : get_object_vars( $user_column_detail[0] );
322
+
323
+ return $value == '' ? '' : $value[ $column_name ];
324
+ }
325
+
326
+ function delete_user_login_sessions($session_id ) {
327
+ global $wpdb;
328
+ $wpdb->query(
329
+ "DELETE FROM " . $this->userLoginInfoTable . "
330
+ WHERE session_id='$session_id';"
331
+ );
332
+
333
+ return;
334
+ }
335
+ function check_user_limit_exceeded($user_id){
336
+
337
+ global $wpdb;
338
+ $value = $wpdb->query(
339
+ "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
340
+ WHERE meta_key = 'currentMethod'"
341
+ );
342
+
343
+ $user_already_configured = $wpdb->query(
344
+ "SELECT meta_key FROM ".$wpdb->base_prefix ."usermeta
345
+ WHERE meta_key = 'currentMethod' and user_id =".$user_id);
346
+
347
+ if($value < 3 || $user_already_configured){
348
+ return false;
349
+ }
350
+ else{
351
+ return true;
352
+ }
353
+ }
354
+ function check_alluser_limit_exceeded($user_id){
355
+
356
+ global $wpdb;
357
+ $value = $wpdb->query(
358
+ "SELECT * FROM ".$this->userDetailsTable
359
+ );
360
+ $user_already_configured = $wpdb->query(
361
+ "SELECT * FROM ".$this->userDetailsTable ." WHERE user_id =".$user_id );
362
+
363
+ if($value < 3 || $user_already_configured){
364
+ return false;
365
+ }
366
+ else{
367
+ return true;
368
+ }
369
+ }
370
+
371
+ function get_all_onprem_userids(){
372
+
373
+ global $wpdb;
374
+ $value = $wpdb->get_results(
375
+ "SELECT * FROM ".$wpdb->base_prefix ."usermeta
376
+ WHERE meta_key = 'currentMethod'"
377
+ );
378
+
379
+
380
+ foreach ($value as $row){
381
+
382
+ if(isset($row->user_id)){
383
+
384
+ $this->insert_user( $row->user_id);
385
+
386
+ $this->update_user_details( $row->user_id,
387
+ array(
388
+ 'mo2f_GoogleAuthenticator_config_status' => get_user_meta($row->user_id,'Google Authenticator',true),
389
+ 'mo2f_SecurityQuestions_config_status' => get_user_meta($row->user_id,'Security Questions',true),
390
+ 'mo2f_EmailVerification_config_status' => get_user_meta($row->user_id,'Email Verification',true),
391
+ 'mo2f_AuthyAuthenticator_config_status' =>0,
392
+ 'mo2f_user_email' => get_user_meta($row->user_id,'email',true),
393
+ 'mo2f_user_phone' => '',
394
+ 'user_registration_with_miniorange' => '',
395
+ 'mobile_registration_status' => '',
396
+ 'mo2f_configured_2FA_method' => get_user_meta($row->user_id,'currentMethod',true),
397
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
398
+ ) );
399
+ }
400
+ }
401
+ }
402
+
403
+ }
handler/WAF/database/mo-waf-db-common.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
- function retrivefullname($name)
3
- {
4
-
5
- switch ($name) {
6
- case 'XSS':
7
- return 'Cross-site Scripting';
8
- case 'SQL':
9
- return 'SQL injection';
10
- case 'RCE':
11
- return 'Remote Code Execution';
12
- case 'LFI':
13
- return 'Local File Inclusion';
14
- case 'RFI':
15
- return 'Remote File Inclusion';
16
- case 'RLE':
17
- return 'Rate limiting Exceeded';
18
- case 'RLECrawler':
19
- return 'Rate limit Exceeded for crawler';
20
- default:
21
- return $name;
22
-
23
- }
24
-
25
  }
1
+ <?php
2
+ function retrivefullname($name)
3
+ {
4
+
5
+ switch ($name) {
6
+ case 'XSS':
7
+ return 'Cross-site Scripting';
8
+ case 'SQL':
9
+ return 'SQL injection';
10
+ case 'RCE':
11
+ return 'Remote Code Execution';
12
+ case 'LFI':
13
+ return 'Local File Inclusion';
14
+ case 'RFI':
15
+ return 'Remote File Inclusion';
16
+ case 'RLE':
17
+ return 'Rate limiting Exceeded';
18
+ case 'RLECrawler':
19
+ return 'Rate limit Exceeded for crawler';
20
+ default:
21
+ return $name;
22
+
23
+ }
24
+
25
  }
handler/WAF/database/mo-waf-db.php CHANGED
@@ -1,249 +1,249 @@
1
- <?php
2
- global $dbcon,$prefix;
3
- include_once('mo-waf-db-common.php');
4
- function mo_wpns_log_attack($ipaddress,$value1,$value)
5
- {
6
- global $prefix,$dbcon;
7
- $value = htmlspecialchars($value);
8
- $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
9
- $results = mysqli_query($dbcon,$query);
10
- $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
11
- $results = mysqli_query($dbcon,$query);
12
- $rows = mysqli_fetch_array($results);
13
- return $rows['count(*)'];
14
- }
15
- function mo_wpns_setting_file()
16
- {
17
- global $prefix,$dbcon;
18
- $dir_name = dirname(__FILE__);
19
- $dir_name1 = explode('wp-content', $dir_name);
20
- $dir_name = $dir_name1[0];
21
- $filepath = str_replace('\\', '/', $dir_name1[0]);
22
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
23
- $missingFile = 0;
24
- if(!file_exists($fileName))
25
- {
26
- $missingFile = 1;
27
- }
28
- if($missingFile==1)
29
- {
30
- $file = fopen($fileName, "a+");
31
- $string = "<?php".PHP_EOL;
32
-
33
- $sqlInjection = mo_wpns_get_option_value("SQLInjection");
34
- $string .= '$SQL='.$sqlInjection.';'.PHP_EOL;
35
-
36
- $XSSAttack = mo_wpns_get_option_value("XSSAttack");
37
- $string .= '$XSS='.$XSSAttack.';'.PHP_EOL;
38
-
39
- $RFIAttack = mo_wpns_get_option_value("RFIAttack");
40
- $string .= '$RFI='.$RFIAttack.';'.PHP_EOL;
41
-
42
- $LFIAttack = mo_wpns_get_option_value("LFIAttack");
43
- $string .= '$LFI='.$LFIAttack.';'.PHP_EOL;
44
-
45
- $RCEAttack = mo_wpns_get_option_value("RCEAttack");
46
- $string .= '$RCE='.$RCEAttack.';'.PHP_EOL;
47
-
48
- $Rate_limiting = mo_wpns_get_option_value("Rate_limiting");
49
- if($Rate_limiting!='')
50
- $string .= '$RateLimiting='.$Rate_limiting.';'.PHP_EOL;
51
- else
52
- $string .= '$RateLimiting=0;'.PHP_EOL;
53
-
54
- $Rate_request = mo_wpns_get_option_value("Rate_request");
55
- if($Rate_request!='')
56
- $string .= '$RequestsPMin='.$Rate_request.';'.PHP_EOL;
57
- else
58
- $string .= '$RequestsPMin=0;'.PHP_EOL;
59
-
60
- $actionRateL = mo_wpns_get_option_value("actionRateL");
61
- if($actionRateL==1)
62
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
63
- else
64
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
65
-
66
- $string .= '?>'.PHP_EOL;
67
- fwrite($file, $string);
68
- fclose($file);
69
-
70
- return $fileName;
71
- }
72
- return "notMissing";
73
- }
74
- function mo_wpns_is_ip_whitelisted($ipaddress)
75
- {
76
- global $dbcon,$prefix;
77
- $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
78
- $results = mysqli_query($dbcon,$query);
79
- if($results)
80
- {
81
- $row = mysqli_fetch_array($results);
82
- if(is_null($row))
83
- {
84
- return false;
85
- }
86
- else
87
- {
88
- return true;
89
- }
90
- }
91
- return false;
92
- }
93
- function mo_wpns_is_ip_blocked($ipaddress)
94
- {
95
- global $dbcon,$prefix;
96
- $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
97
- $results = mysqli_query($dbcon,$query);
98
- if($results)
99
- {
100
- $row = mysqli_fetch_array($results);
101
- if(is_null($row))
102
- {
103
- return false;
104
- }
105
- else
106
- {
107
- return true;
108
- }
109
- }
110
- return false;
111
- }
112
- function mo_wpns_block_ip($ipaddress,$reason)
113
- {
114
- global $dbcon, $prefix;
115
- $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','".$reason."',NULL,".time().");";
116
- $results = mysqli_query($dbcon,$query);
117
- }
118
- function mo_wpns_dbconnection()
119
- {
120
- global $dbcon,$prefix;
121
- $dir = dirname(__FILE__);
122
- $dir = str_replace('\\', "/", $dir);
123
- $dir_name = explode('wp-content', $dir);
124
- $file = file_get_contents($dir_name[0].'wp-config.php');
125
- $content = explode("\n", $file);
126
- $len = sizeof($content);
127
- $Ismultisite = 0;
128
- $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
129
-
130
- $prefix = 'wp_';
131
-
132
- for($i=0;$i<$len;$i++)
133
- {
134
-
135
- if(preg_match("/define/", $content[$i]))
136
- {
137
- $cont = explode(",", $content[$i]);
138
- $string = str_replace(array('define(',' ','\''), '', $cont[0]);
139
- switch ($string) {
140
- case "DB_NAME":
141
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
142
- $res = preg_replace('/\s/', '', $res);
143
- $dbD['DB_NAME'] = $res;
144
- break;
145
- case 'DB_USER':
146
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
147
- $res = preg_replace('/\s/', '', $res);
148
- $dbD['DB_USER'] = $res;
149
- break;
150
- case "DB_PASSWORD":
151
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
152
- $res = preg_replace('/\s/', '', $res);
153
- $dbD['DB_PASSWORD'] = $res;
154
- break;
155
- case 'DB_HOST':
156
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
157
- $res = preg_replace('/\s/', '', $res);
158
- $dbD['DB_HOST'] = $res;
159
- break;
160
- case "DB_CHARSET":
161
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
162
- $res = preg_replace('/\s/', '', $res);
163
- $dbD['DB_CHARSET'] = $res;
164
- break;
165
- case 'DB_COLLATE':
166
- $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
167
- $res = preg_replace('/\s/', '', $res);
168
- $dbD['DB_COLLATE'] = $res;
169
- break;
170
- default:
171
-
172
- break;
173
- }
174
- }
175
- if(preg_match('/\$table_prefix/', $content[$i]))
176
- {
177
- $cont = explode("'", $content[$i]);
178
-
179
- $prefix = $cont['1'];
180
- }
181
- }
182
- $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
183
- if(!$dbcon)
184
- {
185
- echo "database connection error";
186
- exit;
187
- }
188
- $connection = mysqli_select_db($dbcon,$dbD['DB_NAME']);
189
- return $connection;
190
- }
191
- function mo_wpns_get_option_value($option)
192
- {
193
- global $dbcon,$prefix;
194
- $query = 'select option_value from '.$prefix.'options where option_name ="'.$option.'";';
195
- $results = mysqli_query($dbcon,$query);
196
- if($results)
197
- {
198
- $rows = mysqli_fetch_array($results);
199
- if(isset($rows)&&(!is_null($rows['option_value'])))
200
- {
201
- $option_value = intval($rows['option_value']);
202
- return $option_value;
203
- }
204
- }
205
- return '';
206
- }
207
-
208
- function mo_wpns_getRLEattack($ipaddress)
209
- {
210
- global $dbcon,$prefix;
211
- $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' and type = 'RLE' ORDER BY time DESC LIMIT 1;";
212
- $results = mysqli_query($dbcon,$query);
213
- if($results)
214
- {
215
- $results = mysqli_fetch_array($results);
216
- return $results['time'];
217
- }
218
- return 0;
219
- }
220
- function mo_wpns_CheckRate($ipaddress)
221
- {
222
- global $dbcon,$prefix;
223
- $time = 60;
224
- mo_wpns_clearRate($time);
225
- mo_wpns_insertRate($ipaddress);
226
- $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
227
- $results = mysqli_query($dbcon,$query);
228
-
229
- if($results)
230
- {
231
- $row = mysqli_fetch_array($results);
232
- return $row['count(*)'];
233
- }
234
- return 0;
235
- }
236
- function mo_wpns_clearRate($time)
237
- {
238
- global $dbcon,$prefix;
239
- $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
240
- $results = mysqli_query($dbcon,$query);
241
- }
242
- function mo_wpns_insertRate($ipaddress)
243
- {
244
- global $dbcon,$prefix;
245
- $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
- $results = mysqli_query($dbcon,$query);
247
- }
248
-
249
  ?>
1
+ <?php
2
+ global $dbcon,$prefix;
3
+ include_once('mo-waf-db-common.php');
4
+ function mo_wpns_log_attack($ipaddress,$value1,$value)
5
+ {
6
+ global $prefix,$dbcon;
7
+ $value = htmlspecialchars($value);
8
+ $query = 'insert into '.$prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
9
+ $results = mysqli_query($dbcon,$query);
10
+ $query = "select count(*) from ".$prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
11
+ $results = mysqli_query($dbcon,$query);
12
+ $rows = mysqli_fetch_array($results);
13
+ return $rows['count(*)'];
14
+ }
15
+ function mo_wpns_setting_file()
16
+ {
17
+ global $prefix,$dbcon;
18
+ $dir_name = dirname(__FILE__);
19
+ $dir_name1 = explode('wp-content', $dir_name);
20
+ $dir_name = $dir_name1[0];
21
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
22
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
23
+ $missingFile = 0;
24
+ if(!file_exists($fileName))
25
+ {
26
+ $missingFile = 1;
27
+ }
28
+ if($missingFile==1)
29
+ {
30
+ $file = fopen($fileName, "a+");
31
+ $string = "<?php".PHP_EOL;
32
+
33
+ $sqlInjection = mo_wpns_get_option_value("SQLInjection");
34
+ $string .= '$SQL='.$sqlInjection.';'.PHP_EOL;
35
+
36
+ $XSSAttack = mo_wpns_get_option_value("XSSAttack");
37
+ $string .= '$XSS='.$XSSAttack.';'.PHP_EOL;
38
+
39
+ $RFIAttack = mo_wpns_get_option_value("RFIAttack");
40
+ $string .= '$RFI='.$RFIAttack.';'.PHP_EOL;
41
+
42
+ $LFIAttack = mo_wpns_get_option_value("LFIAttack");
43
+ $string .= '$LFI='.$LFIAttack.';'.PHP_EOL;
44
+
45
+ $RCEAttack = mo_wpns_get_option_value("RCEAttack");
46
+ $string .= '$RCE='.$RCEAttack.';'.PHP_EOL;
47
+
48
+ $Rate_limiting = mo_wpns_get_option_value("Rate_limiting");
49
+ if($Rate_limiting!='')
50
+ $string .= '$RateLimiting='.$Rate_limiting.';'.PHP_EOL;
51
+ else
52
+ $string .= '$RateLimiting=0;'.PHP_EOL;
53
+
54
+ $Rate_request = mo_wpns_get_option_value("Rate_request");
55
+ if($Rate_request!='')
56
+ $string .= '$RequestsPMin='.$Rate_request.';'.PHP_EOL;
57
+ else
58
+ $string .= '$RequestsPMin=0;'.PHP_EOL;
59
+
60
+ $actionRateL = mo_wpns_get_option_value("actionRateL");
61
+ if($actionRateL==1)
62
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
63
+ else
64
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
65
+
66
+ $string .= '?>'.PHP_EOL;
67
+ fwrite($file, $string);
68
+ fclose($file);
69
+
70
+ return $fileName;
71
+ }
72
+ return "notMissing";
73
+ }
74
+ function mo_wpns_is_ip_whitelisted($ipaddress)
75
+ {
76
+ global $dbcon,$prefix;
77
+ $query = 'select * from '.$prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
78
+ $results = mysqli_query($dbcon,$query);
79
+ if($results)
80
+ {
81
+ $row = mysqli_fetch_array($results);
82
+ if(is_null($row))
83
+ {
84
+ return false;
85
+ }
86
+ else
87
+ {
88
+ return true;
89
+ }
90
+ }
91
+ return false;
92
+ }
93
+ function mo_wpns_is_ip_blocked($ipaddress)
94
+ {
95
+ global $dbcon,$prefix;
96
+ $query = 'select * from '.$prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
97
+ $results = mysqli_query($dbcon,$query);
98
+ if($results)
99
+ {
100
+ $row = mysqli_fetch_array($results);
101
+ if(is_null($row))
102
+ {
103
+ return false;
104
+ }
105
+ else
106
+ {
107
+ return true;
108
+ }
109
+ }
110
+ return false;
111
+ }
112
+ function mo_wpns_block_ip($ipaddress,$reason)
113
+ {
114
+ global $dbcon, $prefix;
115
+ $query ="insert into ".$prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','".$reason."',NULL,".time().");";
116
+ $results = mysqli_query($dbcon,$query);
117
+ }
118
+ function mo_wpns_dbconnection()
119
+ {
120
+ global $dbcon,$prefix;
121
+ $dir = dirname(__FILE__);
122
+ $dir = str_replace('\\', "/", $dir);
123
+ $dir_name = explode('wp-content', $dir);
124
+ $file = file_get_contents($dir_name[0].'wp-config.php');
125
+ $content = explode("\n", $file);
126
+ $len = sizeof($content);
127
+ $Ismultisite = 0;
128
+ $dbD = array('DB_NAME' =>'' ,'DB_USER' => '' ,'DB_PASSWORD' =>'','DB_HOST' =>'','DB_CHARSET' =>'','DB_COLLATE' =>'' );
129
+
130
+ $prefix = 'wp_';
131
+
132
+ for($i=0;$i<$len;$i++)
133
+ {
134
+
135
+ if(preg_match("/define/", $content[$i]))
136
+ {
137
+ $cont = explode(",", $content[$i]);
138
+ $string = str_replace(array('define(',' ','\''), '', $cont[0]);
139
+ switch ($string) {
140
+ case "DB_NAME":
141
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
142
+ $res = preg_replace('/\s/', '', $res);
143
+ $dbD['DB_NAME'] = $res;
144
+ break;
145
+ case 'DB_USER':
146
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
147
+ $res = preg_replace('/\s/', '', $res);
148
+ $dbD['DB_USER'] = $res;
149
+ break;
150
+ case "DB_PASSWORD":
151
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
152
+ $res = preg_replace('/\s/', '', $res);
153
+ $dbD['DB_PASSWORD'] = $res;
154
+ break;
155
+ case 'DB_HOST':
156
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
157
+ $res = preg_replace('/\s/', '', $res);
158
+ $dbD['DB_HOST'] = $res;
159
+ break;
160
+ case "DB_CHARSET":
161
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
162
+ $res = preg_replace('/\s/', '', $res);
163
+ $dbD['DB_CHARSET'] = $res;
164
+ break;
165
+ case 'DB_COLLATE':
166
+ $res = str_replace(array('\'',')',';',' '), '', $cont[1]);
167
+ $res = preg_replace('/\s/', '', $res);
168
+ $dbD['DB_COLLATE'] = $res;
169
+ break;
170
+ default:
171
+
172
+ break;
173
+ }
174
+ }
175
+ if(preg_match('/\$table_prefix/', $content[$i]))
176
+ {
177
+ $cont = explode("'", $content[$i]);
178
+
179
+ $prefix = $cont['1'];
180
+ }
181
+ }
182
+ $dbcon = new mysqli($dbD['DB_HOST'],$dbD['DB_USER'],$dbD['DB_PASSWORD']);
183
+ if(!$dbcon)
184
+ {
185
+ echo "database connection error";
186
+ exit;
187
+ }
188
+ $connection = mysqli_select_db($dbcon,$dbD['DB_NAME']);
189
+ return $connection;
190
+ }
191
+ function mo_wpns_get_option_value($option)
192
+ {
193
+ global $dbcon,$prefix;
194
+ $query = 'select option_value from '.$prefix.'options where option_name ="'.$option.'";';
195
+ $results = mysqli_query($dbcon,$query);
196
+ if($results)
197
+ {
198
+ $rows = mysqli_fetch_array($results);
199
+ if(isset($rows)&&(!is_null($rows['option_value'])))
200
+ {
201
+ $option_value = intval($rows['option_value']);
202
+ return $option_value;
203
+ }
204
+ }
205
+ return '';
206
+ }
207
+
208
+ function mo_wpns_getRLEattack($ipaddress)
209
+ {
210
+ global $dbcon,$prefix;
211
+ $query = "select time from ".$prefix."wpns_attack_logs where ip ='".$ipaddress."' and type = 'RLE' ORDER BY time DESC LIMIT 1;";
212
+ $results = mysqli_query($dbcon,$query);
213
+ if($results)
214
+ {
215
+ $results = mysqli_fetch_array($results);
216
+ return $results['time'];
217
+ }
218
+ return 0;
219
+ }
220
+ function mo_wpns_CheckRate($ipaddress)
221
+ {
222
+ global $dbcon,$prefix;
223
+ $time = 60;
224
+ mo_wpns_clearRate($time);
225
+ mo_wpns_insertRate($ipaddress);
226
+ $query = "select count(*) from ".$prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
227
+ $results = mysqli_query($dbcon,$query);
228
+
229
+ if($results)
230
+ {
231
+ $row = mysqli_fetch_array($results);
232
+ return $row['count(*)'];
233
+ }
234
+ return 0;
235
+ }
236
+ function mo_wpns_clearRate($time)
237
+ {
238
+ global $dbcon,$prefix;
239
+ $query = "delete from ".$prefix."wpns_ip_rate_details where time<".(time()-$time);
240
+ $results = mysqli_query($dbcon,$query);
241
+ }
242
+ function mo_wpns_insertRate($ipaddress)
243
+ {
244
+ global $dbcon,$prefix;
245
+ $query = "insert into ".$prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
246
+ $results = mysqli_query($dbcon,$query);
247
+ }
248
+
249
  ?>
handler/WAF/database/mo-waf-plugin-db.php CHANGED
@@ -1,91 +1,91 @@
1
- <?php
2
-
3
- include_once('mo-waf-db-common.php');
4
- function mo_wpns_setting_file()
5
- {
6
- global $prefix,$dbcon;
7
- $dir_name = dirname(__FILE__);
8
- $dir_name1 = explode('wp-content', $dir_name);
9
- $dir_name = $dir_name1[0];
10
- $filepath = str_replace('\\', '/', $dir_name1[0]);
11
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
- $missingFile = 0;
13
- if(!file_exists($fileName))
14
- {
15
- $missingFile = 1;
16
- }
17
- if($missingFile==1)
18
- {
19
- $file = fopen($fileName, "a+");
20
- $string = "<?php".PHP_EOL;
21
- $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
- $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
- $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
- $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
- $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
- $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
- $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
-
29
- if(get_option('actionRateL') == 0)
30
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
- else
32
- $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
-
34
- $string .= '?>'.PHP_EOL;
35
- fwrite($file, $string);
36
- fclose($file);
37
- return $fileName;
38
- }
39
- return "notMissing";
40
-
41
- }
42
-
43
- function mo_wpns_getRLEAttack($ipaddress)
44
- {
45
- global $wpdb;
46
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
- $results = $wpdb->get_results($query);
48
- return $results[0]->time;
49
- }
50
- function mo_wpns_log_attack($ipaddress,$value1,$value)
51
- {
52
- global $wpdb;
53
- $value = htmlspecialchars($value);
54
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
- $results = $wpdb->get_results($query);
56
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
- $results = $wpdb->get_results($query);
58
- return $results[0]->count;
59
- }
60
-
61
-
62
- function mo_wpns_CheckRate($ipaddress)
63
- {
64
- global $wpdb;
65
- $time = 60;
66
- mo_wpns_clearRate($time);
67
- mo_wpns_insertRate($ipaddress);
68
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
- $results = $wpdb->get_results($query);
70
-
71
- if(isset($results[0]->count))
72
- {
73
- return $results[0]->count;
74
- }
75
- return 0;
76
-
77
- }
78
- function mo_wpns_clearRate($time)
79
- {
80
- global $wpdb;
81
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
- $results = $wpdb->get_results($query);
83
- }
84
- function mo_wpns_insertRate($ipaddress)
85
- {
86
- global $wpdb;
87
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
- $results = $wpdb->get_results($query);
89
- }
90
-
91
  ?>
1
+ <?php
2
+
3
+ include_once('mo-waf-db-common.php');
4
+ function mo_wpns_setting_file()
5
+ {
6
+ global $prefix,$dbcon;
7
+ $dir_name = dirname(__FILE__);
8
+ $dir_name1 = explode('wp-content', $dir_name);
9
+ $dir_name = $dir_name1[0];
10
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
11
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
12
+ $missingFile = 0;
13
+ if(!file_exists($fileName))
14
+ {
15
+ $missingFile = 1;
16
+ }
17
+ if($missingFile==1)
18
+ {
19
+ $file = fopen($fileName, "a+");
20
+ $string = "<?php".PHP_EOL;
21
+ $string .= '$SQL='.get_option("SQLInjection").';'.PHP_EOL;
22
+ $string .= '$XSS='.get_option("XSSAttack").';'.PHP_EOL;
23
+ $string .= '$RFI='.get_option("RFIAttack").';'.PHP_EOL;
24
+ $string .= '$LFI='.get_option("LFIAttack").';'.PHP_EOL;
25
+ $string .= '$RCE='.get_option("RCEAttack").';'.PHP_EOL;
26
+ $string .= '$RateLimiting='.get_option("Rate_limiting").';'.PHP_EOL;
27
+ $string .= '$RequestsPMin='.get_option("Rate_request").';'.PHP_EOL;
28
+
29
+ if(get_option('actionRateL') == 0)
30
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
31
+ else
32
+ $string .= '$actionRateL="BlockIP";'.PHP_EOL;
33
+
34
+ $string .= '?>'.PHP_EOL;
35
+ fwrite($file, $string);
36
+ fclose($file);
37
+ return $fileName;
38
+ }
39
+ return "notMissing";
40
+
41
+ }
42
+
43
+ function mo_wpns_getRLEAttack($ipaddress)
44
+ {
45
+ global $wpdb;
46
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
47
+ $results = $wpdb->get_results($query);
48
+ return $results[0]->time;
49
+ }
50
+ function mo_wpns_log_attack($ipaddress,$value1,$value)
51
+ {
52
+ global $wpdb;
53
+ $value = htmlspecialchars($value);
54
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
55
+ $results = $wpdb->get_results($query);
56
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != 'RLE';";
57
+ $results = $wpdb->get_results($query);
58
+ return $results[0]->count;
59
+ }
60
+
61
+
62
+ function mo_wpns_CheckRate($ipaddress)
63
+ {
64
+ global $wpdb;
65
+ $time = 60;
66
+ mo_wpns_clearRate($time);
67
+ mo_wpns_insertRate($ipaddress);
68
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
69
+ $results = $wpdb->get_results($query);
70
+
71
+ if(isset($results[0]->count))
72
+ {
73
+ return $results[0]->count;
74
+ }
75
+ return 0;
76
+
77
+ }
78
+ function mo_wpns_clearRate($time)
79
+ {
80
+ global $wpdb;
81
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
82
+ $results = $wpdb->get_results($query);
83
+ }
84
+ function mo_wpns_insertRate($ipaddress)
85
+ {
86
+ global $wpdb;
87
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
88
+ $results = $wpdb->get_results($query);
89
+ }
90
+
91
  ?>
handler/WAF/mo-waf-plugin.php CHANGED
@@ -1,212 +1,212 @@
1
- <?php
2
-
3
- $dir = dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $dir = explode('handler', $dir);
6
- $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
- $pluginU = $dir[0].'helper/pluginUtility.php';
8
- $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
- $errorPage = $dir[0].'handler/mo-error.html';
10
- $blockPage = $dir[0].'handler/mo-block.html';
11
-
12
- include_once($wafInclude);
13
- include_once($pluginU);
14
- include_once($wafDB);
15
-
16
-
17
- global $wpdb,$mowpnshandle;
18
- $mowpnshandle = new MoWpnsHandler();
19
- $ipaddress = get_ipaddress();
20
- $ipaddress = sanitize_text_field($ipaddress);
21
- if($mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
22
- {
23
- if(!$mowpnshandle->is_whitelisted($ipaddress))
24
- {
25
- header('HTTP/1.1 403 Forbidden');
26
- include_once($blockPage);
27
- exit;
28
- }
29
- }
30
- $fileName = mo_wpns_setting_file();
31
- if($fileName != "notMissing")
32
- {
33
- include_once($fileName);
34
- }
35
- if(isset($RateLimiting) and $RateLimiting == 1)
36
- {
37
- if(!is_crawler())
38
- {
39
- mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
- }
41
- }
42
- if(isset($RateLimitingCrawler))
43
- {
44
- if($RateLimitingCrawler == 1)
45
- {
46
- if(is_crawler())
47
- {
48
- if(is_fake_googlebot($ipaddress))
49
- {
50
- header('HTTP/1.1 403 Forbidden');
51
- include_once($errorPage);
52
- exit;
53
- }
54
- if($RateLimitingCrawler == '1')
55
- {
56
- mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
- }
58
-
59
- }
60
- }
61
- }
62
- $attack = array();
63
- if(isset($SQL) )
64
- {
65
- if($SQL==1)
66
- array_push($attack,"SQL");
67
- }
68
- if(isset($XSS) )
69
- {
70
- if( $XSS==1)
71
- array_push($attack,"XSS");
72
- }
73
- if(isset($LFI))
74
- {
75
- if($LFI==1)
76
- array_push($attack,"LFI");
77
- }
78
-
79
- $attackC = $attack;
80
- $ParanoiaLevel = 1;
81
- $annomalyS = 0;
82
- $SQLScore = 0;
83
- $XSSScore = 0;
84
- $limitAttack = get_option('limitAttack');
85
-
86
-
87
- foreach ($attackC as $key1 => $value1)
88
- {
89
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
90
- {
91
- if(isset($regex[$value1][$lev]))
92
- { $ooo = 0;
93
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
94
- {
95
- foreach ($_REQUEST as $key => $value) {
96
-
97
- if($regex[$value1][$lev][$i] != "")
98
- {
99
- if(is_string($value))
100
- {
101
- if(preg_match($regex[$value1][$lev][$i], $value))
102
- {
103
-
104
- if($value1 == "SQL")
105
- {
106
- $SQLScore += $score[$value1][$lev][$i];
107
- }
108
- elseif ($value1 == "XSS")
109
- {
110
- $XSSScore += $score[$value1][$lev][$i];
111
- }
112
- else
113
- {
114
- $annomalyS += $score[$value1][$lev][$i];
115
- }
116
-
117
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
118
- {
119
- $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
120
- if($attackCount>$limitAttack)
121
- {
122
- if(!$mowpnshandle->is_whitelisted($ipaddress))
123
- {
124
- if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
125
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
- }
127
- }
128
-
129
- header('HTTP/1.1 403 Forbidden');
130
- include_once($errorPage);
131
- exit;
132
- }
133
- }
134
- }
135
- }
136
- }
137
- }
138
- }
139
- }
140
- }
141
-
142
- function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
- {
144
- global $wpdb,$mowpnshandle;
145
- $rate = mo_wpns_CheckRate($ipaddress);
146
- if($rate>=$reqLimit)
147
- {
148
- $lastAttack = mo_wpns_getRLEAttack($ipaddress)+60;
149
- $current_time = time();
150
- if($lastAttack < $current_time-60)
151
- {
152
- mo_wpns_log_attack($ipaddress,'RLE','RLE');
153
- }
154
- if($action != 'ThrottleIP')
155
- {
156
- if(!$mowpnshandle->is_whitelisted($ipaddress))
157
- {
158
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLE',true);
159
- }
160
- }
161
- header('HTTP/1.1 403 Forbidden');
162
- include_once($errorPage);
163
- exit;
164
- }
165
- }
166
- function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
167
- {
168
- if(file_exists($filename))
169
- {
170
- include($filename);
171
- }
172
- global $wpdb,$mowpnshandle;
173
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
174
- if(isset($RateLimitingCrawler))
175
- {
176
- if($RateLimitingCrawler=='1')
177
- {
178
- if(isset($RequestsPMinCrawler))
179
- {
180
- $reqLimit = $RequestsPMinCrawler;
181
- $rate = mo_wpns_CheckRate($ipaddress);
182
- if($rate>=$reqLimit)
183
- {
184
- $action = $actionRateLCrawler;
185
- $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
- $current_time = time();
187
- if($current_time>$lastAttack && $_SERVER['HTTP_USER_AGENT']!='')
188
- {
189
- mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
- }
191
- if($action != 'ThrottleIP')
192
- {
193
- if(!$mowpnshandle->is_whitelisted($ipaddress))
194
- {
195
- if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
196
- {
197
- $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLECrawler',true);
198
- }
199
- }
200
- }
201
- header('HTTP/1.1 403 Forbidden');
202
- include_once($errorPage);
203
- exit;
204
- }
205
- }
206
- }
207
- }
208
- }
209
-
210
-
211
-
212
  ?>
1
+ <?php
2
+
3
+ $dir = dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $dir = explode('handler', $dir);
6
+ $wafInclude = $dir[0].'/handler/WAF/waf-include.php';
7
+ $pluginU = $dir[0].'helper/pluginUtility.php';
8
+ $wafDB = $dir[0].'/handler/WAF/database/mo-waf-plugin-db.php';
9
+ $errorPage = $dir[0].'handler/mo-error.html';
10
+ $blockPage = $dir[0].'handler/mo-block.html';
11
+
12
+ include_once($wafInclude);
13
+ include_once($pluginU);
14
+ include_once($wafDB);
15
+
16
+
17
+ global $wpdb,$mowpnshandle;
18
+ $mowpnshandle = new MoWpnsHandler();
19
+ $ipaddress = get_ipaddress();
20
+ $ipaddress = sanitize_text_field($ipaddress);
21
+ if($mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
22
+ {
23
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
24
+ {
25
+ header('HTTP/1.1 403 Forbidden');
26
+ include_once($blockPage);
27
+ exit;
28
+ }
29
+ }
30
+ $fileName = mo_wpns_setting_file();
31
+ if($fileName != "notMissing")
32
+ {
33
+ include_once($fileName);
34
+ }
35
+ if(isset($RateLimiting) and $RateLimiting == 1)
36
+ {
37
+ if(!is_crawler())
38
+ {
39
+ mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
+ }
41
+ }
42
+ if(isset($RateLimitingCrawler))
43
+ {
44
+ if($RateLimitingCrawler == 1)
45
+ {
46
+ if(is_crawler())
47
+ {
48
+ if(is_fake_googlebot($ipaddress))
49
+ {
50
+ header('HTTP/1.1 403 Forbidden');
51
+ include_once($errorPage);
52
+ exit;
53
+ }
54
+ if($RateLimitingCrawler == '1')
55
+ {
56
+ mo_wpns_applyRateLimitingCrawler($ipaddress,$fileName,$errorPage);
57
+ }
58
+
59
+ }
60
+ }
61
+ }
62
+ $attack = array();
63
+ if(isset($SQL) )
64
+ {
65
+ if($SQL==1)
66
+ array_push($attack,"SQL");
67
+ }
68
+ if(isset($XSS) )
69
+ {
70
+ if( $XSS==1)
71
+ array_push($attack,"XSS");
72
+ }
73
+ if(isset($LFI))
74
+ {
75
+ if($LFI==1)
76
+ array_push($attack,"LFI");
77
+ }
78
+
79
+ $attackC = $attack;
80
+ $ParanoiaLevel = 1;
81
+ $annomalyS = 0;
82
+ $SQLScore = 0;
83
+ $XSSScore = 0;
84
+ $limitAttack = get_option('limitAttack');
85
+
86
+
87
+ foreach ($attackC as $key1 => $value1)
88
+ {
89
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
90
+ {
91
+ if(isset($regex[$value1][$lev]))
92
+ { $ooo = 0;
93
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
94
+ {
95
+ foreach ($_REQUEST as $key => $value) {
96
+
97
+ if($regex[$value1][$lev][$i] != "")
98
+ {
99
+ if(is_string($value))
100
+ {
101
+ if(preg_match($regex[$value1][$lev][$i], $value))
102
+ {
103
+
104
+ if($value1 == "SQL")
105
+ {
106
+ $SQLScore += $score[$value1][$lev][$i];
107
+ }
108
+ elseif ($value1 == "XSS")
109
+ {
110
+ $XSSScore += $score[$value1][$lev][$i];
111
+ }
112
+ else
113
+ {
114
+ $annomalyS += $score[$value1][$lev][$i];
115
+ }
116
+
117
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
118
+ {
119
+ $attackCount = mo_wpns_log_attack($ipaddress,$value1,$value);
120
+ if($attackCount>$limitAttack)
121
+ {
122
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
123
+ {
124
+ if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
125
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'Attack limit Exceeded',true); //Attack Limit Exceed
126
+ }
127
+ }
128
+
129
+ header('HTTP/1.1 403 Forbidden');
130
+ include_once($errorPage);
131
+ exit;
132
+ }
133
+ }
134
+ }
135
+ }
136
+ }
137
+ }
138
+ }
139
+ }
140
+ }
141
+
142
+ function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
+ {
144
+ global $wpdb,$mowpnshandle;
145
+ $rate = mo_wpns_CheckRate($ipaddress);
146
+ if($rate>=$reqLimit)
147
+ {
148
+ $lastAttack = mo_wpns_getRLEAttack($ipaddress)+60;
149
+ $current_time = time();
150
+ if($lastAttack < $current_time-60)
151
+ {
152
+ mo_wpns_log_attack($ipaddress,'RLE','RLE');
153
+ }
154
+ if($action != 'ThrottleIP')
155
+ {
156
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
157
+ {
158
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLE',true);
159
+ }
160
+ }
161
+ header('HTTP/1.1 403 Forbidden');
162
+ include_once($errorPage);
163
+ exit;
164
+ }
165
+ }
166
+ function mo_wpns_applyRateLimitingCrawler($ipaddress,$filename,$errorPage)
167
+ {
168
+ if(file_exists($filename))
169
+ {
170
+ include($filename);
171
+ }
172
+ global $wpdb,$mowpnshandle;
173
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
174
+ if(isset($RateLimitingCrawler))
175
+ {
176
+ if($RateLimitingCrawler=='1')
177
+ {
178
+ if(isset($RequestsPMinCrawler))
179
+ {
180
+ $reqLimit = $RequestsPMinCrawler;
181
+ $rate = mo_wpns_CheckRate($ipaddress);
182
+ if($rate>=$reqLimit)
183
+ {
184
+ $action = $actionRateLCrawler;
185
+ $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
+ $current_time = time();
187
+ if($current_time>$lastAttack && $_SERVER['HTTP_USER_AGENT']!='')
188
+ {
189
+ mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
+ }
191
+ if($action != 'ThrottleIP')
192
+ {
193
+ if(!$mowpnshandle->is_whitelisted($ipaddress))
194
+ {
195
+ if(!$mowpnshandle->mo_wpns_is_ip_blocked($ipaddress))
196
+ {
197
+ $mowpnshandle->mo_wpns_block_ip($ipaddress,'RLECrawler',true);
198
+ }
199
+ }
200
+ }
201
+ header('HTTP/1.1 403 Forbidden');
202
+ include_once($errorPage);
203
+ exit;
204
+ }
205
+ }
206
+ }
207
+ }
208
+ }
209
+
210
+
211
+
212
  ?>
handler/WAF/waf-include.php CHANGED
@@ -1,92 +1,92 @@
1
- <?php
2
- $dir = dirname(__FILE__);
3
- $dir = str_replace('\\', "/", $dir);
4
- $dir = explode('WAF', $dir);
5
- $dir = $dir[0];
6
- $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
- $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
- $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
- $configfilepath = explode('wp-content', $dir);
10
- $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include_once($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
- function get_ipaddress()
26
- {
27
- $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['REMOTE_ADDR']))
31
- $ipaddress = $_SERVER['REMOTE_ADDR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
- else if(isset($_SERVER['HTTP_FORWARDED']))
39
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
- else
41
- $ipaddress = 'UNKNOWN';
42
-
43
- return $ipaddress;
44
- }
45
- function is_crawler()
46
- {
47
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
48
- $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
- foreach ($Botsign as $key => $value)
50
- {
51
- if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
52
- {
53
- return true;
54
- }
55
- }
56
- return false;
57
- }
58
- function is_fake_googlebot($ipaddress)
59
- {
60
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
61
- if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
62
- {
63
- if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
- {
65
- header('HTTP/1.1 403 Forbidden');
66
- include_once("mo-error.html");
67
- exit;
68
- }
69
- }
70
- }
71
- function is_fake($crawler,$USER_AGENT,$ipaddress)
72
- {
73
- // $hostName = gethostbyaddr($ipaddress);
74
- // $hostIP = gethostbyname($hostName);
75
- // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
- // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
- // for($i = 1 ; $i <= $range_count ; $i++){
78
- // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
- // $rangearray = explode("-",$blockedrange);
80
- // if(sizeof($rangearray)==2){
81
- // $lowip = ip2long(trim($rangearray[0]));
82
- // $highip = ip2long(trim($rangearray[1]));
83
- // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
- // $mo_wpns_config = new MoWpnsHandler();
85
- // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
- // return true;
87
- // }
88
- // }
89
- // }
90
- // return false;
91
- }
92
  ?>
1
+ <?php
2
+ $dir = dirname(__FILE__);
3
+ $dir = str_replace('\\', "/", $dir);
4
+ $dir = explode('WAF', $dir);
5
+ $dir = $dir[0];
6
+ $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
+ $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
+ $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
+ $configfilepath = explode('wp-content', $dir);
10
+ $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include_once($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+ function get_ipaddress()
26
+ {
27
+ $ipaddress = '';
28
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
29
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
+ else if(isset($_SERVER['REMOTE_ADDR']))
31
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
32
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
+ else if(isset($_SERVER['HTTP_FORWARDED']))
39
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
40
+ else
41
+ $ipaddress = 'UNKNOWN';
42
+
43
+ return $ipaddress;
44
+ }
45
+ function is_crawler()
46
+ {
47
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
48
+ $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
+ foreach ($Botsign as $key => $value)
50
+ {
51
+ if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
52
+ {
53
+ return true;
54
+ }
55
+ }
56
+ return false;
57
+ }
58
+ function is_fake_googlebot($ipaddress)
59
+ {
60
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
61
+ if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
62
+ {
63
+ if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
64
+ {
65
+ header('HTTP/1.1 403 Forbidden');
66
+ include_once("mo-error.html");
67
+ exit;
68
+ }
69
+ }
70
+ }
71
+ function is_fake($crawler,$USER_AGENT,$ipaddress)
72
+ {
73
+ // $hostName = gethostbyaddr($ipaddress);
74
+ // $hostIP = gethostbyname($hostName);
75
+ // if(is_numeric(get_option('mo_wpns_iprange_count')))
76
+ // $range_count = intval(get_option('mo_wpns_iprange_count'));
77
+ // for($i = 1 ; $i <= $range_count ; $i++){
78
+ // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
79
+ // $rangearray = explode("-",$blockedrange);
80
+ // if(sizeof($rangearray)==2){
81
+ // $lowip = ip2long(trim($rangearray[0]));
82
+ // $highip = ip2long(trim($rangearray[1]));
83
+ // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
84
+ // $mo_wpns_config = new MoWpnsHandler();
85
+ // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
86
+ // return true;
87
+ // }
88
+ // }
89
+ // }
90
+ // return false;
91
+ }
92
  ?>
handler/ajax.php CHANGED
@@ -1,175 +1,175 @@
1
- <?php
2
-
3
- class AjaxHandler
4
- {
5
- function __construct()
6
- {
7
- add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
- }
9
-
10
- function mo_wpns_2fa_actions()
11
- {
12
- global $moWpnsUtility,$mo2f_dirName;
13
-
14
- if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
- {
16
- switch($_REQUEST['option'])
17
- {
18
- case "iplookup":
19
- $this->lookupIP($_GET['ip']); break;
20
-
21
- case "dissmissSMTP":
22
- $this->handle_smtp(); break;
23
- case "whitelistself":
24
- $this->whitelist_self(); break;
25
-
26
- case "dismissplugin":
27
- $this->wpns_plugin_notice(); break;
28
-
29
- case "dismissbackup":
30
- $this->wpns_dismiss_backup_notice(); break;
31
-
32
- case "dismissbruteforce":
33
- $this->wpns_dismiss_bruteforce_notice(); break;
34
-
35
- case "dismissrecaptcha":
36
- $this-> wpns_dismiss_recaptcha_notice(); break;
37
-
38
- case "dismissfirewall":
39
- $this->wpns_dismiss_firewall_notice(); break;
40
-
41
- case "plugin_warning_never_show_again":
42
- $this->wpns_plugin_warning_never_show_again();
43
- break;
44
-
45
- case "dismissSms":
46
- $this->wpns_sms_notice(); break;
47
-
48
- case "dismissEmail":
49
- $this->wpns_email_notice(); break;
50
-
51
- case "dismissSms_always":
52
- $this->wpns_sms_notice_always(); break;
53
-
54
- case "dismissEmail_always":
55
- $this->wpns_email_notice_always(); break;
56
-
57
- case "dismisscodeswarning":
58
- $this->mo2f_backup_codes_dismiss(); break;
59
- }
60
- }
61
- }
62
-
63
- private function lookupIP($ip)
64
- {
65
- $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
66
- $hostname = gethostbyaddr($result["geoplugin_request"]);
67
- try{
68
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
69
- $timeoffset = $timeoffset/3600;
70
-
71
- }catch(Exception $e){
72
- $result["geoplugin_timezone"]="";
73
- $timeoffset="";
74
- }
75
-
76
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
77
- if($result['geoplugin_request']==$ip) {
78
-
79
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
80
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
81
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
82
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
83
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
84
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
85
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
86
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
87
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
88
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
89
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
90
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
91
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
92
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
93
-
94
- $result['ipDetails'] = $ipLookUpTemplate;
95
- }else{
96
- $result["ipDetails"]["status"]="ERROR";
97
- }
98
-
99
- wp_send_json( $result );
100
-
101
- }
102
- private function whitelist_self()
103
- {
104
- global $moWpnsUtility;
105
- $moPluginsUtility = new MoWpnsHandler();
106
- $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
107
- wp_send_json('success');
108
- }
109
-
110
- private function wpns_plugin_notice()
111
- {
112
-
113
- update_site_option('malware_notification_option', 1);
114
- update_site_option('notice_dismiss_time',time());
115
- wp_send_json('success');
116
- }
117
-
118
- function wpns_dismiss_backup_notice(){
119
- update_site_option('backup_notification_option', 1);
120
- update_site_option('notice_dismiss_time',time());
121
- wp_send_json('success');
122
- }
123
-
124
- function wpns_dismiss_bruteforce_notice(){
125
- update_site_option('bruteforce_notification_option', 1);
126
- update_site_option('notice_dismiss_time',time());
127
- wp_send_json('success');
128
- }
129
-
130
- function wpns_dismiss_recaptcha_notice(){
131
- update_site_option('recaptcha_notification_option', 1);
132
- update_site_option('notice_dismiss_time',time());
133
- wp_send_json('success');
134
- }
135
-
136
- function wpns_plugin_warning_never_show_again(){
137
- update_site_option('plugin_warning_never_show_again', 1);
138
- wp_send_json('success');
139
- }
140
-
141
- function wpns_dismiss_firewall_notice(){
142
- update_site_option('waf_notification_option', 1);
143
- update_site_option('notice_dismiss_time',time());
144
- wp_send_json('success');
145
- }
146
- private function wpns_sms_notice()
147
- {
148
- update_site_option('mo2f_wpns_sms_dismiss', time());
149
- wp_send_json('success');
150
- }
151
- private function wpns_email_notice()
152
- {
153
- update_site_option('mo2f_wpns_email_dismiss', time());
154
- wp_send_json('success');
155
- }
156
- private function wpns_sms_notice_always()
157
- {
158
- update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
159
- wp_send_json('success');
160
- }
161
- private function wpns_email_notice_always()
162
- {
163
- update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
164
- wp_send_json('success');
165
- }
166
- private function mo2f_backup_codes_dismiss()
167
- {
168
- $user_id = get_current_user_id();
169
- update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
170
- wp_send_json('success');
171
- }
172
-
173
-
174
-
175
- }new AjaxHandler;
1
+ <?php
2
+
3
+ class AjaxHandler
4
+ {
5
+ function __construct()
6
+ {
7
+ add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
+ }
9
+
10
+ function mo_wpns_2fa_actions()
11
+ {
12
+ global $moWpnsUtility,$mo2f_dirName;
13
+
14
+ if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
+ {
16
+ switch($_REQUEST['option'])
17
+ {
18
+ case "iplookup":
19
+ $this->lookupIP($_GET['ip']); break;
20
+
21
+ case "dissmissSMTP":
22
+ $this->handle_smtp(); break;
23
+ case "whitelistself":
24
+ $this->whitelist_self(); break;
25
+
26
+ case "dismissplugin":
27
+ $this->wpns_plugin_notice(); break;
28
+
29
+ case "dismissbackup":
30
+ $this->wpns_dismiss_backup_notice(); break;
31
+
32
+ case "dismissbruteforce":
33
+ $this->wpns_dismiss_bruteforce_notice(); break;
34
+
35
+ case "dismissrecaptcha":
36
+ $this-> wpns_dismiss_recaptcha_notice(); break;
37
+
38
+ case "dismissfirewall":
39
+ $this->wpns_dismiss_firewall_notice(); break;
40
+
41
+ case "plugin_warning_never_show_again":
42
+ $this->wpns_plugin_warning_never_show_again();
43
+ break;
44
+
45
+ case "dismissSms":
46
+ $this->wpns_sms_notice(); break;
47
+
48
+ case "dismissEmail":
49
+ $this->wpns_email_notice(); break;
50
+
51
+ case "dismissSms_always":
52
+ $this->wpns_sms_notice_always(); break;
53
+
54
+ case "dismissEmail_always":
55
+ $this->wpns_email_notice_always(); break;
56
+
57
+ case "dismisscodeswarning":
58
+ $this->mo2f_backup_codes_dismiss(); break;
59
+ }
60
+ }
61
+ }
62
+
63
+ private function lookupIP($ip)
64
+ {
65
+ $result=@json_decode(file_get_contents("http://www.geoplugin.net/json.gp?ip=".$ip),true);
66
+ $hostname = gethostbyaddr($result["geoplugin_request"]);
67
+ try{
68
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
69
+ $timeoffset = $timeoffset/3600;
70
+
71
+ }catch(Exception $e){
72
+ $result["geoplugin_timezone"]="";
73
+ $timeoffset="";
74
+ }
75
+
76
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
77
+ if($result['geoplugin_request']==$ip) {
78
+
79
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
80
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
81
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
82
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
83
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
84
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
85
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
86
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
87
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
88
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
89
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
90
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
91
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
92
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
93
+
94
+ $result['ipDetails'] = $ipLookUpTemplate;
95
+ }else{
96
+ $result["ipDetails"]["status"]="ERROR";
97
+ }
98
+
99
+ wp_send_json( $result );
100
+
101
+ }
102
+ private function whitelist_self()
103
+ {
104
+ global $moWpnsUtility;
105
+ $moPluginsUtility = new MoWpnsHandler();
106
+ $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
107
+ wp_send_json('success');
108
+ }
109
+
110
+ private function wpns_plugin_notice()
111
+ {
112
+
113
+ update_site_option('malware_notification_option', 1);
114
+ update_site_option('notice_dismiss_time',time());
115
+ wp_send_json('success');
116
+ }
117
+
118
+ function wpns_dismiss_backup_notice(){
119
+ update_site_option('backup_notification_option', 1);
120
+ update_site_option('notice_dismiss_time',time());
121
+ wp_send_json('success');
122
+ }
123
+
124
+ function wpns_dismiss_bruteforce_notice(){
125
+ update_site_option('bruteforce_notification_option', 1);
126
+ update_site_option('notice_dismiss_time',time());
127
+ wp_send_json('success');
128
+ }
129
+
130
+ function wpns_dismiss_recaptcha_notice(){
131
+ update_site_option('recaptcha_notification_option', 1);
132
+ update_site_option('notice_dismiss_time',time());
133
+ wp_send_json('success');
134
+ }
135
+
136
+ function wpns_plugin_warning_never_show_again(){
137
+ update_site_option('plugin_warning_never_show_again', 1);
138
+ wp_send_json('success');
139
+ }
140
+
141
+ function wpns_dismiss_firewall_notice(){
142
+ update_site_option('waf_notification_option', 1);
143
+ update_site_option('notice_dismiss_time',time());
144
+ wp_send_json('success');
145
+ }
146
+ private function wpns_sms_notice()
147
+ {
148
+ update_site_option('mo2f_wpns_sms_dismiss', time());
149
+ wp_send_json('success');
150
+ }
151
+ private function wpns_email_notice()
152
+ {
153
+ update_site_option('mo2f_wpns_email_dismiss', time());
154
+ wp_send_json('success');
155
+ }
156
+ private function wpns_sms_notice_always()
157
+ {
158
+ update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
159
+ wp_send_json('success');
160
+ }
161
+ private function wpns_email_notice_always()
162
+ {
163
+ update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
164
+ wp_send_json('success');
165
+ }
166
+ private function mo2f_backup_codes_dismiss()
167
+ {
168
+ $user_id = get_current_user_id();
169
+ update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
170
+ wp_send_json('success');
171
+ }
172
+
173
+
174
+
175
+ }new AjaxHandler;
handler/feedback_form.php CHANGED
@@ -1,210 +1,210 @@
1
- <?php
2
- class FeedbackHandler
3
- {
4
- function __construct()
5
- {
6
- add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
- }
8
-
9
- function mo_wpns_feedback_actions()
10
- {
11
-
12
- global $moWpnsUtility, $mo2f_dirName;
13
-
14
- if (current_user_can('manage_options') && isset($_POST['option'])) {
15
- switch ($_REQUEST['option']) {
16
- case "mo_wpns_skip_feedback":
17
- case "mo_wpns_rating":
18
- case "mo_wpns_feedback":
19
- $this->wpns_handle_feedback($_POST); break;
20
- case "mo_wpns_backup_download":
21
- $this->mo2f_backup_download($_POST);
22
- break;
23
- case "log_file_download":
24
- $this->mo2f_download_log_file();
25
- break;
26
-
27
-
28
- }
29
- }
30
- }
31
-
32
-
33
- function wpns_handle_feedback($postdata)
34
- {
35
-
36
- if(MO2F_TEST_MODE){
37
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
- return;
39
- }
40
-
41
- $user = wp_get_current_user();
42
- $feedback_option = $_POST['option'];
43
- if ($feedback_option != "mo_wpns_rating")
44
- {
45
- $message = 'Plugin Deactivated';
46
- }
47
-
48
-
49
- $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
- $activation_date = get_site_option('mo2f_activated_time');
51
- $current_date = time();
52
- $diff = $activation_date - $current_date;
53
- if($activation_date == false){
54
- $days = 'NA';
55
- }
56
- else{
57
- $days = abs(round($diff / 86400));
58
- }
59
- update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
-
61
- if ($feedback_option != "mo_wpns_rating")
62
- {
63
- $reply_required = '';
64
- if (isset($_POST['get_reply']))
65
- $reply_required = htmlspecialchars($_POST['get_reply']);
66
-
67
- if (empty($reply_required)) {
68
- $reply_required = "don't reply";
69
- $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
- } else {
71
- $reply_required = "yes";
72
- $message .= '[Reply:' . $reply_required . ',';
73
- }
74
- }
75
- else
76
- {
77
- $message ='[' ;
78
- }
79
- $message .= 'D:' . $days . ',';
80
- if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
- $message .= '2FA+NS]';
82
- }
83
- else{
84
- $message .= '2FA]';
85
- }
86
-
87
- $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
-
89
- if (isset($_POST['rate']))
90
- $rate_value = htmlspecialchars($_POST['rate']);
91
- else
92
- $rate_value = "--";
93
- $message .= ', [Rating :' . $rate_value . ']';
94
- if (empty($reply_required))
95
- $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
- else
97
- $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
- $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
- $email = get_option('mo2f_email');
101
- if (empty($email))
102
- $email = $user->user_email;
103
- }
104
- $phone = get_option('mo_wpns_admin_phone');
105
- $feedback_reasons = new MocURL();
106
- global $moWpnsUtility;
107
- if (!is_null($feedback_reasons)) {
108
- if (!$moWpnsUtility->is_curl_installed()) {
109
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
- wp_redirect('plugins.php');
111
- } else {
112
- $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
- if (json_last_error() == JSON_ERROR_NONE) {
114
- if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
115
- do_action('wpns_show_message',$submited['message'],'ERROR');
116
-
117
- } else {
118
- if ($submited == false) {
119
- do_action('wpns_show_message','Error while submitting the query.','ERROR');
120
- }
121
- }
122
- }
123
-
124
- if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
125
- {
126
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
127
- }
128
- do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
129
-
130
- }
131
- }
132
- }
133
-
134
- function mo2f_download_log_file(){
135
- ob_start();
136
- $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
137
-
138
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
139
- $error = new WP_Error();
140
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
141
-
142
- }else{
143
-
144
-
145
- $debug_log_path = wp_upload_dir();
146
- $debug_log_path = $debug_log_path['basedir'];
147
- $file_name = 'miniorange_debug_log.txt';
148
- $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
149
- if($status){
150
- header("Pragma: public");
151
- header("Expires: 0");
152
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
153
- header("Content-Type: application/octet-stream");
154
- header("Content-Disposition: attachment; filename=".$file_name);
155
- header("Content-Transfer-Encoding: binary");
156
- header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
157
- while (ob_get_level()) {
158
- ob_end_clean();
159
- @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
160
- exit;
161
- }
162
- }else{
163
- do_action('wpns_show_message','File does not exist.','ERROR');
164
- }
165
- }
166
- }
167
-
168
- function mo2f_backup_download($postdata){
169
- global $wpnsDbQueries;
170
-
171
- $nonce = $postdata['download_nonce'];
172
- if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
173
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
174
- return;
175
- }
176
-
177
- ob_start();
178
- if(current_user_can('administrator')){
179
- $file_name=$postdata['file_name'];
180
- $file_path=$postdata['file_path'];
181
- $file = explode('/', $file_name);
182
- $file_name = $file[0];
183
- $id = $file[1];
184
- $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
185
- if($status){
186
- header("Pragma: public");
187
- header("Expires: 0");
188
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
189
- header("Content-Type: application/octet-stream");
190
- header("Content-Disposition: attachment; filename=".$file_name);
191
- header("Content-Transfer-Encoding: binary");
192
- header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
193
- while (ob_get_level()) {
194
- ob_end_clean();
195
- @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
196
- exit;
197
- }
198
- }else{
199
- $wpnsDbQueries->delete_file($id);
200
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
201
- return;
202
- }
203
- }else{
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
205
- return;
206
- }
207
-
208
- }
209
-
210
- }new FeedbackHandler();
1
+ <?php
2
+ class FeedbackHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
+ }
8
+
9
+ function mo_wpns_feedback_actions()
10
+ {
11
+
12
+ global $moWpnsUtility, $mo2f_dirName;
13
+
14
+ if (current_user_can('manage_options') && isset($_POST['option'])) {
15
+ switch ($_REQUEST['option']) {
16
+ case "mo_wpns_skip_feedback":
17
+ case "mo_wpns_rating":
18
+ case "mo_wpns_feedback":
19
+ $this->wpns_handle_feedback($_POST); break;
20
+ case "mo_wpns_backup_download":
21
+ $this->mo2f_backup_download($_POST);
22
+ break;
23
+ case "log_file_download":
24
+ $this->mo2f_download_log_file();
25
+ break;
26
+
27
+
28
+ }
29
+ }
30
+ }
31
+
32
+
33
+ function wpns_handle_feedback($postdata)
34
+ {
35
+
36
+ if(MO2F_TEST_MODE){
37
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
+ return;
39
+ }
40
+
41
+ $user = wp_get_current_user();
42
+ $feedback_option = $_POST['option'];
43
+ if ($feedback_option != "mo_wpns_rating")
44
+ {
45
+ $message = 'Plugin Deactivated';
46
+ }
47
+
48
+
49
+ $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
+ $activation_date = get_site_option('mo2f_activated_time');
51
+ $current_date = time();
52
+ $diff = $activation_date - $current_date;
53
+ if($activation_date == false){
54
+ $days = 'NA';
55
+ }
56
+ else{
57
+ $days = abs(round($diff / 86400));
58
+ }
59
+ update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
+
61
+ if ($feedback_option != "mo_wpns_rating")
62
+ {
63
+ $reply_required = '';
64
+ if (isset($_POST['get_reply']))
65
+ $reply_required = htmlspecialchars($_POST['get_reply']);
66
+
67
+ if (empty($reply_required)) {
68
+ $reply_required = "don't reply";
69
+ $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
+ } else {
71
+ $reply_required = "yes";
72
+ $message .= '[Reply:' . $reply_required . ',';
73
+ }
74
+ }
75
+ else
76
+ {
77
+ $message ='[' ;
78
+ }
79
+ $message .= 'D:' . $days . ',';
80
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
+ $message .= '2FA+NS]';
82
+ }
83
+ else{
84
+ $message .= '2FA]';
85
+ }
86
+
87
+ $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
+
89
+ if (isset($_POST['rate']))
90
+ $rate_value = htmlspecialchars($_POST['rate']);
91
+ else
92
+ $rate_value = "--";
93
+ $message .= ', [Rating :' . $rate_value . ']';
94
+ if (empty($reply_required))
95
+ $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
+ else
97
+ $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
+ $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
+ $email = get_option('mo2f_email');
101
+ if (empty($email))
102
+ $email = $user->user_email;
103
+ }
104
+ $phone = get_option('mo_wpns_admin_phone');
105
+ $feedback_reasons = new MocURL();
106
+ global $moWpnsUtility;
107
+ if (!is_null($feedback_reasons)) {
108
+ if (!$moWpnsUtility->is_curl_installed()) {
109
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
+ wp_redirect('plugins.php');
111
+ } else {
112
+ $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
+ if (json_last_error() == JSON_ERROR_NONE) {
114
+ if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
115
+ do_action('wpns_show_message',$submited['message'],'ERROR');
116
+
117
+ } else {
118
+ if ($submited == false) {
119
+ do_action('wpns_show_message','Error while submitting the query.','ERROR');
120
+ }
121
+ }
122
+ }
123
+
124
+ if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
125
+ {
126
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
127
+ }
128
+ do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
129
+
130
+ }
131
+ }
132
+ }
133
+
134
+ function mo2f_download_log_file(){
135
+ ob_start();
136
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
137
+
138
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
139
+ $error = new WP_Error();
140
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
141
+
142
+ }else{
143
+
144
+
145
+ $debug_log_path = wp_upload_dir();
146
+ $debug_log_path = $debug_log_path['basedir'];
147
+ $file_name = 'miniorange_debug_log.txt';
148
+ $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
149
+ if($status){
150
+ header("Pragma: public");
151
+ header("Expires: 0");
152
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
153
+ header("Content-Type: application/octet-stream");
154
+ header("Content-Disposition: attachment; filename=".$file_name);
155
+ header("Content-Transfer-Encoding: binary");
156
+ header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
157
+ while (ob_get_level()) {
158
+ ob_end_clean();
159
+ @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
160
+ exit;
161
+ }
162
+ }else{
163
+ do_action('wpns_show_message','File does not exist.','ERROR');
164
+ }
165
+ }
166
+ }
167
+
168
+ function mo2f_backup_download($postdata){
169
+ global $wpnsDbQueries;
170
+
171
+ $nonce = $postdata['download_nonce'];
172
+ if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
173
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
174
+ return;
175
+ }
176
+
177
+ ob_start();
178
+ if(current_user_can('administrator')){
179
+ $file_name=$postdata['file_name'];
180
+ $file_path=$postdata['file_path'];
181
+ $file = explode('/', $file_name);
182
+ $file_name = $file[0];
183
+ $id = $file[1];
184
+ $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
185
+ if($status){
186
+ header("Pragma: public");
187
+ header("Expires: 0");
188
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
189
+ header("Content-Type: application/octet-stream");
190
+ header("Content-Disposition: attachment; filename=".$file_name);
191
+ header("Content-Transfer-Encoding: binary");
192
+ header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
193
+ while (ob_get_level()) {
194
+ ob_end_clean();
195
+ @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
196
+ exit;
197
+ }
198
+ }else{
199
+ $wpnsDbQueries->delete_file($id);
200
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
201
+ return;
202
+ }
203
+ }else{
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
205
+ return;
206
+ }
207
+
208
+ }
209
+
210
+ }new FeedbackHandler();
handler/logger.php CHANGED
@@ -1,39 +1,39 @@
1
- <?php
2
-
3
- class mo2f_Logger
4
- {
5
- function __construct()
6
- {
7
- add_action( 'log_403' , array( $this, 'log_403' ) );
8
- add_action( 'template_redirect', array( $this, 'log_404' ) );
9
- }
10
-
11
-
12
- function log_403()
13
- {
14
- global $moWpnsUtility;
15
- $mo_wpns_config = new MoWpnsHandler();
16
- $userIp = $moWpnsUtility->get_client_ip();
17
- $userIp = sanitize_text_field( $userIp );
18
- $url = $moWpnsUtility->get_current_url();
19
- $user = wp_get_current_user();
20
- $username = is_user_logged_in() ? $user->user_login : 'GUEST';
21
- $mo_wpns_config->add_transactions($userIp,$username,MoWpnsConstants::ERR_403, MoWpnsConstants::ACCESS_DENIED,$url);
22
- }
23
-
24
- function log_404()
25
- {
26
- global $moWpnsUtility;
27
-
28
- if(!is_404())
29
- return;
30
- $mo_wpns_config = new MoWpnsHandler();
31
- $userIp = $moWpnsUtility->get_client_ip();
32
- $userIp = sanitize_text_field( $userIp );
33
- $url = $moWpnsUtility->get_current_url();
34
- $user = wp_get_current_user();
35
- $username = is_user_logged_in() ? $user->user_login : 'GUEST';
36
- $mo_wpns_config->add_transactions($userIp,$username,MoWpnsConstants::ERR_404, MoWpnsConstants::ACCESS_DENIED,$url);
37
- }
38
- }
39
  new mo2f_Logger;
1
+ <?php
2
+
3
+ class mo2f_Logger
4
+ {
5
+ function __construct()
6
+ {
7
+ add_action( 'log_403' , array( $this, 'log_403' ) );
8
+ add_action( 'template_redirect', array( $this, 'log_404' ) );
9
+ }
10
+
11
+
12
+ function log_403()
13
+ {
14
+ global $moWpnsUtility;
15
+ $mo_wpns_config = new MoWpnsHandler();
16
+ $userIp = $moWpnsUtility->get_client_ip();
17
+ $userIp = sanitize_text_field( $userIp );
18
+ $url = $moWpnsUtility->get_current_url();
19
+ $user = wp_get_current_user();
20
+ $username = is_user_logged_in() ? $user->user_login : 'GUEST';
21
+ $mo_wpns_config->add_transactions($userIp,$username,MoWpnsConstants::ERR_403, MoWpnsConstants::ACCESS_DENIED,$url);
22
+ }
23
+
24
+ function log_404()
25
+ {
26
+ global $moWpnsUtility;
27
+
28
+ if(!is_404())
29
+ return;
30
+ $mo_wpns_config = new MoWpnsHandler();
31
+ $userIp = $moWpnsUtility->get_client_ip();
32
+ $userIp = sanitize_text_field( $userIp );
33
+ $url = $moWpnsUtility->get_current_url();
34
+ $user = wp_get_current_user();
35
+ $username = is_user_logged_in() ? $user->user_login : 'GUEST';
36
+ $mo_wpns_config->add_transactions($userIp,$username,MoWpnsConstants::ERR_404, MoWpnsConstants::ACCESS_DENIED,$url);
37
+ }
38
+ }
39
  new mo2f_Logger;
handler/login.php CHANGED
@@ -1,408 +1,408 @@
1
- <?php
2
- class LoginHandler
3
- {
4
- function __construct()
5
- {
6
- add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
- if(get_site_option('mo2f_restrict_restAPI')){
8
- add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
- }
10
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
- || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
- {
13
-
14
- remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
- add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
- }
17
-
18
- add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
- add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
- //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
- //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
-
23
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
- add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
- }
26
- }
27
-
28
- function mo_block_restAPI(){
29
- global $moWpnsUtility,$mo2f_dirName;
30
- if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
- include_once("mo-block.html");
32
- exit;
33
- }
34
- }
35
-
36
- function mo_wpns_init()
37
- {
38
- add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
- add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
- add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
- add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
- global $moWpnsUtility,$mo2f_dirName;
43
- $WAFEnabled = get_option('WAFEnabled');
44
- $WAFLevel = get_option('WAF');
45
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
- if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
- add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
- $mo2f_scanner_parts = new mo2f_scanner_parts();
49
- $mo2f_scanner_parts->file_cron_scan();
50
-
51
- if($WAFEnabled == 1)
52
- {
53
- if($WAFLevel == 'PluginLevel')
54
- {
55
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
- }
58
- }
59
-
60
-
61
- $userIp = $moWpnsUtility->get_client_ip();
62
- $userIp = sanitize_text_field( $userIp );
63
- $mo_wpns_config = new MoWpnsHandler();
64
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
65
- $isIpBlocked = false;
66
- if(!$isWhitelisted){
67
- $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
68
- }
69
- if($isIpBlocked){
70
- include_once("mo-block.html");
71
- exit;
72
- }
73
-
74
- $requested_uri = $_SERVER["REQUEST_URI"];
75
- $option = false;
76
- if (is_user_logged_in()) { //chr?
77
- if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
- wp_redirect(site_url());
79
- die;
80
- }
81
- } else {
82
- $option = get_option('mo_wpns_enable_rename_login_url');
83
- }
84
- if ($option) {
85
- if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
- wp_redirect($requested_uri);
88
- die;
89
- } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
- wp_redirect($requested_uri);
92
- die;
93
- }
94
-
95
- if (strpos($requested_uri, '/wp-login.php') !== false) {
96
- wp_redirect(site_url());
97
- }
98
- else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
99
- @require_once ABSPATH . 'wp-login.php';
100
- die;
101
- }
102
- }
103
-
104
- if(isset($_POST['option']))
105
- {
106
- switch($_POST['option'])
107
- {
108
- case "mo_wpns_change_password":
109
- $this->handle_change_password(sanitize_text_field($_POST['username'])
110
- ,sanitize_text_field($_POST['new_password']),sanitize_text_field($_POST['confirm_password']));
111
- break;
112
- }
113
- }
114
-
115
- }
116
- function twofa_on_user_profile( $user ) {
117
- global $mo2f_dirName;
118
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
119
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
120
- }
121
- }
122
- function user_two_factor_options_update( $user ) {
123
- global $mo2f_dirName;
124
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
125
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
126
- }
127
- }
128
-
129
- function mo2f_IP_email_send()
130
- {
131
- global $moWpnsUtility, $Mo2fdbQueries;
132
- $userIp = $moWpnsUtility->get_client_ip();
133
- $userIp = sanitize_text_field( $userIp );
134
- $user = wp_get_current_user();
135
- $user_id = $user->ID;
136
- $meta_key = 'mo2f_user_IP';
137
- add_user_meta($user->ID, $meta_key,$userIp);
138
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID);
139
- if (empty($email)) {
140
- $email = $user->user_email;
141
- }
142
- $check_Ip = get_user_meta($user->ID,$meta_key)[0];
143
-
144
- if ($check_Ip != $userIp)
145
- {
146
- $subject ="Alert: New IP Detected";
147
- $message = mo_IP_template();
148
- $headers=array('Content-Type: text/html; charset=UTF-8');
149
- if(is_email($email))
150
- {
151
- wp_mail( $email,$subject,$message,$headers);
152
- }
153
- }
154
- }
155
-
156
- function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
157
-
158
- if (empty($_POST['g-recaptcha-response'])) {
159
- $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
160
- }
161
- }
162
-
163
- //Function to Handle Change Password Form
164
- function handle_change_password($username,$newpassword,$confirmpassword)
165
- {
166
- global $mo2f_dirName;
167
- $user = get_user_by("login",$username);
168
- $error = wp_authenticate_username_password($user,$username,$newpassword);
169
-
170
- if(is_wp_error($error))
171
- {
172
- $this->mo_wpns_login_failed($username);
173
- return $error;
174
- }
175
-
176
- if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
177
- {
178
- wp_set_auth_cookie($user->ID,false,false);
179
- $this->mo_wpns_login_success($username);
180
- wp_redirect(get_site_option('siteurl'),301);
181
- }
182
- }
183
-
184
-
185
- //Function to Update User password
186
- function update_strong_password($username,$newpassword,$confirmpassword)
187
- {
188
- global $mo2f_dirName;
189
-
190
- if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
191
- && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
192
- {
193
- $user = get_user_by("login",$username);
194
- wp_set_password($newpassword,$user->ID);
195
- return "success";
196
- }
197
- else
198
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
199
- }
200
-
201
-
202
- //Our custom logic for user authentication
203
- function custom_authenticate($user, $username, $password)
204
- {
205
- global $moWpnsUtility;
206
- $error = new WP_Error();
207
-
208
- if(empty($username) && empty ($password))
209
- return $error;
210
-
211
- if(empty($username)) {
212
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
213
- }
214
- if(empty($password)) {
215
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
216
- }
217
-
218
- $user = wp_authenticate_username_password( $user, $username, $password );
219
-
220
- if ( is_wp_error( $user ) ) {
221
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
222
- return $user;
223
- }
224
- if(empty($error->errors))
225
- {
226
- $user = get_user_by("login",$username);
227
-
228
- if($user)
229
- {
230
- $moCURL=new MocURL;
231
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
232
- {
233
- $captcha_version=get_option('mo_wpns_recaptcha_version');
234
- if($captcha_version=='reCAPTCHA_v3')
235
- $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
236
- else if($captcha_version=='reCAPTCHA_v2')
237
- $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
238
-
239
- }
240
- }
241
-
242
- if(!empty($recaptchaError->errors))
243
- $error = $recaptchaError;
244
- if(empty($error->errors)){
245
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
246
- {
247
- $this->mo_wpns_login_success($username);
248
- }
249
- return $user;
250
- }
251
- }
252
- else
253
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
254
- return $error;
255
-
256
- }
257
-
258
-
259
-
260
-
261
- //Function to check user password
262
- function check_password($user,$error,$password)
263
- {
264
- global $moWpnsUtility, $mo2f_dirName;
265
- if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
266
- {
267
- if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
268
- {
269
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
270
- $this->mo_wpns_login_success($user->data->user_login);
271
- return $user;
272
- }
273
- else
274
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
275
- }
276
- else
277
- $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
278
-
279
- return $error;
280
- }
281
-
282
-
283
- //Function to handle successful user login
284
- function mo_wpns_login_success($username)
285
- {
286
- global $moWpnsUtility;
287
- if(get_site_option('mo2f_mail_notify') == 'on')
288
- {
289
- $this->mo2f_IP_email_send();
290
- }
291
-
292
- $mo_wpns_config = new MoWpnsHandler();
293
- $userIp = $moWpnsUtility->get_client_ip();
294
- $userIp = sanitize_text_field( $userIp );
295
- $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
296
-
297
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
298
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
299
-
300
-
301
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
302
-
303
- if(isset($_POST['log']) && isset($_POST['pwd'])){
304
- $username = sanitize_text_field($_POST['log']);
305
- $pass = sanitize_text_field($_POST['pwd']);
306
- $user = get_user_by('login',$username);
307
-
308
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
309
- if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
310
- if(!get_user_meta($user->ID,'password_strong?')){
311
- update_user_meta($user->ID,'password_strong?', true);
312
- $count = get_site_option('users_with_weak_pass');
313
- $count = $count + 1;
314
- update_site_option('users_with_weak_pass', $count);
315
- }
316
- }
317
- else{
318
- if(get_user_meta($user->ID,'password_strong?')){
319
- $count = get_site_option('users_with_weak_pass');
320
- $count = $count - 1;
321
- update_site_option('users_with_weak_pass', $count);
322
- }
323
- delete_user_meta($user->ID,'password_strong?');
324
- }
325
-
326
-
327
- }
328
-
329
- }
330
- }
331
-
332
-
333
- //Function to handle failed user login attempt
334
- function mo_wpns_login_failed($username)
335
- {
336
- global $moWpnsUtility;
337
- $userIp = $moWpnsUtility->get_client_ip();
338
- $userIp = sanitize_text_field( $userIp );
339
- if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
340
- return;
341
-
342
- $mo_wpns_config = new MoWpnsHandler();
343
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
344
-
345
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
346
-
347
- if(!$isWhitelisted)
348
- {
349
-
350
-
351
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
352
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
353
-
354
- $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
355
- $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
356
-
357
- if($allowedLoginAttepts - $failedAttempts<=0)
358
- $this->handle_login_attempt_exceeded($userIp);
359
- else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
360
- $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
361
- }
362
-
363
- }
364
-
365
-
366
-
367
-
368
-
369
- //Function to show number of attempts remaining
370
- function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
371
- {
372
- global $error;
373
- $diff = $allowedLoginAttepts - $failedAttempts;
374
- $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
375
- }
376
-
377
-
378
- //Function to handle login limit exceeded
379
- function handle_login_attempt_exceeded($userIp)
380
- {
381
- global $moWpnsUtility, $mo2f_dirName;
382
- $mo_wpns_config = new MoWpnsHandler();
383
- $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
384
- include_once("mo-block.html");
385
- exit;
386
-
387
- }
388
-
389
- function setup_registration_closed($user){
390
- global $Mo2fdbQueries;
391
- if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
392
- $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
393
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
394
- $error = new WP_Error();
395
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
396
- return $error;
397
- } else {
398
- if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
399
- //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
400
- delete_user_meta( $user->ID, 'register_account_popup' );
401
-
402
- }
403
- }
404
- }
405
- }
406
-
407
- }
408
- new LoginHandler;
1
+ <?php
2
+ class LoginHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
+ if(get_site_option('mo2f_restrict_restAPI')){
8
+ add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
+ }
10
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
+ || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
+ {
13
+
14
+ remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
+ add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
+ }
17
+
18
+ add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
+ add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
+ //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
+ //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
+
23
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
+ add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
+ }
26
+ }
27
+
28
+ function mo_block_restAPI(){
29
+ global $moWpnsUtility,$mo2f_dirName;
30
+ if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
+ include_once("mo-block.html");
32
+ exit;
33
+ }
34
+ }
35
+
36
+ function mo_wpns_init()
37
+ {
38
+ add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
+ add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
+ add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
+ add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
+ global $moWpnsUtility,$mo2f_dirName;
43
+ $WAFEnabled = get_option('WAFEnabled');
44
+ $WAFLevel = get_option('WAF');
45
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
+ if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
+ add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
+ $mo2f_scanner_parts = new mo2f_scanner_parts();
49
+ $mo2f_scanner_parts->file_cron_scan();
50
+
51
+ if($WAFEnabled == 1)
52
+ {
53
+ if($WAFLevel == 'PluginLevel')
54
+ {
55
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
+ }
58
+ }
59
+
60
+
61
+ $userIp = $moWpnsUtility->get_client_ip();
62
+ $userIp = sanitize_text_field( $userIp );
63
+ $mo_wpns_config = new MoWpnsHandler();
64
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
65
+ $isIpBlocked = false;
66
+ if(!$isWhitelisted){
67
+ $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
68
+ }
69
+ if($isIpBlocked){
70
+ include_once("mo-block.html");
71
+ exit;
72
+ }
73
+
74
+ $requested_uri = $_SERVER["REQUEST_URI"];
75
+ $option = false;
76
+ if (is_user_logged_in()) { //chr?
77
+ if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
+ wp_redirect(site_url());
79
+ die;
80
+ }
81
+ } else {
82
+ $option = get_option('mo_wpns_enable_rename_login_url');
83
+ }
84
+ if ($option) {
85
+ if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
+ wp_redirect($requested_uri);
88
+ die;
89
+ } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
+ wp_redirect($requested_uri);
92
+ die;
93
+ }
94
+
95
+ if (strpos($requested_uri, '/wp-login.php') !== false) {
96
+ wp_redirect(site_url());
97
+ }
98
+ else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
99
+ @require_once ABSPATH . 'wp-login.php';
100
+ die;
101
+ }
102
+ }
103
+
104
+ if(isset($_POST['option']))
105
+ {
106
+ switch($_POST['option'])
107
+ {
108
+ case "mo_wpns_change_password":
109
+ $this->handle_change_password(sanitize_text_field($_POST['username'])
110
+ ,sanitize_text_field($_POST['new_password']),sanitize_text_field($_POST['confirm_password']));
111
+ break;
112
+ }
113
+ }
114
+
115
+ }
116
+ function twofa_on_user_profile( $user ) {
117
+ global $mo2f_dirName;
118
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
119
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
120
+ }
121
+ }
122
+ function user_two_factor_options_update( $user ) {
123
+ global $mo2f_dirName;
124
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
125
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
126
+ }
127
+ }
128
+
129
+ function mo2f_IP_email_send()
130
+ {
131
+ global $moWpnsUtility, $Mo2fdbQueries;
132
+ $userIp = $moWpnsUtility->get_client_ip();
133
+ $userIp = sanitize_text_field( $userIp );
134
+ $user = wp_get_current_user();
135
+ $user_id = $user->ID;
136
+ $meta_key = 'mo2f_user_IP';
137
+ add_user_meta($user->ID, $meta_key,$userIp);
138
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID);
139
+ if (empty($email)) {
140
+ $email = $user->user_email;
141
+ }
142
+ $check_Ip = get_user_meta($user->ID,$meta_key)[0];
143
+
144
+ if ($check_Ip != $userIp)
145
+ {
146
+ $subject ="Alert: New IP Detected";
147
+ $message = mo_IP_template();
148
+ $headers=array('Content-Type: text/html; charset=UTF-8');
149
+ if(is_email($email))
150
+ {
151
+ wp_mail( $email,$subject,$message,$headers);
152
+ }
153
+ }
154
+ }
155
+
156
+ function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
157
+
158
+ if (empty($_POST['g-recaptcha-response'])) {
159
+ $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
160
+ }
161
+ }
162
+
163
+ //Function to Handle Change Password Form
164
+ function handle_change_password($username,$newpassword,$confirmpassword)
165
+ {
166
+ global $mo2f_dirName;
167
+ $user = get_user_by("login",$username);
168
+ $error = wp_authenticate_username_password($user,$username,$newpassword);
169
+
170
+ if(is_wp_error($error))
171
+ {
172
+ $this->mo_wpns_login_failed($username);
173
+ return $error;
174
+ }
175
+
176
+ if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
177
+ {
178
+ wp_set_auth_cookie($user->ID,false,false);
179
+ $this->mo_wpns_login_success($username);
180
+ wp_redirect(get_site_option('siteurl'),301);
181
+ }
182
+ }
183
+
184
+
185
+ //Function to Update User password
186
+ function update_strong_password($username,$newpassword,$confirmpassword)
187
+ {
188
+ global $mo2f_dirName;
189
+
190
+ if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
191
+ && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
192
+ {
193
+ $user = get_user_by("login",$username);
194
+ wp_set_password($newpassword,$user->ID);
195
+ return "success";
196
+ }
197
+ else
198
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
199
+ }
200
+
201
+
202
+ //Our custom logic for user authentication
203
+ function custom_authenticate($user, $username, $password)
204
+ {
205
+ global $moWpnsUtility;
206
+ $error = new WP_Error();
207
+
208
+ if(empty($username) && empty ($password))
209
+ return $error;
210
+
211
+ if(empty($username)) {
212
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
213
+ }
214
+ if(empty($password)) {
215
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
216
+ }
217
+
218
+ $user = wp_authenticate_username_password( $user, $username, $password );
219
+
220
+ if ( is_wp_error( $user ) ) {
221
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
222
+ return $user;
223
+ }
224
+ if(empty($error->errors))
225
+ {
226
+ $user = get_user_by("login",$username);
227
+
228
+ if($user)
229
+ {
230
+ $moCURL=new MocURL;
231
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
232
+ {
233
+ $captcha_version=get_option('mo_wpns_recaptcha_version');
234
+ if($captcha_version=='reCAPTCHA_v3')
235
+ $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
236
+ else if($captcha_version=='reCAPTCHA_v2')
237
+ $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
238
+
239
+ }
240
+ }
241
+
242
+ if(!empty($recaptchaError->errors))
243
+ $error = $recaptchaError;
244
+ if(empty($error->errors)){
245
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
246
+ {
247
+ $this->mo_wpns_login_success($username);
248
+ }
249
+ return $user;
250
+ }
251
+ }
252
+ else
253
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
254
+ return $error;
255
+
256
+ }
257
+
258
+
259
+
260
+
261
+ //Function to check user password
262
+ function check_password($user,$error,$password)
263
+ {
264
+ global $moWpnsUtility, $mo2f_dirName;
265
+ if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
266
+ {
267
+ if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
268
+ {
269
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
270
+ $this->mo_wpns_login_success($user->data->user_login);
271
+ return $user;
272
+ }
273
+ else
274
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
275
+ }
276
+ else
277
+ $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
278
+
279
+ return $error;
280
+ }
281
+
282
+
283
+ //Function to handle successful user login
284
+ function mo_wpns_login_success($username)
285
+ {
286
+ global $moWpnsUtility;
287
+ if(get_site_option('mo2f_mail_notify') == 'on')
288
+ {
289
+ $this->mo2f_IP_email_send();
290
+ }
291
+
292
+ $mo_wpns_config = new MoWpnsHandler();
293
+ $userIp = $moWpnsUtility->get_client_ip();
294
+ $userIp = sanitize_text_field( $userIp );
295
+ $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
296
+
297
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
298
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
299
+
300
+
301
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
302
+
303
+ if(isset($_POST['log']) && isset($_POST['pwd'])){
304
+ $username = sanitize_text_field($_POST['log']);
305
+ $pass = sanitize_text_field($_POST['pwd']);
306
+ $user = get_user_by('login',$username);
307
+
308
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
309
+ if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
310
+ if(!get_user_meta($user->ID,'password_strong?')){
311
+ update_user_meta($user->ID,'password_strong?', true);
312
+ $count = get_site_option('users_with_weak_pass');
313
+ $count = $count + 1;
314
+ update_site_option('users_with_weak_pass', $count);
315
+ }
316
+ }
317
+ else{
318
+ if(get_user_meta($user->ID,'password_strong?')){
319
+ $count = get_site_option('users_with_weak_pass');
320
+ $count = $count - 1;
321
+ update_site_option('users_with_weak_pass', $count);
322
+ }
323
+ delete_user_meta($user->ID,'password_strong?');
324
+ }
325
+
326
+
327
+ }
328
+
329
+ }
330
+ }
331
+
332
+
333
+ //Function to handle failed user login attempt
334
+ function mo_wpns_login_failed($username)
335
+ {
336
+ global $moWpnsUtility;
337
+ $userIp = $moWpnsUtility->get_client_ip();
338
+ $userIp = sanitize_text_field( $userIp );
339
+ if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
340
+ return;
341
+
342
+ $mo_wpns_config = new MoWpnsHandler();
343
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
344
+
345
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
346
+
347
+ if(!$isWhitelisted)
348
+ {
349
+
350
+
351
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
352
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
353
+
354
+ $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
355
+ $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
356
+
357
+ if($allowedLoginAttepts - $failedAttempts<=0)
358
+ $this->handle_login_attempt_exceeded($userIp);
359
+ else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
360
+ $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
361
+ }
362
+
363
+ }
364
+
365
+
366
+
367
+
368
+
369
+ //Function to show number of attempts remaining
370
+ function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
371
+ {
372
+ global $error;
373
+ $diff = $allowedLoginAttepts - $failedAttempts;
374
+ $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
375
+ }
376
+
377
+
378
+ //Function to handle login limit exceeded
379
+ function handle_login_attempt_exceeded($userIp)
380
+ {
381
+ global $moWpnsUtility, $mo2f_dirName;
382
+ $mo_wpns_config = new MoWpnsHandler();
383
+ $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
384
+ include_once("mo-block.html");
385
+ exit;
386
+
387
+ }
388
+
389
+ function setup_registration_closed($user){
390
+ global $Mo2fdbQueries;
391
+ if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
392
+ $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
393
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
394
+ $error = new WP_Error();
395
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
396
+ return $error;
397
+ } else {
398
+ if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
399
+ //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
400
+ delete_user_meta( $user->ID, 'register_account_popup' );
401
+
402
+ }
403
+ }
404
+ }
405
+ }
406
+
407
+ }
408
+ new LoginHandler;
handler/mo-block.html CHANGED
@@ -1,9 +1,9 @@
1
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
- <div>
3
- <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
- <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
5
- <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
6
- <div><h6 style="font-size: 21px;margin-left: 19em;margin-top: 7em;color: red;">Your IP has been blocked. Please Contact your Administrator.<h6></div>
7
- <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
8
- </div>
9
- </div>
1
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAVMAAACVCAMAAADSU+lbAAAA51BMVEX///9fYGJeYGL3k01cXV9ZWlz8/PxdXmFhYmTv7+/5+fnm5+eSk5Tq6upaW173kUnV1dZqa21xcnTe39+IiYrMzc2bznuPkJHDxMWfn6D2j0VrbG19fX+EhIf+9e95eny2trf4pGr5rnnAwMGqq6yioqT4oGL3mFRNmWX949NSU1X+7eP83cn7zK3++PL5s4X6wpzy+e770riv2Jb82MD5touXxKX96Nu61cLg7eRzrYQ+kln3o2aiya73m1vM4NGGuZSszrZjp2t2tHCSxYG43KLL5buKwnXW6smm04np9ONmp3vC4K/9LbbnAAARyklEQVR4nO1ci2LbthUlaYAQSYkSKal6S7QlWbEl24obN22XuXul67b+//cMuBcgAZBytCVLkxVn6WJDEEgc3sfBBRjPc3BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBw+BSIkqSfJEn8H/UO/7f39JUjbs9mWZblxVk0RYtMIB++2Ot+ubw3hwt/+O/v8OtDp0UIYYyOonN69wiAtk91uL+5e7q6ury8uno4HipeX393ph/8XyBpMQEyOIvToc98nz+BRk7D/ePllKOLmE6v36qPvn/1ezLUpBUIns7m1A8C5jdyenO8nnYvdEyf5Ec//PiHnz7dLX/xSFq+AD2bU+hd53R5vO6ajF5cdN/d44d/evWHP37Su/6yAfGUR8iPjKdvDEa7+Mv0CiJq/N2rV6/+9Inv+0tG3M4BZ+b9AfYem83LY+n1PIxOL3a7nfj7+SA+/OnHV4LT1xy/FwkW9QXO1acd6N03G/dPFaO7h+PjgePN3dPxhnMY/lkw+pe//u39t99++/7n31P6/xgsr7qK0cvHfalM4Qeg9C9//wbx/p+/5X1+JOIoimLb00RjdLahnN17eTlFRi+uDrUPv+eU/lUy+s0v5167vPwLwQI6RC9Gkw+OcYKoBiTjTXswX7Q3Y81H42ExGSzmg0kxNIiK0Zn75nIz6okh5oN20WvuXTXdS8efPj/e12/5R43Sn+1Pw6SvYGTIsD+Wl9+se42PNeyvxWwWo804afpcH2N7YgzP6yui1v2XjSeZrFqUiuRM/bwtWY3Xg4zy1pS3ZoO1NkIHk07e1mYVF4uMpjhGthhrvXvYeTapmu6kFn331qvjB+74itJfLXNINoNVrqAvdnuj3Kcp6AuaZoNh3Yx4jxR68DmuJp2GC/faOdPGWDdwNhRd+KeiRz5q6iERbQJKuCwPuIpkPqEMrtjLKYEGoe/5ZfJeNTMf1VGlT8Nhzi/EhwhE94DQVTXhIUktLXW4ADPtPiybbodzqmLpP8xYGk0IJRUqIdEf8KfJVxaohBm/2MJKiUmbaj0IbW1sHdgf8Rn4soMfiBlbY3jJgg+iejDg5EQISEaCURwJ/mJ0noTrFhVrJfy6+JO2yseStIhYbVbrqHjDW5jWPaBsrS6Hmj+oOL1/h0q0mVIv/ldlpuasBzgjvEm/4nScUQY3WzLi06ynf7W3AgOpenBxbZrqOKes7BDIMcY6ZSHv4leXFz+Q1qbRVKMFZzQQfAr44n8+nW8zeGbYgK2kpfQo51SYb1pyuvEJXIsF5ZxJa604Dax11CPkp+5zM6We98cymhpmGi0oXiHAq5ScrjOkWrgJw3sOglTzK68v2Sh78L/pSKdjLMxEflX18MlMDy/8MsyvLo89fC2ilYjb1EcitacofFtvYLJxrDgFyy19f0wYw05M2Tb/IZM3NPQhhpSc7i+FmXZ3Nyco9V5/25jzR8qQ5L2quxm2TBOUPbizqW925lR+wKoehEwqUocZqb4aoKuJGWeVMQ+REo0q6EE39QkU0KH02+re+JdZ1QBDqEsAp1UNJVmlQTldBjcuHiVddSSn8FhLTh8x59+dotTz/vkegqlJaf8WHYnJ2TDJaTJLZUMAUTZQ86XKhOIJVT0UZ+CCpSd5yZycGKN0rk6GAVIkC5EdpMPwUWp14c489XUwhqYGfzNposg4/790o3HKpO+HGyItmVX/iVqgfIRDYJml8vZQ7Xev9qc59V7/8vOvv1haf6vFdz1HbakM+ITOFqMBFzDyDogvDbXHjZD5PjMnym1iXsautBwjM8bwWzKCiEniGGlrtCmKSU7liPVK0hq/zW2Q3t6KP4QF2ADmmvIW0crARHyySpBT0SuQdprk4NviYyp68yHkrxk41xC9ST3ymx1wapvp/u541JWVnVDDAcHEwOhtpmkpYT/o6611EnE53p9g+uY5Rrplm8rEw+QcUeLwr8joEWWqoVXgGFsZT5QV8YgsG+iix/V+GCfbW3RiRqxCRpgTNMQ0L5I4jDvrOSNoc9xOSas9jMMwHk5aYLU8+RfIqfhZ2WlBpXWng3EUxtF47sshsPcQP1WcHkWG6l6bWv/+ThSmG5RAuJQdoxXBe2i1DcW+ScGjuAgpQ1+PTwpufwXPNEp96OGnM5hjj89GNqzwC8Ut9iDzcox+nsox4GphkYLz8VmUQXjtE5gYWZnPv0/BoANS6rlOW7q6eHKlHhozfPY4ZNKC+CntFGIRbyhjfjRRzjUS30c79ZXvQ4aaHk3qHi+kvLIo3R+vHt7gfa3QTvXMIq41QPuRc0cMsb7LUE+t0aB8slBKYD2TRsfwSws1hiZIexgTGTq/ugzLK0cPt8p0TR1b3KKZasIjmhNM34xuq44bDB8k75ScSn3aIUAw9+3yclz1sKB8yENgXHG6xBWUmfRRCtTblw/T7vTiRnEq0DIn0BeOxke/XWuN4YKAoWASaqN41edYoHDxKXToZDgGKfQxRhi/sUs/k09Uv0wfndyn+vfKUEN0QTBWzzXXVHEkp0R6ntT8vtSnPexOZroevEVLhZyIml/F0xtw/Z3p+gdV97Ps9yDq1Lib0lnhxDNLquPSh7UM612j+8G0olWKeU2bY7zAjIPSYCzNOjeGhttmAd0KXxtTlBp5ElaIJykkDrPaHi/E9bge0BcdEQEhF1Ddy8JtGkCmKYBTiOlopwWFD4ghoXOMH/BYYT+qzPsg+LtXZgh6M7V3oySn2PneK32fWJwWmGPpyGhNUI+mYgaQXcTd9I2vBTgDcR8F5lg6MMboz+Bx4dJAuKn4Rt6eaJjLqDbXpx7lImkGJDPCvrwJwxW8NUoRiAdop9L3t9RIkAiuCAOxV1p4ct+0lHqQouxwelPu8JlyADRC93IpORWmZ3IabzHKWO4XCQnPglRs7nAlJXqwTH+MPI+AvgM1tcWUZql3oTK5QEDC2pgJ/SClKZV/qHAG3oNbr66mOplQTb7Z6EnJasQO7iDADFgb7PEx6ftt5NQ3ekvzSTchcMqq9T5yaimppYyn3alZqHp7DRphj5wKCcQsTtuQ1INbU3jHOWRpuEFYZglujA634GkpBPx2CjnFCMkqLXHCBKfCnxkWmRgLUAJUDTPdBRKxqhdqwIhGAyCEBYbuGoK/M3Ay1FIlp2JsazkxxpSWbmOhpWBxJTl9Ak4fTU69wzOI1gvLfjF3Pb/1St8PLE5HYHAY5iuEGP1BG6Ex2McLcOHHROkpxCTGrOcSjWAOZCYmKS5eLYGkaFDrHGLUa/pCMHNdZiqsUQqxw2Rp2IIlajoATkHFo+/LZbgRkr2hdEkR0IZ4F+lLnIaHHW/e3VkVauC0i5zmUMCwfX8kl50Wp3MwX8mp8NBSyklkKC2R0xR63JpjxKMUCZOcBkA8SbFyWYES2jI5RRFhcoq+QGxOoZpHkFNxCYarshGqYYvTFOquyClqLYPT+mL/usud3C5R7681TvH6dTv1T9gp51GUUWRWtzmFxR5Rdip+sTiNRikGcOQUDXS1aMJA932e28Si0+YUhENQs1MojFR26is7hcqExSkqL8kpVB9eylF8IQV2au9NyRwl4ym4mh1PMSHTpnjKfR84hVpmzU59xamwIdHDjqcLyPvI6ZxgDdBahjahn0FQSG1OwcxrdgqZEjnFrFnZac33URNK34fektO7Ji3FLRIWUm+sVtCt3UulpfyaloonGE+pxQckUSY5Re1u2ylkF+B0kuINmnk/wRiKnCp3OONEQx+ruTU7BUJsTmV9z5N5X9WkZZao+75gvc4pSs5n+95uGgsr+AAeRGfBaVDLUeEGyjs2Y33IsoHkNGjokZHKTjcExzA1bi/DMTIUjOilk9M7UOW1YeFb830MJPV4WnEKP1MtR5EmTn2Vo7TEu8SFvR05oajaPVonUK+q2gBoqbrmX6OSI4b6BIkuam3SToNmO/UxRynpbSnKQq7GgVN1mZX5RBUMTiGsNHHamKNEmFB2ysp4imq25vvM5LSsSb9rqqF4R+D0wcz7ezhCNT1ITrF+aHLakwX6Wz3S8aUMBnwtR9U5DRSnfezhB0XDGD5wqroYmj2ZjNpt/mdgEIXx1NZSbSSkyfeZtFOmcYpZs2anUP1Tvs+q86dY63tnqaYncQJ1emnW+u5wybpETmFIm9POHPdtyKJqDzdiYRT4Zd4XPeqcMsVpvCJyVaUtJ6WZ8vWXmGQ0JzKp6XUpXFGlpmBAO23QUuIaNqcQ9qniVEQHyanfpKXwzGnd970DrkKtdHS4Ergz7uMeN66ukLwVXNPK+2IVjFsSwaSc7RoUYlDmKFh6NmipADV/NYZWs4BvQVUVOA1FmRYWsJOw6iJ7zIwg2581corBo85poPm+KBNUnNZ8HzRyoHFaGoraOzm1a1rhDkNvVT+t533u/L4EXfWiOI6jZCK3nUstpZcbKk6rHOX1iRojhzHiZEtUE8ZTrc7fhqN3YVRQ1VIYI/ezUzmqyfd1LQVrCqWlGn1fy/uwrisndffBPT6E3F+V8YDbKXBjcxouqFwrEraYbCeDrNq30n2/ZqdVjhIrqXKMOR9jlFH1pKSdctGmSE7z7Xq83izUPp62OaBx2rSOalibwoK1stOKU79B86dYHUDNj3tB5V70NXBVWzRZCI9dvVKFOSqo2anXAz5w4SyKRQT2wowcxYK6nbIqR4lMh1tdwr6w4FSOITlFrYPnCsSBlpSURxlMaYxaKqhrfrDCllVDwV36Mp6WWgpN0vZ9VFsNvq9SD0r508Ata1xEead9v9z09FWBo9zFV5xCQ5PvB4rTsGBqxx03ANQYQcmpOMSAW5e++gSntbWktuD01Hq/vo7CWpRX1k/TF/QpIcw3ayja2Z5rtMCnl0i9kUfRVbWlk+N5ojqn0YTiBiSfMSQSbsw5lkhe0qegItSRqBjHCKox2CzHNKY49QrYLfZxO5BBTUW8z2SvAuQ2S0OOalqbwuMuOWXlOspv5PS0nXpv5FbJ8TSph2v9dH/JaZOdclJvjZMoNBtitFN532/ktIqnSKoxBmmt5cRKTuNxRlUHWfJLycRYJ0hOSUBIzfe5lfEPbN8XjchpoJ3rG4ljGQHxrXiKPYDT2jsSMlS+kPwfd+j5z2XQ5ZwCGjj14kLMA0918Vub98I55bfEqKqh1F/RyOCmK069eD2TR/FERZHkvRhKSUHFqTiuwog6VgXnn/KGM5nJKpuJ1xwXxkeTVpbxRuMAltfLM3ghEur8M3jbMYOd0naGvc1zdNghg5p0hj2001rLB3mm9/rQZKr7p6mktCpUdeY4Yt7AqTiXKg7QUp5gWqsi5mIArpiJhcAYb7ZlHhbL8Z7mWpUu2swzOca8iLCMqGrSEuGwnbdw34SS2aBoWv3HPYS1vytbDbOOtK7l18IP9RYnqaOGi+zV2fPdU+0o2vJO7Ux3H6tnHavrnKhiJMNiMhq0i2GiTUEcZS5vxejeqzpU6OAYeI46kr5vVgHC/lj0gdPYZ73J9BnxdidJ7T6brHJGL9Tm1AclrAku+D/6FRUxBj7IaIB1/nltTN7nrPP8nx376sWT6e7h8fB2v9/fvDleT9VbU92dvcHyeSFXTtphni8fe/Odsx2+c1a+2De9rL+Q8lmBJ6R8uvkSLfIU7u926qgEEHuh/zJ98SzlZwAurbhcOmO75EvC26cL661oGWO77xre8fmciIczWYKtvSjxxePw9Gy/Gd2dXlzefbho9T9E3BkOUrEZJfaGv6ZwKnF/w/O8+CcRhPPDP4rw/PTmN3D7ZIxYr4tNe+7LulRgHRz5WhAu3z4+XD5zQi92766Oh/1v4vUFbUn4qXwvDMtEX1OGshDeL5fL3zCGFtTH4/X4UhNWqQLSvGpzOAsFZUxVt3DvXBSJ8t6Hv+lwCoV6VySQfh+IFzy/upz/RaG4LSt90u3JzK42O/xnKG4J/JtZsi5JW4vCGelHYi3qm4gsW7WLnktOH43YgHN6BwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHBwcHh/Pwb5PnTnFHEM1hAAAAAElFTkSuQmCC" style="margin-left: 5em;width: 12em;margin-top: 1px;">
2
+ <div>
3
+ <img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7N13nFTV3T/wz50+21hgl91l6b2JCGJHxS4WigUZFUuMYyTR50meTMovz5P2S35PJqaZoI5JlICOJbqoKDYUlC4KSO8odYEFtk6/9/z+mF1YYcuUe+fcc+/3/Xqt4DJ757u7M+d87ynfIzHGQAghhBBzsfAOgBBCCCG5RwkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmRAkAIYQQYkKUABBCCCEmZOPxpB6vzwJgFIARABoAnGj1cTwY8Cs84iKEEEK00NzvdQfQrdVHIYAtADbx6PckxlhOnsjj9Y0FcAuASwBcBKConYceBTAHwD+CAf/OnARHCCGEaMDj9Q0G8BCA+wH0aOdh9QBWAVgBYEEw4F+bi9g0TwCav/nfArg9gy9fAuDvAF4PBvxRNeMihBBCtODx+pwAbgPwbQBXZnCJ1wD8VOubYM0SAI/XVwbg50j+ALKdatgH4L8BvEDTA4QQQvSoeZj/HgC/BtAny8slkLwB/mUw4D+SbWxt0SQB8Hh9QwF8BKBS5UtvBPDjYMC/UOXrEkIIIRnzeH2TAPwvgHNUvvRBAFcHA/7tKl9X/QTA4/WNRLLzL1P1wt/0CYAfBQP+1Ro+ByGEENIhj9d3IYDfAbhCw6c5gmQSsFnNi6qaAHi8vnMBLAJQotpFO1aF5DyJ6pkRIYQQ0p7mke7fApiWo6esAXBNMOD/Uq0LqpYAeLy+EgDbkNzmkEsJAM8B+EUw4D+c4+cmhBBiIh6vrwLALwA8iNxvpT8OYFgw4K9R42JqBv9/kfvOH0h+Dw8DuMfj9f0ZgD8Y8NdxiIMQQohBeby+LgB8AP4DQB6nMLoj2dc+osbFVBkB8Hh9owGsBWDN+mLZOw7gNwCeoq2DhBBCstG8pe9RAP8HfG5yzyQDGBsM+DdkeyG1RgD+DH10/kDyF/RHAI97vL7fA3g+GPCHOMdEiKqmzZxlAUMpkottywD0YEApkh9dAbgAOADmBOBM/h2ONv4OAFEAseaPM/4utfx/BMBJAMck4BiSBbuOADgCCceq5s6m7bnEUDxeXx6ABwD8EEBfzuG0ZkWyz70q2wtlPQLg8fomAvg420A0dBzAUwD+Fgz4j/IOhpBUTLt3ViWAoQwYDGAQwAYCKEdygW13AMXQz1keCoBaJN9rNQCqAWk3gF0SsBPA9qp5sw/yDJCQVHm8vh4AvovkXb8e7vjbMzEY8C/J5gJqjABcqcI1tNQdySJCP/R4ffMA/IF2DRA9mHrPd0oT8fg4hbFhDqerL8AGARgAoB/4zTFmwoLTtc0HJz/FWv0XmHrvoyEAXwHYA0i7kEwOdgBYXzVv9rHchkvI2ZpX9f8AwL1IjqDp3UQkq+VmTI0RgA8BXJPVRXKLAXgbwO+DAf9S3sEQc5h276xKOZG4UFbk8YwpYxljoxhjPQHA4XTCYtHLDBoXBwBsAKS1EvAFgDU0YkByxeP1TUBymP9mABLncNKxKBjwX5vNBbJKADxenxXJecHCbILg6DMATwCoCgb8Mu9giDFMu3dWpaLIl8uyPJ4xZQxj7BxFUUpO3w+3kOBwOGGxmrrzb89RJJOCdVJygfFSSgqIWpr7rmkA/gvABZzDyVQDgK7Z9F3ZJgDnAlif8QX0Yy+APwF4LhjwN/EOhojl1hkPVyiKcj1j7CqAXcoYG8BY52vi7A4XrNT5p2MXIH0KYLEELKqaN7uad0BELB6vLx/J/fv/CaA/53DUMCabwkDZJgBTAMzP+AL6cwLA0wCeDgb8dLdB2jTZ4+2RiMevV5Id/mXNc/dpsTucsFpzXUPEcLYD0icSsBjAR7SWgLTH4/VVAvhO80c3zuGoaWow4H8j0y/ONgG4HMm6/EajAPgQwBwAbwQD/gjfcAhP02bOsiiyfHkikbhdUeSrGWNDAZbxXKHd7oTVRp2/yhiALYC0SALmQ8JS2ppobh6vzwVgCoD7AVwL/eyaUdPl2axlyzYBGAFA1cMJdKgWwMsA5tDhQ+YxbeYst5xITJJl+TbGlOsURVZlO5DN7oDNZlfjUqRjNYD0bnMy8F7V3Nlh3gGR3Gg+nOd+AHchuV3WyEYGA/4tmX5xtglADySLgZjFViRHBebRuQPGM23mrJJEPHGboiSmKIpyBWOKW83r22wO2OzU+XMQAvAxIL0pSXijau5sVeqoE/1ors9/L5Id/3C+0eRUWTb1bdTYBRCHWFsn1CADeB/JZOAtKjksrmkzH+0ejyVmKky+kynKeMYUTVblWa022B3Ozh9ItCYDWAVIr0oSXqyaO/s474BIZppL9N6KZKd/PfRTjTZXGAA7t10AAODx+g4BqMjqImI7AeAlJKcIPucdDOnc9dPutdus9qkM7H7G2DUA0/S23GKxwuEUoa6I6cQAvCdBmgMJC6rmzk7wDoh0zuP1nY9kpz8DxlrQl67DwYC/ZzYXUCMBeAHA3VldxDi2AKgC8BaAz4MBvzpnLRNV3DL9oQtlRX6IMWUactRwSJIEh9MNSTLbIJlwagDpVQl4vmrebErkdcTj9UkAzkfybn8agBF8I9KNF4MB/z3ZXECNBOAeAPOyuogxHQawAMlk4CPaScDHtHtn9YzFY99S5MQ9jClDcvvsEhxOFywWIy4+NrStgDRPAv5VNW/2Id7BmFHzCv6rkez0b4G5R5nbc28w4H8hmwuokQD0AFAN860DSEcIwAdIJgPv0KFE2pty93euTCRi31cU5UbGFC577mivv/ASAN6WIP25at5sI2531pXmvuQmJDv96yDWeRi5xgCUZ9uXZJ0AAIDH61sL4LysL2QOCoBVSCYDbwUD/q2c4zGMaTNnORPxxH2yHP+eoiijzi69mztWmx12u4Pb8xPVfQlIf5UkvFA1dzYt+lWJx+sbjmSHfyuAi2DMvfpaWBcM+MdmexG1EoDfAvhJ1hcyp11oHhkAsDIY8NN+5TRNvefRingi/p+KkniQKQr34ztp0Z+hHQOkf0jAX6vmzaatwGnyeH1uABfj9J1+2lU0CQDg/wUD/p9mexG1EoArkOWxhARAckvlWgDLmj+WBwN+Km/ajske7yUJOfF9psi3MqbtSv5USZIFDqeLFv0ZXxxAVfP0wCreweiVx+srBXApgMuaP8YC0MV7VXBXBgP+rKel1EoA7ACOQ9xTAfVsO04nBMuCAf8uzvFwd8v0hyYpTPm5oigX8BzmP5sEp9MFiRb9mc0KCdIvq+bN/oB3ILx5vL5BON3ZXwZgKN+IDKkBQPdgwB/P9kKqJAAA4PH63gAwWZWLkY4cAbAcp5OCdcGA3xT7l2+644FbFcb+G2Dn846lLVTj3/RWSZB+VTVv9ru8A8kFj9dnQ3LtV0tnfymAMq5BmcObwYB/ihoXUjMB+A6Ap1S5GElHE4A1ADYgeS7DZgBbggH/Sa5RqeiW6Q9NluXEzxmYbhea0rw/aWVN84jAO7wDUYvH6+uK5P77kc0fowGMB5DPMy6TejQY8D+txoXUTAAGANitysWIGg7jdEKwGckiRZuDAX8t16jScOuMh6ckEvH/YUzRbccPABIkOFxU7Iec5XMJ0q+r5s1+i3cgqfJ4fcVIdvCtO/uRoH34ejIwGPDvUeNCqiUAAODx+r5EMjMk+nUIrRKC5o+9AI5mU1NaTVM8j0yJJ2K/VBRltL7m+NvmcLhgsZqtDDlJwzoJ0i/0kgg0n+HSA0B/nO7gWzr8rErLEs1tCAb856p1MbUTgP8E8EfVLkhySQFwFMkE4XCrj0Nn/P2IGotP2jLl7kfGJRLxP8uyfJkIHT8AWK122B2035+k5BMJ0ver5s1eq8XFmxdjlyHZiVc0f7T+e8v/9wDttxfV94MB/5/UupjaCUAPAAcB0Eoo42IAanA6ITiKZKXDCIBw85+tP8783Jn/n0jEY+XRSPiniUTiJoAJ0zC1bPkjJA2KJElv2Wy231lt9mok20pXqw93J//f+nN5SHbmLR17Cagiq5ElAFSqWUlW1QQAADxe31tI1m4mhBBCiDoWBAP+W9W8oBZ3W3M0uCYhhBBiZnPUvqAWCcDbSBYFIoQQQkj2jiPZt6pK9QQgGPDHALyk9nUJIYQQk3qpuW9VlVYLruZodF1CCCHEbOZocVHVFwG28Hh9m5DcV0oIIYSQzGwOBvyjtLiwlluu5mh4bUIIIcQM5mh1YS0TgBcARDW8PiGEEGJkUST7Uk1olgAEA/5qAM9pdX1CCCHE4J5r7ks1oXXVtd8B0KRsLCGEEGJgcST7UM1omgAEA/6vAczV8jkIIYQQA5rb3IdqJhd11/8fAF2cMkcIIYQIQEay79SU5glAMODfDSCo9fMQQgghBhFs7js1lauT136D5HGzhBBCCGmfgmSfqbmcJADBgH87gFdz8VyEEEKIwF5t7jM1l8uz13+D5FnyhBBCCDkbQ47u/oEcJgDBgH8TgPm5ej5CCCFEMPOb+8qcyOUIAAD8AkAix89JCCGE6F0CyT4yZ3KaAAQD/o0A/pzL5ySEEEIE8OfmPjJncj0CAAA/B/AVh+clhBBC9OgrJPvGnMp5AhAM+EMAZuX6eQkhhBCdmtXcN+YUjxEABAP+haBtgYQQQsirzX1iznFJAJo9DqCO4/MTQgghPNUh2RdywS0BaD7i8Me8np8QQgjh7MdaHvfbGZ4jAAAQALCCcwyEEEJIrq1Asg/kRmKMb3E+j9c3CsBaAHaugRBCCCG5EQcwNpdFf9rCewSgpULg73jHQQghhOTI73h3/oAOEoBmvwCwiHcQhBBCiMYWIccV/9rDfQqghcfr6wZgDYABvGMhhBBCNLAHwPhgwH+CdyCAfkYA0PwDmQygkXcshBBCiMoaAUzWS+cP6CgBAE6tB5gJOjaYEEKIcTAAM/Uw79+arhIAAAgG/PMB/Ip3HIQQQohKftXct+mK7hKAZr8E8AbvIAghhJAsvYFkn6Y7ulkEeCaP11cIYCWAkbxjIYQQQjKwGcDFwYC/gXcgbdFtAgAAHq9vIJI7A7ryjoUQQghJw0kkV/zv5h1Ie/Q6BQAAaP7BTQHtDCCEECKORgBT9Nz5AzofAWjh8fouAvAugGLesRBCCCEdqAVwYzDgX8U7kM4IkQAAgMfrOxfAhwBKecdCCCGEtOEYgGuDAf+XvANJha6nAFpr/oFeDuAg71gIIYSQMxwEcLkonT8gUAIAAMGAfxuACUiWUySEEEL0YA+ACc19lDCESgAAIBjw70UyCdjKOxaiPqfDDrvNxjsMQlRlt9ngdNCJ5wa1FcnOfy/vQNIlzBqAM3m8vlIA7wM4j3cspGNulwsVZSWoKC9Fz7JSlPcoQUFBPtwuJ9wuJ1wuJ9wuF1xOByyWZE4qyzLCkSjCkSgizX+GIxHU1Tfi8JGjOFR9DNVHalB9rAbxeILzd0jMyG63oby0BOVlJehZXoqKsh7oUlQAt8vV6nWd/LBarQAARVEQicYQjkRava6jaGxsQvXRGhw6cgyHq4/h8JEahCMRzt8hScE6ANcHA/5jvAPJhLAJAAB4vL5iAAsBXMw7FpJUkJ+HEUMHYsSQgehdWY6K8lIUFxVq9nyMMdQcP4nDR2qwd99BbN6+Czt2fYVYPK7ZcxLzcdjtGDKoH0YOHYT+fSpRUVaCku5dIUmSZs9ZW9+Aw9XHsP9gNbbs2I0t23ejsSmk2fORtK0EMCkY8NfyDiRTQicAAODx+lwAfg/gu7xjMSOX04Fhgwdg5LBBGDlsIPr26qlpo5iKeCKBXXv2YdO2Xdi8bRd2f7UfsixzjYmIxWq1YmC/3qde14MH9OU+NcUYw9cHDmHztt3YvG0Xtu3cg0g0xjUmE/sbgB8GA36hh2mETwBaeLy+mwE8D6CEdyxG53Q6MH7MKFx20ViMHDrw1PCmXkWiMXzx5WYsW7UWG7fuhKIovEMiOmSxWHDO8MG47KKxGHfuSLicDt4hdUiWZWzevhvLVq3FmvWbEKVkIBdqADwQDPjf5h2IGgyTAACAx+urADAXwDW8YzEaSZIwcuhATLh4HMafd47uG8f21NY3YPnqdVi26gt8feAw73CIDvTtVYHLLhqHSy88T9PpKi1FojGsWbcRS1d+gc3bd8NI7bqOLELySF/DNByGSgAAwOP1SQD+C8BvANCy2ywVFxXi+qsuw4SLxqJb1y68w1HVvgOHsWT5GixethrRGK0ZMBOnw46Jl12IKy8djz69KniHo6oTJ+uwdNVavP/xMtTW6/IMGtHEAfwfAE8EA35DdZiGSwBaeLy+cQBeAjCYdywiKulWjJuvvxITL70Adruxt+XVNzTh3Y8+xQeLV9LKa4Nzu1y4buLFuPHqy1FUmM87HE3F4wksXv4Z3n5/CWpOCLtOjbedAGYEA/4veAeiBcMmAADg8foKADwJ4AHesYiivEcJbr1hIiZcNFb3c/tqC4XCeH/xcrz70TJabW0wBfl5uPHqy3D9xEuRl+fmHU5OybKMpavW4q33FqP6aA3vcETyPIDHggG/YQ+jM3QC0MLj9U0H8BcAZbxj0auSbsWYPvVGXHz+uaf24ptVNBrDB0tWYP47i2iVteBcTgem3nQNrrvyEjgFXbeiFkVRsPLzL/HK/HdpRKBjRwA8Hgz4X+EdiNZMkQAAgMfrywfwGAAf6FTBU6xWKyZdMwHTbr6WKpWd4URtHea9ugCrv9jAOxSSgQvHjca9d96CbsXGWruSrWgsjqq3P8TCRUtpe+w31QLwA3gyGPA38Q4mF0yTALRoLh70QwCPAzD2JGAnRgwdiAdmTEVlRQ/eoejaxq078XxwPg2fCqK8Rwke8EzFOcNp+U9HDh4+iudfmo8t23V9ZH0uNCE5Qvx7kYv6ZMJ0CUALj9dXBuCnAB4BYKqxweKiQtx9x8249AKqopyqeCKBtz/4BG8u/JiqDOqUw27H5ElX4ebrruBetEckyz9bhxf//bYZdwzEADwD4LfBgP8I72B4MG0C0MLj9fUB8HMA9wEw/Kq3saNH4JH770RBfh7vUIR08PBRPPnsC9h/qJp3KKSV3j3L8djD99BoVoYam0J4Zs6rWLthC+9QckEG8C8AvwwG/Pt4B8OT6ROAFh6vbyiAXwG4AwDfWrYasFqtmDHtRky65nLeoQgvFo9jzktvYsnyz3iHQgBceekFuH/GZDjstIYlWwsXfYqXqt416toABuDfAP4nGPBv5x2MHlACcAaP1/cWgFt4x6Gmku5d8di378ag/n14h2Ioy1evwz9ffJ12CnDicjrwrbtvw6UX0lSWmnbt3Ycn//4iao6f5B2K2hYEA/5beQehJ5QAtOLx+kYA2AjAMPvgzh8zEt777kS+yfY+58rhI8fwl2dfwD4qK5xTfXpV4PGH70FFWSnvUAypKRRG4F+v4vP1m3mHoiYFwDnBgN8U8xypMExHp5L/gYF+JlMmXY3vf+c+6vw1VFFWil/9+LsYO3oE71BMY+zoEfjVj79Lnb+G8vPc+P537sOUSVfzDkVNFiTbeNKMRgCaeby+kQA2wAAJgCRJuG/6ZFw38RLeoZiGoij4+7zX8MmKz3mHYmhXXHI+vn3v7aYvVpVLHyxegX+98qZRDhhSAIwOBvyGGtrIFL2LTjPE3b/NZsX3HvJQ559jFosF3vvuxK03TOQdimHdesNEeO+7kzr/HLtu4iX43kMe2GyG2CRFowCt0AgATt39b4Tgq/9dLie+/537MGrYIN6hmNp7Hy3DvH8vMModE3eSJOHeO27BDVdfxjsUU9u0bRf++PS/EIlEeYeSLYbkWgDTjwJQKp30PxC88y/Iz8N//+AR6vx14IarL8OjD95Fd6oqsFgsePTBu6jz14FRwwbhv3/wiBFqiEigUQAAlADA4/WNQnLvv7CcDjt833sQ/ftU8g6FNLv0gvPwoGcq7zCE96BnKlWs1JH+fSrh+96DRjg35I7mtt/UTJ8AQPC7f6vFgse999Iefx26asKFuGPy9bzDENYdk6/HVRMu5B0GOcOg/n3wuPdeWMUe4aJRAJg8AWjOAG/nHUemJEnCw/fdgTGjhvEOhbRj6qSrcd2VtCAzXdddeQmmGmsLmqGMGTUMD993ByRJ2HsnALjd7KMApk4AkDwDQNhX8IxpkzDhonG8wyCduO+uybhw3GjeYQjjwnGjcd9dk3mHQTox4aJxmDFtEu8wsiEh2QeYlmkTAI/Xdw6A23jHkakbr56Am6+7gncYJAWSJOHRB+/C8CEDeIeie8OHDMCjD94l+p2ladx83RW48eoJvMPIxm3NfYEpmTYBgMBz/0MG9oPn9pt4h0HSYLfZ8L1v340uRQW8Q9GtLkUF+N6376ajfAXjuf0mDBnYj3cYmTL1WgBTJgAer683BL37L8jPw2Pfvlv0BTimVFxUiFnf8tDdbRskScKsb3lQXFTIOxSSJqvFgse+fbfI2wNva+4TTMesvchdEPDuX5IkfOeB6ejWtQvvUEiGRg0bZLT66qqYMulqqmEhsG5du+A7D0wXNbmVAMzgHQQPZk0AhPxl33Tt5TjvnOG8wyBZuu3mazBiyEDeYejGiCEDcdvN1/AOg2TpvHOG46ZrL+cdRqaE7BOyZboEwOP1DQUgXGWRwQP6YvrUG3mHQVRgsVjw3YdmoKiQ1gMUFRbguw/NoKqJBjF96o0YPKAv7zAyMcbj9Znu7sqM7zrhMj27zYZHH7iL5v0NpLhLER6gSoF4wDMVxV2KeIdBVGK1WPDoA3eJupBTuL4hW2bsUYT7Jd96w0SU9ejOOwyisgvHnoPRI4fwDoOb0SOH4MKxpt2BZVhlPbqLeiqmcH1DtkyVAHi8vrEAhGpxy0qFfTORFDxw11RR75ayYrfZ8MBdNAJiVLfeMBFlpcLdtAzyeH0X8A4il0yVAEDADO++uybDbjdfB2EWZT2645YbruQdRs7dcsOVNKplYHa7TdRqjsL1EdkwTQLg8fokANN5x5GO8eeNojr/JjD5hqvQo6Qb7zBypkdJN0y+4SreYRCNjRk1DOPPE67U/nSP12eaftE03yiAywAIU+zB6XRg5vRbeYdBcsBut+H+GVN4h5Ez98+YQqNaJjFz+q1wOh28w0hHBYAreQeRK2ZKAIQa2rn2iovRvWsx7zBIjowZNQzDBvfnHYbmhg3uT6NaJtK9azGuveJi3mGky8M7gFwxRQLg8fpsAO7gHUeqHHY7brqWDvoxGzNUCDTD90i+6aZrr4DDbucdRjpu83h9Qg1bZMoUCQCAawCU8A4iVRMvu4AOjTGh0SOGYGA/YWap0jawX2+MHiHUJhyigi5FBZh4mVCL64sBmKLqmlkSgLt4B5Aqm82KW66/kncYhBMj3yEb+XsjHbvl+iths1l5h5EOoaaMM2WWBECYJceXX3w+HfZjYmNHD0ffXhW8w1Bd314VGDvadJVWSbNuXbvg8ovP5x1GOoTpM7Jh+ATA4/X1gCCr/60WCxX9MTlJkgx5pzxl0tWinhRHVHLrDRNFKmde6vH6+vAOQmvC/DayIEzaOfbcEabaD07adsHYc9Ct2DijQN2Ku+ACKvlrej1KumHsuSN4h5EOYfqOTJkhARjPO4BUTbhoHO8QiA5IkoRLLhjDOwzVXHrheXT3TwAI18YJ03dkygwJgBBZXEF+Hu2PJqcI1lB26PKLjfO9kOyMGTUMBfl5vMNIlRB9RzYoAdCJS8aPEW2VLNFQ78py9DHAYsD+fXuhsqKMdxhEJ2w2Ky4ZL8zoluEzV0MnAB6vrxeAct5xpGIC3SWRM1x24VjeIWRtwkXifw9EXQK1dV09Xt8g3kFoydAJAAS5+68oKzV0ARiSmUsvEHvu3Gqx4JLx5/EOg+jMwH69UVFWyjuMVAnRh2SKEgAduPQCaiTJ2boWF2HE0IG8w8jYOSOGoKgwn3cYRIcEavOE6EMyZfQEQIhVnOeMGMw7BKJTIpfOHTWcXtekbQK1eUL0IZkyegKg+8kml9OBATT8T9oh8gjASIFjJ9oa0K83XGIcEzzW4/UZtp807Dfm8fr6A+jOO47ODB3UX6TqWCTH+vepRJ7bxTuMtBXk5xliFwPRhtViwdBBQhx/XQBgKO8gtGLjHYCGhJi7EfkOT01Ha45j6fLPsH3nHuzcvRdFRYUYMqg/Rg4bgisuu1DoxXDZsFgsGD5kAL74cgvvUNIyfMgA0/7OAIAxhk+WrcbmbTuwY9de1Nc3YPDA/hg6eAAmXHoBepTo/t5EcyOGDsSXm7fzDiMV5wPYyjsILRg5ARBi7oYSAGDhB4vx1D/mIRQKf+PzGzdvw+tvvosRbw7Gj/7jEfTu1ZNThHyNHDpIuATAzK/r/QcO4Xd/fgZbtu38xue/3n8Qi5Ysw/Mv/huPPnQvJl1n7nM/BHqNjAcwj3cQWjDy2PO5vAPojNvlQv8+lbzD4Mr/5wCeePLZszr/1rZs24mHH/sJvtxkyCS8UyOHibcVWaDGXVVfbtqKhx/7yVmdf2uhUBhPPPks/H8O5DAy/enfpxJulxDTW7rvSzJl5ASgF+8AOjN4QB9YTDz//8myVXhv0ZKUHhuNxfC7Pz2NULj9RMGoevUsE2odQJ7bhV4mrP4XCofxuz89jWgsltLj31u0BJ8sW6VxVPplsVgweIAQB+4Z9i7NyL2P7n9pPct78A6Bm8amEP40+59pfU31kWP4+5yXNIpIvyRJEqlwCirKSk05///3OS+h+sixtL7mT7P/icamkEYR6Z8gbaBh5x4NmQB4vL58ALo/T7W8rIR3CNxs2rId9Q2NaX/dys/WaRCN/omUAPQsx9EekwAAIABJREFUFydWNWXy2qxvaMSmLUIshNOEIG2g2+P1FfMOQguGTAAgSMbWU6BGXW3bd+7J6OuOHqtBQwaJg+gqBOpUy034um5oaMTRYzUZfW2m7wUjEKgNNOSeVqMmALof/gfEatTVtnvv1xl/7Z6v96sYiRgEaiiFilUt2bwms3kviE6gNlCIm8p0UQLAidNhR7di3c9SaCYajWbxtaktsjISkaYARIpVLdm8JrN5L4iuW3EXOB123mGkgkYABKL7bK3cpAulSGbKy0qEeL1IkiTKvC7RgeTrRYiEUfd9SiaMmgDofsFGj5JuvEMgAnHY7ehSVMg7jE51KSqEwy7EHR3RCUHaQkMO1xo1AdD9pmm3y8k7BCIYEV4zIsRI9EWQ14zu+5RMUALAiSAVsIiOiFAMSIQYib4I0hYKEWS6jJoAuHkH0BmXGFkv0RERXjMixEj0RZDXjO77lEwYNQHQfbYmyLAX0RGXU/+vGRFiJPoiSFuo+z4lE0ZNAHSfrQmS9RIdEaGhFCFGoi+CtIW671MyYdQEQPfZmiDzXkRH3G79N5QixEj0RZC2UIgg02XUBMDBO4DOCFL8guiI06H7l7UQMRJ9EaQtNOQL26gJgO6P14rF47xDIIKJxfT/mhEhRqIvgrSFuu9TMmHUBED3p8WEw+Yt/0kyE45EeIfQKRFiJPoiSFuo+z4lE0ZNABp4B9CZiInrf5PMhCP6f82IECPRF0HaQt33KZmgBIATaihJuiICvGZEiJHoiyBtoe77lEwYNQHQ/XBNOGzuodJsDrYR4VAcLYjQUIoQoxbo9Zw5QdpC3fcpmTBqAqD7bC0sxrCXZnpWlGX8tRXlPVSMRBwidK4ixKiFbF6T2bwXjECQtlD3fUomjJoA6D5bEyTr1czQwQMz+ro8txuVJm0wRVhgJ0KMWqisKEOeO7NaMZm+F4xCkLZQ931KJoyaAOg+W6s5fpJ3CFyNGDooo68bOmSAKYdM44kEaut0/7JGbV0D4okE7zByTpIkDB0yIKOvzfS9YBSCtIX6f/NlgBIATg4fOcY7BK569+qJW268Oq2vsVqtePj+GRpFpG/VR2vAGOMdRqcYYzhy9DjvMLh4+P4ZsFqtaX3NLTdejd69emoUkRgEaQt136dkwqgJgO6HayLRGE7W1vMOg6tHvnUPystKU378jNtvNe1wafWRGt4hpEyQBl11QwcPxIzbb0358eVlpXjkW/doGJH+naytRyQa4x1GKnTfp2TCqAmAENmaWRvKFm6XC/5f/QTDOxkCtVgsuPvOKZg547YcRaY/h6rFea2IFKvaZs64DZ47JsNi6bhpHT50EPy/+okodfA1I1AbKESfki4b7wA0cpB3AKk4dOQYRgw15x1ti16VFfjr73+JV+e/g3c/XIIDBw+fGup2uZwYNmQQvA/MMO2df4vDR47yDiFlIsWqNpvNiofuuwsTLhmPwPMvYduOXadqI0iShF6VFbjx2itx59SbOk0SzOCQOAmAEH1KugyZAAQD/kMer68BQCHvWDpy2MR3Sq1ZLBbcddstuOu2WxAKhbFrz1foUlSIPr0rTbngry0CNZRCxaqVoYMH4o+//RkYY9i3/yDq6hswaEA/5OUZ8lTZjAnSBjYEA/5DvIPQgiETgGY7AIzjHURHDlWb906pPXl5boweNZx3GLojSEMJQKxYtSZJEvr26cU7DN0SpA3cwTsArRh5DGo77wA6s2vvPiFWdhO+Dh4+iqZQmHcYKWsKhUVp2AlHjDHs2ruPdxip0H1fkilKADhqCoXx9QFDjiwRFW3evot3CGnbsn037xCIzn194JAoia3u+5JMUQLAGTWUpDObt4mXAGym1zXphEBtnxB9SSYoAeCMGkrSEcYYtu7YwzuMtG3dsZumt0iHBGr7hOhLMmH0RYAMgK6XkW/fuReKotCWINKmrw8cQmNTKOvrFLgTGNYrhNLiKAqcMooLGcq7Jd8adSEr6pusqAtZUH3Cjk1fudAQSq+i3ZnqG5pw4PAR9O5ZnnXsxHgURcH2nXt5h5EKBgMvAjRsAhAM+EMer+8AgN68Y+lIKBzB3n0HMbCfrsMknGzelvldUp/SCM7p34DBFY0o7/rNE9eKCu0oyGv77c8AfF3twIa9bny+PQ9fHXFk9Pxbtu+mBIC0ae++gwiJcQjQgWDAn30GrlOGTQCabYfOEwAA2LR1FyUApE0bt6Z/8zG4ZxMmnnMCAyqa2n2M3db+iJMEoF95DP3KY7j14jps2uvGWyuLsG1/elXrNm3diesnXprW1xBz2LRVmHUthh3+B8yRAFzDO4jOrPhsHSbfOJF3GERn6hsasTmNhnJAeRg3nX8UlSWdr6y221KfGRvVP4xR/cPYecCJl5d0xc6DzpS+7svN29EUCiOfit+QM6z4bB3vEFJl6ATA6BPPn/MOIBX7D1Xjq/2GrDRJsrBizXrIitLp4yQA146pwUPXf51S52+zSrBY0l8aM7hXFD/1VOOWi+pSWliTSMhYuWZ92s9DjO2r/Qex/1A17zBS9QXvALRk9ATgY94BpGrpyrW8QyA6s2xV56+JAncC375hP64eU4NU+3RbB8P/nbFagDuuqMV/3XkUhXlyp4//dJWh20+SAcHaOmH6kEwYOgEIBvz7GGNCnKO6Ys26lO72iDkcqj6KPV8f6PAxld3C+I9b92JAeftz/W2x27N/25/TP4z/e/8h9C6Jdvi4XXv2ofqoEG9BkgOyomDFGjGG/xljNcGA/2vecWjJ0AkAACTiMSFWcNbVN2LDZkNPN5E0LFvdcSM5pLIR3hv3o8Dd+V34mdKZ/+9I10IFP7vnCIb36XjaYelKGgUgSRs2b0ddfSPvMFKiKHJ6mbWADJ0ATJs5S4rFot15x5GqpSkM+RLjY4xh2er2XwtjBtThvqsOwmHPbMTIZlXvbe92MvzXHccwfmj7beWy1WupKBABIFYbJ8uJ7tNmztJ1HZlsGToBiIZD4+PxaD7vOFL1+fpNOHGyjncYhLO1G7ai5vjJNv/tspEncNflh2G1Zt6hWq3qtml2G8N3J9fg6vPq2/z3Y8dPYu2Grao+JxHPiZN1+Hz9Jt5hpEyR5QIwnMc7Di0ZOgFQGLueKQpkOcE7lJQkEjIWvL+EdxiEszcWftTm5yedfxQ3j8/ulD2LRYKkwT2NJAH3XXcSt01oO3Fp73si5rHg/SVIJNKfsuKBKQoYY2ACbCPPhqETADA2EQDi8RjvSFK2eNlnwsyREfVt2LIDu7/a/43PWSRg+oTDuHzUiayvb81g+186Jl9Sj2/dcPysHQm7v9qPDVsMW1GVdKKuvhGLl33GO4yUyUpLosKu4hqIxgybANx42312AOMBICFQAhCLx/HOh5/wDoNwcuadssPGcP81+3HeQHWmhtQe/m/LFec24rGpR+GwfXOagkYBzOudDz9BLB7nHUbKFPnUSMUl02bOMmzBPMMmAFar7VJIKADESgAAYNEnK1U5AIaIZdvOPdjW6oCUPKeMh2/YhyGV6i1GzqQAUCbGDg7jR9OPIN91eqHitp17sW2neCcbkuw0NoWw6JOVvMNIi3JqBACFYLiIZyxaMmwCwIDrTv2dMSQS4mSfkWgM7360jHcYJMfmv3P6DrlrQQKP3vQ1eqVQ2S8duRgBaDG4VxQ/u7sa3QpPz/u2/h6JObz70TJEouLchCnN8/8tGHAtx3A0ZdwEgClXtv7/WFSIk6dOee+jZbQWwES2bN+NjVt3AgAqukXx6E1foaRI/UZT6zUAZ6osieN/7j2MypJkAr5x605sEecceJKluvpGvCfYzczZi8aZYQ9qMWQCMG3mLCeAca0/F4uJlQCEIxG88NoC3mGQHJBlGc+/NB8AMKA8BO+N+1Do1mbnSi5HAFp0K5Txs7urMbgyWTXw+ZfmQ5bFWA1OsvPCawsQjojV9spnjxZf0NynGI4hEwBFlscxpnzjEHOmKIjHOi5bqjfLV6/Dlh10t2R0CxctxcHDR3FOv0Y8eN1+uOzadY4q1gBKS75LwY/uOoLzBoVx8PBRLFy0lE8gJGe27NiN5Z1UtNQbRZbbKlrlBMNYHvFozZAJQEKW2zyEXLRpAAB4PvgG3S0ZWM2JWlS9swgXD6uF58oDsFm0rZiXq0WAbXHYGB6fdhRXjG5E1TuLUHOillssRFuyLOP54Bu8w0hbQm57rRiDMRcCGjIBYIpyQVufj8ejwpUkPXj4CN0tGdi8V9/CFSMOYfJF1SkdsZstiWMCACRrGnzrxuO4fuwxzHv1La6xEO0kR7WO8A4jPYxBTrQ79dZmnyI6YyYAUNocrmGMCTkKUPXOIhw/SXdLRrN+01b0yVuEq87NzWl5kiTlJMlIxe2X12J4yadYv4lKBBvN8ZPJUS3RdFwxlo3r4B+FZbgEYNrMWcVQWP/2/j0WVXdbVS5EozE8M+dV4UYvSPsam0LY9sVfMX5w7hI7i87e7deMbcDXm5+hmhcGwhjDM3NeRVSgbX8tEu3f/QPAoGkzZxXnKpZc0VmTkD05nriUgbV7o5NIxFsXeRDG5m27aA+1QTDG8Mbrf8ElQw7k9HklLQ4ByNKk86vxzluzKbk1iPnvfITN23bxDiNtjCmd9QsSGC7OVTy5YrwEQJE7/SWJOA0AAK+//SHtoTaADxctwPi+ua+Lznn6v02SBFw3ei0++vgd3qGQLG3Zvhuvv/0h7zAy0sHc/ykMuDAHoeSU4RIAxtpeANhaVMBpACB55/i3f76E+gYqECSqnbv3oEv8BbgduR+F0uMIAAAUuhX0db+KnbupTLCo6hsa8bd/viTsSE4nw//NmOEWAhowAWBjOnuMIsuIx8WqCdCitq4eswV+o5lZY1MICxc8g4qufEag9LYGoLX+5VF88O7faT2AgBhjmP3Pl1BbV887lIzIsgzGlM4fCOPVAtBxk5C+qfc82o8xVprKYyMh9Q5YybWNW3fitQViDrWZlaIoeOq5l9G72yFuMeh1BKDFoPIjeOq5l6EoKTXGRCdeW/DhqTLWIkrjsLiyaffO6qdhKDlnqARATsQvAVK7M04k4sKdEtja/HcW4eOlq3mHQVL0jxdexxfrN2JYb36Jpx7XALQ2bkgYX6zfiH+88DrvUEiKPl66GvMF3PLXQlHkdBeFG2odgLESAEU5J53HR8LijgIAwHPB+VizbhPvMEgnXnnjXXz0yUr0LmlAgYvfDhTeRYA6U1ygoF9ZEz76ZCVeeeNd3uGQTqxZtwnPBefzDiMr8TRvAhkwUqNQuDBUAsCYMiKdx8fjsbYOfhCGoij42z+DdMa6jr338TJULfgQsVgEw3vz3X2i8/4fADB6QByxWARVCz7Eex+LdYqcmWzbuQd/+2dQ6OkaRVGgpF1mnaXVx+idwRIANjTdrwkLPgoQjyfwxOw52HfgMO9QyBlWrlmPOS/NP3USJe9lmzpfAgDg9M8oFotgzkvzsXLNeq7xkLPtO3AYT8yeg3hcmxMrcyXDKeBhasfBk2ESgKtunm4Da78CYHvisWgnJSD1LxSO4H+f/CcOVR/lHQpptm7DVjz1/MuItjoKNRrn/XbTfwYQiZ2OMRqJ4KnnX8a6DVQuWC8OVR/F/z75T4TCYtZSacEUJdN2f9C0mbOsasfDC+8WSTVud/4QSHB0/sizib4WAEhuD/yF/yns2ruPdyim9+mKz/HHp/+FUFMTWt/3x3jPNum//8c3K8gyhJqa8Men/4VPV3zOKyTSbNfeffiF/ylht/u1Fk9kvADcCYZBasbCk2ESAEmSOt3/355YNJLBXJD+NDaF8Js/PYv1m7bxDsW0Fry/BM/861VEY9GzVhfzHgEQoP//xggAkFylHY1F8cy/XsWC95fwCYpg/aZt+M2fnjVEnQbGlJQq/3VgtFqx8GaYBIABWS3OiETEHwUAkgcH/WH2HCxdtZZ3KKbCGMML/16Al6oWgjGGeOzsQlM19TYOkYnlaO3Zo6vxWPIY75eqFuKFfy+gIlg5tnTVWvxh9hwhD/hpSyKe3VBctn2NnhgmAch2dWY0Es42K9QNWVHwzJxX8PYHn/AOxRRkWcZTz72MhYuWNv9/26+j3YccOFZHSUB7DhyzYsf+tn8+LT/ThYuW4qnnXoZsgBE7Ebz9wSd4Zs4rkAVe7d+aoihIZL3zyzg7AQyUAGBIthcINYk/t9WCMYbg6+/gmTmvIMp98tm4jp+sxa//8AyWf7bu1Oc6mk5avqUgF2G1Se+7AN5f42r331r/TJd/tg6//sMzOH4yd0cpm000Fsczc15B8PV3DDXi0tbIXAYMsxNAMsIvd9rMWVIkHAoxprTfgqQor6AITqdbjbB0o7KiBx5/+F706lnGOxRDWbdhK56e88pZ86KRcFO7jabboeDX91fDbsv9HVW3YgdcTn0uYI7GJHz7ia4IR9vOUiRJgsud/43PFeTn4Tv3T8d5o4fnIkTTOHDoCP7y7DwcPGysXUWJRFytBCAsSVJ+1dzZwneexhgBYBgAxrLu/AEg3NSY6sEQwjh4+Ch+9tsnsWT5Gt6hGIIsy3jxtbfxxFNzzur8GVM6vGMKxyxYv9tYCaYalm5wttv5A8kRrTPfl41NITzx1By8+NrbNCWgkiXL1+Bnv33ScJ0/Y0zN0u9uMAxQ62I8GSIBYEwZyFQqs8KYgnCT8Y7bjcXjeHbuv/HUcy8bZjEPDzXHT+KXTzyNdz78tO2OPoWX4cI1RYhx2BGg1xmAcFTCa5+mkBS19eNmDO98+Cl++cTTqDl+Uv3gTCIajeGp517Gs3P/jViWi+T0KB6PqT2VQQmAXsiynHYBoI5Eo2EVForo07LVa/GjX/2RtgqmSVEUfLB4BX786z9h154Oai2kMNF+ot6KhZ8XqRhdinS6CCD4UR6O16XQFHUQ/649+/DjX/8JHyxeIXR5Wh7Wb9qGH/3qj1i22pg7hxRFVr3kOwP6qnpBTgyxJFlhrI/a1ww11aOoS3e1L6sLR2tOwP/X53D+mJGYOX0ySroV8w5J13bt3YfnXpyPr/Yf7PSxqR65u2R9AcYOCqFPqblHY7bvt+H9z1KbvevsZxsKRzDn5TewZPkaPHj3VAzqr3qzYCg1J2ox95U38fn6zbxD0ZRK8/5n6q3FRXPNEAkAGFP9lyEnEohGQnC68tS+tG58vn4zNm7Zgak3XYObrr0cVqs+F4jx0tgUwsvz38XiZZ+lNXwoSVKnj2cMCH7cFT+84wishhiHS19CBp5+swCp/GhTTawA4Kv9B/Hz383GxMsuwF1Tb0RBvnHfw5mQZRnvfPgp5r+zyPA7hBKJuFYjQpQA6AVjiia/jHCoEXaHCxaLcVvoaCyOl+e/i6WrvsDdt9+MMaMMs8MlY7IsY8nyNXj1zffR0Jh+gSiLxZpSnfHDx+34eH0Rrh1rnO2n6Xj90zwcPJZa0mmxpJecMsbw8dLVWLNuE+6cfD2uvHQ8JbhIDve/+Nrbhlvk1xbGWNrH/aZxdUMkAIbYBjjpzgd2MEUZrMW17XYHCoq6anFpXerfpxJTJl2N88eMTOuuywhi8TgWL/sMb7//SVZ7zBVFRjQSTumxVivw4+nV6FGsfREqPW0D3H/Uih8+U4xUF+87Xe60k4DWunctxs3XX4GJl10Ah92e8XVExBjD5+s3442FH2Hvvs6nsYwiGg1rWeJ92/x5Twm//9QYCcAdDzQwpmhWYcWdV3DWHmSjq6wow5Qbr8LF48819AgIAESiMXy4ZAUWLvoUdfXq7ACJRsJnnQXQnoEVMTw2Vfs7sq5dHHC7+CcAjAE/+0cX7DiQ2gCkxWKF06XO1skuRQWYdM3luPbKS+ByZnR2mDAURcHKNV/ijXc/xsHDR3iHk1OJeEzDu38AQMP8eU9xWMmrLuETgGkzZ3UJh5pqtT5tvbCoK2x2YzcYbSkr7Y6brr0cF48fg/w8Y+1frzl+EktWrMEHi1eofsiJLCcQi6Z+ZOr0K2pxyUhtt58WFzmQ5+afACxc5cLz76aeUDucLlit6s5WFuTn4bqJl+DKS8ajpLuxRviaQmGsXLMe73z4KY4cO847nJxLZwQuG5IkFVfNnV2n+RNpSPgEYLLHOyYWi6zr/JHZsVgsKOrSHZLB74bbY7fZcN7o4Zhw0TiMGTVU2PnUcCSC1V9swNJVa7Ft515Ny5ymMwrgdDD8dEY1ivO1K2jTpdCO/Dy+y36O1Vrwn7OLEY2lNr2k5t1/WyRJwrDB/THhorG4cNxouF2q1BPLOVmWsX7Tdixd9QXWbdiKuEHONUkXYwzRSCgn5YslSGOq5s3+UvMn0pDwiwAVlWsAtPs8ioKmxjpTrQdoLZ5I4LO1G/HZ2o0oLMjHxePPxYSLxmFgP/2vhZEVBRu37MDSVWvxxfrNOSt04nA4EYmEkcroVDQm4d+fdMW3J9VoFo8ecv1nFxSk3PkDEhwOp6bxMMawdccebN2xB3NeehPjxozEhIvG4pwRQ2AVINnf/dV+LF31BVau+TKjBatGE4tFcnl2QV8AlADwpDDWL1fPFY/HEAk3mW49wJkaGpvwweIV+GDxChQXFWLE0IEYNXwQRg4dhNKSbrzDA2MM+w4cxubtu7B5225s3bkHkYgme4E7JFkssDscKe9D3vSVC+t352HMQG3OXOfd/3/6pRPrd6W+AM/ucOR0xC0Wj2PlmvVYuWY9XC4nhg8egJHDBmLksMHoU1mui0Wxx2pOYPP2Xdi0dRe2bN+N2voG3iHpRiIe03LR31kYIHyhCeETAMZYz1w+XzjUCJvNbsr1AG2prW/AijXrsWLNegBAafeuGDlsMEYMHYDelRUo71ECp0PbVddNoTAOHzmGr/YdxOZtu7Blxx7d3A3ZbHbIciLlhunfnxZjSGUUeS71GzKe0331TRbMeS/1xNlitcJm47daPxKJYt3GrVi3cSsAoLAgHyOGDMDIYYPQr08lKspKNV8TE43FUX20BvsPHsaW7XuwedtOHKNyx21SFFnrRX9tqcj1E6rNCAlAzm85mxrrTL0eoCPHjp/EkuWfYcnyzwAk51i7d+2C8rJS9CwrRUV5Kcp7lKAgPw95bhdcTifcLiecTsdZd1iKoiASiSIcjSb/DEdR19CAQ9XHcPjI6Y/6Bn109u1xOFyIhkNI5byKxrAFb6wsgmei+g09zymA59/LQ0MotTtoCRIcDn3NxTc0NmH12o1YvXbjqc8VFeajoqz01EfP8lJ0KSyE2+2Ey+WE25n888xdNIwxRKMxhCNRRKJRhMIRNDaFUH20Boerj+HQkWOoPnIMx0/WGeooXq0wxtJacKsi/sOdWRI+AQBynwCYfT1AOhhjqDlRi5oTtdi0dWe7j5MkCU6nA26X81THb5QqZZIkwe5wIhZLrZFavTUf44aEMbRS3UaNV2eydqcDyzakPpdvdzh1MdzemfqGJtQ3NGH7rq86fJzTYT+VCIQjUUSjqh9MY2o5nvdvJfd9j9qMcAvLpZB9PB5DU6M5K7hpgTGGSCSKk7X1qKtvNEzn38Jqs6W1le2VxV0RS6j79uTRRkZiEv6+IPWhf6vVBqvNAPclrURjcdTVN+JkbT0ikSh1/iqKxaI5nfc/g/B3gJQAZCEWDSMcMt7RwUQb6dzZHq+3YuEadeuM8Oh3XlyUh5pUTvrD6ZESQlIRj8dUP+UvTZQA8CYBXXg+fyTchGhEm1XbxFgkKb257SXrC7D/mHqLTXN957kjjZP+gORaCRGG/gl/iUQcidwv+juT8MeoCp8AQOL/Swg1NfBahEIEk87q9pYTA2WVDjNT6zqpSOekPyC5W8IiaHEpkluynNDqiN900QiADhTyDgBI7gzgsA2FCCg5FZDaW+/QcTsWr1dnKkBRcjcCUPVpHg6keNKfJFlo6J+kRJFlPd1scR19VoPQCcC0mbO6MKafnQxNDbW856SIIBzO1IfG311ThKO12b/MFYXlZB3A/qNWzF+a+h75dH4WxLwURUFUP50/ANimzZwldBIgdAIAhhLeIbTGGENDQy3PValEEBaLJeViUgkZeHmxOjuOZI1HARgDnnmzAIkU3wI2u8Pwp02S7DGmIBZNrax2TumsD0qX2O88xrrr7QXBFAUN9SdTPgSGmJfd7kj5jPvdhx1YsTn7E6+1ngZ4d7UrrWN+7VRRk3QiecAPr73+nerOO4BsCJ0AKIzpMvtSFBkNdScgy+Y8kYukLp3Dbt5c2QW1TdktlJNl7RrRY7UWvPRRXsqP1/qgHyI+RVGaT/fL4QrW9FACwA1juj2gXlEUNNSdQILWBJAOJA8MSq0jjDSfGJgNLUcAnl1QgEiKJ/3ZHU4qpU06pCgyYtGwXu/8Wwi9gEXodyBjTNc/fMYYGutP6mXLCtEpm82e8lTApq9c+HJP6nfZZ9JqDcDSDamf9Gex8D3oh+ifLCcQjei+8wcoAeBHAdP9GCJjDI0NtYhGw7xDITrmcLogIbW751c/KUY4mtlbV4sRgIaQhOffTa3crwSJVv2TDsmJuJ62+nWIAUIvYhE6AQDTfwLQItRYj0hY36fWEX7SKYPbGLZi0cbeGT2PFmsAXltegYZQak2JKAf9ED4S8RhiYo2YUgLAC2NMqB9+ONSIUFMD7zCITqVyYJDVakPPyl7Ye3IQDpxMf/2R2tUAtx/qiu1H+qFnZa+UYjfaQT9EPfFYVMRiakL1QWcSOgGAgD/8aCSEpkY655u0raM7ZJfLjV59+8Cdl1wDsGjzUCSU9HYFKCqOAMQSVsxfPQAA4M7LQ6++feBytb0ulw76IR2JxSKiLpgWrg9qTegEgAk0BdBaLBpBQ/0JyFQwiJwh2VGePUdeVFyMnr16w2Y9vXiuPuzGqt0D0rq+whgSKiUB763rg9qm029Bm9WOnr16o6j47OM57HTQD2kDY8ltfnJC2C3TlABwJOwPX04k0FB3XJjFLiR3rK0ODLJIFvQoL0dpaVlzFj3dAAAgAElEQVSbHei6r/vgWH16ZwXE49nPA+w7VoiVOyrO+rwkSSgtLUOP8nJYms87sNnssNJBP+QMciKBSDgMRdHtHv9UCNsHAYInAKKOALRgjKGpsQ6hxnqaEiDfYHc44XQ6UdmnDwoL2y83zhjw4ZbhUFjqd9fxRHYNrqxIeG3VwA7PFSgs7ILKPn3gdDpp6J+cJRaLIhaLQG+VXDMg9Itb6AQAgv/wW0SjYaocSL6hoLAQg4aNSKlaXk1DAdZ93Tfla2c7ArB4Uy8creu8FoHD4cSgYSNQUKiLAzuJDjClZchfyPn+ttAIAD9i7QLoiCwn0FB3ovnAC2JmJT16oLJ3H9jtDjhcqe2ZX7V7AGpDqe3Fjycyv+s6WpeHxZt6pfRYh8sFu92Byt59UNKjR8bPSYxBTiQQiQg/5H8mofsgsRMAHR0FrIbklEA9mmhKwJTsdjt69+2H7iWlpz7ndLpSmj+XFQkfbR2W0vMoSmYLARkDXls1ELLS+XSD1WqFs1XBn+4lpejdtx/sdqoAaD4MsVjEKEP+ZxK6DxI7AQAMM47UWiwaRn3dcRH3xJIMSJKE7iUl6DdwEPLyz76Ld+XlIZUigQdPFGPzwdTuzjOZBli5owL7jqUwnC81x3yGvPx89Bs4CN1LSmhHgEnIsoxIOCzyKv/OCN0HiZ4AGLaHVGQZjfUn0dRQS0cLG1iyUxyIkh5lsLRzOI7FYoWznf31Z/p0+0A0RTufNkg3AahtcuK9dX1SeqzT5W73bAOLxYKSHmXoN3Bgm8kOMQbGGGLRSPNhPoYa8j+T0H2Q6AmAUDUjMxGLRVFfe5zKCBuMzWZDz1690Ltvv5QW+jkczpSq6MVlG5ZsHdL549LcCTB/9QDEEp1PRVhttpS/n959+6Fnr16wUXVAQ0nEY4iEQ2ZZ1Cx0HyR6AiB09pUqxhjCoUbU1x5HgqYFBCeha7fu6D9oMAqL2t/e1xa3Oy+lofPdx0qx62hZh49JZyHgur2l2H6o82OIJUmC253eSYWFRV3Qf9BgdO3WHSnNcxDdUhQZkUioeerScHP97RG6QRY7AZDE/uGnS5YTaKg/iabGOqOtpDUFd14e+g0YkCyS085wf0ckiwVOd2pTAUu2DkEk0f6CO0VhiMY6fw01Re14+/N+KT2n0+2GlMH3ZbEkix31GzDgVJljIg7Gkov8opEwmPnaJaH7ILETAMF/+JmKRSOor61BNBKCiTJtYVmtVpT3rESffv3hTHFbX3vsdgdsKaykD8UcWL5jcIePiUQ6X1vy9uf90BTt/Plsdjvs9ux2RDldLvTp1x/lPSupcqAgEom46KV8syV0HyT05JvFYu0lq328mSAYYwg1NSASboLLnQ+H000rq3XGarWiuGtXdO1eomqH5nLnoUmuB1M6Tv42H6zA0Ipq9Op6os1/j0RldEH7nfuOQ8VYt7e03X9vIVkkuNIc+u9Il+JiFBQW4uTxGtSePElnZuhQIhFHIh4z/XZlCcjsXG6dkET8BU6bOasLY/i9LMcfisei1OshOTzscuXB6Uptnphox263o2v37uhS3DWjof5UJBJxhJs6Xxha5A5jxkVr4LS1vVupe1cnnI6zYwxFbXhy4bnfOOynPe78/FNnF6hNURTU1Z7EyePHEY8LveNKfIwlO/5E3PQdfysMkP4hSfhh1dzZdbyDSZdwCcC0e2d5GNgfAJTLcgLxmNCLMFUnSRa43HlwutyQJNFneMTicrvRrXt3FBYVIRcL2iLhEOKxzkcg+3Q/iclj10PC2aNlLpcV3bp8c+heViT8Y9FI7D3a+SFDdodD1bv/9jE01NfjxPHjiISpWmYuMcYgU8ffmWoJ0g+q5s0O8g4kHcIkANNmzipijM0DcGvL52RZRjxGp+m1RZIkOF15cLnyMlqYRVJXUFiIbt1Lcr6AjTGGUGNDSgtC+5WewHUjt8Bl/2bCLElAaXcXbNZkwtIQduCV5YOxq7rzHQoWiwV5BYU5H3EKh0I4cbwGjQ0NOX1es2Gt7vg7PPmJtPaWJEn3Vs2dXc87kFQIkQBMu3fWOQzsdQDfWNXEZAXRGN0NdESSJDic7mRJWY2Gac1IkiQUFRejW7fucDj5nUklywmEGhtTemyeM44LBnyFIWVHvpEI5LttsNjzsW5vKZZsrkQomtrSoLyCAlit/JYRxaJRnDhxHPW1tXRnqiJFUU7d8ZOOSZDAzl6IvVOCdFvVvNkbecSUDt0nAM1D/s8COKtsmKLIiEVpBCBVVqsN3Up6gDHQwqoM2Ww2dCnuiq7duqVUmCcXopEwYtHUp8IsEkNxfgiFrggkSUJ92Inapry0jhR2OJ0pVyfUmpxI4OSJE6irPYmEeVejZ8Vmt8Nus+HkyeNm3MqnhSYJ0sN6nxLQbQIwbeYsK2P4A8Aeb/dBioIInZ6XloGDh8PldiMajSIcCiEcDtPdUyccDgcKCotQUFSYdqGbXGlqbICSo6TOYrUiv0CfR/yGwyE01jegsaEesRTWR5iZxWJBYVERiroUIy8/H+FQCNu36P6mVVckdLYRW/qLJOEHVXNn6/KOS5cJwLSZs5yMsSoAkzp6HGOseS88SYXVYsWwUed+43OMMUTCYYTCYUQjNJrSwulyobCwCAVFRXByHOJPlaLIaGps0L4shATkFxS2W+tfT6LRKBrr69HQUE+v7VMk5Bfko6hLcqvlmbtUNq77nEYH1bdQkqRpVXNn627Fuu4SgGkzZ+UzxhYAmJjK46lGfuoKCrugb/+B7f67IsuIRqOnPszVEEhw57lRWFSEgsIiIY+tjUWjiEa0HRFzutxc1zxkKh6Po7GhHg319QiHwjBTAS273Y68/Pzmj4IOz17Ys3M76utqcxidaSyWJOmWqrmzddVh6SoBSO7vZ+8BuCjVr4mEqRpeqnpU9ERpaXnKj08kEslOpfnDaOWHrVYr3Hl5KCgsREFhIdcFbWoJNTVqVpXNarMhL79Ak2vnkiwn0NjQgMaGBoRDIcMlujabLdnZ5yU7fbsj9QqNR6oP4fCB/RpGZ2qrJEm6QU/1AnSTAEybOauEMfYhgDHpfF00YvjjJlXTf9AQ5OVl3oAnEolTyUBMsITAbnfA6XLB5XLB2fwh4l1+ZxRFQaixQfV1HZIkIa/g7CFjI4jH44hGIohGIog0/xkX6NAtq9UGd14e8vLzkZ+fn9UITVNjA3Zu26JidEbW+QqANqyXJOnaqrmzazQIKG26SACmzfxuEWPKCgAj0/1aSgBSI0kWDB81WtXiQIqiwGqzQZYVxGLJpCAWiyEe41ciVJIkOJ3OU528y+WG0+UUYs5aLfF4DJGQumtjXHl5Wdf6F4miyIhGoohEwqeSg2g0yvV1bXc44HA44HA64XA4T/1dzTLTjCnYsPYLalO1tVmSLJdUzf0b91oB3BOA2x943ConEu8D7OpMvj4WjUBRjDWEp4W8vAL0H9T5OfHpcuflt3E4DUMsFkc8FkUsGkMsFoOiyFAU5Zsf8um/t5dJW6xWWC0WWKxWWCwWWK1WWCxWWK0tn2v+u8UKh9MBh8NJpZABhENNSKhUOtdmt8Odd9YuXNNJnnqXfE0rigxZVpKva/n032W5+XUuy5Cb/2ybBIvFkvywWk7//dSHtbmDd8DucMLhsCNXxyXv3LYluaCUaEj6yGqzXf/a83/h2nlxn/RUZPnZTDt/ANTYpyivQJu52zaKYACQko2Xw4FUp4wVRQFrSQYkqbmjN95wc66kemBQZ9Q+6EdkydElF5zO9E50VBQluc6AMVgsFkjNnbxeFRQWUgKgOXZ1su/Dt3hGwfVVeNt93/sxY8qD2V2FEoBU5OVrdAen0gCSxWKB1WaD3eGA3W7XdQMpAklSp+N2uelwqWxZLBbY7XbYHQ5YbTbdv7b1WuPBaBhTHrztvu/9mGcM3F6Jt9//2O2KIv8m2+tQ25Qal0ZV29oeASB6YLPZ01oBfia7w6HZKX9Ev2jEJ3cURf7N7fc/djuv5+eSANx+/2NjZFmeq8rzUwbQKUmyaLeASweLSEn7nC53RnecFotFN6V+SW45HA46STR3LLIsz739/sfS2v2m2pPn+gmn3P1IviwnXgGYKq2LJJlndXemHFncBXaGun99kyQJrgxOKXTl0dC/mYlQ/ZI/td4fzC3LiVem3P1Izlfa5jwBcDjdfwWg2nJ0aqM6Z09z0VJaaARA96xWG5yu1F8DTpfLEEWRSOYcabxezEvVtm9Ic9+YUzlNADxe33Sr1fqAmteku5TOObUcAaAEQAgOpwsud+eDbi63Gw4tE0YiBBoByL3/396dR8l11Qce/973XlX1JsmLbMk7bluWzbAbG4PZwh7LgCG0lPQJMFKAPkNCFghNhsCcSTIMRDMQM6QTZBgbLCxoBI1ZZEg8YY1ZAma1kW3Z7U3WYllbr7W+O39Utd1q91Jdde+7b/l9ztGxLXfX+9XS/fu9u/yu7/ub+wcGN0V5zcgKgP6BwfOBbcrwClilFCzjGNMsSmLvdmFeLl+gs7sbb57GMZ7v09ndTS4vnxXBsrc6Zo6F+55GbtzWyJWRiKQA6B8YzAGfB1aB+bt25UkBsBibBYCMACRLEOTo7llBz8pVdHZ309ndTc/KVXT3rJAV/+Jxy5kyyiTDKWdWTlwFfL6RM62LagTgr4HnzfyH6RWmMg2wuLzNuzopABJJKUUQ5AiCnPz8iCeRUcNozcmJz6OeM62zXgD0Dwz2Au+b/XfGpwFi3ljDJaWU1R7uoRQAQqSOtNSO1jw57H2N3GlVFJnzWuCE8STP9BSA7FldUC6Xt/qDLIeGCJE+Sim7I4eJZ/Z36jw5sYN67rTKaubsHxjcALx27t+bnwIw+nCpYntFd7u95oUQ8STrABZj+rjteXPiaxs51BprBUD/wGAB+Ph8/8/0oj1pBrQwm02AZsgogBDpI+sAFhPZQvaPN3KpFTZHAN4LXDDf/5ARgOhE8UMcyiiAEKkjWwEXE8kIANRz6HuNXmwWKwVA/8DgecD7F/r/9Tlpc1lbKSULVhYQRQEgIwBCpI9MAURlyfz1/kZONc7WCMA/AIu2HTO/EFCmAeaTz0VQAMgIgBCpI4sAF2J9AeBcndRzqnHGC4D+gcFXAW9Y6utMb93zpBnQvDzf/g4JGQEQIn38eTpGCjA+/N9cLnxDI7caZTQ79A8M5oGmDjQw3g0wgkSXRPO1fTUtDKUAECJtovjdkUj2ugAu5RONHGuM6SO/3k2TJ/2ZHgHw8agYfcR08CLokSDtgO0Kw5BKuUStViMMaygUnu/j+wG5vN0+D4vRWlMpl6nVqoS1GhqN5/n4vk8uX8CTBl2JJu/f/JQ2OwawjFx4EfUc+xFT1zb2DvcPDJ4NfKDZrzfevMfzMF6aJZynvEiSg0wB2FMul5iaGKdcLlGrVdFaE+qQarVCqTTN1OQ4tWo18rhq1SpTk+OUStNUqxVCHaK1plarnhCzSC6llBQB8zB9u7PMXPiBRq41wuS7+1Ggu+kLW/hgyU6AE0XVIlkWAdpRnJ6iVJxGL/IrJwxDpqcmKJeiS7blUonpqYlFp340mlJxmuL0VGRxCfOkALBvma9xN/Vca+baJh6kf2DwZcDG5XyPja17nidzVrNFNYcXygiAcdVKhUql3NTXaqBUmo6kCCiXSpRK003fBVUqZaoVmZxLKlkHMJfp3Wst5cGNjZzbNlPlXUsViemELYcCnSiynRFa1gGYpLWmWFz+nbPtImAm+S9XsTgln4+EkhEAu9rIgUZGAdp+dxtbE57V0sVNLwSUKYAT+BGOiMg6AHNqtVrLCdNWEdBq8gcaawNqhiMSUZCtgCdShlcAtJEDn2ViW6CJDNxym0IZAbAryikRaQdsTthmsjRdBLST/Ge0+5yEGzKteiLTv+XafH3bbhHcVsbsHxh8NvCKVr/feMJWSo4GniXK3ghhKL/gTTHxWpoqAkwkf5DPR1JF0Ugsy9rMga9o5OCWtfvutlWBKAsJWxatPMGPcERE7vDMMXXX1W4RYCr5g9xJJlWU04hZo8xs024rB7ecIfoHBp/CMlf+zxuA8ZbAUrHO8CI8H0G6AZpjct611SLAZPIHmUtOKinc7DGUqzY2cnFrMbRx4b8A2v50mP6AyQf2CVEO38kIgDme7xsdGVtuEWA6+SvlychcQskUgD2GcpVPPRe3FkMr39Q/MHgK8EetXvSEAAx/wGxMKyRVlIsitday1csQpRQdHYseprlszRYBppM/QEdHpzTpSii5obLHYO77o0ZOXn4MLV7wnSyj69+iAVj4gMmHti7q6l1GAcwJcjlyOaPnfixZBNhI/rlcniCXM/qYIjoyAjDDfAFrME91U8/Jy49hud/QPzDYAbyrlYstGIThO3ZZuFKnI56Xl5XeZnV0dhEEZpPnQkWAjeQfBDk6OruMPqaIVtS/Q+LKdPq3cEjbuxq5eXlxtHChtwKnt/B9C1KG5wdVVB3wYi6sRfvDK81ezOvs6rZeBNhK/p1dRgYJhUPyM1232HkcrTCd86jn5Lcu95uWVQD0Dwx6wHuWe5ElgzA8V608DyUnA0Y+JC87AeywWQRI8heLkWk9OyztVntPI0c3H8cyL3ANsG6Z37N0EBaG7GXbEdQiHpKXKQB7bBUBkvzFYmQEwM4h85bWqa2jnqObj2OZF2i79eC8QVi4Y1d+YPTxkqgW8RSADmUngE02igCTJPmnjxQA5tv/KpTNfjXLytFNR9E/MPgi4Iplh9NsIIbv2P3Aw07tlhzawR25DBnaFdciQJJ/OsmoHsbTiOWeGFc0cnVzsSzjga3c/c/wTd+xa6tVViJEPQUA8gsjCnErAiT5p5eMAGB8CMB4rnuypnN1Uxmyf2DwfODqlsNpJhALVVHWu49FPQUAUJOFgJGISxEgyT/dpAAwL4K8dHUjZy8dS5MP+BYsj6crZf6OPesLAV0Mx8sUQHRcFwGS/NNPfp7N8jwjBwAtRVHP2UtqNuO+ufVYmucZHhqpn7aU3WkAF8Px8gsjWq6KAEn+2SAjAGaZznGLaCpnL5kd+wcGXwhc0HY4TbBxxx7hCx479f78Ee8E0FqKgIhFXQRI8s8GrcOM7+oxf6ce4aj0BY3cvahmbo+bGkowwfN849sBfVkIGPk1q7Vq5NfMuqiKAEn+2SF3/4a7/6GiPqdmydy9aHZs9BbeaCycJpheIOH55ouKJIm6HTBArSoFgAu2iwBJ/tkiBYBZDhalb1zqfIClbo9fD6wyF8/SbGyR8ILsTgO4GI6vyQiAM7aKAEn+2SNTeWZFsP1vrlXUc/iClioAln24QLtsVEm+7367lCsupgB0qKUfgEOmiwBJ/tmU7REAC8f/utmVtmgOX7AA6B8YPB14lfFwlmBjO6DnqczuBnB1QI9MA7hlqgiQ5J9d2T7cy+z8f0Tb/+bzqkYun9diWfF1gJOSxcbK/SCjuwFcrAEAKQDioN0iQJJ/tmV1BMDK4T/u8o9PPZfPa7ECYNG5A5usbAfMZbMpULVWcXRdKQDioNUiQJK/qFbd/O5wTVuoABw3pVswl89bAPQPDHYDr7AWzhJsbAdUeFFvwYiFcrHk5Lr1dQBZHkKMj+UWAZL8BUCpWHQdggPKeO9/B9v/5npFI6c/yUIjAK8CFt0+YJtvYeV+Fs8GcPlDLNMA8dHZ1U2h0LloYa1QFAqdkvwFAMXpadchOGC+8ZGNXLZMHSywnm+hAsDZ8P8M38JWJgfbMJwruiwAZBogVvKFAl09PeRy+cYoW32+0/N8crk8XT095AsF12GKmMhmAWCejVzWgnlz+pMKgP6BQR/LJ/81w/M847sB6jsMslUE1GoVZ/PxMgIQP57n09HZRXfPCnpWrKJnxSq6e1bQ0dnlephSxEi1Ws3sGgCTbOSxFl3dyO0nmC+yK4FT7cezNBv794NctgoAgFLRTSUfhqGsA4gzpep/hJijOD3lOoRUiFEPmlOp5/YTzFcAXGM/luZYWQfg+ZnrCeB0HYBMAwiROEVHNw1pE4P5/9meNA0wX3SvjiCQpiil8P3AeBLJBTnKFTer411wvRAwl8sbfcxqtUK1UqFWq6HDGkp5eL6PHwTk8+7msMMwpFIuUavVHm+j6vk+vu+TzxdQ8RgKjD0dhpQXeB1z+YLTIdVyuUStWiWs1dA6RHn1uIJczsmxzLZkbf5fYX75n+8Hrpr/LOQ1wHtm/4Wafdxj/8DgauBR7PRCaEmtVqVcMp3AFMWpSVDZOOqyu3sFT7lgnZNrK6XoWWnmOAmtNaXiNJVKecGv8Rtz3FHv+KiUS5SKRfQCv0aUqq+wz+XNFkNpUymXKZWmFzyGVqEodHSQi7jQC2s1itNTi7bWzuXyFDo64/ZLvyX33r2bifEx12FEQ9OYCjObD/KFjrgtPNfA6Tu2bX1s5i/mltIvIkbJHxpVlPGQNEEuPdX6UlzuBNBaG1lMpLVmanJi0eQP9bMPpiYnqFaiW8A0PTVJsTi9YPKHevzF4hQl48VsepRKRYrFqUXPoNdoisVppqcmI4urWqkwNTmx5LkalUqZqcmJReNPikyNAFhI/goVt+QP9dz+otl/MbcAeEl0sTTPxjxKTLZmRMLlTgDASDIul4pNHzCk0RSnpyIpAqanJpdV4FRKxcy2WF1MrVajsoziqFqtRFIEVCsVitNTixZ3s4VhzcKIZbRkB0D7Yjb3P9sJOX5uAfDiCANpmo1krRSZ2hLoch1Au4m4VqtRKS9vzUYURcBykz/U7zNKRVlhPVepOLXsezDbRcByk/+MmXUgSZWpu3/ATvOf2N5gnpDjHy8A+gcGVwHPjDycJnieh2dh5X6WtgS6LADanQaoVSst/YjaLAJaSf4zarVaKoaJTdFat5wwbRUBrSZ/qKeTWoLvoGUHQHs8FZu9//N5ZiPXAyeOALyQxQ8HcspGReV5fmaan7jqBTCjnSTc7ND/fGwUAe0k/xlJvkM0rd3XwnQR0E7yn9HOZ9Y16QHQnhjf/UM9x79w9n/MiOXw/wxbcyq5eL9Zxrg+2KO9AqC9u2WTRYCJ5A+gE5wgTDPxWpgqAkwkf2j/M+tSVqYAbK12j/H8/4zHc/3cEYDYmukJYPxx/WyMAhQdL0xqZxrAxHCaiSLAVPIHMvGZa5ap16LdIsBU8gczn1lXsjIFYKNEi+He//mcOALQPzCogGc4C6dJgeGGMo8/bgZGAWrVivOufK0mX1N7+tspAkwmf0U2T6ZciOf7xu7GWi0CTCZ/SO77W6tWI91Cmza2cpRhz2jk/MdHAM4DetzF05z6wQrmf7C8rIwCJHQdQBDkjPWCaKUIMJn8oT5HmIC7hMgopYzOmy63CDCd/BUqsTcV0zL/37L6mrJEjPz0UM/5jxcAT3MXy/KYbis7I6k/sMsxOT7h9PqtTgN4nmf0mNrlFAGmk3+9k12nscdLi0JHp9GGX80WAaaTP9SPXU5IIniSibGMdP+zwFZusuRp8EQB8HSHgSyLrbv1LIwCxKG1Z6ujAKbbajZTBJhO/gCFjo7EJgebPM+j0NFh9DGXKgJsJH/fD8gXzD6PKI2NHXcdQiJ5np+0aZ+nQwJHAABrbXzTPgowPT3ptCMgtLcboLOrG99gkbZYEVC0kPzzheh72CdJLl8wnjyr1Ur93I+5f28j+Xs+nV3dxh4vatVqlalJt6OESZXA1vInjAAkqgCor7Q0fxeVhVGAyfFxp9dvZzeAUorO7h7rRUBxapKKheRfSPCdYVQKhQ7jRUBlThFgLfl39yR6bce43P23RCkvjn3/l/I0AP+e/VMB8A9AojKfUsrKqnbf85zfJdvk+T4rV57kOoyW58uUUgS5PLVq1Wg3vVq1iuf5lMtFSf6OBY191CZ/vsMwbPQbUJL8F3Do4AGmp9K7CNDWu5N3fER1i07+8jdu/YgHrAMStXoB6s0WrPzAeV7cOzm1ZWLM7QgA1O/AwjBs+fttjQRMT09SMbwFSpJ/a6yMBFQqTE9PSvJfwPjxdI8A2Nj3X9/Bkri7f6jn/HUecK7rSFoVBBZ3BOjk/0DPp1otO28LDCz7cJ+5bBQBpknyb4+NIsCkNCX/4vTUkkdtJ5bFpoy2clBEzvWANa6jaFWQM7c/fDalFLl8ekcBxmOwG6BSLrc9hB/nIkCSvxlxLQLSlPwBxtJ892/pLVKoJC7+m21NogsAsLf60g9yePE9G6ktkzEoALTWRu444lgESPI3K25FQNqSP8D42DHXIVihbN79Jzv5QxoKgPp8vZ0fxCCf6OGdBU1OThLq1ufgTamU2psGmBGnIkCSvx1xKQLSmPzDMGTCcZMwW+zN5JrtXunIGg843XUU7aivCrfzRqR1W6DWIZMT7hcDhmForO94HIoASf52uS4C0pj8od4gTMfghiBJglwq2nmfnvgRAKgf6WvrzcjlO7C3gcSdyRjsBgAot7kYcDaXRYAk/2i4KgLSmvwhzav/7bxXSqm0HCOf/CkAABp7wy09dNJ6PDdlfCIeP/S1apVarf3z4Ge4KAIk+Ucr6iIgzckfYCyl8/+2lv8HuXw9MSRfSgoA6lv3bDVj8IMAT6VrKqBcKrW9Fc8U03FEWQRI8ncjqiIg7cm/XCpRKhZdh2GWxYV/nuelqWX8Gg9ITXPyXM7eU8kV0jcVMOG4LfCMSqVsfA4yiiJAkr9btouAtCd/SGn7X4vvl80c40DBA1LT99bzfWs9metTAamp/AAYn3C/HRAADeWy+SYkNosASf7xYKsIyELyh7QO/9sZAvD9IGkn/i2l6gHmJmBjIGdx654f5FK1K2BybIxaGI+3vz4NYP4H10YRIMk/XkwXAVlJ/rVaLcULAM2zmVscqaWuAFDKs9qeMU27AkIdcuzoYddhAKBDTaVstg//DJNFgCT/eDJVBGQl+QMcOXyorTM54sfeexYEeSsn0DqWvgIA6kP1tn6A07Yr4EBqTpQAAB6fSURBVOjhx1yH8LhSaRoMnvA3m4kiQJJ/vLVbBGQp+QMcPvSo6xAMs/e7I23Tvw3pLABsbguExq6A5J3/PK9SscjUVDy6gOlQG+0LMFc7RYAk/2RotQjIWvKfnBinOO3+ULAkSNG2v7lSWgBgd1sg1EcB0jIkdCRGowDlUtFqV7JWigBJ/smy3CIga8kf0nj3b0fKtv3NVfOAlJ4BaXfLRv3EwAJpWA8wfuwYtVo8NoNojfV9yTNFQD5fWPTd85RHZ2e3JP8EKhQ66OzsxlukSFdAPl/IXPKvVascO3rEdRiJkLJtf3OVPeBh11HYYnNbINSrwzTMDcVpMSDUjwoODXYHnI9SikJHJ53dPeRyeTzPRzX+3vcD8vkCXT0r0nDiV2YFuRxdPSvI5wv4foBS9cPDPc8nl8vT2d1DoaMzU8kf6iN+6Vr8Z0cKt/3N9XAAjLqOwqZcvkA4XUPb2hsa5KiFIWFM7qBbdeTwY5y6Oj5NIYvFabq6e6xfx/cD/M6ZIlGThhEd8YSZQu8J8h7L8P/SFDMjvKk26gH3u47CJqUUuYLdN7KQgvUA5VKJycl4dAaE+jClqZMCm5ftxJAN2X6PJ8bHKRaTv/jP9ruYKxSyMDJ0v0fKRwCgcZfn2xvK1SlZDxCnLYEApRT8ohIiTg4fOug6BCMstvvH93NWp45jZDQTBQBAPm/3Lt3zPHKFZPcHGDt+jGot6rvuhYVhaHVboBBZUq1WOXb0qOsw2mP5Hkspj3z6Ov4tJP1TAI9TirzlOR3fC6x2IbRNa82xI/FaHVwuFtGWmgMJkSVHDh+yusU2EpZ/FeTzhbTu+Z/P/d6ObVuPAfFZAm6R5/vW93QGuZzV6Qbb4jYNoLWmXErZcaVCOJDsxX/2k3IQ5NK+6n+2wzu2bT02Myb+HaehRCiXL1hfsJfL5xN7aFC5XGIiLqcENpTLJdm2JEQbJsbHrPfXsMvurb9SXhZW/c/2XYCZTPhNd3FEz+YZ4jOiKDRsidsoAFoWBArRjscSffdvXxQ5IWZugRMLgMxMtNYb+Nidq1dKkS8kc2fA+NhxKpV4NYisVipUyvGKSYgkqFTKHJfOfwuqNwJL5s1aizSNm34PYMe2rfuBX7qMKGpBzv4wvVJeo7JMVhGgtebQwf2uw3iSUnFKpgKEWKYD+x6RhbQL8Dzf6sFxMfXLRs5ndtlzi6NgnIniDt3zPAoJ7BFw7OgRSjFbfKc1FKcmXYchRGKUikWOPHbIdRjLFs1vy5lR2sx5PNdnugCIas+n8n3y+WSNBGitefTAPtdhPEmtVpP1AEI0af++vQm8+1eRzEfb7g0TY/MWAD8B7o0+Frf8IBfJcY+e75FLWIOJsePHmI7hHXe5VKJaTfbZC0LYNjU1ybEjSdzhbT/9B0EOP73H/C7mXuq5HphVAOzYtrUG/K2LiFzL5QuRbNvzvaAUBPnvAYmZyD64P36jAADF6ckE3tkIEZ39exN10GuI5jtorLf+9Dw/a1v+ZvvbRq4HThwBANgB3B1tPPGQL3TYGw7S1MIwvKlaLV/89S986qVKee8hIbsuJifHY9cXAECHmuL0lOswhIil8bExxseOuw6jWRrUu77yuX96WbVavjgMw5vQWDkP/ImF2Zl0N/Uc/zg19y6qf2DwD+Z+UVboMGyclGUsN+uwVvt6pVL+4C07b/j17P9xVd/mv9I6/LCpC9nU2dlF77qLXYcxr0Jnp/UWz0IkzT2772BqMn7Td/NT7/nK9qGPzf6bq/o2PyOXy/+d5/uvxdjiKUVHRycqW1v+ZuvfsW3r52f/xXyvxDBwZzTxxIvyzFWHWuvvVMqlK7/2+etePzf5A9yy84aPKOX9JQmYDpienmLsWDwPESkVpwlrVm4WhEikY0ePJCX5h6D+dG7yB7hl5w2//trnr3t9pVy6UmttpFNtvtCR5eR/J/XcfoInjQAA9A8MvgnYGUFQsVStVKhUWpuKUkr9FM1fj2wfurWZr7+qb/MWrcNPArFekZIvFLjwoqfG8oxsz/fo7llBknZZCGGD1pq77vx1Etr+VkBt+cr2oc8188VvfPMfvxLFh7TWl7VysVyuQJCL9a9Y2/p2bNv6pbl/OW8BANA/MPhZ4C22o4qrcqlIrdb8SnPP83/s+f7f77z+2puXe60NfVuuCXVtB9C53O+N0plnncvJp652Hca8cvk8HZ1drsMQwqnDhx7l4Qdjf8DrlEJtHNk+tGu539i35c+vCWu194Vh7Ypmv8f3gyzP+wPcuGPb1rfO9z8WGw95B/BDO/HEX77Q0cTOAFXxPP+LuXzh8i9/9hPPbyX5A+zaef3NnvKvAuK32m6WRw8eIIzpcaKVcplqpeI6DCGcCcOQA/sfcR3GUo4p1KtbSf4AO6+/9uYvf/YTz8/lC5d7nv9FUIv+0Huen/Xk/0PquXxeC44AAPQPDJ4O/BQ413xc8ae1plScetJ2M4U6ojzv00Eu93+GP/0xYz9xG/q2XBrq2i3A6aYe07Q1Z5zJ6tPWug5jfgq6unvw/cB1JEJE7tED+9m39yHXYSzmgEK9ZmT70K9MPeCmt737rGql8qc6DN+m0afM/n9KKQodXbGctozIQ8BlO7ZtXfAkqEULAID+gcFnArcB3WZjS4YwDBud5zRKqbuU8j6RL3Tc8Pnr/peVdnQb+rZcFOrwVtCxLLp8L2DdU/8TfkyPO1ZK0dXTk9jjmIVoRa1W47e//uWypi0jdr9CvXJk+9B9Nh78D97x3s5yqbhZ6/BdWuuLQVHo6MzaIT+zTQJX7ti2ddFia8kCAKB/YPD1wBeBZLWyM+N4tVL5crVauXHkxn/8XhQX3NC35YxQh1+F1ha82Lb6tLWsOeNM12EsSHmK7u4VWV7xKzJm/96HORjD1t0NP1KoN4xsHzoYxcXe+JY/eUkQ5N4S5HK/B6yK4poxUwY27ti29atLfWFTBQBA/8Dgc4EvABe0F1sihMCtwGeBm3ds2xp58/mr+jbntOYzEPZHfe2leMqjd93FFDriO7fm+R5d3SuyPPwnMqI4Pc09u++I6UmZ6jNK8Y6RG4ciX6DTPzDYCVwDvBV4JYuveUuL+4Df37Ft68+a+eKmCwCA/oHBlcB1wKbWYou93dST/vYd27bGopy+qm/zoNbhh4BYTWx3dnZx/oXrY51gfd+ns7sn1jEK0Q6tNXt238lU/M7sqIJ671e2D13rOhCA/oHBM4E3Uy8GLnEcji3DwDt2bNva9GLyZRUAM/oHBt8OfJyYb1trggZuB74GfG2p+RJXNvRt2RDq2k3EbDjrtDVncPqaM1yHsaggCOjs7nEdhhBWHNi3lwP7Yrfy/6hC/f7I9qF/dR3IfBrr2l7X+HMpyW8gMg382Y5tWz+13G9sqQAA6B8YfBrwYWADyXoBi8C/UU/634jLnf5SNvRtWR/q8Oug17mOZYZSivMvXE9nzPffS48AkUZTU5Ps2X1n3A7FukuhXjuyfSgRJ8s2Rgaupl4MvByI77zmk2lgF/Bfd2zbekcrD9ByATCjf2BwHfDn1IdW4rpT4B7g+8A3gFt3bNuayFNkNmzcsjIMwy+CfrXrWGYUOjroXXcxXszP1c4XChQ6kj5gJURdGIbcs/sOitORL09azDeUUv0jNw6Nuw6kFf0Dg13U1wpcDbwYuMhtRAuapD5Vfe2ObVv3tPNAbRcAM/oHBk+m3nDgT4CzjTxoa8rAz6hvXbwN+OGObVsPOYzHuKv6Nv+Z1uH/BGJxW3vq6jWsPfMs12EsqdDRkfWmICIlHnn4IQ4d3O86jBmTjfn+f3YdiEn9A4OnAS8Armz8eS5ud8LtBf4RuG7Htq1GDmcxVgDM6B8Y9IFnUH/BXtD4c57RizzhMLCn8ecO6l2Pfrpj21brZ0q71pgSuAn0pa5jAXjKBRfRnYC59o7OLnL5+s9wZ77Mio4SPYUSPR1FegolytWAiVKB8WIH48UCk6UCtTDeoxtifr4X0l0osaKjxIrG+5sPqkyUCkwUOxrvc4HpcrJ2N0+Mj3Pv3b91HcaMnyjUHyZlyL8d/QODBeAy6jntacC6xp9TLV3yQeo57YfUb2Z/vWPbVqMnnxkvAObTmGe5EngO9S53p876c0rjnzOr3IvABDA+55+P8USy3wPsMVUFJdVVfZs9NH+jCd+H48OEcvkCF66/GE/FswGPpzTnrxnjqWcf4eKzj3NSVxHfa27b1FQ5zyNHT+KeA2vYc/B0Jkty/HAcdRdKrFvzKBetPchZJx+jK19u6vtqocfx6U7ue/Q07jmwhocOn0Ko47msKQxr3HXnbyiXnN/jVED9nVJ8aOTGoTjuP4xMY/R73Zw/q4EeYMWcf84MQVap38Aeafxz5s+jwM+B26JYnxZJAdCM/oHBbqC0Y9vW2LayiqsNfVsuD3W4HbTTOauTT1nNmWfHp4FhPqix/qxj9aR/1lE682Y+WjPFwN0H1nJ4Iq7LXrLh1J5J1q898HjSN6FYyXFvoxi49+DpVGrxKWoffvB+Dh9asLNrVHY37vp/7jqQpOkfGAyAwo5tW2OxbzM2BYBoz4aNWzp1qD+qCQdw2PDi3PMvYMUKt7sVfU9zxUUHeNnT99JdsNt/ZPf+tXxn98UcnYzFcozMOLl7it+55C4uOeOA1etMlfP8+z0X8vMHz3U+FTR2/Bije+52GUII6hNK8VcjNw7F/rxhsTQpAFJmQ9+W14Q6/L+gnfTqDYIcF66/xMmBPAp4xlMe49XPeohTeqL7/RSGip8/dC4/uHsdUwmbT06arnyZF63fw3POfQjPi+5317GpLr5710Xc+YibFti1apW77vw1FXcnXj6sUJtHtg/9m6sAhHlSAKTQho1bVoWhvg7CjS6uv+qkkzn73PMjvWbvmjE2XHo/Z53ibmStXA340b29/Oi+Xud3i2njeyHPv2CU5184Sj5wN0t44Pgqbr3zEh46fMrSX2zQg6P3cvTI4Uiv+QT1OaX445Ebh2J9XLlYPikAUmxD35b+UNc+QX2hZaTOOfd8Vp50ciTXevFT9/G7z36AuHT8ffjIyXz5Z5cyWZLRABO6C2V+77m3c84p8Vjzq7Xi27vX8+P7eiO53rEjh3lg1Mki+8cU6p0j24d2uri4sE8KgJTb0LflzFCHN4J+eZTX9f2ACy66mFzOXhIM/JA3Pu8+ntMbvzYPY9OdfPE/LuXg2ErXoSTampVjbLz8dlZ2xqrhDQC/2XsWu371dKujPeVymXt++xuq1chHPb7VGPK3u8hCOCUFQEZc1bf5TxvNgyJbtl7o6OD8C9fje+ZXUa/orPDml9zFuavj23SsUvP52i+eyV3717oOJZEuPuMAr3v2r8j5Rrc+G/XI0ZP40k8vZcLC1tBarcaeu+6MutvfRKOpzyejvKhwQwqADNnQt+WcUOuPQLgJiGRvU0/PSs49/wKjJ/KdtnKat7/iTlZ2NbfP27V/++3FkQ0Xp8UVF4zy8qfe5TqMpowXO7jpR88zuiVUa83onrsZHztu7DGXUAO1XcEHRrYPxe50IWGHFAAZtKFvy7NCHf7vqKYFTPYH6MxX+ePX/IbVK+M3JLyYkdufze598T45MS4uOXM/b7z0F67DWJYjk93c8IMXUKyY6ccV8X7/bynU4Mj2od9EdUERD1IAZNiGvi2vDnX496Cfaftaa844i9WnrWnrMTyl2fyy3aw7w0zDlyhVaj433nYFB47H6kTn2Fm76jhvufLHsR72X8joodV84SeXodvsIvjogf3s2/uQoagWdXsj8X87iouJ+JECQLChb/PmUOv/DtpqG79zzutl5aqTWv7+q597Py+8ODYHoCzbWLGDG75/pZX54jToKZTY/OLbWNmR3B4z/zF6PrfeeUnL33/86FHuv+8egxHN636F+uDI9qGbbF9IxJtsVhbs2nnDDUqpC5Xy3g9Yu71+5KEHmJ5q7STm517waKKTP8DKjiJvuux2gibPIMiSwAt502W3Jzr5A1zeez/PPGdvS987NTnJg/db3e53BNRfKqXWS/IXICMAYo4NG7ecpEP9N42WwsZvVYMgR++69cvaHriqq8R7X/8LAj8difO2PRfy3bvietS4Gy+9+B6uXJeOA+Wqocc/f/uljE03f/R0uVxmz+47bHX6K4L6R6X4HyM3DkW2qlDEnxQAYl4b+racF2q9FcI3YXikaLnbA/uefy+XXuD8ABRjKjWff/r2S5koylQAQE9HiXe+7LuJnPdfyK8fPpuv//IZTX2txe1+IagdCt4/sn3oYdMPLpJPpgDEvHbtvP7Bb37phk2e8p8H6rsmH7tULLL3gftppvhcc9IUz+lNT/IHyPk1Xrze+jxvYrx4/T2pSv4ATz/7EU5bsXSPCq01D9y3x0byv1WhLv3K9qE3S/IXC5ECQCxq187rf/bNL33mdzzlXw3ql6Yed2JijP2PLP176Xef/WBsWvya9Kxz9nJqz4TrMJw7tWeCZ7U4Zx5nSmledsnSJ/ftfegB03v9f6ZQr/7K9n961cj2IWM/ryKdZApALMuGvi0vCXX4btC/C7S96XnNmWexevX82wN714zxjlfe0e4lYuvuA2v40k8vdR2GU2+67HbWrz3oOgxrtv/wigUPDnr04H72PWxku18F+KpCXTuyfeg2Ew8oskEKANGSDX1bztZa/5km/M/A6nYea6HtgW97xZ1cuDbda5au++6LODS+wnUYTpy2Ypx3vPQHrsOw6v5Dq9nx48uf9PfHjh7hgfv2tPvwj4L6tIKhke1D+9p9MJE90R/aLlJh187r9wLvvapv8/uBzVrr/wL6Wa081t6H7uess89j1clP3Cl1Far0rkn/6aPrzziY2QJg/RnpvfOfcd7qw3TkKid0CDx6+DEeemC0nYf9Gaghpbhp5MYhK9sGRDZIASDacsvOGyrAdcB1G/q2vCjU4V+AvpplTA9ordn78APUwhqnnHoaAJecdQRPpX906qK1B/n3ey50HYYTF6V46H+GpzQXrnmUO/aeBcBjjx5k70MPtPJQFWBEoT4+sn3oRwZDFBkmBYAwZtfO638A/GBD35YzZ00PnN7s9+9/5GGqtSqnn34GTz3niLU44+SMVcdZ2VFkrNj8nvE0WNlR5IxV6Z7emXHR2oPcsfcsDux/hAOPLHvB44FZw/xyNK8wSgoAYdyundfvA953Vd/mDwBv1Vq/E/Szm/neQwf2E6gqF52ZvH7/rVq39iC3P3Ce6zAitS4Dd/8zLjjtEAf3PcCBfct6zj9tNO/5vAzzC1ukABDWNKYHPg18ekPflitDrf8CwtexxPTAeaccIJeSrn/NuCiDBUAWhv9n5IMaa7v3sn/pWbEyqC8r+PjI9qGfRBGbyDYpAEQkdu28/jbgtg19W9Zo9B9ord8A+vnMUwxc8pT0z/3PdvbJ2RntmJG153zRORV+sWfeAqACfB/UiIKdI9uHDkUcmsgwKQBEpHbtvP4gcC1w7YaNW07TWm/UWr8R9ItoFAOnrMxWAZAPqlCbQnudqDR2PZojH9TqzzlDTllxwohWGfgOqC8rxcjIjUOHHYUlMk4KAOHMri9efwgYAoY2bNxyktZ6k9b6905dqV9OxrpUFtQYhycq5PMFcvk8SqX36fcUkn3iXytWrwpD4FugvtRI+tlYASliTRoBidgp37fpbk+RqePyrrv1aYweXPn4f/tBQC6fJwhyqRsVOPfUI7z5BT92HUakQs3u/AXDT3UdhxCzyQiAiB1PsdZ1DFFb0Vk+4b9r1Sq1ahWlIMjl63+CdPy4rujI3giApzjDdQxCzJXecUaRSNXRTd3AyiW/MGVWzikAZmgNlXKZ6ckJJsaPUypOE9aSfXJeT0fJdQgunFQd3dTlOgghZkvHLYVIk1NdB+BCV2HpRXE61JRLJcqlEp7vk8vlyeVziVsv0JWbv9jJgNWAkdN/hDBBCgARN8nKZoYst+1xWKtRqk1TKk4nbr1AAkK0JZOfbRFfUgAIkXAnrBcIcvhBDj8I8DzJN0KIhUkBIERKaA2VSoVKpd45VnmKwA/wg6BREPiOIxRCxIkUAEKklA41lfDEgsBvFASBH+D5UhAIkWVSAAiRETrUVMMK1UqFEqCUqo8O+AF+4OP78utAiCyRn3ghMkprTbVSLwigvjjP8wOCRlHg+V7idhgIIZonBYAQAqivIZhZUPg4BZ7n43nerD8+qvHvQojkkgJACLEwXd9yOG/zIcXjBcFMcaBm/bcQIt6kABAiBp59/oF//sJ3Vu5SqEuU5/UqT53ted5aT3mrleetVB5dCuUrpTyllEIpz0MpPIUi4o31ChQKTb04qFVrWqNDQq01OtRa18JQT6H1mFYcArUfzUM6rI2GWt/1tFc8+FrgndEGLYSYSwoAIWJgZVdt7FMf+++7gF3L/d7+d7ynkO/oONlT3smeUicrpVZppVYqpXrQrFSKHqVUN9CDUl2guhS6E6U6ANBMA9MaPQVMKZjQmkmNnlCosfo/OQ5qDKWOaB0eK5dKxz7ziQ+11NO3Orrppa18nxDCLCkAhEi4Hdd9tAQcaPwRQoimyESdEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAEEIIkUFSAAghhBAZJAWAiJt5ms5nQpaed5ae62xZfd4ipqQAEHHzmOsAHDnkOoAIZem5zpbV5y1iSgoAEStB7/A0cNR1HA7scx1AhLL0XGccDnqHi66DEGI2KQBEHO13HYADWXrOWXquMx5xHYAQc0kBIOIoi3eIWXrOWXquM6QAELEjBYCIoywmiCw95yw91xlSAIjYkQJAxFHWEsSxxtqHTGg812Ou44jYXtcBCDGXFAAijr7nOoCIfd91AA5k7Tln7fmKBJACQMTRt4Ex10FE6KuuA3AgS8/5KPAD10EIMZcUACJ2gt7hMvBN13FEJAS+4ToIB75B/blnwS1B73DVdRBCzCUFgIirm10HEJEfB73Dj7oOImqN5/xj13FEJEujHSJBpAAQcXULUHYdRASynByy8NzLwLdcByHEfKQAELEU9A6PAf/iOg7LQmDEdRAOjZD+aYB/CXqHx10HIcR8pAAQcfY3gHYdhEU3Bb3D97oOwpXGc7/JdRwWaeqfYSFiSQoAEVtB7/DtwLDrOCwpAR90HUQMfJD6a5FGw43PsBCxJAWAiLu/Biqug7BgKOgdftB1EK41XoMh13FYUKH+2RUitqQAELEW9A6PAp90HYdhx4APuQ4iRj5E+joDfrLx2RUitqQAEEnwd6SrMdCHg97hI66DiIvGa/Fh13EYNEb9MytErEkBIGIv6B0+BLyFdCwI/Ffgo66DiKGPUn9tkk4Db2l8ZoWINSkARCIEvcNfJfmL5u4GNgW9wzXXgcRN4zXZRP01SrIPNj6rQsSe0joNN1UiK6qjm75APVEkzVHgeUHv8B7XgcRZdXTTOuAnwMmuY2nBcNA7/PuugxCiWTICIJJmM5C0rVVVYKMk/6U1XqON1F+zJLmd+mdTiMSQAkAkSuMs+WuA3a5jaVIFeFvQO/z/XAeSFI3X6m0kZ/vnbuCaxmdTiMSQAkAkTtA7vBe4AtjlOpYlPAa8Mugd/qzrQJKm8Zq9kvprGGe7gCsan0khEkUKAJFIjbMCXgdsdR3LAn4DXB70Dn/PdSBJ1XjtLqf+WsbRVuB1jc+iEIkjiwBF4lVHN/0h8Cmgw3UsDTcDbw56hydcB5IG1dFNPcB26lM/cVAE3h70Dn/OdSBCtENGAETiNX4RX4b7Y1f3AW8H3ijJ35zGa/lG6q/tPsfhfAu4TJK/SAMZARCpUh3d9DvUh2afG+FlxxvX/FjQOzwV4XUzpzq6qQt4NzAIrIjw0j8DBoPe4e9EeE0hrJICQKROdXSTor6V7EPABRYvVQG2AX8rnd+iVR3ddBrw34ABIGfxUvcB7wd2Br3D8stSpIoUACK1qqObfOBK6nPH1wDnG3jYInAr8BXg60HvcNxXqadadXTTauC1wBuo7xowsQ7kfurrOG4GbpPOjSKtpAAQmVEd3fRM6oXAVcBTgNMAtcS3TQL7gR9RTwj/EvQOT1oMU7SoOrqpG3g19ff4+cAZQPcS36aBQ8ADwC3AzUHv8K8shilEbEgBIDKrOropB6ylnijObPz7OPWEvw/YJ1u8kq06umkl9ff2TOrv8wrgAPX3dz9wIOgdTkrDISGMkgJACCGEyCDZBiiEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJkkBQAQgghRAZJASCEEEJk0P8HIGK4qJUDxrEAAAAASUVORK5CYII=" style="width: 16em;margin-left: 52em;margin-top: 63px;">
4
+ <div><h1 style="font-size: 90px;margin-top: -2em;margin-left: 401PX;">403</h1></div>
5
+ <div><h2 style="font-size: 54px;margin-left: 557px;margin-top: -140px;" >Forbidden</h2></div>
6
+ <div><h6 style="font-size: 21px;margin-left: 19em;margin-top: 7em;color: red;">Your IP has been blocked. Please Contact your Administrator.<h6></div>
7
+ <h6 style="font-size: 21px;margin-left:20em;">For more information please contact miniorange <a href="https://faq.miniorange.com/">FAQ'S</h6>
8
+ </div>
9
+ </div>
handler/mo-waf-plugin.php CHANGED
@@ -1,410 +1,410 @@
1
- <?php
2
-
3
- $dir =dirname(__FILE__);
4
- $dir = str_replace('\\', "/", $dir);
5
- $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
- $xssFile = $dir.'/signature/APXSS.php';
7
- $lfiFile = $dir.'/signature/APLFI.php';
8
- $configfilepath = explode('wp-content', $dir);
9
- $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
-
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
-
26
- global $wpdb;
27
- $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
31
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
34
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
35
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
36
- else if(isset($_SERVER['HTTP_FORWARDED']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
38
- else if(isset($_SERVER['REMOTE_ADDR']))
39
- $ipaddress = $_SERVER['REMOTE_ADDR'];
40
- else
41
- $ipaddress = 'UNKNOWN';
42
-
43
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
44
- $results = $wpdb->get_results($query);
45
-
46
- if(sizeof($results)!=0)
47
- {
48
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
49
- $results1 = $wpdb->get_results($query);
50
- if(sizeof($results1)!=0)
51
- {
52
- //IP whitelisted
53
- }
54
- else
55
- {
56
- header('HTTP/1.1 403 Forbidden');
57
- include_once("mo-block.html");
58
- exit;
59
- }
60
- }
61
- $dir_name = dirname(__FILE__);
62
- $dir_name1 = explode('wp-content', $dir_name);
63
- $dir_name = $dir_name1[0];
64
- $filepath = str_replace('\\', '/', $dir_name1[0]);
65
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
66
-
67
- if($missingFile==1)
68
- {
69
- if(!file_exists($fileName))
70
- {
71
- $file = fopen($fileName, "a+");
72
- $string = "<?php".PHP_EOL;
73
- $string .= '$SQL = '.get_option("SQLInjection").';'.PHP_EOL;
74
- $string .= '$XSS = '.get_option("XSSAttack").';'.PHP_EOL;
75
- $string .= '$RFI = '.get_option("RFIAttack").';'.PHP_EOL;
76
- $string .= '$LFI = '.get_option("LFIAttack").';'.PHP_EOL;
77
- $string .= '$RCE = '.get_option("RCEAttack").';'.PHP_EOL;
78
- $string .= '$RateLimiting = '.get_option("Rate_limiting").';'.PHP_EOL;
79
- $string .= '$RequestsPMin = '.get_option("Rate_request").';'.PHP_EOL;
80
-
81
- if(get_option('actionRateL') == 0)
82
- $string .= '$actionRateL = "ThrottleIP";'.PHP_EOL;
83
- else
84
- $string .= '$actionRateL = "BlockIP";'.PHP_EOL;
85
-
86
- $string .= '?>'.PHP_EOL;
87
- fwrite($file, $string);
88
- fclose($file);
89
-
90
- }
91
-
92
- }
93
- include_once($fileName);
94
-
95
-
96
- if($RateLimiting == 1)
97
- {
98
- $time = 60;
99
- $reqLimit = $RequestsPMin;
100
-
101
- $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
102
- $results = $wpdb->get_results($query);
103
-
104
- $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
105
- $results = $wpdb->get_results($query);
106
-
107
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
108
- $results = $wpdb->get_results($query);
109
-
110
- if($results[0]->count>=$reqLimit)
111
- {
112
- $action = $actionRateL;
113
- if($action == 'ThrottleIP')
114
- {
115
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
116
- $results = $wpdb->get_results($query);
117
- $current_time = time();
118
- if($results[0]->time < $current_time-60)
119
- {
120
- $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
121
- $results = $wpdb->get_results($query);
122
- }
123
- header('HTTP/1.1 403 Forbidden');
124
- include_once("mo-error.html");
125
- exit;
126
- }
127
- else
128
- {
129
- $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
130
- $results = $wpdb->get_results($query);
131
- $current_time = time();
132
- if($results[0]->time < $current_time-60)
133
- {
134
- $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
135
- $results = $wpdb->get_results($query);
136
- }
137
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
138
- $results1 = $wpdb->get_results($query);
139
- if(sizeof($results1)!=0)
140
- {
141
- //IP whitelisted
142
- }
143
- else
144
- {
145
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".current_time( 'timestamp' ).");";
146
- $results =$wpdb->get_results($query);
147
- }
148
- header('HTTP/1.1 403 Forbidden');
149
- include_once("mo-error.html");
150
- exit;
151
- }
152
- }
153
- }
154
- $attack = array();
155
- if($SQL==1)
156
- {
157
- array_push($attack,"SQL");
158
- }
159
- if($XSS==1)
160
- {
161
- array_push($attack,"XSS");
162
- }
163
- if($LFI==1)
164
- {
165
- array_push($attack,"LFI");
166
- }
167
-
168
- $attackC = $attack;
169
- $ParanoiaLevel = 1;
170
- $annomalyS = 0;
171
- $SQLScore = 0;
172
- $XSSScore = 0;
173
- $limitAttack = get_option('limitAttack');
174
-
175
-
176
- foreach ($attackC as $key1 => $value1) {
177
- for($lev=1;$lev<=$ParanoiaLevel;$lev++)
178
- {
179
- if(isset($regex[$value1][$lev]))
180
- {
181
- for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
182
- {
183
- foreach ($_REQUEST as $key => $value) {
184
- if($regex[$value1][$lev][$i] != "")
185
- {
186
- if(strpos($regex[$value1][$lev][$i], '/') == false)
187
- {
188
- if(is_string($value))
189
- {
190
-
191
- if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
192
- {
193
- $scoreValue = 0;
194
-
195
- $annomalyMS = $score[$value1][$lev][$i];
196
- if(strcmp($annomalyMS,"CRITICAL")==0)
197
- {
198
- $scoreValue = 5;
199
- }
200
-
201
- elseif(strcmp($annomalyMS,"WARNING")==0)
202
- {
203
- $scoreValue = 3;
204
- }
205
- elseif(strcmp($annomalyMS,"ERROR")==0)
206
- {
207
- $scoreValue = 4;
208
- }
209
- elseif(strcmp($annomalyMS,"NOTICE")==0)
210
- {
211
- $scoreValue =2;
212
- }
213
-
214
- if($value1 == "SQL")
215
- {
216
- $SQLScore += $scoreValue;
217
-
218
- }
219
- elseif ($value1 == "XSS")
220
- {
221
- $XSSScore += $scoreValue;
222
- }
223
- else
224
- {
225
- $annomalyS += $scoreValue;
226
- }
227
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
228
- {
229
- $value = htmlspecialchars($value);
230
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
231
- $results = $wpdb->get_results($query);
232
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
233
- $results = $wpdb->get_results($query);
234
- if($results[0]->count>$limitAttack)
235
- {
236
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
237
- $results = $wpdb->get_results($query);
238
- if(sizeof($results)!=0)
239
- {
240
- //IP whitelisted
241
- }
242
- else
243
- {
244
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
245
- $results =$wpdb->get_results($query);
246
- }
247
- }
248
- header('HTTP/1.1 403 Forbidden');
249
- include_once("mo-error.html");
250
- exit;
251
- }
252
-
253
- }
254
- }
255
- }
256
- else if (strpos($regex[$value1][$lev][$i], '#') == false) {
257
- if(is_string($value))
258
- {
259
-
260
- if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
261
- {
262
- $scoreValue = 0;
263
- $annomalyMS = $score[$value1][$lev][$i];
264
- if(strcmp($annomalyMS,"CRITICAL")==0)
265
- {
266
- $scoreValue = 5;
267
- }
268
-
269
- elseif(strcmp($annomalyMS,"WARNING")==0)
270
- {
271
- $scoreValue = 3;
272
- }
273
- elseif(strcmp($annomalyMS,"ERROR")==0)
274
- {
275
- $scoreValue = 4;
276
- }
277
- elseif(strcmp($annomalyMS,"NOTICE")==0)
278
- {
279
- $scoreValue =2;
280
- }
281
-
282
-
283
- if($value1 == "SQL")
284
- {
285
- $SQLScore += $scoreValue;
286
-
287
- }
288
- elseif ($value1 == "XSS")
289
- {
290
- $XSSScore += $scoreValue;
291
- }
292
- else
293
- {
294
- $annomalyS += $scoreValue;
295
- }
296
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
297
- {
298
- $value = htmlspecialchars($value);
299
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
300
- $results = $wpdb->get_results($query);
301
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
302
- $results = $wpdb->get_results($query);
303
-
304
- if($results[0]->count>$limitAttack)
305
- {
306
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
307
- $results = $wpdb->get_results($query);
308
- if(sizeof($results)!=0)
309
- {
310
- //IP whitelisted
311
- }
312
- else
313
- {
314
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
315
- $results =$wpdb->get_results($query);
316
- }
317
- }
318
- header('HTTP/1.1 403 Forbidden');
319
- include_once("mo-error.html");
320
- exit;
321
- }
322
- }
323
- }
324
- }
325
-
326
- elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
327
- if(is_string($value))
328
- {
329
-
330
- if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
331
- {
332
- $scoreValue = 0;
333
- $annomalyMS = $score[$value1][$lev][$i];
334
- if(strcmp($annomalyMS,"CRITICAL")==0)
335
- {
336
- $scoreValue = 5;
337
- }
338
-
339
- elseif(strcmp($annomalyMS,"WARNING")==0)
340
- {
341
- $scoreValue = 3;
342
- }
343
- elseif(strcmp($annomalyMS,"ERROR")==0)
344
- {
345
- $scoreValue = 4;
346
- }
347
- elseif(strcmp($annomalyMS,"NOTICE")==0)
348
- {
349
- $scoreValue =2;
350
- }
351
-
352
-
353
- if($value1 == "SQL")
354
- {
355
- $SQLScore += $scoreValue;
356
-
357
- }
358
- elseif ($value1 == "XSS")
359
- {
360
- $XSSScore += $scoreValue;
361
- }
362
- else
363
- {
364
- $annomalyS += $scoreValue;
365
- }
366
- if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
367
- {
368
- $value = htmlspecialchars($value);
369
- $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
370
- $results = $wpdb->get_results($query);
371
- $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
372
- $results = $wpdb->get_results($query);
373
-
374
- if($results[0]->count>$limitAttack)
375
- {
376
- $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
377
- $results = $wpdb->get_results($query);
378
- if(sizeof($results)!=0)
379
- {
380
- //IP whitelisted
381
- }
382
- else
383
- {
384
- $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
385
- $results =$wpdb->get_results($query);
386
- }
387
- }
388
- header('HTTP/1.1 403 Forbidden');
389
- include_once("mo-error.html");
390
- exit;
391
- }
392
- }
393
- }
394
-
395
- }
396
-
397
- }
398
- }
399
-
400
- }
401
- }
402
-
403
- }
404
- }
405
-
406
-
407
-
408
-
409
-
410
  ?>
1
+ <?php
2
+
3
+ $dir =dirname(__FILE__);
4
+ $dir = str_replace('\\', "/", $dir);
5
+ $sqlInjectionFile = $dir.'/signature/APSQLI.php';
6
+ $xssFile = $dir.'/signature/APXSS.php';
7
+ $lfiFile = $dir.'/signature/APLFI.php';
8
+ $configfilepath = explode('wp-content', $dir);
9
+ $configfile = $configfilepath[0].'/wp-includes/mo-waf-config.php';
10
+
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+
26
+ global $wpdb;
27
+ $ipaddress = '';
28
+ if (isset($_SERVER['HTTP_CLIENT_IP']))
29
+ $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
+ else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
31
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
32
+ else if(isset($_SERVER['HTTP_X_FORWARDED']))
33
+ $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
34
+ else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
35
+ $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
36
+ else if(isset($_SERVER['HTTP_FORWARDED']))
37
+ $ipaddress = $_SERVER['HTTP_FORWARDED'];
38
+ else if(isset($_SERVER['REMOTE_ADDR']))
39
+ $ipaddress = $_SERVER['REMOTE_ADDR'];
40
+ else
41
+ $ipaddress = 'UNKNOWN';
42
+
43
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_blocked_ips where ip_address="'.$ipaddress.'";';
44
+ $results = $wpdb->get_results($query);
45
+
46
+ if(sizeof($results)!=0)
47
+ {
48
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
49
+ $results1 = $wpdb->get_results($query);
50
+ if(sizeof($results1)!=0)
51
+ {
52
+ //IP whitelisted
53
+ }
54
+ else
55
+ {
56
+ header('HTTP/1.1 403 Forbidden');
57
+ include_once("mo-block.html");
58
+ exit;
59
+ }
60
+ }
61
+ $dir_name = dirname(__FILE__);
62
+ $dir_name1 = explode('wp-content', $dir_name);
63
+ $dir_name = $dir_name1[0];
64
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
65
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
66
+
67
+ if($missingFile==1)
68
+ {
69
+ if(!file_exists($fileName))
70
+ {
71
+ $file = fopen($fileName, "a+");
72
+ $string = "<?php".PHP_EOL;
73
+ $string .= '$SQL = '.get_option("SQLInjection").';'.PHP_EOL;
74
+ $string .= '$XSS = '.get_option("XSSAttack").';'.PHP_EOL;
75
+ $string .= '$RFI = '.get_option("RFIAttack").';'.PHP_EOL;
76
+ $string .= '$LFI = '.get_option("LFIAttack").';'.PHP_EOL;
77
+ $string .= '$RCE = '.get_option("RCEAttack").';'.PHP_EOL;
78
+ $string .= '$RateLimiting = '.get_option("Rate_limiting").';'.PHP_EOL;
79
+ $string .= '$RequestsPMin = '.get_option("Rate_request").';'.PHP_EOL;
80
+
81
+ if(get_option('actionRateL') == 0)
82
+ $string .= '$actionRateL = "ThrottleIP";'.PHP_EOL;
83
+ else
84
+ $string .= '$actionRateL = "BlockIP";'.PHP_EOL;
85
+
86
+ $string .= '?>'.PHP_EOL;
87
+ fwrite($file, $string);
88
+ fclose($file);
89
+
90
+ }
91
+
92
+ }
93
+ include_once($fileName);
94
+
95
+
96
+ if($RateLimiting == 1)
97
+ {
98
+ $time = 60;
99
+ $reqLimit = $RequestsPMin;
100
+
101
+ $query = "delete from ".$wpdb->base_prefix."wpns_ip_rate_details where time<".(time()-$time);
102
+ $results = $wpdb->get_results($query);
103
+
104
+ $query = "insert into ".$wpdb->base_prefix."wpns_ip_rate_details values('".$ipaddress."',".time().");";
105
+ $results = $wpdb->get_results($query);
106
+
107
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_ip_rate_details where ip='".$ipaddress."';";
108
+ $results = $wpdb->get_results($query);
109
+
110
+ if($results[0]->count>=$reqLimit)
111
+ {
112
+ $action = $actionRateL;
113
+ if($action == 'ThrottleIP')
114
+ {
115
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
116
+ $results = $wpdb->get_results($query);
117
+ $current_time = time();
118
+ if($results[0]->time < $current_time-60)
119
+ {
120
+ $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
121
+ $results = $wpdb->get_results($query);
122
+ }
123
+ header('HTTP/1.1 403 Forbidden');
124
+ include_once("mo-error.html");
125
+ exit;
126
+ }
127
+ else
128
+ {
129
+ $query = "select time from ".$wpdb->base_prefix."wpns_attack_logs where ip ='".$ipaddress."' ORDER BY time DESC LIMIT 1;";
130
+ $results = $wpdb->get_results($query);
131
+ $current_time = time();
132
+ if($results[0]->time < $current_time-60)
133
+ {
134
+ $query = "insert into ".$wpdb->base_prefix."wpns_attack_logs values('".$ipaddress."','Rate Limit',".time().",'".MoWpnsConstants::RATE_LIMIT_EXCEEDED."');";
135
+ $results = $wpdb->get_results($query);
136
+ }
137
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
138
+ $results1 = $wpdb->get_results($query);
139
+ if(sizeof($results1)!=0)
140
+ {
141
+ //IP whitelisted
142
+ }
143
+ else
144
+ {
145
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','Rate limit exceed',NULL,".current_time( 'timestamp' ).");";
146
+ $results =$wpdb->get_results($query);
147
+ }
148
+ header('HTTP/1.1 403 Forbidden');
149
+ include_once("mo-error.html");
150
+ exit;
151
+ }
152
+ }
153
+ }
154
+ $attack = array();
155
+ if($SQL==1)
156
+ {
157
+ array_push($attack,"SQL");
158
+ }
159
+ if($XSS==1)
160
+ {
161
+ array_push($attack,"XSS");
162
+ }
163
+ if($LFI==1)
164
+ {
165
+ array_push($attack,"LFI");
166
+ }
167
+
168
+ $attackC = $attack;
169
+ $ParanoiaLevel = 1;
170
+ $annomalyS = 0;
171
+ $SQLScore = 0;
172
+ $XSSScore = 0;
173
+ $limitAttack = get_option('limitAttack');
174
+
175
+
176
+ foreach ($attackC as $key1 => $value1) {
177
+ for($lev=1;$lev<=$ParanoiaLevel;$lev++)
178
+ {
179
+ if(isset($regex[$value1][$lev]))
180
+ {
181
+ for($i=0;$i<sizeof($regex[$value1][$lev]);$i++)
182
+ {
183
+ foreach ($_REQUEST as $key => $value) {
184
+ if($regex[$value1][$lev][$i] != "")
185
+ {
186
+ if(strpos($regex[$value1][$lev][$i], '/') == false)
187
+ {
188
+ if(is_string($value))
189
+ {
190
+
191
+ if(preg_match('/'.$regex[$value1][$lev][$i].'/', $value))
192
+ {
193
+ $scoreValue = 0;
194
+
195
+ $annomalyMS = $score[$value1][$lev][$i];
196
+ if(strcmp($annomalyMS,"CRITICAL")==0)
197
+ {
198
+ $scoreValue = 5;
199
+ }
200
+
201
+ elseif(strcmp($annomalyMS,"WARNING")==0)
202
+ {
203
+ $scoreValue = 3;
204
+ }
205
+ elseif(strcmp($annomalyMS,"ERROR")==0)
206
+ {
207
+ $scoreValue = 4;
208
+ }
209
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
210
+ {
211
+ $scoreValue =2;
212
+ }
213
+
214
+ if($value1 == "SQL")
215
+ {
216
+ $SQLScore += $scoreValue;
217
+
218
+ }
219
+ elseif ($value1 == "XSS")
220
+ {
221
+ $XSSScore += $scoreValue;
222
+ }
223
+ else
224
+ {
225
+ $annomalyS += $scoreValue;
226
+ }
227
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
228
+ {
229
+ $value = htmlspecialchars($value);
230
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
231
+ $results = $wpdb->get_results($query);
232
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
233
+ $results = $wpdb->get_results($query);
234
+ if($results[0]->count>$limitAttack)
235
+ {
236
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
237
+ $results = $wpdb->get_results($query);
238
+ if(sizeof($results)!=0)
239
+ {
240
+ //IP whitelisted
241
+ }
242
+ else
243
+ {
244
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
245
+ $results =$wpdb->get_results($query);
246
+ }
247
+ }
248
+ header('HTTP/1.1 403 Forbidden');
249
+ include_once("mo-error.html");
250
+ exit;
251
+ }
252
+
253
+ }
254
+ }
255
+ }
256
+ else if (strpos($regex[$value1][$lev][$i], '#') == false) {
257
+ if(is_string($value))
258
+ {
259
+
260
+ if(preg_match('#'.$regex[$value1][$lev][$i].'#', $value))
261
+ {
262
+ $scoreValue = 0;
263
+ $annomalyMS = $score[$value1][$lev][$i];
264
+ if(strcmp($annomalyMS,"CRITICAL")==0)
265
+ {
266
+ $scoreValue = 5;
267
+ }
268
+
269
+ elseif(strcmp($annomalyMS,"WARNING")==0)
270
+ {
271
+ $scoreValue = 3;
272
+ }
273
+ elseif(strcmp($annomalyMS,"ERROR")==0)
274
+ {
275
+ $scoreValue = 4;
276
+ }
277
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
278
+ {
279
+ $scoreValue =2;
280
+ }
281
+
282
+
283
+ if($value1 == "SQL")
284
+ {
285
+ $SQLScore += $scoreValue;
286
+
287
+ }
288
+ elseif ($value1 == "XSS")
289
+ {
290
+ $XSSScore += $scoreValue;
291
+ }
292
+ else
293
+ {
294
+ $annomalyS += $scoreValue;
295
+ }
296
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
297
+ {
298
+ $value = htmlspecialchars($value);
299
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
300
+ $results = $wpdb->get_results($query);
301
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
302
+ $results = $wpdb->get_results($query);
303
+
304
+ if($results[0]->count>$limitAttack)
305
+ {
306
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
307
+ $results = $wpdb->get_results($query);
308
+ if(sizeof($results)!=0)
309
+ {
310
+ //IP whitelisted
311
+ }
312
+ else
313
+ {
314
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
315
+ $results =$wpdb->get_results($query);
316
+ }
317
+ }
318
+ header('HTTP/1.1 403 Forbidden');
319
+ include_once("mo-error.html");
320
+ exit;
321
+ }
322
+ }
323
+ }
324
+ }
325
+
326
+ elseif (strpos($regex[$value1][$lev][$i], '@') == false) {
327
+ if(is_string($value))
328
+ {
329
+
330
+ if(preg_match('@'.$regex[$value1][$lev][$i].'@', $value))
331
+ {
332
+ $scoreValue = 0;
333
+ $annomalyMS = $score[$value1][$lev][$i];
334
+ if(strcmp($annomalyMS,"CRITICAL")==0)
335
+ {
336
+ $scoreValue = 5;
337
+ }
338
+
339
+ elseif(strcmp($annomalyMS,"WARNING")==0)
340
+ {
341
+ $scoreValue = 3;
342
+ }
343
+ elseif(strcmp($annomalyMS,"ERROR")==0)
344
+ {
345
+ $scoreValue = 4;
346
+ }
347
+ elseif(strcmp($annomalyMS,"NOTICE")==0)
348
+ {
349
+ $scoreValue =2;
350
+ }
351
+
352
+
353
+ if($value1 == "SQL")
354
+ {
355
+ $SQLScore += $scoreValue;
356
+
357
+ }
358
+ elseif ($value1 == "XSS")
359
+ {
360
+ $XSSScore += $scoreValue;
361
+ }
362
+ else
363
+ {
364
+ $annomalyS += $scoreValue;
365
+ }
366
+ if($annomalyS>=5 || $SQLScore>=10 || $XSSScore >=10)
367
+ {
368
+ $value = htmlspecialchars($value);
369
+ $query = 'insert into '.$wpdb->base_prefix.'wpns_attack_logs values ("'.$ipaddress.'","'.$value1.'",'.time().',"'.$value.'");';
370
+ $results = $wpdb->get_results($query);
371
+ $query = "select count(*) as count from ".$wpdb->base_prefix."wpns_attack_logs where ip='".$ipaddress."' and input != '".MoWpnsConstants::RATE_LIMIT_EXCEEDED."';";
372
+ $results = $wpdb->get_results($query);
373
+
374
+ if($results[0]->count>$limitAttack)
375
+ {
376
+ $query = 'select * from '.$wpdb->base_prefix.'mo2f_network_whitelisted_ips where ip_address="'.$ipaddress.'";';
377
+ $results = $wpdb->get_results($query);
378
+ if(sizeof($results)!=0)
379
+ {
380
+ //IP whitelisted
381
+ }
382
+ else
383
+ {
384
+ $query ="insert into ".$wpdb->base_prefix."mo2f_network_blocked_ips values(NULL,'".$ipaddress."','attack limit exceed',NULL,".current_time( 'timestamp' ).");";
385
+ $results =$wpdb->get_results($query);
386
+ }
387
+ }
388
+ header('HTTP/1.1 403 Forbidden');
389
+ include_once("mo-error.html");
390
+ exit;
391
+ }
392
+ }
393
+ }
394
+
395
+ }
396
+
397
+ }
398
+ }
399
+
400
+ }
401
+ }
402
+
403
+ }
404
+ }
405
+
406
+
407
+
408
+
409
+
410
  ?>
handler/realtime_ip_block_free.php CHANGED
@@ -1,52 +1,52 @@
1
- <?php
2
- /**
3
- *
4
- */
5
- class MO2F_realtime_free
6
- {
7
-
8
- function __construct()
9
- {
10
- add_filter( 'cron_schedules', array($this,'mo_2fa_realtime_blocking_int'));
11
- add_action( 'mo2f_realtime_ip_block_free_hook', array($this,'mo2f_realtime_ip_block_free') );
12
-
13
- }
14
- function mo2f_realtime_ip_block_free()
15
- {
16
- global $wpnsDbQueries;
17
- $results = $wpnsDbQueries->get_blocked_ips_realtime();
18
-
19
- $ip_addresses = array();
20
- $mo2f_added_ips = get_site_option('mo2f_added_ips_realtime');
21
- $sizeofResults = sizeof($results);
22
-
23
- $mo2f_added_ips = explode(',', $mo2f_added_ips);
24
-
25
- for($i = 0;$i<$sizeofResults;$i++)
26
- {
27
- if($results[$i]->ip_address != '::1' and $results[$i]->ip_address != '127.0.0.1' and rest_is_ip_address($results[$i]->ip_address))
28
- {
29
- if(!in_array($results[$i]->ip_address, $mo2f_added_ips))
30
- {
31
- array_push($ip_addresses,$results[$i]->ip_address);
32
- }
33
- }
34
- }
35
-
36
-
37
- add_to_blacklist($ip_addresses,get_site_option('siteurl'));
38
-
39
- }
40
- function mo_2fa_realtime_blocking_int()
41
- {
42
- $mo2f_cron_hours = 7200;
43
- $schedules['mo2f_realtime_ipblock_free'] = array(
44
- 'interval' => $mo2f_cron_hours,
45
- 'display' => esc_html__( 'Cron Activated' ),
46
- );
47
- return $schedules;
48
- }
49
- }
50
- new MO2F_realtime_free;
51
-
52
  ?>
1
+ <?php
2
+ /**
3
+ *
4
+ */
5
+ class MO2F_realtime_free
6
+ {
7
+
8
+ function __construct()
9
+ {
10
+ add_filter( 'cron_schedules', array($this,'mo_2fa_realtime_blocking_int'));
11
+ add_action( 'mo2f_realtime_ip_block_free_hook', array($this,'mo2f_realtime_ip_block_free') );
12
+
13
+ }
14
+ function mo2f_realtime_ip_block_free()
15
+ {
16
+ global $wpnsDbQueries;
17
+ $results = $wpnsDbQueries->get_blocked_ips_realtime();
18
+
19
+ $ip_addresses = array();
20
+ $mo2f_added_ips = get_site_option('mo2f_added_ips_realtime');
21
+ $sizeofResults = sizeof($results);
22
+
23
+ $mo2f_added_ips = explode(',', $mo2f_added_ips);
24
+
25
+ for($i = 0;$i<$sizeofResults;$i++)
26
+ {
27
+ if($results[$i]->ip_address != '::1' and $results[$i]->ip_address != '127.0.0.1' and rest_is_ip_address($results[$i]->ip_address))
28
+ {
29
+ if(!in_array($results[$i]->ip_address, $mo2f_added_ips))
30
+ {
31
+ array_push($ip_addresses,$results[$i]->ip_address);
32
+ }
33
+ }
34
+ }
35
+
36
+
37
+ add_to_blacklist($ip_addresses,get_site_option('siteurl'));
38
+
39
+ }
40
+ function mo_2fa_realtime_blocking_int()
41
+ {
42
+ $mo2f_cron_hours = 7200;
43
+ $schedules['mo2f_realtime_ipblock_free'] = array(
44
+ 'interval' => $mo2f_cron_hours,
45
+ 'display' => esc_html__( 'Cron Activated' ),
46
+ );
47
+ return $schedules;
48
+ }
49
+ }
50
+ new MO2F_realtime_free;
51
+
52
  ?>
handler/recaptcha.php CHANGED
@@ -1,160 +1,160 @@
1
- <?php
2
-
3
- class mo2f_ReCaptcha
4
- {
5
- function __construct()
6
- {
7
- add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
- add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
- add_action( 'register_form' , array($this, 'register_with_captcha') );
10
- add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
- add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
- add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
- }
14
-
15
-
16
- //Function to handle Testing reCaptcha
17
- function handle_recaptcha()
18
- {
19
- global $moWpnsUtility,$mo2f_dirName;
20
- if (current_user_can( 'manage_options' ))
21
- {
22
- if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig')
23
- {
24
- if(array_key_exists('g-recaptcha-response',$_POST))
25
- {
26
- $userIp = $moWpnsUtility->get_client_ip();
27
- $userIp = sanitize_text_field( $userIp );
28
- $mocURL = new MocURL;
29
- $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
30
- $content = json_decode($response, true);
31
- if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
32
- echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
33
- else if(isset($content['success']) && $content['success']==1)
34
- echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
35
- else
36
- echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
37
- }
38
- show_google_recaptcha_form_v2();
39
- }
40
- if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig3')
41
- {
42
- if(array_key_exists('g-recaptcha-response',$_REQUEST))
43
- {
44
- $userIp = $moWpnsUtility->get_client_ip();
45
- $userIp = sanitize_text_field( $userIp );
46
- $mocURL = new MocURL;
47
-
48
- $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
49
-
50
- $content = json_decode($response, true);
51
- if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
52
- echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
53
- else if(isset($content['success']) && $content['success']==1)
54
- {
55
-
56
- if($content['success']==1)
57
- {
58
- if($content['score']>=0.9)
59
- {
60
- echo "<br><br><h2 style=color:green;text-align:center>Welcome!</h2>";
61
- echo "<h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
62
- }
63
- else echo "<br><br><h2 style=color:red;text-align:center>Captcha verification failed! Permission denied.</h2>";
64
- }
65
- }
66
- else
67
- echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
68
- }
69
- show_google_recaptcha_form_v3();
70
- }
71
- }
72
- }
73
-
74
-
75
- function custom_login_fields()
76
- {
77
- global $moWpnsUtility,$mo2f_dirName;
78
- if(get_option('mo_wpns_activate_recaptcha_for_login') && MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'))
79
- {
80
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
81
- show_google_recaptcha_form_v3_login();
82
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
83
- {
84
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
85
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
86
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
87
- }
88
- }
89
- }
90
-
91
-
92
- function register_with_captcha(){
93
- global $moWpnsUtility,$mo2f_dirName;
94
- if(get_option('mo_wpns_activate_recaptcha_for_registration'))
95
- {
96
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
97
- show_google_recaptcha_form_v3_login();
98
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
99
- show_google_recaptcha_form_v2_login();
100
- }
101
- }
102
-
103
- function woocommerce_register_with_captcha(){
104
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
105
- {
106
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
107
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
108
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
109
- }
110
- }
111
-
112
- function woocommerce_login_with_captcha(){
113
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
114
- {
115
-
116
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
117
-
118
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
119
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
120
- }
121
- }
122
-
123
- function woocommerce_register_with_captcha_checkout(){
124
-
125
- if (!is_user_logged_in()){
126
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
127
- {
128
- echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
129
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
130
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
131
- }
132
- }
133
- }
134
-
135
- public static function recaptcha_verify($response)
136
- {
137
- global $moWpnsUtility;
138
- $userIp = $moWpnsUtility->get_client_ip();
139
- $userIp = sanitize_text_field( $userIp );
140
- $mocURL = new MocURL;
141
- $response = $mocURL->validate_recaptcha($userIp,$response);
142
- $content = json_decode($response, true);
143
- $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
144
- return $isvalid;
145
- }
146
-
147
- public static function recaptcha_verify_3($response)
148
- {
149
- global $moWpnsUtility;
150
- $userIp = $moWpnsUtility->get_client_ip();
151
- $userIp = sanitize_text_field( $userIp );
152
- $mocURL = new MocURL;
153
- $response = $mocURL->get_Captcha_v3($response);
154
- $content = json_decode($response, true);
155
- $isvalid = isset($content['success']) && $content['success']==1 && $content['score']>=0.9? true : false;
156
- return $isvalid;
157
- }
158
-
159
- }
160
- new mo2f_ReCaptcha;
1
+ <?php
2
+
3
+ class mo2f_ReCaptcha
4
+ {
5
+ function __construct()
6
+ {
7
+ add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
+ add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
+ add_action( 'register_form' , array($this, 'register_with_captcha') );
10
+ add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
+ add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
+ add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
+ }
14
+
15
+
16
+ //Function to handle Testing reCaptcha
17
+ function handle_recaptcha()
18
+ {
19
+ global $moWpnsUtility,$mo2f_dirName;
20
+ if (current_user_can( 'manage_options' ))
21
+ {
22
+ if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig')
23
+ {
24
+ if(array_key_exists('g-recaptcha-response',$_POST))
25
+ {
26
+ $userIp = $moWpnsUtility->get_client_ip();
27
+ $userIp = sanitize_text_field( $userIp );
28
+ $mocURL = new MocURL;
29
+ $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
30
+ $content = json_decode($response, true);
31
+ if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
32
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
33
+ else if(isset($content['success']) && $content['success']==1)
34
+ echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
35
+ else
36
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
37
+ }
38
+ show_google_recaptcha_form_v2();
39
+ }
40
+ if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig3')
41
+ {
42
+ if(array_key_exists('g-recaptcha-response',$_REQUEST))
43
+ {
44
+ $userIp = $moWpnsUtility->get_client_ip();
45
+ $userIp = sanitize_text_field( $userIp );
46
+ $mocURL = new MocURL;
47
+
48
+ $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
49
+
50
+ $content = json_decode($response, true);
51
+ if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
52
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
53
+ else if(isset($content['success']) && $content['success']==1)
54
+ {
55
+
56
+ if($content['success']==1)
57
+ {
58
+ if($content['score']>=0.9)
59
+ {
60
+ echo "<br><br><h2 style=color:green;text-align:center>Welcome!</h2>";
61
+ echo "<h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
62
+ }
63
+ else echo "<br><br><h2 style=color:red;text-align:center>Captcha verification failed! Permission denied.</h2>";
64
+ }
65
+ }
66
+ else
67
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
68
+ }
69
+ show_google_recaptcha_form_v3();
70
+ }
71
+ }
72
+ }
73
+
74
+
75
+ function custom_login_fields()
76
+ {
77
+ global $moWpnsUtility,$mo2f_dirName;
78
+ if(get_option('mo_wpns_activate_recaptcha_for_login') && MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'))
79
+ {
80
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
81
+ show_google_recaptcha_form_v3_login();
82
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
83
+ {
84
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
85
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
86
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
87
+ }
88
+ }
89
+ }
90
+
91
+
92
+ function register_with_captcha(){
93
+ global $moWpnsUtility,$mo2f_dirName;
94
+ if(get_option('mo_wpns_activate_recaptcha_for_registration'))
95
+ {
96
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
97
+ show_google_recaptcha_form_v3_login();
98
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
99
+ show_google_recaptcha_form_v2_login();
100
+ }
101
+ }
102
+
103
+ function woocommerce_register_with_captcha(){
104
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
105
+ {
106
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
107
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
108
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
109
+ }
110
+ }
111
+
112
+ function woocommerce_login_with_captcha(){
113
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
114
+ {
115
+
116
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
117
+
118
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
119
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
120
+ }
121
+ }
122
+
123
+ function woocommerce_register_with_captcha_checkout(){
124
+
125
+ if (!is_user_logged_in()){
126
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
127
+ {
128
+ echo "<script src='".MoWpnsConstants::RECAPTCHA_URL."'></script>";
129
+ echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
130
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
131
+ }
132
+ }
133
+ }
134
+
135
+ public static function recaptcha_verify($response)
136
+ {
137
+ global $moWpnsUtility;
138
+ $userIp = $moWpnsUtility->get_client_ip();
139
+ $userIp = sanitize_text_field( $userIp );
140
+ $mocURL = new MocURL;
141
+ $response = $mocURL->validate_recaptcha($userIp,$response);
142
+ $content = json_decode($response, true);
143
+ $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
144
+ return $isvalid;
145
+ }
146
+
147
+ public static function recaptcha_verify_3($response)
148
+ {
149
+ global $moWpnsUtility;
150
+ $userIp = $moWpnsUtility->get_client_ip();
151
+ $userIp = sanitize_text_field( $userIp );
152
+ $mocURL = new MocURL;
153
+ $response = $mocURL->get_Captcha_v3($response);
154
+ $content = json_decode($response, true);
155
+ $isvalid = isset($content['success']) && $content['success']==1 && $content['score']>=0.9? true : false;
156
+ return $isvalid;
157
+ }
158
+
159
+ }
160
+ new mo2f_ReCaptcha;
handler/twofa/encryption.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
- /**
3
- * @package miniOrange
4
- * @author miniOrange Security Software Pvt. Ltd.
5
- * @license GNU/GPLv3
6
- * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
- *
8
- *
9
- * This file is part of miniOrange Gauth plugin.
10
- */
11
-
12
- class mo2f_GAuth_AESEncryption {
13
- /**
14
- * @param string $data - the key=value pairs separated with &
15
- * @return string
16
- */
17
- public static function encrypt_data_ga($data, $key) {
18
- $plaintext = $data;
19
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
- $iv = openssl_random_pseudo_bytes($ivlen);
21
- $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
- $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
- $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
- return $ciphertext;
25
- }
26
-
27
-
28
- /**
29
- * @param string $data - crypt response from Sagepay
30
- * @return string
31
- */
32
- public static function decrypt_data($data, $key) {
33
- $c = base64_decode($data);
34
- $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
- $iv = substr($c, 0, $ivlen);
36
- $hmac = substr($c, $ivlen, $sha2len=32);
37
- $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
- $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
- $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
-
41
-
42
- return $original_plaintext;
43
- }
44
-
45
- }
46
  ?>
1
+ <?php
2
+ /**
3
+ * @package miniOrange
4
+ * @author miniOrange Security Software Pvt. Ltd.
5
+ * @license GNU/GPLv3
6
+ * @copyright Copyright 2015 miniOrange. All Rights Reserved.
7
+ *
8
+ *
9
+ * This file is part of miniOrange Gauth plugin.
10
+ */
11
+
12
+ class mo2f_GAuth_AESEncryption {
13
+ /**
14
+ * @param string $data - the key=value pairs separated with &
15
+ * @return string
16
+ */
17
+ public static function encrypt_data_ga($data, $key) {
18
+ $plaintext = $data;
19
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
20
+ $iv = openssl_random_pseudo_bytes($ivlen);
21
+ $ciphertext_raw = openssl_encrypt($plaintext, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
22
+ $hmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
23
+ $ciphertext = base64_encode( $iv.$hmac.$ciphertext_raw );
24
+ return $ciphertext;
25
+ }
26
+
27
+
28
+ /**
29
+ * @param string $data - crypt response from Sagepay
30
+ * @return string
31
+ */
32
+ public static function decrypt_data($data, $key) {
33
+ $c = base64_decode($data);
34
+ $ivlen = openssl_cipher_iv_length($cipher="AES-128-CBC");
35
+ $iv = substr($c, 0, $ivlen);
36
+ $hmac = substr($c, $ivlen, $sha2len=32);
37
+ $ciphertext_raw = substr($c, $ivlen+$sha2len);
38
+ $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, $key, $options=OPENSSL_RAW_DATA, $iv);
39
+ $calcmac = hash_hmac('sha256', $ciphertext_raw, $key, $as_binary=true);
40
+
41
+
42
+ return $original_plaintext;
43
+ }
44
+
45
+ }
46
  ?>
handler/twofa/gaonprem.php CHANGED
@@ -1,251 +1,251 @@
1
- <?php
2
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'encryption.php';
3
- class Google_auth_onpremise{
4
- protected $_codeLength = 6;
5
- function __construct(){
6
-
7
- }
8
-
9
- function mo_GAuth_get_details($setupWizard = false)
10
- {
11
-
12
- $user=wp_get_current_user();
13
- $user_id=$user->ID;
14
-
15
- if(isset($_POST) && isset($_POST['mo2f_session_id'])){
16
- $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
17
- }else{
18
- $session_id_encrypt = MO2f_Utility::random_str(20);
19
- }
20
- $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
21
- if(!$secret_ga){
22
- $secret_ga = $this->createSecret();
23
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $secret_ga);
24
- }
25
-
26
-
27
- $issuer=get_option('mo2f_google_appname', 'miniOrangeAu');
28
- $email=$user->user_email;
29
- $otpcode=$this->getCode($secret_ga);
30
- $url=$this->geturl($secret_ga ,$issuer,$email);
31
- if(!$setupWizard)
32
- {
33
- echo '<div class="mo2f_table_layout">';
34
- mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
35
- echo '</div>';
36
- }
37
- else
38
- {
39
- mo2f_configure_google_authenticator_setupWizard($secret_ga ,$url,$otpcode, $session_id_encrypt);
40
- }
41
- }
42
-
43
- function mo_GAuth_set_secret($user_id,$secret){
44
- global $Mo2fdbQueries;
45
- $key=$this->random_str(8);
46
- update_user_meta( $user_id, 'mo2f_get_auth_rnd_string', $key);
47
- $secret=mo2f_GAuth_AESEncryption::encrypt_data_ga($secret,$key);
48
- update_user_meta( $user_id, 'mo2f_gauth_key', $secret);
49
- }
50
-
51
- function mo_GAuth_get_secret($user_id){
52
- global $Mo2fdbQueries;
53
- $key=get_user_meta( $user_id, 'mo2f_get_auth_rnd_string', true);
54
- $secret=get_user_meta( $user_id, 'mo2f_gauth_key', true);
55
- $secret=mo2f_GAuth_AESEncryption::decrypt_data($secret,$key);
56
-
57
- return $secret;
58
- }
59
-
60
- function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
61
- {
62
- $randomString = '';
63
- $charactersLength = strlen($keyspace);
64
- for ($i = 0; $i < $length; $i++) {
65
- $randomString .= $keyspace[rand(0, $charactersLength - 1)];
66
- }
67
- return $randomString;
68
-
69
- }
70
-
71
-
72
-
73
-
74
- function createSecret($secretLength = 16)
75
- {
76
- $validChars = $this->_getBase32LookupTable();
77
-
78
- // Valid secret lengths are 80 to 640 bits
79
- if ($secretLength < 16 || $secretLength > 128) {
80
- throw new Exception('Bad secret length');
81
- }
82
- $secret = '';
83
- $rnd = false;
84
- if (function_exists('random_bytes')) {
85
- $rnd = random_bytes($secretLength);
86
- } elseif (function_exists('openssl_random_pseudo_bytes')) {
87
- $rnd = openssl_random_pseudo_bytes($secretLength, $cryptoStrong);
88
- if (!$cryptoStrong) {
89
- $rnd = false;
90
- }
91
- }
92
- if ($rnd !== false) {
93
- for ($i = 0; $i < $secretLength; ++$i) {
94
- $secret .= $validChars[ord($rnd[$i]) & 31];
95
- }
96
- } else {
97
- throw new Exception('No source of secure random');
98
- }
99
-
100
- return $secret;
101
- }
102
-
103
- function _getBase32LookupTable()
104
- {
105
- return array(
106
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
107
- 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
108
- 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
109
- 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
110
- '=', // padding char
111
- );
112
- }
113
-
114
- function verifyCode($secret, $code,$discrepancy = 3, $currentTimeSlice = null)
115
- {
116
- global $Mo2fdbQueries;
117
- $response=array("status"=>'false');
118
- if ($currentTimeSlice === null) {
119
- $currentTimeSlice = floor(time() / 30);
120
- }
121
-
122
- if (strlen($code) != 6) {
123
- return json_encode($response);
124
- }
125
- for ($i = -$discrepancy; $i <= $discrepancy; ++$i) {
126
- $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
127
- if ($this->timingSafeEquals($calculatedCode, $code)) {
128
- update_option('mo2f_time_slice', $i);
129
- $response['status']='SUCCESS';
130
- return json_encode($response);
131
- }
132
- }
133
- return json_encode($response);
134
- }
135
-
136
- function geturl($secret,$issuer,$email){
137
- // id can be email or name
138
- $url="otpauth://totp/";
139
-
140
- $url.=$email."?secret=".$secret."&issuer=".$issuer;
141
- return $url;
142
-
143
- //aksjdbdzcaasd?secret=4RNWQWBQH4JDPABP&issuer=miniOrange/competits";
144
-
145
- }
146
-
147
- function timingSafeEquals($safeString, $userString)
148
- {
149
- if (function_exists('hash_equals')) {
150
- return hash_equals($safeString, $userString);
151
- }
152
- $safeLen = strlen($safeString);
153
- $userLen = strlen($userString);
154
-
155
- if ($userLen != $safeLen) {
156
- return false;
157
- }
158
-
159
- $result = 0;
160
-
161
- for ($i = 0; $i < $userLen; ++$i) {
162
- $result |= (ord($safeString[$i]) ^ ord($userString[$i]));
163
- }
164
-
165
- // They are only identical strings if $result is exactly 0...
166
- return $result === 0;
167
- }
168
-
169
- function getCode($secret, $timeSlice = null)
170
- {
171
- if ($timeSlice === null) {
172
- $timeSlice = floor(time() / 30);
173
- }
174
-
175
- $secretkey = $this->_base32Decode($secret);
176
- // Pack time into binary string
177
- $time = chr(0).chr(0).chr(0).chr(0). pack('N*', $timeSlice);
178
- // Hash it with users secret key
179
- $hm = hash_hmac('SHA1', $time, $secretkey, true);
180
-
181
- // Use last nipple of result as index/offset
182
- $offset = ord(substr($hm, -1)) & 0x0F;
183
-
184
- // grab 4 bytes of the result
185
- $hashpart = substr($hm, $offset, 4);
186
- // Unpak binary value
187
- $value = unpack('N', $hashpart);
188
- $value = $value[1];
189
- // Only 32 bits
190
- $value = $value & 0x7FFFFFFF;
191
- $modulo = pow(10, $this->_codeLength);
192
- return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
193
- }
194
-
195
- function _base32Decode($secret)
196
- {
197
- if (empty($secret)) {
198
- return '';
199
- }
200
- $base32chars = $this->_getBase32LookupTable();
201
- $base32charsFlipped = array_flip($base32chars);
202
-
203
- $paddingCharCount = substr_count($secret, $base32chars[32]);
204
- $allowedValues = array(6, 4, 3, 1, 0);
205
- if (!in_array($paddingCharCount, $allowedValues)) {
206
- return false;
207
- }
208
-
209
-
210
- for ($i = 0; $i < 4; ++$i) {
211
- if ($paddingCharCount == $allowedValues[$i] &&
212
- substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) {
213
- return false;
214
- }
215
- }
216
- $secret = str_replace('=', '', $secret);
217
- $secret = str_split($secret);
218
- $binaryString = '';
219
- for ($i = 0; $i < count($secret); $i = $i + 8) {
220
- $x = '';
221
- if (!in_array($secret[$i], $base32chars)) {
222
- return false;
223
- }
224
- for ($j = 0; $j < 8; ++$j) {
225
-
226
- $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
227
- }
228
- $eightBits = str_split($x, 8);
229
- for ($z = 0; $z < count($eightBits); ++$z) {
230
- $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y : '';
231
-
232
- }
233
- }
234
-
235
- return $binaryString;
236
- }
237
-
238
- public static function mo2f_GAuth_get_option($option,$val=null){
239
- if(is_multisite()){
240
-
241
- $val=get_site_option($option,$val);
242
-
243
- }else{
244
- $val=get_option($option,$val);
245
- }
246
-
247
- return $val;
248
-
249
- }
250
- }
251
  ?>
1
+ <?php
2
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'encryption.php';
3
+ class Google_auth_onpremise{
4
+ protected $_codeLength = 6;
5
+ function __construct(){
6
+
7
+ }
8
+
9
+ function mo_GAuth_get_details($setupWizard = false)
10
+ {
11
+
12
+ $user=wp_get_current_user();
13
+ $user_id=$user->ID;
14
+
15
+ if(isset($_POST) && isset($_POST['mo2f_session_id'])){
16
+ $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
17
+ }else{
18
+ $session_id_encrypt = MO2f_Utility::random_str(20);
19
+ }
20
+ $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
21
+ if(!$secret_ga){
22
+ $secret_ga = $this->createSecret();
23
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $secret_ga);
24
+ }
25
+
26
+
27
+ $issuer=get_option('mo2f_google_appname', 'miniOrangeAu');
28
+ $email=$user->user_email;
29
+ $otpcode=$this->getCode($secret_ga);
30
+ $url=$this->geturl($secret_ga ,$issuer,$email);
31
+ if(!$setupWizard)
32
+ {
33
+ echo '<div class="mo2f_table_layout">';
34
+ mo2f_configure_google_authenticator_onprem( $secret_ga ,$url,$otpcode, $session_id_encrypt );
35
+ echo '</div>';
36
+ }
37
+ else
38
+ {
39
+ mo2f_configure_google_authenticator_setupWizard($secret_ga ,$url,$otpcode, $session_id_encrypt);
40
+ }
41
+ }
42
+
43
+ function mo_GAuth_set_secret($user_id,$secret){
44
+ global $Mo2fdbQueries;
45
+ $key=$this->random_str(8);
46
+ update_user_meta( $user_id, 'mo2f_get_auth_rnd_string', $key);
47
+ $secret=mo2f_GAuth_AESEncryption::encrypt_data_ga($secret,$key);
48
+ update_user_meta( $user_id, 'mo2f_gauth_key', $secret);
49
+ }
50
+
51
+ function mo_GAuth_get_secret($user_id){
52
+ global $Mo2fdbQueries;
53
+ $key=get_user_meta( $user_id, 'mo2f_get_auth_rnd_string', true);
54
+ $secret=get_user_meta( $user_id, 'mo2f_gauth_key', true);
55
+ $secret=mo2f_GAuth_AESEncryption::decrypt_data($secret,$key);
56
+
57
+ return $secret;
58
+ }
59
+
60
+ function random_str($length, $keyspace = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
61
+ {
62
+ $randomString = '';
63
+ $charactersLength = strlen($keyspace);
64
+ for ($i = 0; $i < $length; $i++) {
65
+ $randomString .= $keyspace[rand(0, $charactersLength - 1)];
66
+ }
67
+ return $randomString;
68
+
69
+ }
70
+
71
+
72
+
73
+
74
+ function createSecret($secretLength = 16)
75
+ {
76
+ $validChars = $this->_getBase32LookupTable();
77
+
78
+ // Valid secret lengths are 80 to 640 bits
79
+ if ($secretLength < 16 || $secretLength > 128) {
80
+ throw new Exception('Bad secret length');
81
+ }
82
+ $secret = '';
83
+ $rnd = false;
84
+ if (function_exists('random_bytes')) {
85
+ $rnd = random_bytes($secretLength);
86
+ } elseif (function_exists('openssl_random_pseudo_bytes')) {
87
+ $rnd = openssl_random_pseudo_bytes($secretLength, $cryptoStrong);
88
+ if (!$cryptoStrong) {
89
+ $rnd = false;
90
+ }
91
+ }
92
+ if ($rnd !== false) {
93
+ for ($i = 0; $i < $secretLength; ++$i) {
94
+ $secret .= $validChars[ord($rnd[$i]) & 31];
95
+ }
96
+ } else {
97
+ throw new Exception('No source of secure random');
98
+ }
99
+
100
+ return $secret;
101
+ }
102
+
103
+ function _getBase32LookupTable()
104
+ {
105
+ return array(
106
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
107
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
108
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
109
+ 'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
110
+ '=', // padding char
111
+ );
112
+ }
113
+
114
+ function verifyCode($secret, $code,$discrepancy = 3, $currentTimeSlice = null)
115
+ {
116
+ global $Mo2fdbQueries;
117
+ $response=array("status"=>'false');
118
+ if ($currentTimeSlice === null) {
119
+ $currentTimeSlice = floor(time() / 30);
120
+ }
121
+
122
+ if (strlen($code) != 6) {
123
+ return json_encode($response);
124
+ }
125
+ for ($i = -$discrepancy; $i <= $discrepancy; ++$i) {
126
+ $calculatedCode = $this->getCode($secret, $currentTimeSlice + $i);
127
+ if ($this->timingSafeEquals($calculatedCode, $code)) {
128
+ update_option('mo2f_time_slice', $i);
129
+ $response['status']='SUCCESS';
130
+ return json_encode($response);
131
+ }
132
+ }
133
+ return json_encode($response);
134
+ }
135
+
136
+ function geturl($secret,$issuer,$email){
137
+ // id can be email or name
138
+ $url="otpauth://totp/";
139
+
140
+ $url.=$email."?secret=".$secret."&issuer=".$issuer;
141
+ return $url;
142
+
143
+ //aksjdbdzcaasd?secret=4RNWQWBQH4JDPABP&issuer=miniOrange/competits";
144
+
145
+ }
146
+
147
+ function timingSafeEquals($safeString, $userString)
148
+ {
149
+ if (function_exists('hash_equals')) {
150
+ return hash_equals($safeString, $userString);
151
+ }
152
+ $safeLen = strlen($safeString);
153
+ $userLen = strlen($userString);
154
+
155
+ if ($userLen != $safeLen) {
156
+ return false;
157
+ }
158
+
159
+ $result = 0;
160
+
161
+ for ($i = 0; $i < $userLen; ++$i) {
162
+ $result |= (ord($safeString[$i]) ^ ord($userString[$i]));
163
+ }
164
+
165
+ // They are only identical strings if $result is exactly 0...
166
+ return $result === 0;
167
+ }
168
+
169
+ function getCode($secret, $timeSlice = null)
170
+ {
171
+ if ($timeSlice === null) {
172
+ $timeSlice = floor(time() / 30);
173
+ }
174
+
175
+ $secretkey = $this->_base32Decode($secret);
176
+ // Pack time into binary string
177
+ $time = chr(0).chr(0).chr(0).chr(0). pack('N*', $timeSlice);
178
+ // Hash it with users secret key
179
+ $hm = hash_hmac('SHA1', $time, $secretkey, true);
180
+
181
+ // Use last nipple of result as index/offset
182
+ $offset = ord(substr($hm, -1)) & 0x0F;
183
+
184
+ // grab 4 bytes of the result
185
+ $hashpart = substr($hm, $offset, 4);
186
+ // Unpak binary value
187
+ $value = unpack('N', $hashpart);
188
+ $value = $value[1];
189
+ // Only 32 bits
190
+ $value = $value & 0x7FFFFFFF;
191
+ $modulo = pow(10, $this->_codeLength);
192
+ return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
193
+ }
194
+
195
+ function _base32Decode($secret)
196
+ {
197
+ if (empty($secret)) {
198
+ return '';
199
+ }
200
+ $base32chars = $this->_getBase32LookupTable();
201
+ $base32charsFlipped = array_flip($base32chars);
202
+
203
+ $paddingCharCount = substr_count($secret, $base32chars[32]);
204
+ $allowedValues = array(6, 4, 3, 1, 0);
205
+ if (!in_array($paddingCharCount, $allowedValues)) {
206
+ return false;
207
+ }
208
+
209
+
210
+ for ($i = 0; $i < 4; ++$i) {
211
+ if ($paddingCharCount == $allowedValues[$i] &&
212
+ substr($secret, -($allowedValues[$i])) != str_repeat($base32chars[32], $allowedValues[$i])) {
213
+ return false;
214
+ }
215
+ }
216
+ $secret = str_replace('=', '', $secret);
217
+ $secret = str_split($secret);
218
+ $binaryString = '';
219
+ for ($i = 0; $i < count($secret); $i = $i + 8) {
220
+ $x = '';
221
+ if (!in_array($secret[$i], $base32chars)) {
222
+ return false;
223
+ }
224
+ for ($j = 0; $j < 8; ++$j) {
225
+
226
+ $x .= str_pad(base_convert(@$base32charsFlipped[@$secret[$i + $j]], 10, 2), 5, '0', STR_PAD_LEFT);
227
+ }
228
+ $eightBits = str_split($x, 8);
229
+ for ($z = 0; $z < count($eightBits); ++$z) {
230
+ $binaryString .= (($y = chr(base_convert($eightBits[$z], 2, 10))) || ord($y) == 48) ? $y : '';
231
+
232
+ }
233
+ }
234
+
235
+ return $binaryString;
236
+ }
237
+
238
+ public static function mo2f_GAuth_get_option($option,$val=null){
239
+ if(is_multisite()){
240
+
241
+ $val=get_site_option($option,$val);
242
+
243
+ }else{
244
+ $val=get_option($option,$val);
245
+ }
246
+
247
+ return $val;
248
+
249
+ }
250
+ }
251
  ?>
handler/twofa/setup_twofa.php CHANGED
@@ -1,1023 +1,1023 @@
1
- <?php
2
- $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup'.DIRECTORY_SEPARATOR;
3
- $test_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'test'.DIRECTORY_SEPARATOR;
4
- include $setup_dirName.'setup_google_authenticator.php';
5
- include $setup_dirName.'setup_google_authenticator_onpremise.php';
6
- include $setup_dirName.'setup_authy_authenticator.php';
7
- include $setup_dirName.'setup_kba_questions.php';
8
- include $setup_dirName.'setup_miniorange_authenticator.php';
9
- include $setup_dirName.'setup_otp_over_sms.php';
10
- include $setup_dirName.'setup_otp_over_telegram.php';
11
- include $setup_dirName.'setup_duo_authenticator.php';
12
- include $test_dirName.'test_twofa_email_verification.php';
13
- include $test_dirName.'test_twofa_duo_authenticator.php';
14
- include $test_dirName.'test_twofa_google_authy_authenticator.php';
15
- include $test_dirName.'test_twofa_miniorange_qrcode_authentication.php';
16
- include $test_dirName.'test_twofa_kba_questions.php';
17
- include $test_dirName.'test_twofa_miniorange_push_notification.php';
18
- include $test_dirName.'test_twofa_miniorange_soft_token.php';
19
- include $test_dirName.'test_twofa_otp_over_sms.php';
20
- include $test_dirName.'test_twofa_otp_over_Telegram.php';
21
-
22
- function mo2f_decode_2_factor( $selected_2_factor_method, $decode_type ) {
23
-
24
- if ( $selected_2_factor_method == 'NONE' ) {
25
- return $selected_2_factor_method;
26
- }else if($selected_2_factor_method == "OTP Over Email")
27
- {
28
- $selected_2_factor_method = "EMAIL";
29
- }
30
-
31
- $wpdb_2fa_methods = array(
32
- "miniOrangeQRCodeAuthentication" => "miniOrange QR Code Authentication",
33
- "miniOrangeSoftToken" => "miniOrange Soft Token",
34
- "miniOrangePushNotification" => "miniOrange Push Notification",
35
- "GoogleAuthenticator" => "Google Authenticator",
36
- "AuthyAuthenticator" => "Authy Authenticator",
37
- "SecurityQuestions" => "Security Questions",
38
- "EmailVerification" => "Email Verification",
39
- "OTPOverSMS" => "OTP Over SMS",
40
- "OTPOverEmail" => "OTP Over Email",
41
- "EMAIL" => "OTP Over Email",
42
- );
43
-
44
- $server_2fa_methods = array(
45
- "miniOrange QR Code Authentication" => "MOBILE AUTHENTICATION",
46
- "miniOrange Soft Token" => "SOFT TOKEN",
47
- "miniOrange Push Notification" => "PUSH NOTIFICATIONS",
48
- "Google Authenticator" => "GOOGLE AUTHENTICATOR",
49
- "Authy Authenticator" => "GOOGLE AUTHENTICATOR",
50
- "Security Questions" => "KBA",
51
- "Email Verification" => "OUT OF BAND EMAIL",
52
- "OTP Over SMS" => "SMS",
53
- "EMAIL" => "OTP Over Email",
54
- "OTPOverEmail" => "OTP Over Email"
55
- );
56
-
57
- $server_to_wpdb_2fa_methods = array(
58
- "MOBILE AUTHENTICATION" => "miniOrange QR Code Authentication",
59
- "SOFT TOKEN" => "miniOrange Soft Token",
60
- "PUSH NOTIFICATIONS" => "miniOrange Push Notification",
61
- "GOOGLE AUTHENTICATOR" => "Google Authenticator",
62
- "KBA" => "Security Questions",
63
- "OUT OF BAND EMAIL" => "Email Verification",
64
- "SMS" => "OTP Over SMS",
65
- "EMAIL" => "OTP Over Email",
66
- "OTPOverEmail" => "OTP Over Email",
67
- "OTP OVER EMAIL" => "OTP Over Email",
68
- );
69
- $methodname='';
70
- if ( $decode_type == "wpdb" ) {
71
- $methodname = isset($wpdb_2fa_methods[ $selected_2_factor_method ])?$wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
72
- } else if ( $decode_type == "server" ) {
73
- $methodname = isset($server_2fa_methods[ $selected_2_factor_method ])?$server_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
74
- } else {
75
- $methodname = isset($server_to_wpdb_2fa_methods[ $selected_2_factor_method ])?$server_to_wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
76
- }
77
- return $methodname;
78
-
79
- }
80
-
81
-
82
- function mo2f_create_2fa_form( $user, $category, $auth_methods, $can_display_admin_features='' ) {
83
- global $Mo2fdbQueries;
84
-
85
- $miniorange_authenticator = array(
86
- "miniOrange QR Code Authentication",
87
- "miniOrange Soft Token",
88
- "miniOrange Push Notification",
89
- );
90
- $all_two_factor_methods = array(
91
- "miniOrange Authenticator",
92
- "Google Authenticator",
93
- "Security Questions",
94
- "OTP Over SMS",
95
- "OTP Over Email",
96
- "OTP Over Telegram",
97
- "Duo Authenticator",
98
- "Authy Authenticator",
99
- "Email Verification",
100
- "OTP Over SMS and Email",
101
- "Hardware Token"
102
- );
103
- $two_factor_methods_descriptions = array(
104
- ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
105
- "miniOrange Authenticator" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
106
- "miniOrange Soft Token" => "Use One Time Password / Soft Token shown in the miniOrange Authenticator App",
107
- "miniOrange Push Notification" => "A Push notification will be sent to the miniOrange Authenticator App for your account,
108
- Accept it to log in",
109
- "Google Authenticator" => "Use One Time Password shown in <b>Google/Authy/LastPass Authenticator App</b> to login",
110
- "Security Questions" => "Configure and Answer Three Security Questions to login",
111
- "OTP Over SMS" => "A One Time Passcode (OTP) will be sent to your Phone number",
112
- "OTP Over Email" => "A One Time Passcode (OTP) will be sent to your Email address",
113
- "Authy Authenticator" => "Enter Soft Token/ One Time Password from the Authy Authenticator App",
114
- "Email Verification" => "Accept the verification link sent to your email address",
115
- "OTP Over SMS and Email" => "A One Time Passcode (OTP) will be sent to your Phone number and Email address",
116
- "Hardware Token" => "Enter the One Time Passcode on your Hardware Token",
117
- "OTP Over Whatsapp" => "Enter the One Time Passcode sent to your WhatsApp account. This method is supported with twillio",
118
- "OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account",
119
- "Duo Authenticator" => "A Push notification will be sent to the Duo Authenticator App");
120
- $two_factor_methods_doc = array(
121
- "Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
122
- "Google Authenticator" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/google-authenticator",
123
- "Email Verification" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/email_verification",
124
- "miniOrange Soft Token" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-soft-token",
125
- "miniOrange Push Notification" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-push-notification",
126
- "Authy Authenticator" => "",
127
- "OTP Over SMS" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-otp-over-sms",
128
- "OTP Over Email" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/otp_over_email",
129
- "OTP Over SMS and Email" => "",
130
- "Hardware Token" => "",
131
- "OTP Over Whatsapp" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/otp-over-whatsapp",
132
- "OTP Over Telegram" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/otp-over-telegram"
133
- );
134
- $two_factor_methods_video = array(
135
- "Security Questions" => "https://www.youtube.com/watch?v=pXPqQ047o-0",
136
- "Google Authenticator" => "https://www.youtube.com/watch?v=BS6tY-Goa1Q",
137
- "miniOrange Authenticator" => "https://www.youtube.com/watch?v=oRaGtKxouiI",
138
- "Email Verification" => "https://www.youtube.com/watch?v=OacJWBYx_AE",
139
- "miniOrange Soft Token" => "https://www.youtube.com/watch?v=9HV8V4f80k8",
140
- "miniOrange Push Notification" => "https://www.youtube.com/watch?v=it_dAhFcxvw",
141
- "Authy Authenticator" => "https://www.youtube.com/watch?v=fV-VnC_5Q5c",
142
- "OTP Over SMS" => "https://www.youtube.com/watch?v=ag_E1Bmen-c",
143
- "OTP Over Email" => "",
144
- "OTP Over SMS and Email" => "",
145
- "Hardware Token" => "",
146
- "" => "",
147
-
148
- );
149
-
150
- $two_factor_methods_EC = array_slice( $all_two_factor_methods, 0, 10 );
151
- $two_factor_methods_NC = array_slice( $all_two_factor_methods, 0, 9 );
152
- if(MO2F_IS_ONPREM or $category != 'free_plan')
153
- {
154
- $all_two_factor_methods = array(
155
- "Security Questions",
156
- "Google Authenticator",
157
- "Email Verification",
158
- "miniOrange Authenticator",
159
- "Authy Authenticator",
160
- "OTP Over SMS",
161
- "OTP Over Email",
162
- "OTP Over SMS and Email",
163
- "Hardware Token",
164
- "OTP Over Whatsapp",
165
- "OTP Over Telegram",
166
- "Duo Authenticator"
167
- );
168
- $two_factor_methods_descriptions = array(
169
- ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
170
- "miniOrange QR Code Authentication" => "A QR Code will be displayed in the miniOrange Authenticator App for your account,
171
- scan it to log in",
172
- "miniOrange Authenticator" => 'Supports methods like soft token, QR code Authentication, Push Notification',
173
- "miniOrange Push Notification" => "A Push notification will be sent to the miniOrange Authenticator App for your account,
174
- Accept it to log in",
175
- "Google Authenticator" => "Use One Time Password shown in <b>Google/Authy/LastPass Authenticator App</b> to login",
176
- "Security Questions" => "Configure and Answer Three Security Questions to login",
177
- "OTP Over SMS" => "A One Time Passcode (OTP) will be sent to your Phone number",
178
- "OTP Over Email" => "A One Time Passcode (OTP) will be sent to your Email address",
179
- "Authy Authenticator" => "Enter Soft Token/ One Time Password from the Authy Authenticator App",
180
- "Email Verification" => "Accept the verification link sent to your email address",
181
- "OTP Over SMS and Email" => "A One Time Passcode (OTP) will be sent to your Phone number and Email address",
182
- "Hardware Token" => "Enter the One Time Passcode on your Hardware Token",
183
- "OTP Over Whatsapp" => "Enter the One Time Passcode sent to your WhatsApp account. This method is supported with twillio",
184
- "OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account",
185
- "Duo Authenticator" => "A Push notification will be sent to the Duo Authenticator App"
186
- );
187
- }
188
-
189
- $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
190
- $can_user_configure_2fa_method = $can_display_admin_features || ( !$can_display_admin_features && $is_customer_registered );
191
- $is_NC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
192
- $is_EC = ! $is_NC;
193
-
194
- $form = '<div class="overlay1" id="overlay" hidden ></div>';
195
- $form .= '<form name="f" method="post" action="" id="mo2f_save_' . $category . '_auth_methods_form">
196
- <div id="mo2f_' . $category . '_auth_methods" >
197
- <br>
198
- <table class="mo2f_auth_methods_table">';
199
-
200
- $configured_auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
201
- $selected_miniorange_method = false;
202
- if(in_array($configured_auth_method, $miniorange_authenticator)){
203
- $selected_miniorange_method = true;
204
- }
205
- for ( $i = 0; $i < count( $auth_methods ); $i ++ ) {
206
-
207
- $form .= '<tr>';
208
- for ( $j = 0; $j < count( $auth_methods[ $i ] ); $j ++ ) {
209
- $auth_method = $auth_methods[ $i ][ $j ];
210
- if(MO2F_IS_ONPREM and $category =='free_plan')
211
- {
212
-
213
- if($auth_method != 'Email Verification' and $auth_method != 'Security Questions' and $auth_method != 'Google Authenticator' and $auth_method !='miniOrange QR Code Authentication' and $auth_method !='miniOrange Soft Token' and $auth_method != 'miniOrange Push Notification' and $auth_method != 'OTP Over SMS' and $auth_method != 'OTP Over Email' and $auth_method != 'Duo Authenticator')
214
- {
215
- //continue;
216
- }
217
- }
218
- $auth_method_abr = str_replace( ' ', '', $auth_method );
219
- $configured_auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
220
- $is_auth_method_selected = ( $configured_auth_method == $auth_method ? true : false );
221
- if($auth_method == 'miniOrange Authenticator' && $selected_miniorange_method )
222
- $is_auth_method_selected = true;
223
- $is_auth_method_av = false;
224
- if ( ( $is_EC && in_array( $auth_method, $two_factor_methods_EC ) ) ||
225
- ( $is_NC && in_array( $auth_method, $two_factor_methods_NC ) ) ) {
226
- $is_auth_method_av = true;
227
- }
228
-
229
- $thumbnail_height = $is_auth_method_av && $category == 'free_plan' ? 190 : 160;
230
- $is_image = $auth_method == "" ? 0 :1;
231
-
232
- $form .= '<td style="width:25%;">
233
- <div class="mo2f_thumbnail" id="'.$auth_method_abr.'_thumbnail_2_factor" style="height:' . $thumbnail_height . 'px; ';
234
- if(MO2F_IS_ONPREM)
235
- {
236
- $iscurrentMethod = 0;
237
- $currentMethod = $configured_auth_method;
238
- if($currentMethod == $auth_method)
239
- $iscurrentMethod = 1;
240
-
241
- $form .= $iscurrentMethod ? '#413c69' : '#a7c5eb';
242
- $form .= $iscurrentMethod ? '#413c69' : '#a7c5eb';
243
- $form .= ';">';
244
- }
245
- else
246
- {
247
- $form .= $is_auth_method_selected ? '#413c69' : '#a7c5eb';
248
- $form .= $is_auth_method_selected ? '#413c69' : '#a7c5eb';
249
- $form .= ';">';
250
-
251
- }
252
- $form .= '<div>
253
- <div class="mo2f_thumbnail_method" style="width:100%";>
254
- <div style="width: 17%; float:left;padding-top:20px;padding-left:20px;">';
255
-
256
- if($is_image){
257
- $form .= '<img src="' . plugins_url( "includes/images/authmethods/" . $auth_method_abr . ".png", dirname(dirname(__FILE__ ))) . '" style="width: 50px;height: 50px !important; " line-height: 80px;" />';
258
- }
259
-
260
- $form .= '</div>
261
- <div class="mo2f_thumbnail_method_desc" style="width: 75%;">';
262
- switch ($auth_method) {
263
- case 'Google Authenticator':
264
- $form .=' <span style="float:right">
265
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
266
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
267
- </a>
268
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
269
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
270
- </a>
271
- </span>';
272
- break;
273
-
274
- case 'Security Questions':
275
- $form .=' <span style="float:right">
276
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
277
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
278
- </a>
279
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
280
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
281
- </a>
282
-
283
-
284
- </span>';
285
- break;
286
-
287
- case 'OTP Over SMS':
288
- $form .=' <span style="float:right">
289
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
290
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
291
-
292
- </a>
293
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
294
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
295
- </a>
296
-
297
- </span>';
298
- break;
299
-
300
-
301
- case 'miniOrange Soft Token':
302
- $form .=' <span style="float:right">
303
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
304
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
305
-
306
- </a>
307
-
308
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
309
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
310
- </a>
311
- </span>';
312
-
313
- break;
314
-
315
- case 'miniOrange Authenticator':
316
- $form .=' <span style="float:right">';
317
- if(isset($two_factor_methods_doc[$auth_method])){
318
- $form .='<a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
319
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
320
- </a>';
321
- }
322
-
323
- if(isset($two_factor_methods_video[$auth_method])){
324
- $form .='<a href='.$two_factor_methods_video[$auth_method].' target="_blank">
325
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right;margin-right: 5px;"></span>
326
- </a>';
327
- }
328
-
329
- $form .='</span>';
330
- break;
331
-
332
- case 'miniOrange QR Code Authentication':
333
- $form .=' <span style="float:right">
334
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
335
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
336
-
337
- </a>
338
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
339
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
340
- </a>
341
-
342
- </span>';
343
-
344
- break;
345
-
346
- case 'miniOrange Push Notification':
347
- $form .=' <span style="float:right">
348
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
349
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
350
-
351
- </a>
352
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
353
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
354
- </a>
355
-
356
- </span>';
357
- break;
358
-
359
- case 'Email Verification':
360
- $form .=' <span style="float:right">
361
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
362
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
363
-
364
- </a>
365
- <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
366
- <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
367
- </a>
368
-
369
- </span>';
370
- break;
371
- case 'OTP Over Telegram':
372
- $form .=' <span style="float:right">
373
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
374
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
375
- </a>
376
-
377
- </span>';
378
- break;
379
- case 'OTP Over Email':
380
- $form .=' <span style="float:right">
381
- <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
382
- <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
383
- </a>
384
-
385
- </span>';
386
- break;
387
-
388
- default:
389
- {$form .= "";}
390
- break;
391
- }
392
- $form .=' <b>' . $auth_method .
393
- '</b><br>
394
- <p style="padding:0px; padding-left:0px;font-size: 14px;"> ' . $two_factor_methods_descriptions[ $auth_method ] . '</p>
395
-
396
- </div>
397
- </div>
398
- </div>';
399
-
400
- if ( $is_auth_method_av && $category == 'free_plan' ) {
401
- $is_auth_method_configured = 0;
402
- if($auth_method_abr == 'miniOrangeAuthenticator'){
403
- $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_miniOrangeSoftToken_config_status', $user->ID );
404
- }else{
405
- $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
406
- }
407
- if(($auth_method == 'OUT OF BAND EMAIL' or $auth_method == 'OTP Over Email') and !MO2F_IS_ONPREM )
408
- $is_auth_method_configured = 1;
409
- $chat_id = get_user_meta($user->ID,'mo2f_chat_id',true);
410
- $form .= '<div style="height:40px;width:100%;position: absolute;bottom: 0;background-color:';
411
- $iscurrentMethod = 0;
412
- if(MO2F_IS_ONPREM)
413
- {
414
- $currentMethod = $configured_auth_method;
415
- if($currentMethod == $auth_method || ($auth_method=='miniOrange Authenticator' && $selected_miniorange_method ) )
416
- $iscurrentMethod = 1;
417
- $form .= $iscurrentMethod ? '#413c69' : '#a7c5eb';
418
- }
419
- else
420
- $form .= $is_auth_method_selected ? '#413c69' : '#a7c5eb';
421
- if(MO2F_IS_ONPREM)
422
- {
423
- $twofactor_transactions = new Mo2fDB;
424
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user->ID);
425
- if($exceeded){
426
- if(empty($configured_auth_method)){
427
- $can_user_configure_2fa_method = false;
428
- }
429
- else{
430
- $can_user_configure_2fa_method = true;
431
- }
432
- }
433
- else{
434
- $can_user_configure_2fa_method = true;
435
- }
436
- $is_customer_registered = true;
437
- $user = wp_get_current_user();
438
- $form .= ';color:white">';
439
-
440
- $check = $is_customer_registered? true : false;
441
- $show = 0;
442
-
443
-
444
-
445
- $cloud_methods = array('miniOrange Authenticator' , 'miniOrange Soft Token','miniOrange Push Notification');
446
-
447
- if($auth_method == 'Email Verification' || $auth_method == 'Security Questions' || $auth_method == 'Google Authenticator' || $auth_method == 'miniOrange Authenticator' || $auth_method == 'OTP Over SMS' || $auth_method == 'OTP Over Email' || $auth_method == 'OTP Over Telegram' || $auth_method == 'Duo Authenticator')
448
- {
449
- $show = 1;
450
- }
451
-
452
- if ( $check ) {
453
- $form .= '<div class="mo2f_configure_2_factor">
454
- <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\');"';
455
- $form .= $show==1 ? "" : " disabled ";
456
- $form .= '>';
457
- if($show)
458
- $form .= $is_auth_method_configured? 'Reconfigure' : 'Configure';
459
- else
460
- $form .= 'Available in cloud solution';
461
- $form .= '</button></div>';
462
- }
463
- if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM) {
464
- $form .= '<div class="mo2f_set_2_factor">
465
- <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\');"';
466
- $form .= $can_user_configure_2fa_method ? "" : " disabled ";
467
- $form .= $show==1 ? "" : " disabled ";
468
- if($show == 1 and $is_auth_method_configured and $iscurrentMethod == 0){
469
- $form .= '>Set as 2-factor</button>
470
- </div>';
471
- }else{
472
- $form .= '
473
- </button>
474
- </div>';
475
- }
476
- }
477
-
478
- }
479
- else
480
- {
481
- if(get_option('mo2f_miniorange_admin'))
482
- $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
483
- else
484
- $allowed = 1;
485
- $cloudswitch = 0;
486
- if(!$allowed)
487
- $allowed = 2;
488
- $form .= ';color:white">';
489
- $check = !$is_customer_registered? true : ($auth_method != "Email Verification" and $auth_method != "OTP Over Email"? true : false);
490
- $is_auth_method_configured = !$is_customer_registered ? 0 :1;
491
- if(!MO2F_IS_ONPREM and ($auth_method == "Email Verification" or $auth_method == "OTP Over Email"))
492
- $check = 0;
493
- if ( $check ) {
494
- $form .= '<div class="mo2f_configure_2_factor">
495
- <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\','.$cloudswitch.','.$allowed.');"';
496
- $form .= $can_user_configure_2fa_method ? "" : " ";
497
- $form .= '>';
498
- $form .= $is_auth_method_configured ? 'Reconfigure' : 'Configure';
499
- $form .= '</button></div>';
500
- }
501
-
502
- if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM ) {
503
- $form .= '<div class="mo2f_set_2_factor">
504
- <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\','.$cloudswitch.','.$allowed.');"';
505
- $form .= $can_user_configure_2fa_method ? "" : " ";
506
- $form .= '>Set as 2-factor</button>
507
- </div>';
508
- }
509
-
510
- }
511
- if($is_auth_method_selected && $auth_method == 'miniOrange Authenticator'){
512
- $form .='<select name="mo2fa_MO_methods" id="mo2fa_MO_methods" class="mo2f_set_2_factor mo2f_configure_switch_2_factor mo2f_kba_ques" style="color: white;font-weight: 700;background: #48b74b;background-size: 16px 16px;border: 1px solid #48b74b;padding: 0px 0px 0px 17px;min-height: 30px;max-width: 9em;max-width: 9em;" onchange="show_3_minorange_methods();">
513
- <option value="" selected disabled hidden style="color:white!important;">Switch to >></option>
514
- <option value="miniOrangeSoftToken">Soft Token</option>
515
- <option value="miniOrangeQRCodeAuthentication">QR Code</option>
516
- <option value="miniOrangePushNotification">Push Notification</option>
517
- </select></div>
518
- <br><br>
519
-
520
- ';
521
- }
522
- $form .= '</div>';
523
- }
524
- $form .= '</div></div></td>';
525
- }
526
-
527
- $form .= '</tr>';
528
- }
529
-
530
-
531
- $form .= '</table>';
532
- if( $category!="free_plan")
533
- if(current_user_can('administrator')){
534
- $form .= '<div style="background-color: #f1f1f1;padding:10px">
535
- <p style="font-size:16px;margin-left: 1%">In addition to these authentication methods, for other features in this plan, <a href="admin.php?page=mo_2fa_upgrade"><i>Click here.</i></a></p>
536
- </div>';
537
- }
538
- $configured_auth_method_abr = str_replace(' ', '',$configured_auth_method);
539
- $form .= '</div> <input type="hidden" name="miniorange_save_form_auth_methods_nonce"
540
- value="'. wp_create_nonce( "miniorange-save-form-auth-methods-nonce" ) .'"/>
541
- <input type="hidden" name="option" value="mo2f_save_' . $category . '_auth_methods" />
542
- <input type="hidden" name="mo2f_configured_2FA_method_' . $category . '" id="mo2f_configured_2FA_method_' . $category . '" />
543
- <input type="hidden" name="mo2f_selected_action_' . $category . '" id="mo2f_selected_action_' . $category . '" />
544
- </form><script>
545
- var selected_miniorange_method = "'.$selected_miniorange_method.'";
546
- if(selected_miniorange_method)
547
- jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "'.$configured_auth_method_abr.'"}).appendTo("form");
548
- else
549
- jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "miniOrangeSoftToken"}).appendTo("form");
550
- </script>';
551
-
552
- return $form;
553
- }
554
-
555
-
556
- function mo2f_get_activated_second_factor( $user ) {
557
-
558
- global $Mo2fdbQueries;
559
- $user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
560
- $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
561
- $useremail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
562
-
563
- if ( $user_registration_status == 'MO_2_FACTOR_SUCCESS' ) {
564
- //checking this option for existing users
565
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mobile_registration_status' => true ) );
566
- $mo2f_second_factor = 'MOBILE AUTHENTICATION';
567
-
568
- return $mo2f_second_factor;
569
- } else if ( $user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ) {
570
- return 'NONE';
571
- } else {
572
- //for new users
573
- if ( $user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && $is_customer_registered ) {
574
- $enduser = new Two_Factor_Setup();
575
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $useremail ), true );
576
- if ( json_last_error() == JSON_ERROR_NONE ) {
577
- if ( $userinfo['status'] == 'ERROR' ) {
578
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $userinfo['message'] ) );
579
- $mo2f_second_factor = 'NONE';
580
- } else if ( $userinfo['status'] == 'SUCCESS' ) {
581
- $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
582
- } else if ( $userinfo['status'] == 'FAILED' ) {
583
- $mo2f_second_factor = 'NONE';
584
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_REMOVED" ) );
585
- } else {
586
- $mo2f_second_factor = 'NONE';
587
- }
588
- } else {
589
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
590
- $mo2f_second_factor = 'NONE';
591
- }
592
- } else {
593
- $mo2f_second_factor = 'NONE';
594
- }
595
-
596
- return $mo2f_second_factor;
597
- }
598
- }
599
-
600
- function mo2f_update_and_sync_user_two_factor( $user_id, $userinfo ) {
601
- global $Mo2fdbQueries;
602
- $mo2f_second_factor = isset( $userinfo['authType'] ) && ! empty( $userinfo['authType'] ) ? $userinfo['authType'] : 'NONE';
603
- if(MO2F_IS_ONPREM)
604
- {
605
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
606
- $mo2f_second_factor = $mo2f_second_factor ? $mo2f_second_factor : 'NONE';
607
- return $mo2f_second_factor;
608
- }
609
-
610
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_email' => $userinfo['email'] ) );
611
- if ( $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
612
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_EmailVerification_config_status' => true ) );
613
- } else if ( $mo2f_second_factor == 'SMS' and !MO2F_IS_ONPREM) {
614
- $phone_num = $userinfo['phone'];
615
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_OTPOverSMS_config_status' => true ) );
616
- $_SESSION['user_phone'] = $phone_num;
617
- } else if ( in_array( $mo2f_second_factor, array(
618
- 'SOFT TOKEN',
619
- 'MOBILE AUTHENTICATION',
620
- 'PUSH NOTIFICATIONS'
621
- ) ) ) {
622
- if(!MO2F_IS_ONPREM)
623
- $Mo2fdbQueries->update_user_details( $user_id, array(
624
- 'mo2f_miniOrangeSoftToken_config_status' => true,
625
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
626
- 'mo2f_miniOrangePushNotification_config_status' => true
627
- ) );
628
- } else if ( $mo2f_second_factor == 'KBA' ) {
629
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_SecurityQuestions_config_status' => true ) );
630
- } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
631
- $app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true );
632
-
633
- if ( $app_type == 'Google Authenticator' ) {
634
- $Mo2fdbQueries->update_user_details( $user_id, array(
635
- 'mo2f_GoogleAuthenticator_config_status' => true
636
- ) );
637
- update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
638
- } else if ( $app_type == 'Authy Authenticator' ) {
639
- $Mo2fdbQueries->update_user_details( $user_id, array(
640
- 'mo2f_AuthyAuthenticator_config_status' => true
641
- ) );
642
- update_user_meta( $user_id, 'mo2f_external_app_type', 'Authy Authenticator' );
643
- } else {
644
- $Mo2fdbQueries->update_user_details( $user_id, array(
645
- 'mo2f_GoogleAuthenticator_config_status' => true
646
- ) );
647
-
648
- update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
649
- }
650
- }
651
-
652
- return $mo2f_second_factor;
653
- }
654
-
655
- function display_customer_registration_forms($user){
656
-
657
- global $Mo2fdbQueries;
658
- $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
659
- $mo2f_message = get_option( 'mo2f_message' );
660
- ?>
661
-
662
- <div id="smsAlertModal" class="modal" role="dialog" data-backdrop="static" data-keyboard="false" >
663
- <div class="mo2f_modal-dialog" style="margin-left:30%;">
664
- <!-- Modal content-->
665
- <div class="modal-content">
666
- <div class="mo2f_modal-header">
667
- <h2 class="mo2f_modal-title">You are just one step away from setting up 2FA.</h2><span type="button" id="mo2f_registration_closed" class="modal-span-close" data-dismiss="modal">&times;</span>
668
- </div>
669
- <div class="mo2f_modal-body">
670
- <span style="color:green;cursor: pointer;float:right;" onclick="show_content();">Why Register with miniOrange?</span><br>
671
- <div id="mo2f_register" style="background-color:#f1f1f1;padding: 1px 4px 1px 14px;display: none;">
672
- <p>miniOrange Two Factor plugin uses highly secure miniOrange APIs to communicate with the plugin. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users can be only accessed by API keys assigned to you. Also, you can use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.</p>
673
- </div>
674
- <?php if ( $mo2f_message ) { ?>
675
- <div style="padding:5px;">
676
- <div class="alert alert-info" style="margin-bottom:0px;padding:3px;">
677
- <p style="font-size:15px;margin-left: 2%;"><?php echo $mo2f_message; ?></p>
678
- </div>
679
- </div>
680
- <?php }
681
- if(in_array($mo2f_current_registration_status, array("REGISTRATION_STARTED", "MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE", "MO_2_FACTOR_VERIFY_CUSTOMER")) ){
682
- mo2f_show_registration_screen($user);
683
- }
684
- ?>
685
- </div>
686
- </div>
687
- </div>
688
- <form name="f" method="post" action="" class="mo2f_registration_closed_form">
689
- <input type="hidden" name="mo2f_registration_closed_nonce"
690
- value="<?php echo wp_create_nonce( "mo2f-registration-closed-nonce" ) ?>"/>
691
- <input type="hidden" name="option" value="mo2f_registration_closed"/>
692
- </form>
693
- </div>
694
- <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
695
- <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
696
- <script>
697
- function show_content() {
698
- jQuery('#mo2f_register').slideToggle();
699
- }
700
- jQuery(function () {
701
- jQuery('#smsAlertModal').modal();
702
- });
703
-
704
- jQuery('#mo2f_registration_closed').click(function () {
705
- jQuery('.mo2f_registration_closed_form').submit();
706
- });
707
- </script>
708
-
709
- <?php
710
- }
711
-
712
- function mo2f_show_registration_screen($user){
713
- global $mo2f_dirName;
714
-
715
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'account.php';
716
-
717
- }
718
-
719
- function mo2f_show_2FA_configuration_screen( $user, $selected2FAmethod ) {
720
- global $mo2f_dirName;
721
-
722
- switch ( $selected2FAmethod ) {
723
- case "Google Authenticator":
724
- if(MO2F_IS_ONPREM){
725
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR. 'gaonprem.php';
726
- $obj = new Google_auth_onpremise();
727
- $obj->mo_GAuth_get_details();
728
- }
729
- else{
730
- if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
731
- Miniorange_Authentication::mo2f_get_GA_parameters($user);
732
- }
733
- echo '<div class="mo2f_table_layout">';
734
- mo2f_configure_google_authenticator( $user );
735
- echo '</div>';
736
- }
737
- break;
738
- case "Authy Authenticator":
739
- echo '<div class="mo2f_table_layout">';
740
- mo2f_configure_authy_authenticator( $user );
741
- echo '</div>';
742
- break;
743
- case "Security Questions":
744
- echo '<div class="mo2f_table_layout">';
745
- mo2f_configure_for_mobile_suppport_kba( $user );
746
- echo '</div>';
747
- break;
748
- case "Email Verification":
749
- echo '<div class="mo2f_table_layout">';
750
- mo2f_configure_for_mobile_suppport_kba( $user );
751
- echo '</div>';
752
- break;
753
- case "OTP Over SMS":
754
- echo '<div class="mo2f_table_layout">';
755
- mo2f_configure_otp_over_sms( $user );
756
- echo '</div>';
757
- break;
758
- case "miniOrange Soft Token":
759
- echo '<div class="mo2f_table_layout">';
760
- mo2f_configure_miniorange_authenticator( $user );
761
- echo '</div>';
762
- break;
763
- case "miniOrange QR Code Authentication":
764
- echo '<div class="mo2f_table_layout">';
765
- mo2f_configure_miniorange_authenticator( $user );
766
- echo '</div>';
767
- break;
768
- case "miniOrange Push Notification":
769
- echo '<div class="mo2f_table_layout">';
770
- mo2f_configure_miniorange_authenticator( $user );
771
- echo '</div>';
772
- break;
773
- case "OTP Over Email":
774
- echo '<div class="mo2f_table_layout">';
775
- mo2f_test_otp_over_email($user,$selected2FAmethod);
776
- echo '</div>';
777
- break;
778
- case "OTP Over Telegram":
779
- echo '<div class="mo2f_table_layout">';
780
- mo2f_configure_otp_over_Telegram($user);
781
- echo '</div>';
782
- break;
783
- case "DuoAuthenticator":
784
- case "Duo Authenticator":
785
- echo '<div class="mo2f_table_layout">';
786
- mo2f_configure_duo_authenticator($user);
787
- echo '</div>';
788
- break;
789
- }
790
-
791
- }
792
-
793
- function mo2f_show_2FA_test_screen( $user, $selected2FAmethod ) {
794
-
795
-
796
- switch ( $selected2FAmethod ) {
797
- case "miniOrange QR Code Authentication":
798
- mo2f_test_miniorange_qr_code_authentication( $user );
799
- break;
800
- case "miniOrange Push Notification":
801
- mo2f_test_miniorange_push_notification( $user );
802
- break;
803
- case "miniOrange Soft Token":
804
- mo2f_test_miniorange_soft_token( $user );
805
- break;
806
- case "Email Verification":
807
- mo2f_test_email_verification($user);
808
- break;
809
- case "OTP Over SMS":
810
- mo2f_test_otp_over_sms( $user );
811
- break;
812
- case "OTP Over Telegram":
813
- mo2f_test_otp_over_Telegram( $user );
814
- break;
815
- case "Security Questions":
816
- mo2f_test_kba_security_questions( $user );
817
- break;
818
- case "OTP Over Email":
819
- mo2f_test_otp_over_email($user,$selected2FAmethod);
820
- break;
821
- case "Duo Authenticator":
822
- mo2f_test_duo_authenticator($user);
823
- break;
824
- default:
825
- mo2f_test_google_authy_authenticator( $user, $selected2FAmethod );
826
- }
827
-
828
- }
829
-
830
- function mo2f_method_display_name($user,$mo2f_second_factor){
831
-
832
- if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
833
- $app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
834
-
835
- if ( $app_type == 'Google Authenticator' ) {
836
- $selectedMethod = 'Google Authenticator';
837
- } else if ( $app_type == 'Authy Authenticator' ) {
838
- $selectedMethod = 'Authy Authenticator';
839
- } else {
840
- $selectedMethod = 'Google Authenticator';
841
- update_user_meta( $user->ID, 'mo2f_external_app_type', $selectedMethod );
842
- }
843
- } else {
844
- $selectedMethod = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
845
- }
846
- return $selectedMethod;
847
-
848
- }
849
-
850
- function mo2f_lt( $string ) {
851
- return __($string ,'miniorange-2-factor-authentication' );
852
- }
853
-
854
- function mo2f_rba_description($mo2f_user_email) {?>
855
- <div id="mo2f_rba_addon">
856
- <?php if ( get_option( 'mo2f_rba_installed' ) ) { ?>
857
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_rba_addon"
858
- class="button button-primary button-large"
859
- style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
860
- <?php } ?>
861
- <?php if ( ! get_option( 'mo2f_rba_purchased' ) ) { ?>
862
- <a onclick="mo2f_addonform('wp_2fa_addon_rba')" id="mo2f_purchase_rba_addon"
863
- class="button button-primary button-large"
864
- style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a><?php } ?>
865
- <div id="mo2f_rba_addon_hide">
866
-
867
- <br>
868
- <div id="mo2f_hide_rba_content">
869
-
870
- <div class="mo2f_box">
871
- <h3><?php echo __( 'Remember Device', 'miniorange-2-factor-authentication' ); ?></h3>
872
- <hr>
873
- <p id="mo2f_hide_rba_content"><?php echo __( 'With this feature, User would get an option to remember the personal device where Two Factor is not required. Every time the user logs in with the same device it detects the saved device so he will directly login without being prompted for the 2nd factor. If user logs in from new device he will be prompted with 2nd Factor.', 'miniorange-2-factor-authentication' ); ?>
874
-
875
- </p>
876
- </div>
877
- <br><br>
878
- <div class="mo2f_box">
879
- <h3><?php echo __( 'Limit Number Of Device', 'miniorange-2-factor-authentication' ); ?></h3>
880
- <hr>
881
- <p><?php echo __( 'With this feature, the admin can restrict the number of devices from which the user can access the website. If the device limit is exceeded the admin can set three actions where it can allow the users to login, deny the access or challenge the user for authentication.', 'miniorange-2-factor-authentication' ); ?>
882
- </p>
883
-
884
- </div>
885
- <br><br>
886
- <div class="mo2f_box">
887
- <h3><?php echo __( 'IP Restriction: Limit users to login from specific IPs', 'miniorange-2-factor-authentication' ); ?></h3>
888
- <hr>
889
- <p><?php echo __( 'The Admin can enable IP restrictions for the users. It will provide additional security to the accounts and perform different action to the accounts only from the listed IP Ranges. If user tries to access with a restricted IP, Admin can set three action: Allow, challenge or deny. Depending upon the action it will allow the user to login, challenge(prompt) for authentication or deny the access.', 'miniorange-2-factor-authentication' ); ?>
890
-
891
- </div>
892
- <br>
893
- </div>
894
-
895
- </div>
896
- <div id="mo2f_rba_addon_show">
897
- <?php $x = apply_filters( 'mo2f_rba', "rba" );?>
898
- </div>
899
- </div>
900
- <form style="display:none;" id="mo2fa_loginform"
901
- action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
902
- target="_blank" method="post">
903
- <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
904
- <input type="text" name="redirectUrl"
905
- value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
906
- <input type="text" name="requestOrigin" id="requestOrigin"/>
907
- </form>
908
- <script>
909
- function mo2f_addonform(planType) {
910
- jQuery('#requestOrigin').val(planType);
911
- jQuery('#mo2fa_loginform').submit();
912
- }
913
- </script>
914
- <?php
915
- }
916
-
917
- function mo2f_personalization_description($mo2f_user_email) {?>
918
- <div id="mo2f_custom_addon">
919
- <?php if ( get_option( 'mo2f_personalization_installed' ) ) { ?>
920
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_custom_addon"
921
- class="button button-primary button-large"
922
- style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
923
- <?php } ?>
924
- <?php if ( ! get_option( 'mo2f_personalization_purchased' ) ) { ?> <a
925
- onclick="mo2f_addonform('wp_2fa_addon_shortcode')" id="mo2f_purchase_custom_addon"
926
- class="button button-primary button-large"
927
- style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
928
- <?php } ?>
929
- <div id="mo2f_custom_addon_hide">
930
-
931
-
932
- <br>
933
- <div id="mo2f_hide_custom_content">
934
- <div class="mo2f_box">
935
- <h3><?php echo __( 'Customize Plugin Icon', 'miniorange-2-factor-authentication' ); ?></h3>
936
- <hr>
937
- <p>
938
- <?php echo __( 'With this feature, you can customize the plugin icon in the dashboard which is useful when you want your custom logo to be displayed to the users.', 'miniorange-2-factor-authentication' ); ?>
939
- </p>
940
- <br>
941
- <h3><?php echo __( 'Customize Plugin Name', 'miniorange-2-factor-authentication' ); ?></h3>
942
- <hr>
943
- <p>
944
- <?php echo __( 'With this feature, you can customize the name of the plugin in the dashboard.', 'miniorange-2-factor-authentication' ); ?>
945
- </p>
946
-
947
- </div>
948
- <br>
949
- <div class="mo2f_box">
950
- <h3><?php echo __( 'Customize UI of Login Pop up\'s', 'miniorange-2-factor-authentication' ); ?></h3>
951
- <hr>
952
- <p>
953
- <?php echo __( 'With this feature, you can customize the login pop-ups during two factor authentication according to the theme of your website.', 'miniorange-2-factor-authentication' ); ?>
954
- </p>
955
- </div>
956
-
957
- <br>
958
- <div class="mo2f_box">
959
- <h3><?php echo __( 'Custom Email and SMS Templates', 'miniorange-2-factor-authentication' ); ?></h3>
960
- <hr>
961
-
962
- <p><?php echo __( 'You can change the templates for Email and SMS which user receives during authentication.', 'miniorange-2-factor-authentication' ); ?></p>
963
-
964
- </div>
965
- </div>
966
- </div>
967
- <div id="mo2f_custom_addon_show"><?php $x = apply_filters( 'mo2f_custom', "custom"); ?></div>
968
- </div>
969
-
970
- <?php
971
- }
972
-
973
- function mo2f_shortcode_description($mo2f_user_email) { ?>
974
- <div id="mo2f_Shortcode_addon_hide">
975
- <?php if ( get_option( 'mo2f_shortcode_installed' ) ) { ?>
976
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_shortcode_addon"
977
- class="button button-primary button-large" style="float:right; margin-top:2%;"><?php echo __( 'Activate
978
- Plugin', 'miniorange-2-factor-authentication' ); ?></a>
979
- <?php } if ( ! get_option( 'mo2f_shortcode_purchased' ) ) { ?>
980
- <a onclick="mo2f_addonform('wp_2fa_addon_personalization')" id="mo2f_purchase_shortcode_addon"
981
- class="button button-primary button-large"
982
- style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
983
- <?php } ?>
984
-
985
- <div id="shortcode" class="description">
986
-
987
-
988
- <br>
989
- <div id="mo2f_hide_shortcode_content" class="mo2f_box">
990
- <h3><?php echo __( 'List of Shortcodes', 'miniorange-2-factor-authentication' ); ?>:</h3>
991
- <hr>
992
- <ol style="margin-left:2%">
993
- <li>
994
- <b><?php echo __( 'Enable Two Factor: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to turn on/off 2-factor by user.', 'miniorange-2-factor-authentication' ); ?>
995
- </li>
996
- <li>
997
- <b><?php echo __( 'Enable Reconfiguration: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to configure the Google Authenticator and Security Questions by user.', 'miniorange-2-factor-authentication' ); ?>
998
- </li>
999
- <li>
1000
- <b><?php echo __( 'Enable Remember Device: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( ' This shortcode provides\'Enable Remember Device\' from your custom login form.', 'miniorange-2-factor-authentication' ); ?>
1001
- </li>
1002
- </ol>
1003
- </div>
1004
- <div id="mo2f_Shortcode_addon_show"><?php $x = apply_filters( 'mo2f_shortcode', "shortcode" ); ?></div>
1005
- </div>
1006
- <br>
1007
- </div>
1008
- <form style="display:none;" id="mo2fa_loginform" action="<?php echo MO_HOST_NAME . '/moas/login'; ?>" target="_blank" method="post">
1009
- <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
1010
- <input type="text" name="redirectUrl"
1011
- value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
1012
- <input type="text" name="requestOrigin" id="requestOrigin"/>
1013
- </form>
1014
- <script>
1015
- function mo2f_addonform(planType) {
1016
- jQuery('#requestOrigin').val(planType);
1017
- jQuery('#mo2fa_loginform').submit();
1018
- }
1019
- </script>
1020
- <?php
1021
- }
1022
-
1023
- ?>
1
+ <?php
2
+ $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup'.DIRECTORY_SEPARATOR;
3
+ $test_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'test'.DIRECTORY_SEPARATOR;
4
+ include $setup_dirName.'setup_google_authenticator.php';
5
+ include $setup_dirName.'setup_google_authenticator_onpremise.php';
6
+ include $setup_dirName.'setup_authy_authenticator.php';
7
+ include $setup_dirName.'setup_kba_questions.php';
8
+ include $setup_dirName.'setup_miniorange_authenticator.php';
9
+ include $setup_dirName.'setup_otp_over_sms.php';
10
+ include $setup_dirName.'setup_otp_over_telegram.php';
11
+ include $setup_dirName.'setup_duo_authenticator.php';
12
+ include $test_dirName.'test_twofa_email_verification.php';
13
+ include $test_dirName.'test_twofa_duo_authenticator.php';
14
+ include $test_dirName.'test_twofa_google_authy_authenticator.php';
15
+ include $test_dirName.'test_twofa_miniorange_qrcode_authentication.php';
16
+ include $test_dirName.'test_twofa_kba_questions.php';
17
+ include $test_dirName.'test_twofa_miniorange_push_notification.php';
18
+ include $test_dirName.'test_twofa_miniorange_soft_token.php';
19
+ include $test_dirName.'test_twofa_otp_over_sms.php';
20
+ include $test_dirName.'test_twofa_otp_over_Telegram.php';
21
+
22
+ function mo2f_decode_2_factor( $selected_2_factor_method, $decode_type ) {
23
+
24
+ if ( $selected_2_factor_method == 'NONE' ) {
25
+ return $selected_2_factor_method;
26
+ }else if($selected_2_factor_method == "OTP Over Email")
27
+ {
28
+ $selected_2_factor_method = "EMAIL";
29
+ }
30
+
31
+ $wpdb_2fa_methods = array(
32
+ "miniOrangeQRCodeAuthentication" => "miniOrange QR Code Authentication",
33
+ "miniOrangeSoftToken" => "miniOrange Soft Token",
34
+ "miniOrangePushNotification" => "miniOrange Push Notification",
35
+ "GoogleAuthenticator" => "Google Authenticator",
36
+ "AuthyAuthenticator" => "Authy Authenticator",
37
+ "SecurityQuestions" => "Security Questions",
38
+ "EmailVerification" => "Email Verification",
39
+ "OTPOverSMS" => "OTP Over SMS",
40
+ "OTPOverEmail" => "OTP Over Email",
41
+ "EMAIL" => "OTP Over Email",
42
+ );
43
+
44
+ $server_2fa_methods = array(
45
+ "miniOrange QR Code Authentication" => "MOBILE AUTHENTICATION",
46
+ "miniOrange Soft Token" => "SOFT TOKEN",
47
+ "miniOrange Push Notification" => "PUSH NOTIFICATIONS",
48
+ "Google Authenticator" => "GOOGLE AUTHENTICATOR",
49
+ "Authy Authenticator" => "GOOGLE AUTHENTICATOR",
50
+ "Security Questions" => "KBA",
51
+ "Email Verification" => "OUT OF BAND EMAIL",
52
+ "OTP Over SMS" => "SMS",
53
+ "EMAIL" => "OTP Over Email",
54
+ "OTPOverEmail" => "OTP Over Email"
55
+ );
56
+
57
+ $server_to_wpdb_2fa_methods = array(
58
+ "MOBILE AUTHENTICATION" => "miniOrange QR Code Authentication",
59
+ "SOFT TOKEN" => "miniOrange Soft Token",
60
+ "PUSH NOTIFICATIONS" => "miniOrange Push Notification",
61
+ "GOOGLE AUTHENTICATOR" => "Google Authenticator",
62
+ "KBA" => "Security Questions",
63
+ "OUT OF BAND EMAIL" => "Email Verification",
64
+ "SMS" => "OTP Over SMS",
65
+ "EMAIL" => "OTP Over Email",
66
+ "OTPOverEmail" => "OTP Over Email",
67
+ "OTP OVER EMAIL" => "OTP Over Email",
68
+ );
69
+ $methodname='';
70
+ if ( $decode_type == "wpdb" ) {
71
+ $methodname = isset($wpdb_2fa_methods[ $selected_2_factor_method ])?$wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
72
+ } else if ( $decode_type == "server" ) {
73
+ $methodname = isset($server_2fa_methods[ $selected_2_factor_method ])?$server_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
74
+ } else {
75
+ $methodname = isset($server_to_wpdb_2fa_methods[ $selected_2_factor_method ])?$server_to_wpdb_2fa_methods[ $selected_2_factor_method ]:$selected_2_factor_method;
76
+ }
77
+ return $methodname;
78
+
79
+ }
80
+
81
+
82
+ function mo2f_create_2fa_form( $user, $category, $auth_methods, $can_display_admin_features='' ) {
83
+ global $Mo2fdbQueries;
84
+
85
+ $miniorange_authenticator = array(
86
+ "miniOrange QR Code Authentication",
87
+ "miniOrange Soft Token",
88
+ "miniOrange Push Notification",
89
+ );
90
+ $all_two_factor_methods = array(
91
+ "miniOrange Authenticator",
92
+ "Google Authenticator",
93
+ "Security Questions",
94
+ "OTP Over SMS",
95
+ "OTP Over Email",
96
+ "OTP Over Telegram",
97
+ "Duo Authenticator",
98
+ "Authy Authenticator",
99
+ "Email Verification",
100
+ "OTP Over SMS and Email",
101
+ "Hardware Token"
102
+ );
103
+ $two_factor_methods_descriptions = array(
104
+ ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
105
+ "miniOrange Authenticator" => "Scan the QR code from the account in your miniOrange Authenticator App to login.",
106
+ "miniOrange Soft Token" => "Use One Time Password / Soft Token shown in the miniOrange Authenticator App",
107
+ "miniOrange Push Notification" => "A Push notification will be sent to the miniOrange Authenticator App for your account,
108
+ Accept it to log in",
109
+ "Google Authenticator" => "Use One Time Password shown in <b>Google/Authy/LastPass Authenticator App</b> to login",
110
+ "Security Questions" => "Configure and Answer Three Security Questions to login",
111
+ "OTP Over SMS" => "A One Time Passcode (OTP) will be sent to your Phone number",
112
+ "OTP Over Email" => "A One Time Passcode (OTP) will be sent to your Email address",
113
+ "Authy Authenticator" => "Enter Soft Token/ One Time Password from the Authy Authenticator App",
114
+ "Email Verification" => "Accept the verification link sent to your email address",
115
+ "OTP Over SMS and Email" => "A One Time Passcode (OTP) will be sent to your Phone number and Email address",
116
+ "Hardware Token" => "Enter the One Time Passcode on your Hardware Token",
117
+ "OTP Over Whatsapp" => "Enter the One Time Passcode sent to your WhatsApp account. This method is supported with twillio",
118
+ "OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account",
119
+ "Duo Authenticator" => "A Push notification will be sent to the Duo Authenticator App");
120
+ $two_factor_methods_doc = array(
121
+ "Security Questions" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-security-question",
122
+ "Google Authenticator" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/google-authenticator",
123
+ "Email Verification" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/email_verification",
124
+ "miniOrange Soft Token" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-soft-token",
125
+ "miniOrange Push Notification" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-miniorange-push-notification",
126
+ "Authy Authenticator" => "",
127
+ "OTP Over SMS" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/step-by-setup-guide-to-set-up-otp-over-sms",
128
+ "OTP Over Email" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/otp_over_email",
129
+ "OTP Over SMS and Email" => "",
130
+ "Hardware Token" => "",
131
+ "OTP Over Whatsapp" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/otp-over-whatsapp",
132
+ "OTP Over Telegram" => "https://developers.miniorange.com/docs/security/wordpress/wp-security/otp-over-telegram"
133
+ );
134
+ $two_factor_methods_video = array(
135
+ "Security Questions" => "https://www.youtube.com/watch?v=pXPqQ047o-0",
136
+ "Google Authenticator" => "https://www.youtube.com/watch?v=BS6tY-Goa1Q",
137
+ "miniOrange Authenticator" => "https://www.youtube.com/watch?v=oRaGtKxouiI",
138
+ "Email Verification" => "https://www.youtube.com/watch?v=OacJWBYx_AE",
139
+ "miniOrange Soft Token" => "https://www.youtube.com/watch?v=9HV8V4f80k8",
140
+ "miniOrange Push Notification" => "https://www.youtube.com/watch?v=it_dAhFcxvw",
141
+ "Authy Authenticator" => "https://www.youtube.com/watch?v=fV-VnC_5Q5c",
142
+ "OTP Over SMS" => "https://www.youtube.com/watch?v=ag_E1Bmen-c",
143
+ "OTP Over Email" => "",
144
+ "OTP Over SMS and Email" => "",
145
+ "Hardware Token" => "",
146
+ "" => "",
147
+
148
+ );
149
+
150
+ $two_factor_methods_EC = array_slice( $all_two_factor_methods, 0, 10 );
151
+ $two_factor_methods_NC = array_slice( $all_two_factor_methods, 0, 9 );
152
+ if(MO2F_IS_ONPREM or $category != 'free_plan')
153
+ {
154
+ $all_two_factor_methods = array(
155
+ "Security Questions",
156
+ "Google Authenticator",
157
+ "Email Verification",
158
+ "miniOrange Authenticator",
159
+ "Authy Authenticator",
160
+ "OTP Over SMS",
161
+ "OTP Over Email",
162
+ "OTP Over SMS and Email",
163
+ "Hardware Token",
164
+ "OTP Over Whatsapp",
165
+ "OTP Over Telegram",
166
+ "Duo Authenticator"
167
+ );
168
+ $two_factor_methods_descriptions = array(
169
+ ""=>"<b>All methods in the FREE Plan in addition to the following methods.</b>",
170
+ "miniOrange QR Code Authentication" => "A QR Code will be displayed in the miniOrange Authenticator App for your account,
171
+ scan it to log in",
172
+ "miniOrange Authenticator" => 'Supports methods like soft token, QR code Authentication, Push Notification',
173
+ "miniOrange Push Notification" => "A Push notification will be sent to the miniOrange Authenticator App for your account,
174
+ Accept it to log in",
175
+ "Google Authenticator" => "Use One Time Password shown in <b>Google/Authy/LastPass Authenticator App</b> to login",
176
+ "Security Questions" => "Configure and Answer Three Security Questions to login",
177
+ "OTP Over SMS" => "A One Time Passcode (OTP) will be sent to your Phone number",
178
+ "OTP Over Email" => "A One Time Passcode (OTP) will be sent to your Email address",
179
+ "Authy Authenticator" => "Enter Soft Token/ One Time Password from the Authy Authenticator App",
180
+ "Email Verification" => "Accept the verification link sent to your email address",
181
+ "OTP Over SMS and Email" => "A One Time Passcode (OTP) will be sent to your Phone number and Email address",
182
+ "Hardware Token" => "Enter the One Time Passcode on your Hardware Token",
183
+ "OTP Over Whatsapp" => "Enter the One Time Passcode sent to your WhatsApp account. This method is supported with twillio",
184
+ "OTP Over Telegram" => "Enter the One Time Passcode sent to your Telegram account",
185
+ "Duo Authenticator" => "A Push notification will be sent to the Duo Authenticator App"
186
+ );
187
+ }
188
+
189
+ $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
190
+ $can_user_configure_2fa_method = $can_display_admin_features || ( !$can_display_admin_features && $is_customer_registered );
191
+ $is_NC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
192
+ $is_EC = ! $is_NC;
193
+
194
+ $form = '<div class="overlay1" id="overlay" hidden ></div>';
195
+ $form .= '<form name="f" method="post" action="" id="mo2f_save_' . $category . '_auth_methods_form">
196
+ <div id="mo2f_' . $category . '_auth_methods" >
197
+ <br>
198
+ <table class="mo2f_auth_methods_table">';
199
+
200
+ $configured_auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
201
+ $selected_miniorange_method = false;
202
+ if(in_array($configured_auth_method, $miniorange_authenticator)){
203
+ $selected_miniorange_method = true;
204
+ }
205
+ for ( $i = 0; $i < count( $auth_methods ); $i ++ ) {
206
+
207
+ $form .= '<tr>';
208
+ for ( $j = 0; $j < count( $auth_methods[ $i ] ); $j ++ ) {
209
+ $auth_method = $auth_methods[ $i ][ $j ];
210
+ if(MO2F_IS_ONPREM and $category =='free_plan')
211
+ {
212
+
213
+ if($auth_method != 'Email Verification' and $auth_method != 'Security Questions' and $auth_method != 'Google Authenticator' and $auth_method !='miniOrange QR Code Authentication' and $auth_method !='miniOrange Soft Token' and $auth_method != 'miniOrange Push Notification' and $auth_method != 'OTP Over SMS' and $auth_method != 'OTP Over Email' and $auth_method != 'Duo Authenticator')
214
+ {
215
+ //continue;
216
+ }
217
+ }
218
+ $auth_method_abr = str_replace( ' ', '', $auth_method );
219
+ $configured_auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
220
+ $is_auth_method_selected = ( $configured_auth_method == $auth_method ? true : false );
221
+ if($auth_method == 'miniOrange Authenticator' && $selected_miniorange_method )
222
+ $is_auth_method_selected = true;
223
+ $is_auth_method_av = false;
224
+ if ( ( $is_EC && in_array( $auth_method, $two_factor_methods_EC ) ) ||
225
+ ( $is_NC && in_array( $auth_method, $two_factor_methods_NC ) ) ) {
226
+ $is_auth_method_av = true;
227
+ }
228
+
229
+ $thumbnail_height = $is_auth_method_av && $category == 'free_plan' ? 190 : 160;
230
+ $is_image = $auth_method == "" ? 0 :1;
231
+
232
+ $form .= '<td style="width:25%;">
233
+ <div class="mo2f_thumbnail" id="'.$auth_method_abr.'_thumbnail_2_factor" style="height:' . $thumbnail_height . 'px; ';
234
+ if(MO2F_IS_ONPREM)
235
+ {
236
+ $iscurrentMethod = 0;
237
+ $currentMethod = $configured_auth_method;
238
+ if($currentMethod == $auth_method)
239
+ $iscurrentMethod = 1;
240
+
241
+ $form .= $iscurrentMethod ? '#413c69' : '#a7c5eb';
242
+ $form .= $iscurrentMethod ? '#413c69' : '#a7c5eb';
243
+ $form .= ';">';
244
+ }
245
+ else
246
+ {
247
+ $form .= $is_auth_method_selected ? '#413c69' : '#a7c5eb';
248
+ $form .= $is_auth_method_selected ? '#413c69' : '#a7c5eb';
249
+ $form .= ';">';
250
+
251
+ }
252
+ $form .= '<div>
253
+ <div class="mo2f_thumbnail_method" style="width:100%";>
254
+ <div style="width: 17%; float:left;padding-top:20px;padding-left:20px;">';
255
+
256
+ if($is_image){
257
+ $form .= '<img src="' . plugins_url( "includes/images/authmethods/" . $auth_method_abr . ".png", dirname(dirname(__FILE__ ))) . '" style="width: 50px;height: 50px !important; " line-height: 80px;" />';
258
+ }
259
+
260
+ $form .= '</div>
261
+ <div class="mo2f_thumbnail_method_desc" style="width: 75%;">';
262
+ switch ($auth_method) {
263
+ case 'Google Authenticator':
264
+ $form .=' <span style="float:right">
265
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
266
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
267
+ </a>
268
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
269
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
270
+ </a>
271
+ </span>';
272
+ break;
273
+
274
+ case 'Security Questions':
275
+ $form .=' <span style="float:right">
276
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
277
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
278
+ </a>
279
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
280
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
281
+ </a>
282
+
283
+
284
+ </span>';
285
+ break;
286
+
287
+ case 'OTP Over SMS':
288
+ $form .=' <span style="float:right">
289
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
290
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
291
+
292
+ </a>
293
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
294
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
295
+ </a>
296
+
297
+ </span>';
298
+ break;
299
+
300
+
301
+ case 'miniOrange Soft Token':
302
+ $form .=' <span style="float:right">
303
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
304
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
305
+
306
+ </a>
307
+
308
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
309
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
310
+ </a>
311
+ </span>';
312
+
313
+ break;
314
+
315
+ case 'miniOrange Authenticator':
316
+ $form .=' <span style="float:right">';
317
+ if(isset($two_factor_methods_doc[$auth_method])){
318
+ $form .='<a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
319
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
320
+ </a>';
321
+ }
322
+
323
+ if(isset($two_factor_methods_video[$auth_method])){
324
+ $form .='<a href='.$two_factor_methods_video[$auth_method].' target="_blank">
325
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right;margin-right: 5px;"></span>
326
+ </a>';
327
+ }
328
+
329
+ $form .='</span>';
330
+ break;
331
+
332
+ case 'miniOrange QR Code Authentication':
333
+ $form .=' <span style="float:right">
334
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
335
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
336
+
337
+ </a>
338
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
339
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
340
+ </a>
341
+
342
+ </span>';
343
+
344
+ break;
345
+
346
+ case 'miniOrange Push Notification':
347
+ $form .=' <span style="float:right">
348
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
349
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
350
+
351
+ </a>
352
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
353
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
354
+ </a>
355
+
356
+ </span>';
357
+ break;
358
+
359
+ case 'Email Verification':
360
+ $form .=' <span style="float:right">
361
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
362
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
363
+
364
+ </a>
365
+ <a href='.$two_factor_methods_video[$auth_method].' target="_blank">
366
+ <span title="Watch Setup Video" class="dashicons dashicons-video-alt3" style="font-size:18px;color:red;float: right; margin-right: 5px;"></span>
367
+ </a>
368
+
369
+ </span>';
370
+ break;
371
+ case 'OTP Over Telegram':
372
+ $form .=' <span style="float:right">
373
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
374
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
375
+ </a>
376
+
377
+ </span>';
378
+ break;
379
+ case 'OTP Over Email':
380
+ $form .=' <span style="float:right">
381
+ <a href='.$two_factor_methods_doc[$auth_method].' target="_blank">
382
+ <span title="View Setup Guide" class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
383
+ </a>
384
+
385
+ </span>';
386
+ break;
387
+
388
+ default:
389
+ {$form .= "";}
390
+ break;
391
+ }
392
+ $form .=' <b>' . $auth_method .
393
+ '</b><br>
394
+ <p style="padding:0px; padding-left:0px;font-size: 14px;"> ' . $two_factor_methods_descriptions[ $auth_method ] . '</p>
395
+
396
+ </div>
397
+ </div>
398
+ </div>';
399
+
400
+ if ( $is_auth_method_av && $category == 'free_plan' ) {
401
+ $is_auth_method_configured = 0;
402
+ if($auth_method_abr == 'miniOrangeAuthenticator'){
403
+ $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_miniOrangeSoftToken_config_status', $user->ID );
404
+ }else{
405
+ $is_auth_method_configured = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $auth_method_abr . '_config_status', $user->ID );
406
+ }
407
+ if(($auth_method == 'OUT OF BAND EMAIL' or $auth_method == 'OTP Over Email') and !MO2F_IS_ONPREM )
408
+ $is_auth_method_configured = 1;
409
+ $chat_id = get_user_meta($user->ID,'mo2f_chat_id',true);
410
+ $form .= '<div style="height:40px;width:100%;position: absolute;bottom: 0;background-color:';
411
+ $iscurrentMethod = 0;
412
+ if(MO2F_IS_ONPREM)
413
+ {
414
+ $currentMethod = $configured_auth_method;
415
+ if($currentMethod == $auth_method || ($auth_method=='miniOrange Authenticator' && $selected_miniorange_method ) )
416
+ $iscurrentMethod = 1;
417
+ $form .= $iscurrentMethod ? '#413c69' : '#a7c5eb';
418
+ }
419
+ else
420
+ $form .= $is_auth_method_selected ? '#413c69' : '#a7c5eb';
421
+ if(MO2F_IS_ONPREM)
422
+ {
423
+ $twofactor_transactions = new Mo2fDB;
424
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user->ID);
425
+ if($exceeded){
426
+ if(empty($configured_auth_method)){
427
+ $can_user_configure_2fa_method = false;
428
+ }
429
+ else{
430
+ $can_user_configure_2fa_method = true;
431
+ }
432
+ }
433
+ else{
434
+ $can_user_configure_2fa_method = true;
435
+ }
436
+ $is_customer_registered = true;
437
+ $user = wp_get_current_user();
438
+ $form .= ';color:white">';
439
+
440
+ $check = $is_customer_registered? true : false;
441
+ $show = 0;
442
+
443
+
444
+
445
+ $cloud_methods = array('miniOrange Authenticator' , 'miniOrange Soft Token','miniOrange Push Notification');
446
+
447
+ if($auth_method == 'Email Verification' || $auth_method == 'Security Questions' || $auth_method == 'Google Authenticator' || $auth_method == 'miniOrange Authenticator' || $auth_method == 'OTP Over SMS' || $auth_method == 'OTP Over Email' || $auth_method == 'OTP Over Telegram' || $auth_method == 'Duo Authenticator')
448
+ {
449
+ $show = 1;
450
+ }
451
+
452
+ if ( $check ) {
453
+ $form .= '<div class="mo2f_configure_2_factor">
454
+ <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\');"';
455
+ $form .= $show==1 ? "" : " disabled ";
456
+ $form .= '>';
457
+ if($show)
458
+ $form .= $is_auth_method_configured? 'Reconfigure' : 'Configure';
459
+ else
460
+ $form .= 'Available in cloud solution';
461
+ $form .= '</button></div>';
462
+ }
463
+ if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM) {
464
+ $form .= '<div class="mo2f_set_2_factor">
465
+ <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\');"';
466
+ $form .= $can_user_configure_2fa_method ? "" : " disabled ";
467
+ $form .= $show==1 ? "" : " disabled ";
468
+ if($show == 1 and $is_auth_method_configured and $iscurrentMethod == 0){
469
+ $form .= '>Set as 2-factor</button>
470
+ </div>';
471
+ }else{
472
+ $form .= '
473
+ </button>
474
+ </div>';
475
+ }
476
+ }
477
+
478
+ }
479
+ else
480
+ {
481
+ if(get_option('mo2f_miniorange_admin'))
482
+ $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
483
+ else
484
+ $allowed = 1;
485
+ $cloudswitch = 0;
486
+ if(!$allowed)
487
+ $allowed = 2;
488
+ $form .= ';color:white">';
489
+ $check = !$is_customer_registered? true : ($auth_method != "Email Verification" and $auth_method != "OTP Over Email"? true : false);
490
+ $is_auth_method_configured = !$is_customer_registered ? 0 :1;
491
+ if(!MO2F_IS_ONPREM and ($auth_method == "Email Verification" or $auth_method == "OTP Over Email"))
492
+ $check = 0;
493
+ if ( $check ) {
494
+ $form .= '<div class="mo2f_configure_2_factor">
495
+ <button type="button" id="'.$auth_method_abr.'_configuration" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'configure2factor\','.$cloudswitch.','.$allowed.');"';
496
+ $form .= $can_user_configure_2fa_method ? "" : " ";
497
+ $form .= '>';
498
+ $form .= $is_auth_method_configured ? 'Reconfigure' : 'Configure';
499
+ $form .= '</button></div>';
500
+ }
501
+
502
+ if ( ($is_auth_method_configured && ! $is_auth_method_selected) or MO2F_IS_ONPREM ) {
503
+ $form .= '<div class="mo2f_set_2_factor">
504
+ <button type="button" id="'.$auth_method_abr.'_set_2_factor" class="mo2f_configure_set_2_factor" onclick="configureOrSet2ndFactor_' . $category . '(\'' . $auth_method_abr . '\', \'select2factor\','.$cloudswitch.','.$allowed.');"';
505
+ $form .= $can_user_configure_2fa_method ? "" : " ";
506
+ $form .= '>Set as 2-factor</button>
507
+ </div>';
508
+ }
509
+
510
+ }
511
+ if($is_auth_method_selected && $auth_method == 'miniOrange Authenticator'){
512
+ $form .='<select name="mo2fa_MO_methods" id="mo2fa_MO_methods" class="mo2f_set_2_factor mo2f_configure_switch_2_factor mo2f_kba_ques" style="color: white;font-weight: 700;background: #48b74b;background-size: 16px 16px;border: 1px solid #48b74b;padding: 0px 0px 0px 17px;min-height: 30px;max-width: 9em;max-width: 9em;" onchange="show_3_minorange_methods();">
513
+ <option value="" selected disabled hidden style="color:white!important;">Switch to >></option>
514
+ <option value="miniOrangeSoftToken">Soft Token</option>
515
+ <option value="miniOrangeQRCodeAuthentication">QR Code</option>
516
+ <option value="miniOrangePushNotification">Push Notification</option>
517
+ </select></div>
518
+ <br><br>
519
+
520
+ ';
521
+ }
522
+ $form .= '</div>';
523
+ }
524
+ $form .= '</div></div></td>';
525
+ }
526
+
527
+ $form .= '</tr>';
528
+ }
529
+
530
+
531
+ $form .= '</table>';
532
+ if( $category!="free_plan")
533
+ if(current_user_can('administrator')){
534
+ $form .= '<div style="background-color: #f1f1f1;padding:10px">
535
+ <p style="font-size:16px;margin-left: 1%">In addition to these authentication methods, for other features in this plan, <a href="admin.php?page=mo_2fa_upgrade"><i>Click here.</i></a></p>
536
+ </div>';
537
+ }
538
+ $configured_auth_method_abr = str_replace(' ', '',$configured_auth_method);
539
+ $form .= '</div> <input type="hidden" name="miniorange_save_form_auth_methods_nonce"
540
+ value="'. wp_create_nonce( "miniorange-save-form-auth-methods-nonce" ) .'"/>
541
+ <input type="hidden" name="option" value="mo2f_save_' . $category . '_auth_methods" />
542
+ <input type="hidden" name="mo2f_configured_2FA_method_' . $category . '" id="mo2f_configured_2FA_method_' . $category . '" />
543
+ <input type="hidden" name="mo2f_selected_action_' . $category . '" id="mo2f_selected_action_' . $category . '" />
544
+ </form><script>
545
+ var selected_miniorange_method = "'.$selected_miniorange_method.'";
546
+ if(selected_miniorange_method)
547
+ jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "'.$configured_auth_method_abr.'"}).appendTo("form");
548
+ else
549
+ jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "miniOrangeSoftToken"}).appendTo("form");
550
+ </script>';
551
+
552
+ return $form;
553
+ }
554
+
555
+
556
+ function mo2f_get_activated_second_factor( $user ) {
557
+
558
+ global $Mo2fdbQueries;
559
+ $user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
560
+ $is_customer_registered = $Mo2fdbQueries->get_user_detail( 'user_registration_with_miniorange', $user->ID ) == 'SUCCESS' ? true : false;
561
+ $useremail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
562
+
563
+ if ( $user_registration_status == 'MO_2_FACTOR_SUCCESS' ) {
564
+ //checking this option for existing users
565
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mobile_registration_status' => true ) );
566
+ $mo2f_second_factor = 'MOBILE AUTHENTICATION';
567
+
568
+ return $mo2f_second_factor;
569
+ } else if ( $user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' ) {
570
+ return 'NONE';
571
+ } else {
572
+ //for new users
573
+ if ( $user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && $is_customer_registered ) {
574
+ $enduser = new Two_Factor_Setup();
575
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $useremail ), true );
576
+ if ( json_last_error() == JSON_ERROR_NONE ) {
577
+ if ( $userinfo['status'] == 'ERROR' ) {
578
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $userinfo['message'] ) );
579
+ $mo2f_second_factor = 'NONE';
580
+ } else if ( $userinfo['status'] == 'SUCCESS' ) {
581
+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
582
+ } else if ( $userinfo['status'] == 'FAILED' ) {
583
+ $mo2f_second_factor = 'NONE';
584
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_REMOVED" ) );
585
+ } else {
586
+ $mo2f_second_factor = 'NONE';
587
+ }
588
+ } else {
589
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
590
+ $mo2f_second_factor = 'NONE';
591
+ }
592
+ } else {
593
+ $mo2f_second_factor = 'NONE';
594
+ }
595
+
596
+ return $mo2f_second_factor;
597
+ }
598
+ }
599
+
600
+ function mo2f_update_and_sync_user_two_factor( $user_id, $userinfo ) {
601
+ global $Mo2fdbQueries;
602
+ $mo2f_second_factor = isset( $userinfo['authType'] ) && ! empty( $userinfo['authType'] ) ? $userinfo['authType'] : 'NONE';
603
+ if(MO2F_IS_ONPREM)
604
+ {
605
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
606
+ $mo2f_second_factor = $mo2f_second_factor ? $mo2f_second_factor : 'NONE';
607
+ return $mo2f_second_factor;
608
+ }
609
+
610
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_email' => $userinfo['email'] ) );
611
+ if ( $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
612
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_EmailVerification_config_status' => true ) );
613
+ } else if ( $mo2f_second_factor == 'SMS' and !MO2F_IS_ONPREM) {
614
+ $phone_num = $userinfo['phone'];
615
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_OTPOverSMS_config_status' => true ) );
616
+ $_SESSION['user_phone'] = $phone_num;
617
+ } else if ( in_array( $mo2f_second_factor, array(
618
+ 'SOFT TOKEN',
619
+ 'MOBILE AUTHENTICATION',
620
+ 'PUSH NOTIFICATIONS'
621
+ ) ) ) {
622
+ if(!MO2F_IS_ONPREM)
623
+ $Mo2fdbQueries->update_user_details( $user_id, array(
624
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
625
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
626
+ 'mo2f_miniOrangePushNotification_config_status' => true
627
+ ) );
628
+ } else if ( $mo2f_second_factor == 'KBA' ) {
629
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_SecurityQuestions_config_status' => true ) );
630
+ } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
631
+ $app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true );
632
+
633
+ if ( $app_type == 'Google Authenticator' ) {
634
+ $Mo2fdbQueries->update_user_details( $user_id, array(
635
+ 'mo2f_GoogleAuthenticator_config_status' => true
636
+ ) );
637
+ update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
638
+ } else if ( $app_type == 'Authy Authenticator' ) {
639
+ $Mo2fdbQueries->update_user_details( $user_id, array(
640
+ 'mo2f_AuthyAuthenticator_config_status' => true
641
+ ) );
642
+ update_user_meta( $user_id, 'mo2f_external_app_type', 'Authy Authenticator' );
643
+ } else {
644
+ $Mo2fdbQueries->update_user_details( $user_id, array(
645
+ 'mo2f_GoogleAuthenticator_config_status' => true
646
+ ) );
647
+
648
+ update_user_meta( $user_id, 'mo2f_external_app_type', 'Google Authenticator' );
649
+ }
650
+ }
651
+
652
+ return $mo2f_second_factor;
653
+ }
654
+
655
+ function display_customer_registration_forms($user){
656
+
657
+ global $Mo2fdbQueries;
658
+ $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
659
+ $mo2f_message = get_option( 'mo2f_message' );
660
+ ?>
661
+
662
+ <div id="smsAlertModal" class="modal" role="dialog" data-backdrop="static" data-keyboard="false" >
663
+ <div class="mo2f_modal-dialog" style="margin-left:30%;">
664
+ <!-- Modal content-->
665
+ <div class="modal-content">
666
+ <div class="mo2f_modal-header">
667
+ <h2 class="mo2f_modal-title">You are just one step away from setting up 2FA.</h2><span type="button" id="mo2f_registration_closed" class="modal-span-close" data-dismiss="modal">&times;</span>
668
+ </div>
669
+ <div class="mo2f_modal-body">
670
+ <span style="color:green;cursor: pointer;float:right;" onclick="show_content();">Why Register with miniOrange?</span><br>
671
+ <div id="mo2f_register" style="background-color:#f1f1f1;padding: 1px 4px 1px 14px;display: none;">
672
+ <p>miniOrange Two Factor plugin uses highly secure miniOrange APIs to communicate with the plugin. To keep this communication secure, we ask you to register and assign you API keys specific to your account. This way your account and users can be only accessed by API keys assigned to you. Also, you can use the same account on multiple applications and your users do not have to maintain multiple accounts or 2-factors.</p>
673
+ </div>
674
+ <?php if ( $mo2f_message ) { ?>
675
+ <div style="padding:5px;">
676
+ <div class="alert alert-info" style="margin-bottom:0px;padding:3px;">
677
+ <p style="font-size:15px;margin-left: 2%;"><?php echo $mo2f_message; ?></p>
678
+ </div>
679
+ </div>
680
+ <?php }
681
+ if(in_array($mo2f_current_registration_status, array("REGISTRATION_STARTED", "MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE", "MO_2_FACTOR_VERIFY_CUSTOMER")) ){
682
+ mo2f_show_registration_screen($user);
683
+ }
684
+ ?>
685
+ </div>
686
+ </div>
687
+ </div>
688
+ <form name="f" method="post" action="" class="mo2f_registration_closed_form">
689
+ <input type="hidden" name="mo2f_registration_closed_nonce"
690
+ value="<?php echo wp_create_nonce( "mo2f-registration-closed-nonce" ) ?>"/>
691
+ <input type="hidden" name="option" value="mo2f_registration_closed"/>
692
+ </form>
693
+ </div>
694
+ <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js"></script>
695
+ <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
696
+ <script>
697
+ function show_content() {
698
+ jQuery('#mo2f_register').slideToggle();
699
+ }
700
+ jQuery(function () {
701
+ jQuery('#smsAlertModal').modal();
702
+ });
703
+
704
+ jQuery('#mo2f_registration_closed').click(function () {
705
+ jQuery('.mo2f_registration_closed_form').submit();
706
+ });
707
+ </script>
708
+
709
+ <?php
710
+ }
711
+
712
+ function mo2f_show_registration_screen($user){
713
+ global $mo2f_dirName;
714
+
715
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'account.php';
716
+
717
+ }
718
+
719
+ function mo2f_show_2FA_configuration_screen( $user, $selected2FAmethod ) {
720
+ global $mo2f_dirName;
721
+
722
+ switch ( $selected2FAmethod ) {
723
+ case "Google Authenticator":
724
+ if(MO2F_IS_ONPREM){
725
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR. 'gaonprem.php';
726
+ $obj = new Google_auth_onpremise();
727
+ $obj->mo_GAuth_get_details();
728
+ }
729
+ else{
730
+ if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
731
+ Miniorange_Authentication::mo2f_get_GA_parameters($user);
732
+ }
733
+ echo '<div class="mo2f_table_layout">';
734
+ mo2f_configure_google_authenticator( $user );
735
+ echo '</div>';
736
+ }
737
+ break;
738
+ case "Authy Authenticator":
739
+ echo '<div class="mo2f_table_layout">';
740
+ mo2f_configure_authy_authenticator( $user );
741
+ echo '</div>';
742
+ break;
743
+ case "Security Questions":
744
+ echo '<div class="mo2f_table_layout">';
745
+ mo2f_configure_for_mobile_suppport_kba( $user );
746
+ echo '</div>';
747
+ break;
748
+ case "Email Verification":
749
+ echo '<div class="mo2f_table_layout">';
750
+ mo2f_configure_for_mobile_suppport_kba( $user );
751
+ echo '</div>';
752
+ break;
753
+ case "OTP Over SMS":
754
+ echo '<div class="mo2f_table_layout">';
755
+ mo2f_configure_otp_over_sms( $user );
756
+ echo '</div>';
757
+ break;
758
+ case "miniOrange Soft Token":
759
+ echo '<div class="mo2f_table_layout">';
760
+ mo2f_configure_miniorange_authenticator( $user );
761
+ echo '</div>';
762
+ break;
763
+ case "miniOrange QR Code Authentication":
764
+ echo '<div class="mo2f_table_layout">';
765
+ mo2f_configure_miniorange_authenticator( $user );
766
+ echo '</div>';
767
+ break;
768
+ case "miniOrange Push Notification":
769
+ echo '<div class="mo2f_table_layout">';
770
+ mo2f_configure_miniorange_authenticator( $user );
771
+ echo '</div>';
772
+ break;
773
+ case "OTP Over Email":
774
+ echo '<div class="mo2f_table_layout">';
775
+ mo2f_test_otp_over_email($user,$selected2FAmethod);
776
+ echo '</div>';
777
+ break;
778
+ case "OTP Over Telegram":
779
+ echo '<div class="mo2f_table_layout">';
780
+ mo2f_configure_otp_over_Telegram($user);
781
+ echo '</div>';
782
+ break;
783
+ case "DuoAuthenticator":
784
+ case "Duo Authenticator":
785
+ echo '<div class="mo2f_table_layout">';
786
+ mo2f_configure_duo_authenticator($user);
787
+ echo '</div>';
788
+ break;
789
+ }
790
+
791
+ }
792
+
793
+ function mo2f_show_2FA_test_screen( $user, $selected2FAmethod ) {
794
+
795
+
796
+ switch ( $selected2FAmethod ) {
797
+ case "miniOrange QR Code Authentication":
798
+ mo2f_test_miniorange_qr_code_authentication( $user );
799
+ break;
800
+ case "miniOrange Push Notification":
801
+ mo2f_test_miniorange_push_notification( $user );
802
+ break;
803
+ case "miniOrange Soft Token":
804
+ mo2f_test_miniorange_soft_token( $user );
805
+ break;
806
+ case "Email Verification":
807
+ mo2f_test_email_verification($user);
808
+ break;
809
+ case "OTP Over SMS":
810
+ mo2f_test_otp_over_sms( $user );
811
+ break;
812
+ case "OTP Over Telegram":
813
+ mo2f_test_otp_over_Telegram( $user );
814
+ break;
815
+ case "Security Questions":
816
+ mo2f_test_kba_security_questions( $user );
817
+ break;
818
+ case "OTP Over Email":
819
+ mo2f_test_otp_over_email($user,$selected2FAmethod);
820
+ break;
821
+ case "Duo Authenticator":
822
+ mo2f_test_duo_authenticator($user);
823
+ break;
824
+ default:
825
+ mo2f_test_google_authy_authenticator( $user, $selected2FAmethod );
826
+ }
827
+
828
+ }
829
+
830
+ function mo2f_method_display_name($user,$mo2f_second_factor){
831
+
832
+ if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
833
+ $app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
834
+
835
+ if ( $app_type == 'Google Authenticator' ) {
836
+ $selectedMethod = 'Google Authenticator';
837
+ } else if ( $app_type == 'Authy Authenticator' ) {
838
+ $selectedMethod = 'Authy Authenticator';
839
+ } else {
840
+ $selectedMethod = 'Google Authenticator';
841
+ update_user_meta( $user->ID, 'mo2f_external_app_type', $selectedMethod );
842
+ }
843
+ } else {
844
+ $selectedMethod = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
845
+ }
846
+ return $selectedMethod;
847
+
848
+ }
849
+
850
+ function mo2f_lt( $string ) {
851
+ return __($string ,'miniorange-2-factor-authentication' );
852
+ }
853
+
854
+ function mo2f_rba_description($mo2f_user_email) {?>
855
+ <div id="mo2f_rba_addon">
856
+ <?php if ( get_option( 'mo2f_rba_installed' ) ) { ?>
857
+ <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_rba_addon"
858
+ class="button button-primary button-large"
859
+ style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
860
+ <?php } ?>
861
+ <?php if ( ! get_option( 'mo2f_rba_purchased' ) ) { ?>
862
+ <a onclick="mo2f_addonform('wp_2fa_addon_rba')" id="mo2f_purchase_rba_addon"
863
+ class="button button-primary button-large"
864
+ style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a><?php } ?>
865
+ <div id="mo2f_rba_addon_hide">
866
+
867
+ <br>
868
+ <div id="mo2f_hide_rba_content">
869
+
870
+ <div class="mo2f_box">
871
+ <h3><?php echo __( 'Remember Device', 'miniorange-2-factor-authentication' ); ?></h3>
872
+ <hr>
873
+ <p id="mo2f_hide_rba_content"><?php echo __( 'With this feature, User would get an option to remember the personal device where Two Factor is not required. Every time the user logs in with the same device it detects the saved device so he will directly login without being prompted for the 2nd factor. If user logs in from new device he will be prompted with 2nd Factor.', 'miniorange-2-factor-authentication' ); ?>
874
+
875
+ </p>
876
+ </div>
877
+ <br><br>
878
+ <div class="mo2f_box">
879
+ <h3><?php echo __( 'Limit Number Of Device', 'miniorange-2-factor-authentication' ); ?></h3>
880
+ <hr>
881
+ <p><?php echo __( 'With this feature, the admin can restrict the number of devices from which the user can access the website. If the device limit is exceeded the admin can set three actions where it can allow the users to login, deny the access or challenge the user for authentication.', 'miniorange-2-factor-authentication' ); ?>
882
+ </p>
883
+
884
+ </div>
885
+ <br><br>
886
+ <div class="mo2f_box">
887
+ <h3><?php echo __( 'IP Restriction: Limit users to login from specific IPs', 'miniorange-2-factor-authentication' ); ?></h3>
888
+ <hr>
889
+ <p><?php echo __( 'The Admin can enable IP restrictions for the users. It will provide additional security to the accounts and perform different action to the accounts only from the listed IP Ranges. If user tries to access with a restricted IP, Admin can set three action: Allow, challenge or deny. Depending upon the action it will allow the user to login, challenge(prompt) for authentication or deny the access.', 'miniorange-2-factor-authentication' ); ?>
890
+
891
+ </div>
892
+ <br>
893
+ </div>
894
+
895
+ </div>
896
+ <div id="mo2f_rba_addon_show">
897
+ <?php $x = apply_filters( 'mo2f_rba', "rba" );?>
898
+ </div>
899
+ </div>
900
+ <form style="display:none;" id="mo2fa_loginform"
901
+ action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
902
+ target="_blank" method="post">
903
+ <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
904
+ <input type="text" name="redirectUrl"
905
+ value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
906
+ <input type="text" name="requestOrigin" id="requestOrigin"/>
907
+ </form>
908
+ <script>
909
+ function mo2f_addonform(planType) {
910
+ jQuery('#requestOrigin').val(planType);
911
+ jQuery('#mo2fa_loginform').submit();
912
+ }
913
+ </script>
914
+ <?php
915
+ }
916
+
917
+ function mo2f_personalization_description($mo2f_user_email) {?>
918
+ <div id="mo2f_custom_addon">
919
+ <?php if ( get_option( 'mo2f_personalization_installed' ) ) { ?>
920
+ <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_custom_addon"
921
+ class="button button-primary button-large"
922
+ style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
923
+ <?php } ?>
924
+ <?php if ( ! get_option( 'mo2f_personalization_purchased' ) ) { ?> <a
925
+ onclick="mo2f_addonform('wp_2fa_addon_shortcode')" id="mo2f_purchase_custom_addon"
926
+ class="button button-primary button-large"
927
+ style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
928
+ <?php } ?>
929
+ <div id="mo2f_custom_addon_hide">
930
+
931
+
932
+ <br>
933
+ <div id="mo2f_hide_custom_content">
934
+ <div class="mo2f_box">
935
+ <h3><?php echo __( 'Customize Plugin Icon', 'miniorange-2-factor-authentication' ); ?></h3>
936
+ <hr>
937
+ <p>
938
+ <?php echo __( 'With this feature, you can customize the plugin icon in the dashboard which is useful when you want your custom logo to be displayed to the users.', 'miniorange-2-factor-authentication' ); ?>
939
+ </p>
940
+ <br>
941
+ <h3><?php echo __( 'Customize Plugin Name', 'miniorange-2-factor-authentication' ); ?></h3>
942
+ <hr>
943
+ <p>
944
+ <?php echo __( 'With this feature, you can customize the name of the plugin in the dashboard.', 'miniorange-2-factor-authentication' ); ?>
945
+ </p>
946
+
947
+ </div>
948
+ <br>
949
+ <div class="mo2f_box">
950
+ <h3><?php echo __( 'Customize UI of Login Pop up\'s', 'miniorange-2-factor-authentication' ); ?></h3>
951
+ <hr>
952
+ <p>
953
+ <?php echo __( 'With this feature, you can customize the login pop-ups during two factor authentication according to the theme of your website.', 'miniorange-2-factor-authentication' ); ?>
954
+ </p>
955
+ </div>
956
+
957
+ <br>
958
+ <div class="mo2f_box">
959
+ <h3><?php echo __( 'Custom Email and SMS Templates', 'miniorange-2-factor-authentication' ); ?></h3>
960
+ <hr>
961
+
962
+ <p><?php echo __( 'You can change the templates for Email and SMS which user receives during authentication.', 'miniorange-2-factor-authentication' ); ?></p>
963
+
964
+ </div>
965
+ </div>
966
+ </div>
967
+ <div id="mo2f_custom_addon_show"><?php $x = apply_filters( 'mo2f_custom', "custom"); ?></div>
968
+ </div>
969
+
970
+ <?php
971
+ }
972
+
973
+ function mo2f_shortcode_description($mo2f_user_email) { ?>
974
+ <div id="mo2f_Shortcode_addon_hide">
975
+ <?php if ( get_option( 'mo2f_shortcode_installed' ) ) { ?>
976
+ <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_shortcode_addon"
977
+ class="button button-primary button-large" style="float:right; margin-top:2%;"><?php echo __( 'Activate
978
+ Plugin', 'miniorange-2-factor-authentication' ); ?></a>
979
+ <?php } if ( ! get_option( 'mo2f_shortcode_purchased' ) ) { ?>
980
+ <a onclick="mo2f_addonform('wp_2fa_addon_personalization')" id="mo2f_purchase_shortcode_addon"
981
+ class="button button-primary button-large"
982
+ style="float:right;"><?php echo __( 'Purchase', 'miniorange-2-factor-authentication' ); ?></a>
983
+ <?php } ?>
984
+
985
+ <div id="shortcode" class="description">
986
+
987
+
988
+ <br>
989
+ <div id="mo2f_hide_shortcode_content" class="mo2f_box">
990
+ <h3><?php echo __( 'List of Shortcodes', 'miniorange-2-factor-authentication' ); ?>:</h3>
991
+ <hr>
992
+ <ol style="margin-left:2%">
993
+ <li>
994
+ <b><?php echo __( 'Enable Two Factor: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to turn on/off 2-factor by user.', 'miniorange-2-factor-authentication' ); ?>
995
+ </li>
996
+ <li>
997
+ <b><?php echo __( 'Enable Reconfiguration: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to configure the Google Authenticator and Security Questions by user.', 'miniorange-2-factor-authentication' ); ?>
998
+ </li>
999
+ <li>
1000
+ <b><?php echo __( 'Enable Remember Device: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( ' This shortcode provides\'Enable Remember Device\' from your custom login form.', 'miniorange-2-factor-authentication' ); ?>
1001
+ </li>
1002
+ </ol>
1003
+ </div>
1004
+ <div id="mo2f_Shortcode_addon_show"><?php $x = apply_filters( 'mo2f_shortcode', "shortcode" ); ?></div>
1005
+ </div>
1006
+ <br>
1007
+ </div>
1008
+ <form style="display:none;" id="mo2fa_loginform" action="<?php echo MO_HOST_NAME . '/moas/login'; ?>" target="_blank" method="post">
1009
+ <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
1010
+ <input type="text" name="redirectUrl"
1011
+ value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
1012
+ <input type="text" name="requestOrigin" id="requestOrigin"/>
1013
+ </form>
1014
+ <script>
1015
+ function mo2f_addonform(planType) {
1016
+ jQuery('#requestOrigin').val(planType);
1017
+ jQuery('#mo2fa_loginform').submit();
1018
+ }
1019
+ </script>
1020
+ <?php
1021
+ }
1022
+
1023
+ ?>
handler/twofa/two_fa_constants.php CHANGED
@@ -1,454 +1,454 @@
1
- <?php
2
- if ( ! defined( 'ABSPATH' ) ) {
3
- exit;
4
- }
5
-
6
- class Mo2fConstants {
7
- static function langTranslate( $text ) {
8
- switch ( $text ) {
9
- case 'Successfully validated.':
10
- return mo2f_lt( 'Successfully validated.' );
11
- break;
12
- case 'SCAN_QR_CODE':
13
- return mo2f_lt( 'Please scan the QR Code now.' );
14
- break;
15
- case 'miniOrange QR Code Authentication':
16
- return mo2f_lt( 'miniOrange QR Code Authentication' );
17
- break;
18
- case 'miniOrange Push Notification':
19
- return mo2f_lt( 'miniOrange Push Notification' );
20
- break;
21
- case 'miniOrange Soft Token':
22
- return mo2f_lt( 'miniOrange Soft Token' );
23
- break;
24
- case 'Security Questions':
25
- return mo2f_lt( 'Security Questions' );
26
- break;
27
- case 'Google Authenticator':
28
- return mo2f_lt( 'Google Authenticator' );
29
- break;
30
- case 'Authy Authenticator':
31
- return mo2f_lt( 'Authy Authenticator' );
32
- break;
33
- case 'Email Verification':
34
- return mo2f_lt( 'Email Verification' );
35
- break;
36
- case 'OTP Over SMS':
37
- return mo2f_lt( 'OTP Over SMS' );
38
- break;
39
- case 'OTP Over SMS And Email':
40
- return mo2f_lt( 'OTP Over SMS And Email' );
41
- break;
42
- case 'Your license has expired. Please renew your license to continue using our service.':
43
- return mo2f_lt( 'Your license has expired. Please renew your license to continue using our service.' );
44
- break;
45
- case 'The total transaction limit has been exceeded. Please upgrade your premium plan.':
46
- return mo2f_lt( 'The total transaction limit has been exceeded. Please upgrade your premium plan.' );
47
- break;
48
- case 'The transaction limit has exceeded.':
49
- return mo2f_lt( 'The transaction limit has exceeded.' );
50
- break;
51
- case 'GenerateOtpRequest is null':
52
- return mo2f_lt( 'GenerateOtpRequest is null' );
53
- break;
54
- case 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
55
- return mo2f_lt( 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
56
- break;
57
- case 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
58
- return mo2f_lt( 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
59
- break;
60
- case 'Transaction limit exceeded. Please contact your administrator':
61
- return mo2f_lt( 'Transaction limit exceeded. Please contact your administrator' );
62
- break;
63
- case 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.':
64
- return mo2f_lt( 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.' );
65
- break;
66
- case 'Invalid format.':
67
- return mo2f_lt( 'Invalid format.' );
68
- break;
69
- case 'Mobile registration failed.':
70
- return mo2f_lt( 'Mobile registration failed.' );
71
- break;
72
- case 'Invalid mobile authentication request.':
73
- return mo2f_lt( 'Invalid mobile authentication request.' );
74
- break;
75
- case 'Exception during SMS sending':
76
- return mo2f_lt( 'Exception during SMS sending' );
77
- break;
78
- case 'There was an error during sending an SMS.':
79
- return mo2f_lt( 'There was an error during sending an SMS.' );
80
- break;
81
- case 'Exception during logUserTransaction':
82
- return mo2f_lt( 'Exception during logUserTransaction' );
83
- break;
84
- case 'There was an error processing the challenge user request.':
85
- return mo2f_lt( 'There was an error processing the challenge user request.' );
86
- break;
87
- case 'What is your first company name?':
88
- return mo2f_lt( 'What is your first company name?' );
89
- break;
90
- case 'What was your childhood nickname?':
91
- return mo2f_lt( 'What was your childhood nickname?' );
92
- break;
93
- case 'In what city did you meet your spouse/significant other?':
94
- return mo2f_lt( 'In what city did you meet your spouse/significant other?' );
95
- break;
96
- case 'What is the name of your favorite childhood friend?':
97
- return mo2f_lt( 'What is the name of your favorite childhood friend?' );
98
- break;
99
- case "What was your first vehicle's registration number?":
100
- return mo2f_lt( "What was your first vehicle's registration number?" );
101
- break;
102
- case "What is your grandmother's maiden name?":
103
- return mo2f_lt( "What is your grandmother's maiden name?" );
104
- break;
105
- case 'Who is your favourite sports player?':
106
- return mo2f_lt( 'Who is your favourite sports player?' );
107
- break;
108
- case 'What is your favourite sport?':
109
- return mo2f_lt( 'What is your favourite sport?' );
110
- break;
111
- case 'In what city or town was your first job':
112
- return mo2f_lt( 'In what city or town was your first job' );
113
- break;
114
- case 'What school did you attend for sixth grade?':
115
- return mo2f_lt( 'What school did you attend for sixth grade?' );
116
- break;
117
- case 'G_AUTH':
118
- return mo2f_lt( 'Google Authenticator' );
119
- break;
120
- case 'AUTHY_2FA':
121
- return mo2f_lt( 'Authy 2-Factor Authentication' );
122
- break;
123
- case 'An unknown error occurred while creating the end user.':
124
- return mo2f_lt( 'An unknown error occurred while creating the end user.' );
125
- break;
126
- case 'An unknown error occurred while challenging the user':
127
- return mo2f_lt( 'An unknown error occurred while challenging the user.' );
128
- break;
129
- case 'An unknown error occurred while generating QR Code for registering mobile.':
130
- return mo2f_lt( 'An unknown error occurred while generating QR Code for registering mobile.' );
131
- break;
132
- case 'An unknown error occurred while validating the user\'s identity.':
133
- return mo2f_lt( 'An unknown error occurred while validating the user\'s identity.' );
134
- break;
135
- case 'Customer not found.':
136
- return mo2f_lt( 'Customer not found.' );
137
- break;
138
- case 'The customer is not valid ':
139
- return mo2f_lt( 'The customer is not valid' );
140
- break;
141
- case 'The user is not valid ':
142
- return mo2f_lt( 'The user is not valid ' );
143
- break;
144
- case 'Customer already exists.':
145
- return mo2f_lt( 'Customer already exists.' );
146
- break;
147
- case 'Customer Name is null':
148
- return mo2f_lt( 'Customer Name is null' );
149
- break;
150
- case 'Customer check request failed.':
151
- return mo2f_lt( 'Customer check request failed.' );
152
- break;
153
- case 'Invalid username or password. Please try again.':
154
- return mo2f_lt( 'Invalid username or password. Please try again.' );
155
- break;
156
- case 'You are not authorized to perform this operation.':
157
- return mo2f_lt( 'You are not authorized to perform this operation.' );
158
- break;
159
- case 'Invalid request. No such challenge request was initiated.':
160
- return mo2f_lt( 'Invalid request. No such challenge request was initiated.' );
161
- break;
162
- case 'No OTP Token for the given request was found.':
163
- return mo2f_lt( 'No OTP Token for the given request was found.' );
164
- break;
165
- case 'Query submitted.':
166
- return mo2f_lt( 'Query submitted.' );
167
- break;
168
- case 'Invalid parameters.':
169
- return mo2f_lt( 'Invalid parameters.' );
170
- break;
171
- case 'Alternate email cannot be same as primary email.':
172
- return mo2f_lt( 'Alternate email cannot be same as primary email.' );
173
- break;
174
- case 'CustomerId is null.':
175
- return mo2f_lt( 'CustomerId is null.' );
176
- break;
177
- case 'You are not authorized to create users. Please upgrade to premium plan. ':
178
- return mo2f_lt( 'You are not authorized to create users. Please upgrade to premium plan. ' );
179
- break;
180
- case 'Your user creation limit has been completed. Please upgrade your license to add more users.':
181
- return mo2f_lt( 'Your user creation limit has been completed. Please upgrade your license to add more users.' );
182
- break;
183
- case 'Username cannot be blank.':
184
- return mo2f_lt( 'Username cannot be blank.' );
185
- break;
186
- case 'End user created successfully.':
187
- return mo2f_lt( 'End user created successfully.' );
188
- break;
189
- case 'There was an exception processing the update user request.':
190
- return mo2f_lt( 'There was an exception processing the update user request.' );
191
- break;
192
- case 'End user found.':
193
- return mo2f_lt( 'End user found.' );
194
- break;
195
- case 'End user found under different customer. ':
196
- return mo2f_lt( 'End user found under different customer. ' );
197
- break;
198
- case 'End user not found.':
199
- return mo2f_lt( 'End user not found.' );
200
- break;
201
- case 'Customer successfully registered.':
202
- return mo2f_lt( 'Customer successfully registered.' );
203
- break;
204
- case 'Customer registration failed.':
205
- return mo2f_lt( 'Customer registration failed.' );
206
- break;
207
- case 'There was an error processing the register mobile request.':
208
- return mo2f_lt( 'There was an error processing the register mobile request.' );
209
- break;
210
- case 'There was an exception processing the get user request.':
211
- return mo2f_lt( 'There was an exception processing the get user request.' );
212
- break;
213
- case 'End User retrieved successfully.':
214
- return mo2f_lt( 'End User retrieved successfully.' );
215
- break;
216
- case 'COMPLETED_TEST':
217
- Return mo2f_lt( 'You have successfully completed the test.' );
218
- break;
219
- case 'INVALID_EMAIL_VER_REQ':
220
- Return mo2f_lt( 'Invalid request. test case failed.');
221
- break;
222
- case 'INVALID_ENTRY':
223
- Return mo2f_lt( 'All the fields are required. Please enter valid entries.' );
224
- break;
225
- case 'INVALID_PASSWORD':
226
- Return mo2f_lt( 'You already have an account with miniOrange. Please enter a valid password.' );
227
- break;
228
- case 'INVALID_REQ':
229
- Return mo2f_lt( 'Invalid request. Please try again' );
230
- break;
231
- case 'INVALID_OTP':
232
- Return mo2f_lt( 'Invalid OTP. Please try again.' );
233
- break;
234
- case 'INVALID_EMAIL_OR_PASSWORD':
235
- Return mo2f_lt( 'Invalid email or password. Please try again.' );
236
- break;
237
- case 'PASSWORDS_MISMATCH':
238
- Return mo2f_lt( 'Password and Confirm password do not match.' );
239
- break;
240
- case 'ENTER_YOUR_EMAIL_PASSWORD':
241
- Return mo2f_lt( 'Please enter your registered email and password.' );
242
- break;
243
- case 'OTP_SENT':
244
- Return mo2f_lt( 'One Time Passcode has been sent for verification to ' );
245
- break;
246
- case 'ERROR_IN_SENDING_OTP_OVER_EMAIL':
247
- Return mo2f_lt( 'There was an error in sending OTP over email. Please click on Resend OTP to try again.' );
248
- break;
249
- case 'ERROR_DURING_REGISTRATION':
250
- Return mo2f_lt( 'Error occured while registration. Please try again.' );
251
- break;
252
- case 'ERROR_DURING_PROCESS':
253
- Return mo2f_lt( 'An error occured while processing your request. Please Try again.' );
254
- break;
255
- case 'ERROR_DURING_PROCESS_EMAIL':
256
- Return mo2f_lt( 'An error occured while processing your request. Please check your SMTP server is configured.' );
257
- break;
258
- case 'ERROR_WHILE_SENDING_SMS':
259
- Return mo2f_lt( 'There was an error in sending sms. Please click on Resend OTP to try again.' );
260
- break;
261
- case 'ERROR_DURING_USER_REGISTRATION':
262
- Return mo2f_lt( 'Error occurred while registering the user. Please try again.' );
263
- break;
264
- case 'VALIDATE_DUO':
265
- Return mo2f_lt( 'Duo push notification validate successfully.' );
266
- break;
267
- case 'SET_AS_2ND_FACTOR':
268
- Return mo2f_lt( 'is set as your 2 factor authentication method.' );
269
- break;
270
- case 'ERROR_WHILE_SAVING_KBA':
271
- Return mo2f_lt( 'Error occured while saving your kba details. Please try again.' );
272
- break;
273
- case 'ANSWER_SECURITY_QUESTIONS':
274
- Return mo2f_lt( 'Please answer the following security questions.' );
275
- break;
276
-
277
- case 'BACKUP_CODE_LIMIT_REACH':
278
- Return mo2f_lt( 'You have already downloaded the backup codes for this domain.' );
279
- break;
280
- case 'BACKUP_CODE_DOMAIN_LIMIT_REACH':
281
- Return mo2f_lt( 'User Limit is reached for your domain.' );
282
- break;
283
- case 'BACKUP_CODE_INVALID_REQUEST':
284
- Return mo2f_lt( 'Invalid request.' );
285
- break;
286
- case 'USED_ALL_BACKUP_CODES':
287
- Return mo2f_lt( 'You have used all of the backup codes' );
288
- break;
289
- case 'RESET_DUO_CONFIGURATON':
290
- Return mo2f_lt( 'Your Duo configuration has been reset successfully.' );
291
- break;
292
- case 'ERROR_FETCHING_QUESTIONS':
293
- Return mo2f_lt( 'There was an error fetching security questions. Please try again.' );
294
- break;
295
- case 'INVALID_ANSWERS':
296
- Return mo2f_lt( 'Invalid Answers. Please try again.' );
297
- break;
298
- case 'MIN_PASS_LENGTH':
299
- Return mo2f_lt( 'Choose a password with minimum length 6.' );
300
- break;
301
- case 'ACCOUNT_RETRIEVED_SUCCESSFULLY':
302
- Return mo2f_lt( 'Your account has been retrieved successfully.' );
303
- break;
304
- case 'DEFAULT_2ND_FACTOR':
305
- Return mo2f_lt( 'has been set as your default 2nd factor method' );
306
- break;
307
- case 'RESENT_OTP':
308
- Return mo2f_lt( 'Another One Time Passcode has been sent' );
309
- break;
310
- case 'VERIFY':
311
- Return mo2f_lt( 'for verification to' );
312
- break;
313
- case 'ERROR_IN_SENDING_EMAIL':
314
- Return mo2f_lt( 'There was an error in sending email. Please click on Resend OTP to try again.' );
315
- break;
316
- case 'EMAIL_IN_USE':
317
- Return mo2f_lt( 'The email is already used by other user. Please register with other email.' );
318
- break;
319
- case 'EMAIL_MANDATORY':
320
- Return mo2f_lt( 'Please submit your query with email' );
321
- break;
322
- case 'ERROR_WHILE_SUBMITTING_QUERY':
323
- Return mo2f_lt( 'Your query could not be submitted. Please try again.' );
324
- break;
325
- case 'QUERY_SUBMITTED_SUCCESSFULLY':
326
- Return mo2f_lt( 'Thanks for getting in touch! We shall get back to you shortly.' );
327
- break;
328
- case 'SETTINGS_SAVED':
329
- Return mo2f_lt( 'Your settings are saved successfully.' );
330
- break;
331
- case 'AUTHENTICATION_FAILED':
332
- Return mo2f_lt( 'Authentication failed. Please try again to test the configuration.' );
333
- break;
334
- case 'REGISTER_WITH_MO':
335
- Return mo2f_lt( 'Invalid request. Please register with miniOrange before configuring your mobile.' );
336
- break;
337
- case 'ENTER_EMAILID':
338
- Return mo2f_lt( 'Please enter email-id to register.' );
339
- break;
340
- case 'ENTER_VALUE':
341
- Return mo2f_lt( 'Please enter a value to test your authentication.' );
342
- break;
343
- case 'ENTER_OTP':
344
- Return mo2f_lt( 'Please enter the one time passcode below.' );
345
- break;
346
- case 'ERROR_IN_SENDING_OTP':
347
- Return mo2f_lt( 'There was an error in sending one-time passcode. Your transaction limit might have exceeded. Please contact miniOrange or upgrade to our premium plan.' );
348
- break;
349
- case 'ERROR_IN_SENDING_OTP_ONPREM':
350
- Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
351
- break;
352
- case 'SMTP_CHECK_FOR_EMAIL_VERIFICATON':
353
- Return mo2f_lt('Please set your SMTP to get the email to verify the email at the time of login otherwise you will get logged out');
354
- break;
355
- case 'PUSH_NOTIFICATION_SENT':
356
- Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
357
- break;
358
- case 'ERROR_WHILE_VALIDATING_OTP':
359
- Return mo2f_lt( 'Error occurred while validating the OTP. Please try again.' );
360
- break;
361
- case 'TEST_GAUTH_METHOD':
362
- Return mo2f_lt( 'to test Google Authenticator method.' );
363
- break;
364
- case 'ERROR_IN_SENDING_OTP_CAUSES':
365
- Return mo2f_lt( 'Error occurred while validating the OTP. Please try again. Possible causes:' );
366
- break;
367
- case 'APP_TIME_SYNC':
368
- Return mo2f_lt( 'Your App Time is not in sync.Go to settings and tap on tap on Sync Time now .' );
369
- break;
370
- case 'SERVER_TIME_SYNC':
371
- Return mo2f_lt( 'Please make sure your System and device have the same time as the displayed Server time.' );
372
- break;
373
- case 'ERROR_WHILE_VALIDATING_USER':
374
- Return mo2f_lt( 'Error occurred while validating the user. Please try again.' );
375
- break;
376
- case 'ONLY_DIGITS_ALLOWED':
377
- Return mo2f_lt( 'Only digits are allowed. Please enter again.' );
378
- break;
379
- case 'TEST_AUTHY_2FA':
380
- Return mo2f_lt( 'to test Authy 2-Factor Authentication method.' );
381
- break;
382
- case 'METHOD':
383
- Return mo2f_lt( 'method.' );
384
- break;
385
- case 'TO_TEST':
386
- Return mo2f_lt( 'to test' );
387
- break;
388
- case 'SET_2FA':
389
- Return mo2f_lt( 'is set as your Two-Factor method.' );
390
- break;
391
-
392
- case 'SET_2FA_otp':
393
- Return mo2f_lt( 'is set as your Two-Factor method.' );
394
- break;
395
-
396
-
397
- case 'VERIFICATION_EMAIL_SENT':
398
- Return mo2f_lt( 'A verification email is sent to' );
399
- break;
400
- case 'ACCEPT_LINK_TO_VERIFY_EMAIL':
401
- Return mo2f_lt( 'Please click on accept link to verify your email.' );
402
- break;
403
- case 'ACCOUNT_CREATED':
404
- Return mo2f_lt( 'Your account has been created successfully.' );
405
- break;
406
- case 'ACCOUNT_REMOVED':
407
- Return mo2f_lt( 'Your account has been removed. Please contact your administrator.' );
408
- break;
409
- case 'REGISTRATION_SUCCESS':
410
- Return mo2f_lt( 'You are registered successfully.' );
411
- break;
412
- case 'DENIED_REQUEST':
413
- Return mo2f_lt( 'You have denied the request.' );
414
- break;
415
- case 'DENIED_DUO_REQUEST':
416
- Return mo2f_lt( 'You have denied the request or you have not set duo push notification yet' );
417
- break;
418
- case 'DISABLED_2FA':
419
- Return mo2f_lt( 'Two-Factor plugin has been disabled.' );
420
- break;
421
- case 'ERROR_WHILE_SAVING_SETTINGS':
422
- Return mo2f_lt( 'Error occurred while saving the settings.Please try again.' );
423
- break;
424
- case 'INVALID_REQUEST':
425
- Return mo2f_lt( 'Invalid request. Please register with miniOrange and configure 2-Factor to save your login settings.' );
426
- break;
427
- case 'ACCOUNT_ALREADY_EXISTS':
428
- Return mo2f_lt( 'You already have an account with miniOrange, please sign in.' );
429
- break;
430
- case 'CONFIGURE_2FA':
431
- Return mo2f_lt( 'to configure another 2 Factor authentication method.' );
432
- break;
433
- case 'PHONE_NOT_CONFIGURED':
434
- Return mo2f_lt( 'Your phone number is not configured. Please configure it before selecting OTP Over SMS as your 2-factor method.' );
435
- break;
436
- case 'CLICK_HERE':
437
- Return mo2f_lt( 'Click Here' );
438
- break;
439
- case 'ERROR_CREATE_ACC_OTP':
440
- Return mo2f_lt( 'An error occured while creating your account. Please try again by sending OTP again.' );
441
- break;
442
- case 'LOGIN_WITH_2ND_FACTOR':
443
- Return mo2f_lt( 'Please disable 2FA prompt on WP login page to enable Login with 2nd facor only.' );
444
- break;
445
- case 'USER_LIMIT_EXCEEDED':
446
- Return mo2f_lt( 'Your limit of 3 users has exceeded. Please upgrade to premium plans for more users.' );
447
- break;
448
- default:
449
- return $text;
450
- }
451
- }
452
- }
453
-
454
- new Mo2fConstants;
1
+ <?php
2
+ if ( ! defined( 'ABSPATH' ) ) {
3
+ exit;
4
+ }
5
+
6
+ class Mo2fConstants {
7
+ static function langTranslate( $text ) {
8
+ switch ( $text ) {
9
+ case 'Successfully validated.':
10
+ return mo2f_lt( 'Successfully validated.' );
11
+ break;
12
+ case 'SCAN_QR_CODE':
13
+ return mo2f_lt( 'Please scan the QR Code now.' );
14
+ break;
15
+ case 'miniOrange QR Code Authentication':
16
+ return mo2f_lt( 'miniOrange QR Code Authentication' );
17
+ break;
18
+ case 'miniOrange Push Notification':
19
+ return mo2f_lt( 'miniOrange Push Notification' );
20
+ break;
21
+ case 'miniOrange Soft Token':
22
+ return mo2f_lt( 'miniOrange Soft Token' );
23
+ break;
24
+ case 'Security Questions':
25
+ return mo2f_lt( 'Security Questions' );
26
+ break;
27
+ case 'Google Authenticator':
28
+ return mo2f_lt( 'Google Authenticator' );
29
+ break;
30
+ case 'Authy Authenticator':
31
+ return mo2f_lt( 'Authy Authenticator' );
32
+ break;
33
+ case 'Email Verification':
34
+ return mo2f_lt( 'Email Verification' );
35
+ break;
36
+ case 'OTP Over SMS':
37
+ return mo2f_lt( 'OTP Over SMS' );
38
+ break;
39
+ case 'OTP Over SMS And Email':
40
+ return mo2f_lt( 'OTP Over SMS And Email' );
41
+ break;
42
+ case 'Your license has expired. Please renew your license to continue using our service.':
43
+ return mo2f_lt( 'Your license has expired. Please renew your license to continue using our service.' );
44
+ break;
45
+ case 'The total transaction limit has been exceeded. Please upgrade your premium plan.':
46
+ return mo2f_lt( 'The total transaction limit has been exceeded. Please upgrade your premium plan.' );
47
+ break;
48
+ case 'The transaction limit has exceeded.':
49
+ return mo2f_lt( 'The transaction limit has exceeded.' );
50
+ break;
51
+ case 'GenerateOtpRequest is null':
52
+ return mo2f_lt( 'GenerateOtpRequest is null' );
53
+ break;
54
+ case 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
55
+ return mo2f_lt( 'The sms transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
56
+ break;
57
+ case 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.':
58
+ return mo2f_lt( 'The email transaction limit has been exceeded. Please refer to the Licensing Plans tab for purchasing your SMS transactions.' );
59
+ break;
60
+ case 'Transaction limit exceeded. Please contact your administrator':
61
+ return mo2f_lt( 'Transaction limit exceeded. Please contact your administrator' );
62
+ break;
63
+ case 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.':
64
+ return mo2f_lt( 'Free Trial has already been taken or expired for this plugin. Please upgrade to a premium plan.' );
65
+ break;
66
+ case 'Invalid format.':
67
+ return mo2f_lt( 'Invalid format.' );
68
+ break;
69
+ case 'Mobile registration failed.':
70
+ return mo2f_lt( 'Mobile registration failed.' );
71
+ break;
72
+ case 'Invalid mobile authentication request.':
73
+ return mo2f_lt( 'Invalid mobile authentication request.' );
74
+ break;
75
+ case 'Exception during SMS sending':
76
+ return mo2f_lt( 'Exception during SMS sending' );
77
+ break;
78
+ case 'There was an error during sending an SMS.':
79
+ return mo2f_lt( 'There was an error during sending an SMS.' );
80
+ break;
81
+ case 'Exception during logUserTransaction':
82
+ return mo2f_lt( 'Exception during logUserTransaction' );
83
+ break;
84
+ case 'There was an error processing the challenge user request.':
85
+ return mo2f_lt( 'There was an error processing the challenge user request.' );
86
+ break;
87
+ case 'What is your first company name?':
88
+ return mo2f_lt( 'What is your first company name?' );
89
+ break;
90
+ case 'What was your childhood nickname?':
91
+ return mo2f_lt( 'What was your childhood nickname?' );
92
+ break;
93
+ case 'In what city did you meet your spouse/significant other?':
94
+ return mo2f_lt( 'In what city did you meet your spouse/significant other?' );
95
+ break;
96
+ case 'What is the name of your favorite childhood friend?':
97
+ return mo2f_lt( 'What is the name of your favorite childhood friend?' );
98
+ break;
99
+ case "What was your first vehicle's registration number?":
100
+ return mo2f_lt( "What was your first vehicle's registration number?" );
101
+ break;
102
+ case "What is your grandmother's maiden name?":
103
+ return mo2f_lt( "What is your grandmother's maiden name?" );
104
+ break;
105
+ case 'Who is your favourite sports player?':
106
+ return mo2f_lt( 'Who is your favourite sports player?' );
107
+ break;
108
+ case 'What is your favourite sport?':
109
+ return mo2f_lt( 'What is your favourite sport?' );
110
+ break;
111
+ case 'In what city or town was your first job':
112
+ return mo2f_lt( 'In what city or town was your first job' );
113
+ break;
114
+ case 'What school did you attend for sixth grade?':
115
+ return mo2f_lt( 'What school did you attend for sixth grade?' );
116
+ break;
117
+ case 'G_AUTH':
118
+ return mo2f_lt( 'Google Authenticator' );
119
+ break;
120
+ case 'AUTHY_2FA':
121
+ return mo2f_lt( 'Authy 2-Factor Authentication' );
122
+ break;
123
+ case 'An unknown error occurred while creating the end user.':
124
+ return mo2f_lt( 'An unknown error occurred while creating the end user.' );
125
+ break;
126
+ case 'An unknown error occurred while challenging the user':
127
+ return mo2f_lt( 'An unknown error occurred while challenging the user.' );
128
+ break;
129
+ case 'An unknown error occurred while generating QR Code for registering mobile.':
130
+ return mo2f_lt( 'An unknown error occurred while generating QR Code for registering mobile.' );
131
+ break;
132
+ case 'An unknown error occurred while validating the user\'s identity.':
133
+ return mo2f_lt( 'An unknown error occurred while validating the user\'s identity.' );
134
+ break;
135
+ case 'Customer not found.':
136
+ return mo2f_lt( 'Customer not found.' );
137
+ break;
138
+ case 'The customer is not valid ':
139
+ return mo2f_lt( 'The customer is not valid' );
140
+ break;
141
+ case 'The user is not valid ':
142
+ return mo2f_lt( 'The user is not valid ' );
143
+ break;
144
+ case 'Customer already exists.':
145
+ return mo2f_lt( 'Customer already exists.' );
146
+ break;
147
+ case 'Customer Name is null':
148
+ return mo2f_lt( 'Customer Name is null' );
149
+ break;
150
+ case 'Customer check request failed.':
151
+ return mo2f_lt( 'Customer check request failed.' );
152
+ break;
153
+ case 'Invalid username or password. Please try again.':
154
+ return mo2f_lt( 'Invalid username or password. Please try again.' );
155
+ break;
156
+ case 'You are not authorized to perform this operation.':
157
+ return mo2f_lt( 'You are not authorized to perform this operation.' );
158
+ break;
159
+ case 'Invalid request. No such challenge request was initiated.':
160
+ return mo2f_lt( 'Invalid request. No such challenge request was initiated.' );
161
+ break;
162
+ case 'No OTP Token for the given request was found.':
163
+ return mo2f_lt( 'No OTP Token for the given request was found.' );
164
+ break;
165
+ case 'Query submitted.':
166
+ return mo2f_lt( 'Query submitted.' );
167
+ break;
168
+ case 'Invalid parameters.':
169
+ return mo2f_lt( 'Invalid parameters.' );
170
+ break;
171
+ case 'Alternate email cannot be same as primary email.':
172
+ return mo2f_lt( 'Alternate email cannot be same as primary email.' );
173
+ break;
174
+ case 'CustomerId is null.':
175
+ return mo2f_lt( 'CustomerId is null.' );
176
+ break;
177
+ case 'You are not authorized to create users. Please upgrade to premium plan. ':
178
+ return mo2f_lt( 'You are not authorized to create users. Please upgrade to premium plan. ' );
179
+ break;
180
+ case 'Your user creation limit has been completed. Please upgrade your license to add more users.':
181
+ return mo2f_lt( 'Your user creation limit has been completed. Please upgrade your license to add more users.' );
182
+ break;
183
+ case 'Username cannot be blank.':
184
+ return mo2f_lt( 'Username cannot be blank.' );
185
+ break;
186
+ case 'End user created successfully.':
187
+ return mo2f_lt( 'End user created successfully.' );
188
+ break;
189
+ case 'There was an exception processing the update user request.':
190
+ return mo2f_lt( 'There was an exception processing the update user request.' );
191
+ break;
192
+ case 'End user found.':
193
+ return mo2f_lt( 'End user found.' );
194
+ break;
195
+ case 'End user found under different customer. ':
196
+ return mo2f_lt( 'End user found under different customer. ' );
197
+ break;
198
+ case 'End user not found.':
199
+ return mo2f_lt( 'End user not found.' );
200
+ break;
201
+ case 'Customer successfully registered.':
202
+ return mo2f_lt( 'Customer successfully registered.' );
203
+ break;
204
+ case 'Customer registration failed.':
205
+ return mo2f_lt( 'Customer registration failed.' );
206
+ break;
207
+ case 'There was an error processing the register mobile request.':
208
+ return mo2f_lt( 'There was an error processing the register mobile request.' );
209
+ break;
210
+ case 'There was an exception processing the get user request.':
211
+ return mo2f_lt( 'There was an exception processing the get user request.' );
212
+ break;
213
+ case 'End User retrieved successfully.':
214
+ return mo2f_lt( 'End User retrieved successfully.' );
215
+ break;
216
+ case 'COMPLETED_TEST':
217
+ Return mo2f_lt( 'You have successfully completed the test.' );
218
+ break;
219
+ case 'INVALID_EMAIL_VER_REQ':
220
+ Return mo2f_lt( 'Invalid request. test case failed.');
221
+ break;
222
+ case 'INVALID_ENTRY':
223
+ Return mo2f_lt( 'All the fields are required. Please enter valid entries.' );
224
+ break;
225
+ case 'INVALID_PASSWORD':
226
+ Return mo2f_lt( 'You already have an account with miniOrange. Please enter a valid password.' );
227
+ break;
228
+ case 'INVALID_REQ':
229
+ Return mo2f_lt( 'Invalid request. Please try again' );
230
+ break;
231
+ case 'INVALID_OTP':
232
+ Return mo2f_lt( 'Invalid OTP. Please try again.' );
233
+ break;
234
+ case 'INVALID_EMAIL_OR_PASSWORD':
235
+ Return mo2f_lt( 'Invalid email or password. Please try again.' );
236
+ break;
237
+ case 'PASSWORDS_MISMATCH':
238
+ Return mo2f_lt( 'Password and Confirm password do not match.' );
239
+ break;
240
+ case 'ENTER_YOUR_EMAIL_PASSWORD':
241
+ Return mo2f_lt( 'Please enter your registered email and password.' );
242
+ break;
243
+ case 'OTP_SENT':
244
+ Return mo2f_lt( 'One Time Passcode has been sent for verification to ' );
245
+ break;
246
+ case 'ERROR_IN_SENDING_OTP_OVER_EMAIL':
247
+ Return mo2f_lt( 'There was an error in sending OTP over email. Please click on Resend OTP to try again.' );
248
+ break;
249
+ case 'ERROR_DURING_REGISTRATION':
250
+ Return mo2f_lt( 'Error occured while registration. Please try again.' );
251
+ break;
252
+ case 'ERROR_DURING_PROCESS':
253
+ Return mo2f_lt( 'An error occured while processing your request. Please Try again.' );
254
+ break;
255
+ case 'ERROR_DURING_PROCESS_EMAIL':
256
+ Return mo2f_lt( 'An error occured while processing your request. Please check your SMTP server is configured.' );
257
+ break;
258
+ case 'ERROR_WHILE_SENDING_SMS':
259
+ Return mo2f_lt( 'There was an error in sending sms. Please click on Resend OTP to try again.' );
260
+ break;
261
+ case 'ERROR_DURING_USER_REGISTRATION':
262
+ Return mo2f_lt( 'Error occurred while registering the user. Please try again.' );
263
+ break;
264
+ case 'VALIDATE_DUO':
265
+ Return mo2f_lt( 'Duo push notification validate successfully.' );
266
+ break;
267
+ case 'SET_AS_2ND_FACTOR':
268
+ Return mo2f_lt( 'is set as your 2 factor authentication method.' );
269
+ break;
270
+ case 'ERROR_WHILE_SAVING_KBA':
271
+ Return mo2f_lt( 'Error occured while saving your kba details. Please try again.' );
272
+ break;
273
+ case 'ANSWER_SECURITY_QUESTIONS':
274
+ Return mo2f_lt( 'Please answer the following security questions.' );
275
+ break;
276
+
277
+ case 'BACKUP_CODE_LIMIT_REACH':
278
+ Return mo2f_lt( 'You have already downloaded the backup codes for this domain.' );
279
+ break;
280
+ case 'BACKUP_CODE_DOMAIN_LIMIT_REACH':
281
+ Return mo2f_lt( 'User Limit is reached for your domain.' );
282
+ break;
283
+ case 'BACKUP_CODE_INVALID_REQUEST':
284
+ Return mo2f_lt( 'Invalid request.' );
285
+ break;
286
+ case 'USED_ALL_BACKUP_CODES':
287
+ Return mo2f_lt( 'You have used all of the backup codes' );
288
+ break;
289
+ case 'RESET_DUO_CONFIGURATON':
290
+ Return mo2f_lt( 'Your Duo configuration has been reset successfully.' );
291
+ break;
292
+ case 'ERROR_FETCHING_QUESTIONS':
293
+ Return mo2f_lt( 'There was an error fetching security questions. Please try again.' );
294
+ break;
295
+ case 'INVALID_ANSWERS':
296
+ Return mo2f_lt( 'Invalid Answers. Please try again.' );
297
+ break;
298
+ case 'MIN_PASS_LENGTH':
299
+ Return mo2f_lt( 'Choose a password with minimum length 6.' );
300
+ break;
301
+ case 'ACCOUNT_RETRIEVED_SUCCESSFULLY':
302
+ Return mo2f_lt( 'Your account has been retrieved successfully.' );
303
+ break;
304
+ case 'DEFAULT_2ND_FACTOR':
305
+ Return mo2f_lt( 'has been set as your default 2nd factor method' );
306
+ break;
307
+ case 'RESENT_OTP':
308
+ Return mo2f_lt( 'Another One Time Passcode has been sent' );
309
+ break;
310
+ case 'VERIFY':
311
+ Return mo2f_lt( 'for verification to' );
312
+ break;
313
+ case 'ERROR_IN_SENDING_EMAIL':
314
+ Return mo2f_lt( 'There was an error in sending email. Please click on Resend OTP to try again.' );
315
+ break;
316
+ case 'EMAIL_IN_USE':
317
+ Return mo2f_lt( 'The email is already used by other user. Please register with other email.' );
318
+ break;
319
+ case 'EMAIL_MANDATORY':
320
+ Return mo2f_lt( 'Please submit your query with email' );
321
+ break;
322
+ case 'ERROR_WHILE_SUBMITTING_QUERY':
323
+ Return mo2f_lt( 'Your query could not be submitted. Please try again.' );
324
+ break;
325
+ case 'QUERY_SUBMITTED_SUCCESSFULLY':
326
+ Return mo2f_lt( 'Thanks for getting in touch! We shall get back to you shortly.' );
327
+ break;
328
+ case 'SETTINGS_SAVED':
329
+ Return mo2f_lt( 'Your settings are saved successfully.' );
330
+ break;
331
+ case 'AUTHENTICATION_FAILED':
332
+ Return mo2f_lt( 'Authentication failed. Please try again to test the configuration.' );
333
+ break;
334
+ case 'REGISTER_WITH_MO':
335
+ Return mo2f_lt( 'Invalid request. Please register with miniOrange before configuring your mobile.' );
336
+ break;
337
+ case 'ENTER_EMAILID':
338
+ Return mo2f_lt( 'Please enter email-id to register.' );
339
+ break;
340
+ case 'ENTER_VALUE':
341
+ Return mo2f_lt( 'Please enter a value to test your authentication.' );
342
+ break;
343
+ case 'ENTER_OTP':
344
+ Return mo2f_lt( 'Please enter the one time passcode below.' );
345
+ break;
346
+ case 'ERROR_IN_SENDING_OTP':
347
+ Return mo2f_lt( 'There was an error in sending one-time passcode. Your transaction limit might have exceeded. Please contact miniOrange or upgrade to our premium plan.' );
348
+ break;
349
+ case 'ERROR_IN_SENDING_OTP_ONPREM':
350
+ Return mo2f_lt( 'There was an error in sending one-time passcode. Please check your SMTP Setup and remaining transactions.' );
351
+ break;
352
+ case 'SMTP_CHECK_FOR_EMAIL_VERIFICATON':
353
+ Return mo2f_lt('Please set your SMTP to get the email to verify the email at the time of login otherwise you will get logged out');
354
+ break;
355
+ case 'PUSH_NOTIFICATION_SENT':
356
+ Return mo2f_lt( 'A Push notification has been sent to your miniOrange Authenticator App.' );
357
+ break;
358
+ case 'ERROR_WHILE_VALIDATING_OTP':
359
+ Return mo2f_lt( 'Error occurred while validating the OTP. Please try again.' );
360
+ break;
361
+ case 'TEST_GAUTH_METHOD':
362
+ Return mo2f_lt( 'to test Google Authenticator method.' );
363
+ break;
364
+ case 'ERROR_IN_SENDING_OTP_CAUSES':
365
+ Return mo2f_lt( 'Error occurred while validating the OTP. Please try again. Possible causes:' );
366
+ break;
367
+ case 'APP_TIME_SYNC':
368
+ Return mo2f_lt( 'Your App Time is not in sync.Go to settings and tap on tap on Sync Time now .' );
369
+ break;
370
+ case 'SERVER_TIME_SYNC':
371
+ Return mo2f_lt( 'Please make sure your System and device have the same time as the displayed Server time.' );
372
+ break;
373
+ case 'ERROR_WHILE_VALIDATING_USER':
374
+ Return mo2f_lt( 'Error occurred while validating the user. Please try again.' );
375
+ break;
376
+ case 'ONLY_DIGITS_ALLOWED':
377
+ Return mo2f_lt( 'Only digits are allowed. Please enter again.' );
378
+ break;
379
+ case 'TEST_AUTHY_2FA':
380
+ Return mo2f_lt( 'to test Authy 2-Factor Authentication method.' );
381
+ break;
382
+ case 'METHOD':
383
+ Return mo2f_lt( 'method.' );
384
+ break;
385
+ case 'TO_TEST':
386
+ Return mo2f_lt( 'to test' );
387
+ break;
388
+ case 'SET_2FA':
389
+ Return mo2f_lt( 'is set as your Two-Factor method.' );
390
+ break;
391
+
392
+ case 'SET_2FA_otp':
393
+ Return mo2f_lt( 'is set as your Two-Factor method.' );
394
+ break;
395
+
396
+
397
+ case 'VERIFICATION_EMAIL_SENT':
398
+ Return mo2f_lt( 'A verification email is sent to' );
399
+ break;
400
+ case 'ACCEPT_LINK_TO_VERIFY_EMAIL':
401
+ Return mo2f_lt( 'Please click on accept link to verify your email.' );
402
+ break;
403
+ case 'ACCOUNT_CREATED':
404
+ Return mo2f_lt( 'Your account has been created successfully.' );
405
+ break;
406
+ case 'ACCOUNT_REMOVED':
407
+ Return mo2f_lt( 'Your account has been removed. Please contact your administrator.' );
408
+ break;
409
+ case 'REGISTRATION_SUCCESS':
410
+ Return mo2f_lt( 'You are registered successfully.' );
411
+ break;
412
+ case 'DENIED_REQUEST':
413
+ Return mo2f_lt( 'You have denied the request.' );
414
+ break;
415
+ case 'DENIED_DUO_REQUEST':
416
+ Return mo2f_lt( 'You have denied the request or you have not set duo push notification yet' );
417
+ break;
418
+ case 'DISABLED_2FA':
419
+ Return mo2f_lt( 'Two-Factor plugin has been disabled.' );
420
+ break;
421
+ case 'ERROR_WHILE_SAVING_SETTINGS':
422
+ Return mo2f_lt( 'Error occurred while saving the settings.Please try again.' );
423
+ break;
424
+ case 'INVALID_REQUEST':
425
+ Return mo2f_lt( 'Invalid request. Please register with miniOrange and configure 2-Factor to save your login settings.' );
426
+ break;
427
+ case 'ACCOUNT_ALREADY_EXISTS':
428
+ Return mo2f_lt( 'You already have an account with miniOrange, please sign in.' );
429
+ break;
430
+ case 'CONFIGURE_2FA':
431
+ Return mo2f_lt( 'to configure another 2 Factor authentication method.' );
432
+ break;
433
+ case 'PHONE_NOT_CONFIGURED':
434
+ Return mo2f_lt( 'Your phone number is not configured. Please configure it before selecting OTP Over SMS as your 2-factor method.' );
435
+ break;
436
+ case 'CLICK_HERE':
437
+ Return mo2f_lt( 'Click Here' );
438
+ break;
439
+ case 'ERROR_CREATE_ACC_OTP':
440
+ Return mo2f_lt( 'An error occured while creating your account. Please try again by sending OTP again.' );
441
+ break;
442
+ case 'LOGIN_WITH_2ND_FACTOR':
443
+ Return mo2f_lt( 'Please disable 2FA prompt on WP login page to enable Login with 2nd facor only.' );
444
+ break;
445
+ case 'USER_LIMIT_EXCEEDED':
446
+ Return mo2f_lt( 'Your limit of 3 users has exceeded. Please upgrade to premium plans for more users.' );
447
+ break;
448
+ default:
449
+ return $text;
450
+ }
451
+ }
452
+ }
453
+
454
+ new Mo2fConstants;
handler/twofa/two_fa_login.php CHANGED
@@ -1,403 +1,403 @@
1
- <?Php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
- class Miniorange_Mobile_Login {
27
-
28
- function mo2fa_default_login( $user, $username, $password ) {
29
-
30
- global $Mo2fdbQueries;
31
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
- if ( is_wp_error( $currentuser ) ) {
33
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
- wp_send_json_success($data);
36
- }
37
- else{
38
- return $currentuser;
39
- }
40
- } else {
41
- if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
- {
43
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
- $handleSecondFactor = new Miniorange_Password_2Factor_Login();
47
- if(is_null($session_id)) {
48
- $session_id = $handleSecondFactor->create_session();
49
- }
50
-
51
- $key = get_option('mo2f_customer_token');
52
- $otp_token = '';
53
- $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
54
-
55
- }
56
- $this->miniorange_login_start_session();
57
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
58
- $session_id=$pass2fa_login_session->create_session();
59
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
60
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
61
- if ( $mo2f_configured_2FA_method ) {
62
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
63
- $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
64
- if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
65
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
66
- $this->mo_auth_show_error_message();
67
- $this->mo2f_redirectto_wp_login();
68
- $error = new WP_Error();
69
- return $error;
70
- } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
71
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
72
- }
73
- } else { //plugin is not activated for non-admin then logged him in
74
- $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
75
- }
76
- }
77
- }
78
-
79
- public function miniorange_login_start_session() {
80
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
81
- session_start();
82
- }
83
- }
84
-
85
- function mo_auth_show_error_message($value = null) {
86
- remove_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
87
- add_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
88
- }
89
-
90
- function mo2f_redirectto_wp_login() {
91
- global $Mo2fdbQueries;
92
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
93
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
94
- if(is_null($session_id)) {
95
- $session_id=$pass2fa_login_session->create_session();
96
- }
97
- remove_action( 'login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login' ) );
98
- add_action( 'login_dequeue_scripts', array( $this, 'mo_2_factor_show_login' ) );
99
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
100
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' );
101
- } else {
102
- MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM' );
103
- }
104
- }
105
-
106
- function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
107
- $user_id = $user->ID;
108
- wp_set_current_user( $user_id, $user->user_login );
109
- $this->remove_current_activity($session_id);
110
- wp_set_auth_cookie( $user_id, true );
111
- do_action( 'wp_login', $user->user_login, $user );
112
- redirect_user_to( $user, $redirect_to );
113
- exit;
114
- }
115
-
116
- function remove_current_activity($session_id) {
117
- global $Mo2fdbQueries;
118
- $session_variables = array(
119
- 'mo2f_current_user_id',
120
- 'mo2f_1stfactor_status',
121
- 'mo_2factor_login_status',
122
- 'mo2f-login-qrCode',
123
- 'mo2f_transactionId',
124
- 'mo2f_login_message',
125
- 'mo2f_rba_status',
126
- 'mo_2_factor_kba_questions',
127
- 'mo2f_show_qr_code',
128
- 'mo2f_google_auth',
129
- 'mo2f_authy_keys'
130
- );
131
-
132
- $cookie_variables = array(
133
- 'mo2f_current_user_id',
134
- 'mo2f_1stfactor_status',
135
- 'mo_2factor_login_status',
136
- 'mo2f-login-qrCode',
137
- 'mo2f_transactionId',
138
- 'mo2f_login_message',
139
- 'mo2f_rba_status_status',
140
- 'mo2f_rba_status_sessionUuid',
141
- 'mo2f_rba_status_decision_flag',
142
- 'kba_question1',
143
- 'kba_question2',
144
- 'mo2f_show_qr_code',
145
- 'mo2f_google_auth',
146
- 'mo2f_authy_keys'
147
- );
148
-
149
- $temp_table_variables = array(
150
- 'session_id',
151
- 'mo2f_current_user_id',
152
- 'mo2f_login_message',
153
- 'mo2f_1stfactor_status',
154
- 'mo2f_transactionId',
155
- 'mo_2_factor_kba_questions',
156
- 'mo2f_rba_status',
157
- 'ts_created'
158
- );
159
-
160
- MO2f_Utility::unset_session_variables( $session_variables );
161
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
162
- MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
163
- }
164
-
165
- function custom_login_enqueue_scripts() {
166
- wp_enqueue_script( 'jquery' );
167
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
168
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
169
- wp_enqueue_style( 'bootstrap_script', $bootstrappath );
170
- wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__ ))) );
171
- }
172
-
173
- function mo_2_factor_hide_login() {
174
- $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
175
- $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
176
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
177
- $hidepath = str_replace('/handler/includes/css', '/includes/css', $hidepath);
178
-
179
- wp_register_style( 'hide-login', $hidepath );
180
- wp_register_style( 'bootstrap', $bootstrappath );
181
- wp_enqueue_style( 'hide-login' );
182
- wp_enqueue_style( 'bootstrap' );
183
-
184
- }
185
-
186
- function mo_auth_success_message() {
187
- $message = isset($_SESSION['mo2f_login_message']) ? $_SESSION['mo2f_login_message'] : '';
188
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
189
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
190
- //if the php session folder has insufficient permissions, cookies to be used
191
-
192
-
193
- if($message == '')
194
- {
195
- $message = 'Please login into your account using password.';
196
- }
197
-
198
- return "<div> <p class='message'>" . $message . "</p></div>";
199
- }
200
-
201
- function mo_auth_error_message() {
202
- $id = "login_error1";
203
- //if the php session folder has insufficient permissions, cookies to be used
204
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
205
- $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
206
- //if the php session folder has insufficient permissions, cookies to be used
207
- if($message=='')
208
- {
209
- $message = 'Invalid Username';
210
- }
211
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
212
- { //test
213
- $message = 'Invalid Username or recaptcha';
214
- }
215
- return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
216
- }
217
-
218
- function mo_auth_show_success_message() {
219
- remove_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
220
- add_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
221
- }
222
-
223
- function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
224
- global $Mo2fdbQueries;
225
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']): null;
226
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
227
-
228
- if(is_null($session_id_encrypt)) {
229
- $session_id_encrypt=$pass2fa_login_session->create_session();
230
- }
231
-
232
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
233
- //if the php session folder has insufficient permissions, cookies to be used
234
- $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' ,$session_id_encrypt);
235
-
236
- if(MO2F_IS_ONPREM)
237
- {
238
- $userName = isset($_POST['mo2fa_username']) ? sanitize_text_field($_POST['mo2fa_username']) : '';
239
-
240
- if(!empty($userName))
241
- {
242
- $user = get_user_by('login',$userName);
243
- if($user)
244
- {
245
- //$currentMethod = get_user_meta($user->ID, 'currentMethod', true);
246
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
247
- if($currentMethod == 'None' or $currentMethod == '')
248
- $login_status_phone_enable = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
249
- }
250
- }
251
- }
252
- if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_login_nonce']), 'miniorange-2-factor-login-nonce' ) ) {
253
- $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
- $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
- $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
256
- $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
- ?>
258
- <script>
259
- jQuery('#user_login').val(<?php echo "'" . $mo2f_user_login . "'"; ?>);
260
- </script><?php
261
- } else {
262
- $this->mo_2_factor_show_login();
263
- $this->mo_2_factor_show_wp_login_form();
264
- }
265
- } else { //Login with phone is alogin with default login form
266
- $this->mo_2_factor_show_login();
267
- $this->mo_2_factor_show_wp_login_form();
268
- }
269
-
270
- }
271
-
272
- function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
273
- wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ ))) );
274
- wp_enqueue_style( 'show-login' );
275
- }
276
-
277
-
278
- // login form fields
279
-
280
- function mo_2_factor_show_wp_login_form_when_phonelogin_enabled() {
281
- ?>
282
- <script>
283
- var content = ' <a href="javascript:void(0)" id="backto_mo" onClick="mo2fa_backtomologin()" style="float:right">← Back</a>';
284
- jQuery('#login').append(content);
285
-
286
- function mo2fa_backtomologin() {
287
- jQuery('#mo2f_backto_mo_loginform').submit();
288
- }
289
- </script>
290
- <?php
291
- }
292
-
293
- function mo_2_factor_show_login() {
294
- $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
295
-
296
- $showpath = plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ )));
297
-
298
- if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
299
- wp_register_style( 'show-login', $hidepath );
300
- } else {
301
- wp_register_style( 'show-login', $showpath );
302
- }
303
- wp_enqueue_style( 'show-login' );
304
- }
305
-
306
- function mo_2_factor_show_wp_login_form() {
307
- $mo2f_enable_login_with_2nd_factor = get_option( 'mo2f_enable_login_with_2nd_factor' );
308
-
309
-
310
- ?>
311
- <div class="mo2f-login-container">
312
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?>
313
- <div style="position: relative" class="or-container">
314
- <div class="login_with_2factor_inner_div"></div>
315
- <h2 class="login_with_2factor_h2"><?php echo mo2f_lt( 'or' ); ?></h2>
316
- </div>
317
- <?php } ?>
318
-
319
- <br>
320
- <div class="mo2f-button-container" id="mo2f_button_container">
321
- <input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true"
322
- placeholder="<?php echo mo2f_lt( 'Username' ); ?>"/>
323
- <p>
324
-
325
- <input type="button" name="miniorange_login_submit" style="width:100% !important;"
326
- onclick="mouserloginsubmit();" id="miniorange_login_submit"
327
- class="button button-primary button-large"
328
- value="<?php echo mo2f_lt( 'Login with 2nd factor' ); ?>"/>
329
- </p>
330
- <br><br><br>
331
- <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?><br><br><?php } ?>
332
- </div>
333
- </div>
334
-
335
- <script>
336
- jQuery(window).scrollTop(jQuery('#mo2f_button_container').offset().top);
337
-
338
- function mouserloginsubmit() {
339
- var username = jQuery('#mo2fa_usernamekey').val();
340
- var recap = jQuery('#g-recaptcha-response').val();
341
- if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
342
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
343
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[1].value = recap;
344
-
345
- jQuery('#mo2fa-g-recaptcha-response-form').submit();
346
- }
347
- }
348
-
349
- jQuery('#mo2fa_usernamekey').keypress(function (e) {
350
- if (e.which == 13) {//Enter key pressed
351
- e.preventDefault();
352
- var username = jQuery('#mo2fa_usernamekey').val();
353
- if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
354
- document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
355
- jQuery('#mo2fa-g-recaptcha-response-form').submit();
356
- }
357
- }
358
-
359
- });
360
- </script>
361
- <?php
362
- }
363
-
364
- function miniorange_login_footer_form() {
365
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
366
- $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
367
- if(is_null($session_id_encrypt)) {
368
- $session_id_encrypt=$pass2fa_login_session->create_session();
369
- }
370
-
371
- ?>
372
- <input type="hidden" name="miniorange_login_nonce"
373
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
375
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
- <input type="hidden" id="sessids" name="session_id"
378
- value="<?php echo $session_id_encrypt; ?>"/>
379
- </form>
380
- <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
- <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
- <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
- <input type="hidden" name="miniorange_login_nonce"
384
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
- <input type="hidden" id="sessid" name="session_id"
386
- value="<?php echo $session_id_encrypt; ?>"/>
387
- </form>
388
- <script>
389
- jQuery(document).ready(function () {
390
- var session_ids="<?php echo $session_id_encrypt; ?>";
391
- if (document.getElementById('loginform') != null) {
392
- jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
- jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
-
395
- }
396
- });
397
- </script>
398
- <?php
399
-
400
- }
401
- }
402
-
403
  ?>
1
+ <?Php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_common_login.php';
25
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'mo2fa_inline_registration.php';
26
+ class Miniorange_Mobile_Login {
27
+
28
+ function mo2fa_default_login( $user, $username, $password ) {
29
+
30
+ global $Mo2fdbQueries;
31
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
32
+ if ( is_wp_error( $currentuser ) ) {
33
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
34
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
35
+ wp_send_json_success($data);
36
+ }
37
+ else{
38
+ return $currentuser;
39
+ }
40
+ } else {
41
+ if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
+ {
43
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
+ $handleSecondFactor = new Miniorange_Password_2Factor_Login();
47
+ if(is_null($session_id)) {
48
+ $session_id = $handleSecondFactor->create_session();
49
+ }
50
+
51
+ $key = get_option('mo2f_customer_token');
52
+ $otp_token = '';
53
+ $error=$handleSecondFactor->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
54
+
55
+ }
56
+ $this->miniorange_login_start_session();
57
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
58
+ $session_id=$pass2fa_login_session->create_session();
59
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
60
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
61
+ if ( $mo2f_configured_2FA_method ) {
62
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
63
+ $mo2f_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
64
+ if ( $mo2f_user_email && $mo2f_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
65
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", '<strong>ERROR</strong>: Login with password is disabled for you. Please Login using your phone.' );
66
+ $this->mo_auth_show_error_message();
67
+ $this->mo2f_redirectto_wp_login();
68
+ $error = new WP_Error();
69
+ return $error;
70
+ } else { //if user has not configured any 2nd factor method then logged him in without asking 2nd factor
71
+ $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
72
+ }
73
+ } else { //plugin is not activated for non-admin then logged him in
74
+ $this->mo2f_verify_and_authenticate_userlogin( $currentuser, $redirect_to,$session_id );
75
+ }
76
+ }
77
+ }
78
+
79
+ public function miniorange_login_start_session() {
80
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
81
+ session_start();
82
+ }
83
+ }
84
+
85
+ function mo_auth_show_error_message($value = null) {
86
+ remove_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
87
+ add_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
88
+ }
89
+
90
+ function mo2f_redirectto_wp_login() {
91
+ global $Mo2fdbQueries;
92
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
93
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
94
+ if(is_null($session_id)) {
95
+ $session_id=$pass2fa_login_session->create_session();
96
+ }
97
+ remove_action( 'login_enqueue_scripts', array( $this, 'mo_2_factor_hide_login' ) );
98
+ add_action( 'login_dequeue_scripts', array( $this, 'mo_2_factor_show_login' ) );
99
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
100
+ MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' );
101
+ } else {
102
+ MO2f_Utility::set_user_values( $session_id, "mo_2factor_login_status", 'MO_2_FACTOR_SHOW_USERPASS_LOGIN_FORM' );
103
+ }
104
+ }
105
+
106
+ function mo2f_verify_and_authenticate_userlogin( $user, $redirect_to = null, $session_id=null ) {
107
+ $user_id = $user->ID;
108
+ wp_set_current_user( $user_id, $user->user_login );
109
+ $this->remove_current_activity($session_id);
110
+ wp_set_auth_cookie( $user_id, true );
111
+ do_action( 'wp_login', $user->user_login, $user );
112
+ redirect_user_to( $user, $redirect_to );
113
+ exit;
114
+ }
115
+
116
+ function remove_current_activity($session_id) {
117
+ global $Mo2fdbQueries;
118
+ $session_variables = array(
119
+ 'mo2f_current_user_id',
120
+ 'mo2f_1stfactor_status',
121
+ 'mo_2factor_login_status',
122
+ 'mo2f-login-qrCode',
123
+ 'mo2f_transactionId',
124
+ 'mo2f_login_message',
125
+ 'mo2f_rba_status',
126
+ 'mo_2_factor_kba_questions',
127
+ 'mo2f_show_qr_code',
128
+ 'mo2f_google_auth',
129
+ 'mo2f_authy_keys'
130
+ );
131
+
132
+ $cookie_variables = array(
133
+ 'mo2f_current_user_id',
134
+ 'mo2f_1stfactor_status',
135
+ 'mo_2factor_login_status',
136
+ 'mo2f-login-qrCode',
137
+ 'mo2f_transactionId',
138
+ 'mo2f_login_message',
139
+ 'mo2f_rba_status_status',
140
+ 'mo2f_rba_status_sessionUuid',
141
+ 'mo2f_rba_status_decision_flag',
142
+ 'kba_question1',
143
+ 'kba_question2',
144
+ 'mo2f_show_qr_code',
145
+ 'mo2f_google_auth',
146
+ 'mo2f_authy_keys'
147
+ );
148
+
149
+ $temp_table_variables = array(
150
+ 'session_id',
151
+ 'mo2f_current_user_id',
152
+ 'mo2f_login_message',
153
+ 'mo2f_1stfactor_status',
154
+ 'mo2f_transactionId',
155
+ 'mo_2_factor_kba_questions',
156
+ 'mo2f_rba_status',
157
+ 'ts_created'
158
+ );
159
+
160
+ MO2f_Utility::unset_session_variables( $session_variables );
161
+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
162
+ MO2f_Utility::unset_temp_user_details_in_table( null, $session_id, 'destroy');
163
+ }
164
+
165
+ function custom_login_enqueue_scripts() {
166
+ wp_enqueue_script( 'jquery' );
167
+ $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
168
+ $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
169
+ wp_enqueue_style( 'bootstrap_script', $bootstrappath );
170
+ wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__ ))) );
171
+ }
172
+
173
+ function mo_2_factor_hide_login() {
174
+ $bootstrappath = plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', dirname(dirname(__FILE__)) );
175
+ $bootstrappath = str_replace('/handler/includes/css', '/includes/css', $bootstrappath);
176
+ $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
177
+ $hidepath = str_replace('/handler/includes/css', '/includes/css', $hidepath);
178
+
179
+ wp_register_style( 'hide-login', $hidepath );
180
+ wp_register_style( 'bootstrap', $bootstrappath );
181
+ wp_enqueue_style( 'hide-login' );
182
+ wp_enqueue_style( 'bootstrap' );
183
+
184
+ }
185
+
186
+ function mo_auth_success_message() {
187
+ $message = isset($_SESSION['mo2f_login_message']) ? $_SESSION['mo2f_login_message'] : '';
188
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
189
+ $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
190
+ //if the php session folder has insufficient permissions, cookies to be used
191
+
192
+
193
+ if($message == '')
194
+ {
195
+ $message = 'Please login into your account using password.';
196
+ }
197
+
198
+ return "<div> <p class='message'>" . $message . "</p></div>";
199
+ }
200
+
201
+ function mo_auth_error_message() {
202
+ $id = "login_error1";
203
+ //if the php session folder has insufficient permissions, cookies to be used
204
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
205
+ $message = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_login_message', $session_id );
206
+ //if the php session folder has insufficient permissions, cookies to be used
207
+ if($message=='')
208
+ {
209
+ $message = 'Invalid Username';
210
+ }
211
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
212
+ { //test
213
+ $message = 'Invalid Username or recaptcha';
214
+ }
215
+ return "<div id='" . $id . "'> <p>" . $message . "</p></div>";
216
+ }
217
+
218
+ function mo_auth_show_success_message() {
219
+ remove_filter( 'login_message', array( $this, 'mo_auth_error_message' ) );
220
+ add_filter( 'login_message', array( $this, 'mo_auth_success_message' ) );
221
+ }
222
+
223
+ function miniorange_login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null ) {
224
+ global $Mo2fdbQueries;
225
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']): null;
226
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
227
+
228
+ if(is_null($session_id_encrypt)) {
229
+ $session_id_encrypt=$pass2fa_login_session->create_session();
230
+ }
231
+
232
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) { //login with phone overwrite default login form
233
+ //if the php session folder has insufficient permissions, cookies to be used
234
+ $login_status_phone_enable = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo_2factor_login_status' ,$session_id_encrypt);
235
+
236
+ if(MO2F_IS_ONPREM)
237
+ {
238
+ $userName = isset($_POST['mo2fa_username']) ? sanitize_text_field($_POST['mo2fa_username']) : '';
239
+
240
+ if(!empty($userName))
241
+ {
242
+ $user = get_user_by('login',$userName);
243
+ if($user)
244
+ {
245
+ //$currentMethod = get_user_meta($user->ID, 'currentMethod', true);
246
+ $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
247
+ if($currentMethod == 'None' or $currentMethod == '')
248
+ $login_status_phone_enable = 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED';
249
+ }
250
+ }
251
+ }
252
+ if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_login_nonce']), 'miniorange-2-factor-login-nonce' ) ) {
253
+ $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
+ $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
+ $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
256
+ $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
+ ?>
258
+ <script>
259
+ jQuery('#user_login').val(<?php echo "'" . $mo2f_user_login . "'"; ?>);
260
+ </script><?php
261
+ } else {
262
+ $this->mo_2_factor_show_login();
263
+ $this->mo_2_factor_show_wp_login_form();
264
+ }
265
+ } else { //Login with phone is alogin with default login form
266
+ $this->mo_2_factor_show_login();
267
+ $this->mo_2_factor_show_wp_login_form();
268
+ }
269
+
270
+ }
271
+
272
+ function mo_2_factor_show_login_with_password_when_phonelogin_enabled() {
273
+ wp_register_style( 'show-login', plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ ))) );
274
+ wp_enqueue_style( 'show-login' );
275
+ }
276
+
277
+
278
+ // login form fields
279
+
280
+ function mo_2_factor_show_wp_login_form_when_phonelogin_enabled() {
281
+ ?>
282
+ <script>
283
+ var content = ' <a href="javascript:void(0)" id="backto_mo" onClick="mo2fa_backtomologin()" style="float:right">← Back</a>';
284
+ jQuery('#login').append(content);
285
+
286
+ function mo2fa_backtomologin() {
287
+ jQuery('#mo2f_backto_mo_loginform').submit();
288
+ }
289
+ </script>
290
+ <?php
291
+ }
292
+
293
+ function mo_2_factor_show_login() {
294
+ $hidepath = plugins_url( 'includes/css/hide-login-form.css?version=5.1.21', dirname(dirname(__FILE__)) );
295
+
296
+ $showpath = plugins_url( 'includes/css/show-login.css?version=5.1.21', dirname(dirname(__FILE__ )));
297
+
298
+ if ( get_option( 'mo2f_enable_login_with_2nd_factor' ) ) {
299
+ wp_register_style( 'show-login', $hidepath );
300
+ } else {
301
+ wp_register_style( 'show-login', $showpath );
302
+ }
303
+ wp_enqueue_style( 'show-login' );
304
+ }
305
+
306
+ function mo_2_factor_show_wp_login_form() {
307
+ $mo2f_enable_login_with_2nd_factor = get_option( 'mo2f_enable_login_with_2nd_factor' );
308
+
309
+
310
+ ?>
311
+ <div class="mo2f-login-container">
312
+ <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?>
313
+ <div style="position: relative" class="or-container">
314
+ <div class="login_with_2factor_inner_div"></div>
315
+ <h2 class="login_with_2factor_h2"><?php echo mo2f_lt( 'or' ); ?></h2>
316
+ </div>
317
+ <?php } ?>
318
+
319
+ <br>
320
+ <div class="mo2f-button-container" id="mo2f_button_container">
321
+ <input type="text" name="mo2fa_usernamekey" id="mo2fa_usernamekey" autofocus="true"
322
+ placeholder="<?php echo mo2f_lt( 'Username' ); ?>"/>
323
+ <p>
324
+
325
+ <input type="button" name="miniorange_login_submit" style="width:100% !important;"
326
+ onclick="mouserloginsubmit();" id="miniorange_login_submit"
327
+ class="button button-primary button-large"
328
+ value="<?php echo mo2f_lt( 'Login with 2nd factor' ); ?>"/>
329
+ </p>
330
+ <br><br><br>
331
+ <?php if ( ! $mo2f_enable_login_with_2nd_factor ) { ?><br><br><?php } ?>
332
+ </div>
333
+ </div>
334
+
335
+ <script>
336
+ jQuery(window).scrollTop(jQuery('#mo2f_button_container').offset().top);
337
+
338
+ function mouserloginsubmit() {
339
+ var username = jQuery('#mo2fa_usernamekey').val();
340
+ var recap = jQuery('#g-recaptcha-response').val();
341
+ if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
342
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
343
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[1].value = recap;
344
+
345
+ jQuery('#mo2fa-g-recaptcha-response-form').submit();
346
+ }
347
+ }
348
+
349
+ jQuery('#mo2fa_usernamekey').keypress(function (e) {
350
+ if (e.which == 13) {//Enter key pressed
351
+ e.preventDefault();
352
+ var username = jQuery('#mo2fa_usernamekey').val();
353
+ if(document.getElementById("mo2fa-g-recaptcha-response-form") !== null){
354
+ document.getElementById("mo2fa-g-recaptcha-response-form").elements[0].value = username;
355
+ jQuery('#mo2fa-g-recaptcha-response-form').submit();
356
+ }
357
+ }
358
+
359
+ });
360
+ </script>
361
+ <?php
362
+ }
363
+
364
+ function miniorange_login_footer_form() {
365
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
366
+ $pass2fa_login_session = new Miniorange_Password_2Factor_Login();
367
+ if(is_null($session_id_encrypt)) {
368
+ $session_id_encrypt=$pass2fa_login_session->create_session();
369
+ }
370
+
371
+ ?>
372
+ <input type="hidden" name="miniorange_login_nonce"
373
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
375
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
+ <input type="hidden" id="sessids" name="session_id"
378
+ value="<?php echo $session_id_encrypt; ?>"/>
379
+ </form>
380
+ <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
+ <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
+ <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
+ <input type="hidden" name="miniorange_login_nonce"
384
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
+ <input type="hidden" id="sessid" name="session_id"
386
+ value="<?php echo $session_id_encrypt; ?>"/>
387
+ </form>
388
+ <script>
389
+ jQuery(document).ready(function () {
390
+ var session_ids="<?php echo $session_id_encrypt; ?>";
391
+ if (document.getElementById('loginform') != null) {
392
+ jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
+ jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
+
395
+ }
396
+ });
397
+ </script>
398
+ <?php
399
+
400
+ }
401
+ }
402
+
403
  ?>
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1,3576 +1,3576 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
-
25
- include 'two_fa_login.php';
26
- class Miniorange_Password_2Factor_Login {
27
-
28
- private $mo2f_kbaquestions;
29
- private $mo2f_userID;
30
- private $mo2f_rbastatus;
31
- private $mo2f_transactionid;
32
-
33
- function mo2f_inline_login(){
34
- global $moWpnsUtility;
35
- $email = sanitize_email( $_POST['email'] );
36
- $password = sanitize_text_field( $_POST['password'] );
37
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
38
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
39
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
40
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
- {
42
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
- return;
46
- }
47
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
- }
49
- function mo2f_inline_register(){
50
- global $moWpnsUtility, $Mo2fdbQueries;
51
- $email = sanitize_email($_POST['email']);
52
- $company = $_SERVER["SERVER_NAME"];
53
- $password = sanitize_text_field($_POST['password']);
54
- $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
56
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
57
-
58
-
59
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
60
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
61
- {
62
- $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
63
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
64
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
65
- }
66
- if( $password != $confirmPassword )
67
- {
68
- $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
69
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
70
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
71
- }
72
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
73
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
74
- {
75
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
76
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
77
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
78
- }
79
-
80
- update_option( 'mo2f_email', $email );
81
-
82
- update_option( 'mo_wpns_company' , $company );
83
-
84
- update_option( 'mo_wpns_password' , $password );
85
-
86
- $customer = new MocURL();
87
- $content = json_decode($customer->check_customer($email), true);
88
- $Mo2fdbQueries->insert_user( $user_id );
89
- switch ($content['status'])
90
- {
91
- case 'CUSTOMER_NOT_FOUND':
92
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
93
-
94
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
95
- {
96
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
97
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
98
- }
99
-
100
- break;
101
- default:
102
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
103
- break;
104
- }
105
-
106
- }
107
-
108
- function mo2f_download_backup_codes_inline(){
109
- $nonce = sanitize_text_field($_POST['mo2f_inline_backup_nonce']);
110
- $backups= sanitize_text_field($_POST['mo2f_inline_backup_codes']);
111
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-backup-nonce' ) ) {
112
- $error = new WP_Error();
113
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
114
- return $error;
115
- } else {
116
- $codes=explode(",", $backups);
117
- $session_id = sanitize_text_field($_POST['session_id']);
118
- $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
119
-
120
-
121
- update_user_meta($id, 'mo_backup_code_downloaded', 1);
122
- delete_user_meta($id, 'chqwetcsdvnvd');
123
- MO2f_Utility::mo2f_download_backup_codes($id, $codes);
124
- }
125
- }
126
-
127
- function mo2f_goto_wp_dashboard(){
128
- global $Mo2fdbQueries;
129
- $nonce = sanitize_text_field($_POST['mo2f_inline_wp_dashboard_nonce']);
130
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-wp-dashboard-nonce' ) ) {
131
- $error = new WP_Error();
132
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
133
- return $error;
134
- } else {
135
- $pass2fa= new Miniorange_Password_2Factor_Login();
136
- $pass2fa->mo2fa_pass2login(esc_url_raw($_POST['redirect_to']),sanitize_text_field($_POST['session_id']));
137
- exit;
138
- }
139
- }
140
-
141
- function mo2f_use_backup_codes($POSTED){
142
- $nonce = sanitize_text_field($POSTED['miniorange_backup_nonce']);
143
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-backup-nonce' ) ) {
144
- $error = new WP_Error();
145
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
146
- return $error;
147
- }else {
148
- $this->miniorange_pass2login_start_session();
149
- $session_id_encrypt = isset($POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
150
- $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
151
- $mo2fa_login_message = __('Please provide your backup codes.','miniorange-2-factor-authentication');
152
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
153
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
154
- }
155
- }
156
-
157
- function check_backup_codes_validation($POSTED){
158
- global $Mo2fdbQueries;
159
- $nonce = sanitize_text_field($POSTED['miniorange_validate_backup_nonce']);
160
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
161
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-validate-backup-nonce' ) ) {
162
- $error = new WP_Error();
163
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
164
- return $error;
165
- } else {
166
- $this->miniorange_pass2login_start_session();
167
- $currentuser_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
168
- $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
169
- if(isset($currentuser_id)){
170
- if(MO2f_Utility::mo2f_check_empty_or_null($POSTED[ 'mo2f_backup_code' ]) ){
171
- $mo2fa_login_message = __('Please provide backup code.','miniorange-2-factor-authentication');
172
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
173
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
174
- }
175
- $backup_codes=get_user_meta($currentuser_id,'mo2f_backup_codes',true);
176
- $mo2f_backup_code= sanitize_text_field($POSTED[ 'mo2f_backup_code' ]);
177
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser_id );
178
-
179
- if(!empty($backup_codes)){
180
- $mo2f_backup_code = md5($mo2f_backup_code);
181
- if(in_array($mo2f_backup_code,$backup_codes)){
182
- foreach ($backup_codes as $key => $value) {
183
- if($value==$mo2f_backup_code){
184
- unset($backup_codes[$key]);
185
- update_user_meta($currentuser_id,'mo2f_backup_codes', $backup_codes);
186
- $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
187
- }
188
- }
189
- }else{
190
- $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
191
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
192
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
193
- }
194
- }else{
195
-
196
- if(isset($mo2f_backup_code)){
197
- $generate_backup_code = new Customer_Cloud_Setup();
198
- $data = $generate_backup_code->mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email);
199
-
200
- if( $data == 'success'){
201
- $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
202
- }else if($data == 'error_in_validation'){
203
- $mo2fa_login_message = __('Error occurred while validating the backup codes.','miniorange-2-factor-authentication');
204
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
205
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
206
- }else if($data == 'used_code'){
207
- $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
208
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
209
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
210
- }else if($data == 'total_code_used'){
211
- $mo2fa_login_message = __('You have used all the backup codes. Please contact <a herf="mailto:2fasupport@xecurify.com">2fasupport@xecurify.com</a>','miniorange-2-factor-authentication');
212
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
213
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
214
- }else if($data == 'backup_code_not_generated'){
215
- $mo2fa_login_message = __('Backup code has not generated for you.','miniorange-2-factor-authentication');
216
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
217
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
218
- }else if($data == 'DBConnectionerror'){
219
- $mo2fa_login_message = __('Error occurred while establising connection.','miniorange-2-factor-authentication');
220
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
221
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
222
-
223
- }else if($data == 'missingparameter'){
224
- $mo2fa_login_message = __('Some parameters are missing while validating backup codes.');
225
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
226
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
227
- }
228
-
229
-
230
- }else{
231
- $mo2fa_login_message = __('Please enter backup code.','miniorange-2-factor-authentication');
232
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
233
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
234
- }
235
- }
236
-
237
-
238
- }else{
239
- $this->remove_current_activity($session_id_encrypt);
240
- return new WP_Error('invalid_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') . '</strong>: ' . __('Please try again..', 'miniorange-2-factor-authentication'));
241
- }
242
- }
243
- }
244
-
245
- function mo2f_create_backup_codes(){
246
- $nonce = sanitize_text_field($_POST['miniorange_generate_backup_nonce']);
247
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-generate-backup-nonce' ) ) {
248
- $error = new WP_Error();
249
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
250
- return $error;
251
- }else {
252
- global $Mo2fdbQueries;
253
-
254
- $redirect_to = esc_url_raw($_POST['redirect_to']);
255
- $session_id = sanitize_text_field($_POST['session_id']);
256
- $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
257
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
258
- if(empty($mo2f_user_email)){
259
- $currentuser = get_user_by( 'id', $id );
260
- $mo2f_user_email = $currentuser->user_email;
261
- }
262
- $generate_backup_code = new Customer_Cloud_Setup();
263
- $codes=$generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
264
- if($codes == 'AllUsed'){
265
- $mo2fa_login_message = "You have already used all the backup codes for this user and domain.";
266
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
267
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
268
- }else if($codes == 'UserLimitReached') {
269
- $mo2fa_login_message = "Backup code generation limit has reached for this domain.";
270
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
271
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
272
- }else if($codes == 'LimitReached'){
273
- $mo2fa_login_message = "backup code generation limit has reached for this user.";
274
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
275
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
276
- }else if($codes == 'invalid_request'){
277
- $mo2fa_login_message = "Invalid request.";
278
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
279
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
280
- }
281
- $codes = explode(' ', $codes);
282
- $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
283
- $str1="";
284
- for ($x = 0; $x < sizeof($codes); $x++) {
285
- $str = $codes[$x];
286
- $str1.=$str;
287
- if($x != 4){
288
- $str1.=',';
289
- }
290
- }
291
-
292
- $key = get_option( 'mo2f_encryption_key' );
293
- $codes_encrypt = MO2f_Utility::encrypt_data($str1, $key);
294
- update_user_meta($id,'chqwetcsdvnvd', $codes_encrypt);
295
-
296
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
297
- if(empty($mo2f_user_email)){
298
- $currentuser = get_user_by( 'id', $id );
299
- $mo2f_user_email = $currentuser->user_email;
300
- }
301
- $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
302
- update_user_meta($id, 'mo_backup_code_generated', 1);
303
-
304
- $mo2fa_login_message = "An email containing the backup codes has been sent. Please click on Use backup codes to login using the backup codes.";
305
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
306
-
307
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
308
- }
309
- }
310
-
311
- function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
312
- {
313
- global $Mo2fdbQueries;
314
- $customer = new MocURL();
315
-
316
- $content = $customer->get_customer_key($email, $password);
317
- $customerKey = json_decode($content, true);
318
- if(json_last_error() == JSON_ERROR_NONE)
319
- {
320
- if(isset($customerKey['phone'])){
321
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
322
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
323
- }
324
- update_option('mo2f_email',$email);
325
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
326
- $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
327
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
328
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
329
- }
330
- else
331
- {
332
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
333
- $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
334
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
335
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
336
- }
337
- }
338
-
339
- function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
340
- {
341
- global $Mo2fdbQueries;
342
- update_option( 'mo2f_customerKey' , $id );
343
- update_option( 'mo2f_api_key' , $apiKey );
344
- update_option( 'mo2f_customer_token' , $token );
345
- update_option( 'mo2f_app_secret' , $appSecret );
346
- update_option( 'mo_wpns_enable_log_requests' , true );
347
- update_option( 'mo2f_miniorange_admin', $id );
348
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
349
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
350
- $Mo2fdbQueries->update_user_details( $user_id, array(
351
- 'mo2f_user_email' =>$email
352
- ) );
353
- }
354
- function mo2f_inline_validate_otp(){
355
- if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
356
- $nonce = sanitize_text_field($_POST['miniorange_inline_validate_otp_nonce']);
357
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
358
- $error = new WP_Error();
359
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
360
- return $error;
361
- } else {
362
- global $Mo2fdbQueries;
363
- $this->miniorange_pass2login_start_session();
364
- $otp_token = '';
365
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
366
- $mo2fa_login_message = '';
367
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
368
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
369
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
370
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
371
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
372
- } else{
373
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
374
- }
375
- $current_user = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
376
-
377
-
378
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
379
-
380
- if($selected_2factor_method == 'OTP Over Telegram')
381
- {
382
-
383
- $userID = $current_user;
384
- $otp = $otp_token;
385
- $otpToken = get_user_meta($userID,'mo2f_otp_token',true);
386
- $time = get_user_meta($userID,'mo2f_telegram_time',true);
387
- $accepted_time = time()-300;
388
- $time = (int)$time;
389
-
390
-
391
- if($otp == $otpToken)
392
- {
393
- if($accepted_time<$time){
394
- update_user_meta($userID,'mo2f_chat_id',get_user_meta($userID,'mo2f_temp_chatID',true));
395
- delete_user_meta($userID,'mo2f_temp_chatID');
396
- delete_user_meta($userID,'mo2f_otp_token');
397
- delete_user_meta($userID,'mo2f_telegram_time');
398
- $Mo2fdbQueries->update_user_details($userID, array(
399
- "mo2f_configured_2FA_method" => 'OTP Over Telegram',
400
- 'mo2f_OTPOverTelegram_config_status' => true,
401
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
402
- ) );
403
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
404
- }
405
- else
406
- {
407
- delete_user_meta($userID,'mo2f_otp_token');
408
- delete_user_meta($userID,'mo2f_telegram_time');
409
- $mo2fa_login_message = __('OTP has been expired please initiate a new transaction by clicking on verify button.','miniorange-2-factor-authentication');
410
- }
411
- }
412
- else
413
- {
414
- $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
415
- }
416
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
417
- }
418
-
419
- $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
420
- $customer = new Customer_Setup();
421
- $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
422
- if($content['status'] == 'ERROR'){
423
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
424
- }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
425
- $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
426
- if($user_phone && strlen($user_phone) >= 4){
427
- if($phone != $user_phone ){
428
-
429
- $Mo2fdbQueries->update_user_details( $current_user, array(
430
- 'mobile_registration_status' =>false
431
- ) );
432
- }
433
- }
434
-
435
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
436
- if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
437
- $Mo2fdbQueries->update_user_details( $current_user, array(
438
- 'mo2f_OTPOverSMS_config_status' =>true,
439
- 'mo2f_user_phone' =>$phone
440
- ) );
441
- }else{
442
- $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
443
-
444
- }
445
- $Mo2fdbQueries->update_user_details($current_user, array(
446
- "mo2f_configured_2FA_method" => 'OTP Over SMS',
447
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
448
- ) );
449
- $TwoF_setup = new Two_Factor_Setup();
450
- $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
451
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
452
-
453
- }else{ // OTP Validation failed.
454
- $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
455
- }
456
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
457
- }
458
- }
459
-
460
- }
461
- function mo2f_inline_send_otp(){
462
- if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
463
- $nonce = sanitize_text_field($_POST['miniorange_inline_verify_phone_nonce']);
464
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
465
- $error = new WP_Error();
466
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
467
- return $error;
468
- } else {
469
- global $Mo2fdbQueries;
470
- $this->miniorange_pass2login_start_session();
471
- if(isset($_POST['verify_phone']))
472
- $phone = sanitize_text_field( $_POST['verify_phone'] );
473
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
474
-
475
- $current_user = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
476
-
477
-
478
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
479
- $customer = new Customer_Setup();
480
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
481
- $parameters = array();
482
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
483
-
484
- $mo2fa_login_message = '';
485
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
486
- if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
487
- $phone = sanitize_text_field( $_POST['verify_phone'] );
488
- if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
489
- $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
490
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
491
- }
492
- $phone = str_replace(' ', '', $phone);
493
- update_user_meta($current_user,'mo2f_user_phone',$phone);
494
- }
495
- if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
496
- $currentMethod = "SMS";
497
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
498
- $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
499
- $parameters = array("phone" => $phone, "email" => $email);
500
- }else if($selected_2factor_method == 'PHONE VERIFICATION'){
501
- $currentMethod = "PHONE_VERIFICATION";
502
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
503
- $currentMethod = "OTP_OVER_EMAIL";
504
- $parameters = $email;
505
- }
506
-
507
- else if($selected_2factor_method == 'OTP Over Telegram')
508
- {
509
- $currentMethod = "OTP Over Telegram";
510
- $user_id = $current_user;
511
- $chatID = sanitize_text_field($_POST['verify_chatID']);
512
- $otpToken = '';
513
- for($i=1;$i<7;$i++)
514
- {
515
- $otpToken .= rand(0,9);
516
- }
517
-
518
- update_user_meta($user_id,'mo2f_otp_token',$otpToken);
519
- update_user_meta($user_id,'mo2f_telegram_time',time());
520
- update_user_meta($user_id,'mo2f_temp_chatID',$chatID);
521
- $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
522
- $postdata = array( 'mo2f_otp_token' => $otpToken,
523
- 'mo2f_chatid' => $chatID
524
- );
525
-
526
- $handle = curl_init();
527
-
528
- curl_setopt_array($handle,
529
- array(
530
- CURLOPT_URL => $url,
531
- CURLOPT_POST => true,
532
- CURLOPT_POSTFIELDS => $postdata,
533
- CURLOPT_RETURNTRANSFER => true,
534
- CURLOPT_SSL_VERIFYHOST => FALSE,
535
- CURLOPT_SSL_VERIFYPEER => FALSE,
536
-
537
- )
538
- );
539
-
540
- $data = curl_exec($handle);
541
- curl_close($handle);
542
- if($data == 'SUCCESS')
543
- $mo2fa_login_message = 'An OTP has been sent to your given chat ID. Please enter it below for verification.';
544
- else
545
- $mo2fa_login_message = 'There were an erroe while sending the OTP. Please confirm your chatID and try again.';
546
-
547
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
548
-
549
- }
550
- if($selected_2factor_method == 'SMS AND EMAIL'){
551
- $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
552
- }
553
- else if($selected_2factor_method == 'OTP OVER EMAIL'){
554
- $content = json_decode($customer->send_otp_token($email,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
555
- }
556
- else{
557
- $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
558
-
559
- }
560
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
561
- if($content['status'] == 'ERROR'){
562
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
563
- }else if($content['status'] == 'SUCCESS'){
564
- update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
565
- if($selected_2factor_method == 'SMS'){
566
- if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')>0)
567
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
568
- $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
569
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
570
- $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
571
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
572
- $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
573
- }else if($selected_2factor_method== 'PHONE VERIFICATION'){
574
- $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
575
- }
576
- }else if($content['status'] == 'FAILED'){
577
- $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
578
- }else{
579
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
580
- }
581
- }else{
582
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
583
- }
584
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
585
- }
586
- }
587
-
588
- }
589
- function mo2f_inline_validate_kba(){
590
- if(isset($_POST['mo2f_inline_save_kba_nonce'])){
591
- $nonce = sanitize_text_field($_POST['mo2f_inline_save_kba_nonce']);
592
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
593
- $error = new WP_Error();
594
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
595
- return $error;
596
- } else {
597
- global $Mo2fdbQueries;
598
- $this->miniorange_pass2login_start_session();
599
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
600
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
601
- $mo2fa_login_message = '';
602
- $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
603
- $temp_array = array(sanitize_text_field($_POST['mo2f_kbaquestion_1']),sanitize_text_field($_POST['mo2f_kbaquestion_2']),sanitize_text_field($_POST['mo2f_kbaquestion_3']));
604
- $kba_questions = array();
605
- foreach($temp_array as $question){
606
- if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
607
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
608
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
609
- }else{
610
- $ques = sanitize_text_field($question);
611
- $ques = addcslashes(stripslashes($ques), '"\\');
612
- array_push($kba_questions, $ques);
613
- }
614
- }
615
- if(!(array_unique($kba_questions) == $kba_questions)){
616
- $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
617
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
618
- }
619
- $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
620
- $kba_answers = array();
621
- foreach($temp_array_ans as $answer){
622
- if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
623
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
624
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
625
- }else{
626
- $ques = sanitize_text_field($answer);
627
- $answer = strtolower($answer);
628
- array_push($kba_answers, $answer);
629
- }
630
- }
631
- $size = sizeof($kba_questions);
632
- $kba_q_a_list = array();
633
- for($c = 0; $c < $size; $c++){
634
- array_push($kba_q_a_list, $kba_questions[$c]);
635
- array_push($kba_q_a_list, $kba_answers[$c]);
636
- }
637
-
638
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
639
-
640
-
641
- $current_user = get_user_by('id',$user_id);
642
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
643
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
644
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
645
- 'mo2f_SecurityQuestions_config_status' =>true,
646
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
647
- ) );
648
- if(!MO2F_IS_ONPREM)
649
- {
650
- $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
651
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
652
- $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
653
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
654
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
655
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
656
-
657
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
658
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
659
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
660
-
661
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
662
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
663
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
664
-
665
- $kba_registration = new Two_Factor_Setup();
666
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
667
-
668
- if ( json_last_error() == JSON_ERROR_NONE ) {
669
-
670
- if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
671
- $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
672
- }
673
-
674
- }
675
- }
676
-
677
- $kba_q1 = $kba_q_a_list[0];
678
- $kba_a1 = md5($kba_q_a_list[1]);
679
- $kba_q2 = $kba_q_a_list[2];
680
- $kba_a2 = md5($kba_q_a_list[3]);
681
- $kba_q3 = $kba_q_a_list[4];
682
- $kba_a3 = md5($kba_q_a_list[5]);
683
- $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
684
- update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
685
- if(!isset($_POST['mo2f_inline_kba_status'])){
686
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
687
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
688
- }
689
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
690
- }
691
- }
692
- }
693
-
694
- function mo2f_inline_validate_mobile_authentication(){
695
- if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
696
- $nonce = sanitize_text_field($_POST['mo_auth_inline_mobile_registration_complete_nonce']);
697
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
698
- $error = new WP_Error();
699
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
700
- return $error;
701
- } else {
702
- global $Mo2fdbQueries;
703
- $this->miniorange_pass2login_start_session();
704
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
705
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
706
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
707
-
708
-
709
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
710
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
711
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
712
- $mo2fa_login_message = '';
713
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
714
- $enduser = new Two_Factor_Setup();
715
- if($selected_2factor_method == 'SOFT TOKEN')
716
- $selected_2factor_method_onprem = 'miniOrange Soft Token';
717
- else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
718
- $selected_2factor_method_onprem = 'miniOrange Push Notification';
719
- else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
720
- $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
721
-
722
- $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
723
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
724
- if($response['status'] == 'ERROR'){
725
- $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
726
- }else if($response['status'] == 'SUCCESS'){
727
- $Mo2fdbQueries->update_user_details( $user_id, array(
728
- 'mobile_registration_status' =>true,
729
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
730
- 'mo2f_miniOrangeSoftToken_config_status' => true,
731
- 'mo2f_miniOrangePushNotification_config_status' => true,
732
- 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
733
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
734
- ) );
735
- //
736
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
737
- }else{
738
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
739
- }
740
- }else{
741
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
742
- }
743
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
744
- }
745
- }
746
-
747
- }
748
-
749
- function mo2f_duo_mobile_send_push_notification_for_inline_form(){
750
- if(isset($_POST['duo_mobile_send_push_notification_inline_form_nonce'])){
751
- $nonce = sanitize_text_field($_POST['duo_mobile_send_push_notification_inline_form_nonce']);
752
- if ( ! wp_verify_nonce( $nonce, 'mo2f-send-duo-push-notification-inline-nonce' ) ) {
753
- $error = new WP_Error();
754
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
755
- return $error;
756
- } else {
757
-
758
- global $Mo2fdbQueries;
759
- $this->miniorange_pass2login_start_session();
760
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
761
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
762
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
763
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
764
-
765
- $Mo2fdbQueries->update_user_details( $user_id, array(
766
- 'mobile_registration_status' =>true,
767
- ) );
768
- $mo2fa_login_message = '';
769
-
770
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
771
-
772
-
773
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
774
-
775
- }
776
- }
777
- }
778
-
779
- function mo2f_inline_validate_duo_authentication(){
780
- if(isset($_POST['mo_auth_inline_duo_auth_mobile_registration_complete_nonce'])){
781
- $nonce = sanitize_text_field($_POST['mo_auth_inline_duo_auth_mobile_registration_complete_nonce']);
782
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-duo_auth-registration-complete-nonce' ) ) {
783
- $error = new WP_Error();
784
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
785
- return $error;
786
- } else {
787
-
788
- global $Mo2fdbQueries;
789
- $this->miniorange_pass2login_start_session();
790
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
791
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
792
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
793
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
794
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
795
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
796
- $Mo2fdbQueries->update_user_details( $user_id, array(
797
- 'mobile_registration_status' =>true,
798
- ) );
799
- $mo2fa_login_message = '';
800
-
801
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
802
- $ikey = get_site_option('mo2f_d_integration_key');
803
- $skey = get_site_option('mo2f_d_secret_key');
804
- $host = get_site_option('mo2f_d_api_hostname');
805
-
806
-
807
-
808
- $duo_preauth = preauth( $email ,true, $skey, $ikey, $host);
809
-
810
-
811
- if(isset($duo_preauth['response']['stat']) && $duo_preauth['response']['stat'] == 'OK'){
812
-
813
- if(isset($duo_preauth['response']['response']['status_msg']) && $duo_preauth['response']['response']['status_msg'] == 'Account is active'){
814
- $mo2fa_login_message = $email.' user is already exists, please go for step B duo will send push notification on your configured mobile.';
815
-
816
- }else if(isset($duo_preauth['response']['response']['enroll_portal_url'])){
817
- $duo_enroll_url = $duo_preauth['response']['response']['enroll_portal_url'];
818
- update_user_meta( $user_id , 'user_not_enroll_on_duo_before', $duo_enroll_url );
819
- update_user_meta( $user_id , 'user_not_enroll', true );
820
-
821
- }else{
822
- $mo2fa_login_message = 'Your account is inactive from duo side, please contact to your administrator.';
823
- }
824
-
825
- }else{
826
- $mo2fa_login_message = 'Error through during preauth.';
827
-
828
- }
829
-
830
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
831
-
832
-
833
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
834
-
835
- }
836
- }
837
- }
838
-
839
- function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
840
- global $Mo2fdbQueries;
841
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
842
-
843
- $code_generate = get_user_meta($current_user_id, 'mo_backup_code_generated', true);
844
- if(empty($code_generate)){
845
- $mo2fa_login_message = '';
846
- $mo2fa_login_status = 'MO_2_FACTOR_GENERATE_BACKUP_CODES';
847
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
848
- }else{
849
- $pass2fa= new Miniorange_Password_2Factor_Login();
850
- $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
851
- exit;
852
- }
853
- }
854
-
855
- function mo2f_inline_get_qr_code_for_mobile($email,$id){
856
- $registerMobile = new Two_Factor_Setup();
857
- $content = $registerMobile->register_mobile($email);
858
- $response = json_decode($content, true);
859
- $message = '';
860
- $miniorageqr=array();
861
- if(json_last_error() == JSON_ERROR_NONE) {
862
- if($response['status'] == 'ERROR'){
863
- $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
864
- delete_user_meta( $id, 'miniorageqr' );
865
- }else{
866
- if($response['status'] == 'IN_PROGRESS'){
867
-
868
- $miniorageqr['message']='';
869
- $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
870
- $miniorageqr['mo2f-login-transactionId']=$response['txId'];
871
- $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
872
- update_user_meta($id,'miniorageqr',$miniorageqr);
873
- }else{
874
- $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
875
- delete_user_meta( $id, 'miniorageqr' );
876
- }
877
- }
878
- }
879
- return $miniorageqr;
880
- }
881
-
882
- function inline_mobile_configure(){
883
- if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
884
- $nonce = sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']);
885
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
886
- $error = new WP_Error();
887
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
888
- return $error;
889
- } else {
890
- global $Mo2fdbQueries;
891
- $this->miniorange_pass2login_start_session();
892
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
893
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
894
-
895
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
896
- $current_user = get_user_by('id',$user_id);
897
- $mo2fa_login_message = '';
898
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
899
- $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
900
- if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
901
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
902
- $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
903
- $mo2fa_login_message=$miniorageqr['message'];
904
- MO2f_Utility::mo2f_set_transient( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
905
-
906
- $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
907
- }else{
908
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
909
- }
910
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
911
- }
912
- }
913
- }
914
-
915
- function inline_validate_and_set_ga(){
916
- if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
917
- $nonce = sanitize_text_field($_POST['mo2f_inline_validate_ga_nonce']);
918
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
919
- $error = new WP_Error();
920
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
921
- return $error;
922
- } else {
923
- global $Mo2fdbQueries;
924
- $this->miniorange_pass2login_start_session();
925
- $otpToken = sanitize_text_field($_POST['google_auth_code']);
926
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
927
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
928
-
929
-
930
- $current_user = get_user_by('id',$user_id);
931
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
932
- $ga_secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
933
-
934
- $mo2fa_login_message = '';
935
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
936
- if(MO2f_Utility::mo2f_check_number_length($otpToken)){
937
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
938
- $google_auth = new Miniorange_Rba_Attributes();
939
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
940
- if(json_last_error() == JSON_ERROR_NONE) {
941
- if($google_response['status'] == 'SUCCESS'){
942
- $response = $google_response;
943
- if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
944
- if($response['status'] == 'SUCCESS'){
945
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
946
- 'mo2f_GoogleAuthenticator_config_status' => true,
947
- 'mo2f_configured_2FA_method' => 'Google Authenticator',
948
- 'mo2f_AuthyAuthenticator_config_status' => false,
949
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
950
- ) );
951
-
952
- if(MO2F_IS_ONPREM){
953
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
954
- $gauth_obj= new Google_auth_onpremise();
955
- $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
956
- }
957
- update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
958
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
959
-
960
- //When user sets method of another admin from USers section.
961
- if(!empty(get_user_meta($current_user->ID,'mo2fa_set_Authy_inline'))){
962
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
963
- 'mo2f_GoogleAuthenticator_config_status' => false,
964
- 'mo2f_AuthyAuthenticator_config_status' => true,
965
- 'mo2f_configured_2FA_method' => "Authy Authenticator",
966
- 'user_registration_with_miniorange' => 'SUCCESS',
967
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
968
- ) );
969
- update_user_meta( $current_user->ID, 'mo2f_external_app_type', "Authy Authenticator" );
970
- delete_user_meta($current_user->ID ,'mo2fa_set_Authy_inline');
971
- }
972
- }else{
973
- $mo2fa_login_message = __('An error occured while setting up Google/Authy Authenticator. Please Try again.','miniorange-2-factor-authentication');
974
- }
975
- }else{
976
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
977
- }
978
- }else{
979
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
980
- }
981
- }else{
982
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
983
- }
984
- }else{
985
- $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
986
- }
987
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
988
- }
989
- }
990
- }
991
-
992
- function back_to_select_2fa(){
993
- if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
994
- $nonce = sanitize_text_field($_POST['miniorange_inline_two_factor_setup']);
995
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
996
- $error = new WP_Error();
997
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
998
- return $er