Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.4.47

Version Description

  • Google Authenticator - Two factor Authentication (2FA, OTP) :
  • Christmas offer
Download this release

Release Info

Developer twofactorauthentication
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.4.47
Comparing to
See all releases

Code changes from version 5.4.46 to 5.4.47

Files changed (67) hide show
  1. api/Mo2f_OnPremRedirect.php +343 -343
  2. api/class-customer-common-setup.php +475 -475
  3. api/class-customer-onprem-setup.php +72 -72
  4. api/class-customer-setup.php +33 -33
  5. api/class-rba-attributes.php +183 -183
  6. api/class-two-factor-setup.php +197 -197
  7. api/mo2f_api.php +71 -71
  8. controllers/PointersManager.php +53 -53
  9. controllers/account.php +303 -303
  10. controllers/addons.php +4 -4
  11. controllers/advanced-blocking.php +186 -186
  12. controllers/backup/backup.php +1 -1
  13. controllers/backup/backup_ajax.php +156 -156
  14. controllers/backup/backup_controller.php +1 -1
  15. controllers/backup/backup_created_report.php +1 -1
  16. controllers/backup/backup_created_result.php +13 -13
  17. controllers/backup/backup_schdule.php +21 -21
  18. controllers/change-password.php +13 -13
  19. controllers/content-protection.php +94 -94
  20. controllers/dashboard.php +22 -22
  21. controllers/dashboard_ajax.php +210 -210
  22. controllers/duo_authenticator/duo_authenticator_ajax.php +74 -74
  23. controllers/feedback_footer.php +56 -56
  24. controllers/ip-blocking.php +256 -256
  25. controllers/licensing.php +49 -49
  26. controllers/login-security.php +216 -216
  27. controllers/login-spam.php +9 -9
  28. controllers/main_controller.php +103 -103
  29. controllers/malware_scanner/malware_scan_ajax.php +421 -421
  30. controllers/malware_scanner/malware_scan_result.php +40 -40
  31. controllers/malware_scanner/scan_malware.php +9 -9
  32. controllers/malware_scanner/scan_malware_report.php +4 -4
  33. controllers/malware_scanner/scan_malware_settings.php +47 -47
  34. controllers/malware_scanner/scan_malware_summary.php +4 -4
  35. controllers/navbar.php +94 -94
  36. controllers/newtork_security_features.php +23 -23
  37. controllers/notification-settings.php +100 -100
  38. controllers/pointers.php +581 -581
  39. controllers/registration-security.php +128 -128
  40. controllers/reports.php +24 -24
  41. controllers/request_christmas_offer.php +47 -47
  42. controllers/request_demo.php +50 -50
  43. controllers/request_offer.php +45 -45
  44. controllers/support.php +58 -58
  45. controllers/tour-model.php +334 -334
  46. controllers/tour/tour_ajax.php +145 -145
  47. controllers/troubleshooting.php +4 -4
  48. controllers/two-fa-intro.php +222 -222
  49. controllers/twofa/mo2fa_common_login.php +1660 -1660
  50. controllers/twofa/mo2fa_inline_registration.php +1537 -1537
  51. controllers/twofa/setup_twofa.php +50 -50
  52. controllers/twofa/two_fa.php +3 -3
  53. controllers/twofa/two_fa_addon.php +5 -5
  54. controllers/twofa/two_fa_custom_form.php +8 -8
  55. controllers/twofa/two_fa_custom_login.php +2 -2
  56. controllers/twofa/two_fa_login_option.php +1 -1
  57. controllers/twofa/two_fa_premium_feature.php +2 -2
  58. controllers/twofa/two_fa_rba.php +2 -2
  59. controllers/twofa/two_fa_session_control.php +2 -2
  60. controllers/twofa/two_fa_shortcode.php +2 -2
  61. controllers/twofa/two_fa_unlimittedUser.php +3 -3
  62. controllers/twofa/two_fa_unlimittedUser_ajax.php +46 -46
  63. controllers/twofa/two_fa_video_guide.php +3 -3
  64. controllers/twofa/two_factor_ajax.php +1284 -1284
  65. controllers/upgrade.php +3 -3
  66. controllers/waf.php +48 -48
  67. controllers/wpns-loginsecurity-ajax.php +0 -123
api/Mo2f_OnPremRedirect.php CHANGED
@@ -1,343 +1,343 @@
1
- <?php
2
- class Mo2f_OnPremRedirect {
3
-
4
- function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
- switch($authType){
6
-
7
- case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
- return $content;
9
- break;
10
- case "KBA": $content = $this->mo2f_kba_onpremise();
11
- return $content;
12
- break;
13
- case "OUT OF BAND EMAIL":
14
- break;
15
- case "EMAIL":
16
- case "OTP OVER EMAIL":
17
- case "OTP_OVER_EMAIL":
18
- return $this->mo2f_otp_over_email($otpToken,$current_user);
19
-
20
-
21
- }
22
-
23
- }
24
-
25
- function mo2f_kba_onpremise(){
26
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
- if(isset($_POST['validate'])){
28
- $user_id = wp_get_current_user()->ID;
29
- }
30
- else{
31
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
- }
33
- $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
- $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
- $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
- $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
- $questions_challenged = $questions_challenged[0];
38
- $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
- $all_ques_ans = $all_ques_ans[0];
40
- $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
- $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
-
45
- $pass2fa = new Miniorange_Password_2Factor_Login;
46
- $twofa_Settings = new Miniorange_Authentication;
47
- if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
- $content = json_encode($arr);
50
- delete_user_meta( $user_id, 'test_2FA' );
51
- return $content;
52
- }
53
- else {
54
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
- $content = json_encode($arr);
56
- return $content;
57
- }
58
-
59
- }
60
-
61
- function OnpremSendRedirect($useremail,$authType,$currentuser){
62
-
63
- switch($authType){
64
-
65
- case "Email Verification":
66
- case "OUT OF BAND EMAIL":
67
- $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
- return $content;
69
- case "EMAIL":
70
-
71
- case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
- return $content;
73
- case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
- return $content;
75
-
76
- }
77
-
78
- }
79
-
80
- function OnpremSecurityQuestions($user){
81
- $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
- $challenge_questions = array_keys($question_answers[0]);
83
- $random_keys = array_rand($challenge_questions,2);
84
- $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
- $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
- $questions = array($challenge_ques1,$challenge_ques2);
87
- update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
- $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
- return $response;
90
-
91
- }
92
-
93
- function mo2f_google_authenticator_onpremise($otpToken){
94
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
- $gauth_obj= new Google_auth_onpremise();
96
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
- if(is_user_logged_in()){
98
- $user = wp_get_current_user();
99
- $user_id = $user->ID;
100
- }else{
101
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
- }
103
- $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
- $content=$gauth_obj->verifyCode($secret, $otpToken);
105
- return $content;
106
- }
107
- function OnpremOTPOverEMail($current_user,$useremail=false)
108
- {
109
- return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
- }
111
- function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
- {
113
- $count_threshold = 5;
114
- global $Mo2fdbQueries;
115
- if(!isset($current_user) or is_null($current_user))
116
- {
117
- if(is_user_logged_in()){
118
- $current_user = wp_get_current_user();
119
- }else{
120
- $current_user = unserialize($_SESSION['mo2f_current_user']);
121
- }
122
- }
123
-
124
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
- {
126
- $email = get_user_meta($current_user->ID,'tempEmail',true);
127
-
128
- if($email == '' or empty($email))
129
- {
130
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
- }
132
-
133
- }
134
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
- $email = $current_user->user_email;
136
-
137
- delete_user_meta($current_user->ID,'tempEmail');
138
- $subject = '2-Factor Authentication';
139
- $headers = array('Content-Type: text/html; charset=UTF-8');
140
- $otpToken = '';
141
- for($i=1;$i<7;$i++)
142
- {
143
- $otpToken .= rand(0,9);
144
- }
145
- update_user_meta($current_user->ID,$tokenName,$otpToken);
146
- update_user_meta($current_user->ID,$timeName,time());
147
- update_user_meta($current_user->ID,'tempRegEmail',$email);
148
- $message = '<table cellpadding="25" style="margin:0px auto">
149
- <tbody>
150
- <tr>
151
- <td>
152
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
- <tbody>
154
- <tr>
155
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
- </tr>
157
- </tbody>
158
- </table>
159
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
- <tbody>
161
- <tr>
162
- <td>
163
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
- <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
- </div></div></td>
169
- </tr>
170
- </tbody>
171
- </table>
172
- </td>
173
- </tr>
174
- </tbody>
175
- </table>';
176
-
177
- $result = wp_mail($email,$subject,$message,$headers);
178
- if($result){
179
- if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
- Miniorange_Authentication::low_otp_alert("email");
181
- update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
-
184
- }else{
185
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
- }
188
- $content = json_encode($arr);
189
- return $content;
190
-
191
- }
192
-
193
- function mo2f_otp_over_email($otpToken,$current_user)
194
- {
195
- return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
- }
197
- function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
- {
199
- global $Mo2fdbQueries;
200
- if(is_null($current_user))
201
- {
202
- $current_user = wp_get_current_user();
203
- }
204
-
205
- if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
- {
207
- $user_id = $current_user->ID;
208
-
209
-
210
-
211
-
212
- $valid_token = get_user_meta($user_id,$dtoken,true);
213
-
214
-
215
- $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
-
217
-
218
- $time = get_user_meta($user_id,$dtime,true);
219
- $accepted_time = time()-300;
220
-
221
-
222
- if($accepted_time>$time)
223
- {
224
-
225
- delete_user_meta( $user_id, $dtoken );
226
- delete_user_meta( $user_id, $dtime );
227
- delete_user_meta( $user_id,'tempRegEmail');
228
-
229
- $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
- }
231
-
232
- else if($valid_token == $otpToken)
233
- {
234
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
- delete_user_meta( $user_id, $dtoken );
236
- if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
- {
238
- $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
- if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
- $Mo2fdbQueries->update_user_details($user_id,array(
241
- 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
- 'mo2f_user_email'=> $tempRegEmail));
244
- }
245
- delete_user_meta( $user_id,'tempRegEmail');
246
- }
247
- else
248
- {
249
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
- }
251
-
252
- $content = json_encode($arr);
253
- return $content;
254
-
255
- }
256
- }
257
-
258
-
259
- function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
- {
261
-
262
- global $Mo2fdbQueries;
263
-
264
- $email = get_user_meta($current_user->ID,'tempEmail',true);
265
-
266
-
267
- if(empty($email))
268
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
-
270
- $subject = "2-Factor Authentication(Email verification)";
271
- $headers = array('Content-Type: text/html; charset=UTF-8');
272
- $txid = '';
273
- $otpToken = '';
274
- $otpTokenD = '';
275
- for($i=1;$i<7;$i++)
276
- {
277
- $otpToken .= rand(0,9);
278
- $txid .= rand(100,999);
279
- $otpTokenD .= rand(0,9);
280
- }
281
- $otpTokenH = hash('sha512',$otpToken);
282
- $otpTokenDH = hash('sha512', $otpTokenD);
283
- update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
- $userID = hash('sha512',$current_user->ID);
285
- update_site_option($userID,$otpTokenH);
286
- update_site_option($txid,3);
287
- $userIDd = $userID . 'D';
288
- update_site_option($userIDd,$otpTokenDH);
289
-
290
- $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
- $result = wp_mail($email,$subject,$message,$headers);
292
-
293
- $response=array("txId"=>$txid);
294
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
- if($result)
296
- {
297
- $response['status']='SUCCESS';
298
- $time = "time".$txid;
299
- $currentTimeInMillis = round(microtime(true) * 1000);
300
- update_site_option($time,$currentTimeInMillis);
301
- }
302
- else
303
- {
304
- $response['status']='FAILED';
305
- }
306
-
307
- return json_encode($response);
308
- }
309
-
310
- function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
- $url = get_site_option('siteurl').'/wp-login.php?';
312
- $message = '<table cellpadding="25" style="margin:0px auto">
313
- <tbody>
314
- <tr>
315
- <td>
316
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
- <tbody>
318
- <tr>
319
- <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
- </tr>
321
- </tbody>
322
- </table>
323
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
- <tbody>
325
- <tr>
326
- <td>
327
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
- <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
- <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
- </div></div></td>
334
- </tr>
335
- </tbody>
336
- </table>
337
- </td>
338
- </tr>
339
- </tbody>
340
- </table>';
341
- return $message;
342
- }
343
- }
1
+ <?php
2
+ class Mo2f_OnPremRedirect {
3
+
4
+ function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
+ switch($authType){
6
+
7
+ case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken);
8
+ return $content;
9
+ break;
10
+ case "KBA": $content = $this->mo2f_kba_onpremise();
11
+ return $content;
12
+ break;
13
+ case "OUT OF BAND EMAIL":
14
+ break;
15
+ case "EMAIL":
16
+ case "OTP OVER EMAIL":
17
+ case "OTP_OVER_EMAIL":
18
+ return $this->mo2f_otp_over_email($otpToken,$current_user);
19
+
20
+
21
+ }
22
+
23
+ }
24
+
25
+ function mo2f_kba_onpremise(){
26
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
+ if(isset($_POST['validate'])){
28
+ $user_id = wp_get_current_user()->ID;
29
+ }
30
+ else{
31
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
+ }
33
+ $redirect_to = isset( $_POST['redirect_to'] ) ? $_POST['redirect_to'] : null;
34
+ $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
+ $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
+ $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
+ $questions_challenged = $questions_challenged[0];
38
+ $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
+ $all_ques_ans = $all_ques_ans[0];
40
+ $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
+ $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
+
45
+ $pass2fa = new Miniorange_Password_2Factor_Login;
46
+ $twofa_Settings = new Miniorange_Authentication;
47
+ if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
+ $content = json_encode($arr);
50
+ delete_user_meta( $user_id, 'test_2FA' );
51
+ return $content;
52
+ }
53
+ else {
54
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
+ $content = json_encode($arr);
56
+ return $content;
57
+ }
58
+
59
+ }
60
+
61
+ function OnpremSendRedirect($useremail,$authType,$currentuser){
62
+
63
+ switch($authType){
64
+
65
+ case "Email Verification":
66
+ case "OUT OF BAND EMAIL":
67
+ $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
+ return $content;
69
+ case "EMAIL":
70
+
71
+ case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
+ return $content;
73
+ case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
+ return $content;
75
+
76
+ }
77
+
78
+ }
79
+
80
+ function OnpremSecurityQuestions($user){
81
+ $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
+ $challenge_questions = array_keys($question_answers[0]);
83
+ $random_keys = array_rand($challenge_questions,2);
84
+ $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
+ $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
+ $questions = array($challenge_ques1,$challenge_ques2);
87
+ update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
+ $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
+ return $response;
90
+
91
+ }
92
+
93
+ function mo2f_google_authenticator_onpremise($otpToken){
94
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
+ $gauth_obj= new Google_auth_onpremise();
96
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
+ if(is_user_logged_in()){
98
+ $user = wp_get_current_user();
99
+ $user_id = $user->ID;
100
+ }else{
101
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
102
+ }
103
+ $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
104
+ $content=$gauth_obj->verifyCode($secret, $otpToken);
105
+ return $content;
106
+ }
107
+ function OnpremOTPOverEMail($current_user,$useremail=false)
108
+ {
109
+ return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
110
+ }
111
+ function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
112
+ {
113
+ $count_threshold = 5;
114
+ global $Mo2fdbQueries;
115
+ if(!isset($current_user) or is_null($current_user))
116
+ {
117
+ if(is_user_logged_in()){
118
+ $current_user = wp_get_current_user();
119
+ }else{
120
+ $current_user = unserialize($_SESSION['mo2f_current_user']);
121
+ }
122
+ }
123
+
124
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
125
+ {
126
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
127
+
128
+ if($email == '' or empty($email))
129
+ {
130
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
131
+ }
132
+
133
+ }
134
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
135
+ $email = $current_user->user_email;
136
+
137
+ delete_user_meta($current_user->ID,'tempEmail');
138
+ $subject = '2-Factor Authentication';
139
+ $headers = array('Content-Type: text/html; charset=UTF-8');
140
+ $otpToken = '';
141
+ for($i=1;$i<7;$i++)
142
+ {
143
+ $otpToken .= rand(0,9);
144
+ }
145
+ update_user_meta($current_user->ID,$tokenName,$otpToken);
146
+ update_user_meta($current_user->ID,$timeName,time());
147
+ update_user_meta($current_user->ID,'tempRegEmail',$email);
148
+ $message = '<table cellpadding="25" style="margin:0px auto">
149
+ <tbody>
150
+ <tr>
151
+ <td>
152
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
153
+ <tbody>
154
+ <tr>
155
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
156
+ </tr>
157
+ </tbody>
158
+ </table>
159
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
160
+ <tbody>
161
+ <tr>
162
+ <td>
163
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
164
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
165
+ <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
166
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
167
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
168
+ </div></div></td>
169
+ </tr>
170
+ </tbody>
171
+ </table>
172
+ </td>
173
+ </tr>
174
+ </tbody>
175
+ </table>';
176
+
177
+ $result = wp_mail($email,$subject,$message,$headers);
178
+ if($result){
179
+ if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
180
+ Miniorange_Authentication::low_otp_alert("email");
181
+ update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
182
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
183
+
184
+ }else{
185
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
186
+ update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
187
+ }
188
+ $content = json_encode($arr);
189
+ return $content;
190
+
191
+ }
192
+
193
+ function mo2f_otp_over_email($otpToken,$current_user)
194
+ {
195
+ return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
196
+ }
197
+ function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
198
+ {
199
+ global $Mo2fdbQueries;
200
+ if(is_null($current_user))
201
+ {
202
+ $current_user = wp_get_current_user();
203
+ }
204
+
205
+ if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
206
+ {
207
+ $user_id = $current_user->ID;
208
+
209
+
210
+
211
+
212
+ $valid_token = get_user_meta($user_id,$dtoken,true);
213
+
214
+
215
+ $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
216
+
217
+
218
+ $time = get_user_meta($user_id,$dtime,true);
219
+ $accepted_time = time()-300;
220
+
221
+
222
+ if($accepted_time>$time)
223
+ {
224
+
225
+ delete_user_meta( $user_id, $dtoken );
226
+ delete_user_meta( $user_id, $dtime );
227
+ delete_user_meta( $user_id,'tempRegEmail');
228
+
229
+ $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
230
+ }
231
+
232
+ else if($valid_token == $otpToken)
233
+ {
234
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
235
+ delete_user_meta( $user_id, $dtoken );
236
+ if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
237
+ {
238
+ $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
239
+ if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
240
+ $Mo2fdbQueries->update_user_details($user_id,array(
241
+ 'mo2f_configured_2FA_method' => 'OTP Over Email',
242
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
243
+ 'mo2f_user_email'=> $tempRegEmail));
244
+ }
245
+ delete_user_meta( $user_id,'tempRegEmail');
246
+ }
247
+ else
248
+ {
249
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
250
+ }
251
+
252
+ $content = json_encode($arr);
253
+ return $content;
254
+
255
+ }
256
+ }
257
+
258
+
259
+ function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
260
+ {
261
+
262
+ global $Mo2fdbQueries;
263
+
264
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
265
+
266
+
267
+ if(empty($email))
268
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
269
+
270
+ $subject = "2-Factor Authentication(Email verification)";
271
+ $headers = array('Content-Type: text/html; charset=UTF-8');
272
+ $txid = '';
273
+ $otpToken = '';
274
+ $otpTokenD = '';
275
+ for($i=1;$i<7;$i++)
276
+ {
277
+ $otpToken .= rand(0,9);
278
+ $txid .= rand(100,999);
279
+ $otpTokenD .= rand(0,9);
280
+ }
281
+ $otpTokenH = hash('sha512',$otpToken);
282
+ $otpTokenDH = hash('sha512', $otpTokenD);
283
+ update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
284
+ $userID = hash('sha512',$current_user->ID);
285
+ update_site_option($userID,$otpTokenH);
286
+ update_site_option($txid,3);
287
+ $userIDd = $userID . 'D';
288
+ update_site_option($userIDd,$otpTokenDH);
289
+
290
+ $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
291
+ $result = wp_mail($email,$subject,$message,$headers);
292
+
293
+ $response=array("txId"=>$txid);
294
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
295
+ if($result)
296
+ {
297
+ $response['status']='SUCCESS';
298
+ $time = "time".$txid;
299
+ $currentTimeInMillis = round(microtime(true) * 1000);
300
+ update_site_option($time,$currentTimeInMillis);
301
+ }
302
+ else
303
+ {
304
+ $response['status']='FAILED';
305
+ }
306
+
307
+ return json_encode($response);
308
+ }
309
+
310
+ function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
311
+ $url = get_site_option('siteurl').'/wp-login.php?';
312
+ $message = '<table cellpadding="25" style="margin:0px auto">
313
+ <tbody>
314
+ <tr>
315
+ <td>
316
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
317
+ <tbody>
318
+ <tr>
319
+ <td><img src="https://ci5.googleusercontent.com/proxy/10EQeM1udyBOkfD2dwxGhIaMXV4lOwCRtUecpsDkZISL0JIkOL2JhaYhVp54q6Sk656rW2rpAFJFEgGQiAOVcYIIKxXYMHHMNSNB=s0-d-e1-ft#https://login.xecurify.com/moas/images/xecurify-logo.png" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
320
+ </tr>
321
+ </tbody>
322
+ </table>
323
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
324
+ <tbody>
325
+ <tr>
326
+ <td>
327
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
328
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
329
+ <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
330
+ <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
331
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
332
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
333
+ </div></div></td>
334
+ </tr>
335
+ </tbody>
336
+ </table>
337
+ </td>
338
+ </tr>
339
+ </tbody>
340
+ </table>';
341
+ return $message;
342
+ }
343
+ }
api/class-customer-common-setup.php CHANGED
@@ -1,475 +1,475 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Cloud_Setup {
29
-
30
- public $email;
31
- public $phone;
32
- public $customerKey;
33
- public $transactionId;
34
-
35
- private $auth_mode = 2; // miniorange test or not
36
- private $https_mode = false; // website http or https
37
-
38
-
39
- function check_customer() {
40
- $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
- $email = get_option( "mo2f_email" );
42
- $mo2fApi= new Mo2f_Api();
43
- $fields = array (
44
- 'email' => $email
45
- );
46
- $field_string = json_encode ( $fields );
47
-
48
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
-
50
- $response = $mo2fApi->make_curl_call( $url, $field_string );
51
- return $response;
52
-
53
- }
54
-
55
- function guest_audit() {
56
- $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
- $email = get_option( "mo2f_email" );
58
-
59
- $user = wp_get_current_user();
60
-
61
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
- if (empty($email))
63
- $email = $user->user_email;
64
- }
65
-
66
- $mo2fApi= new Mo2f_Api();
67
- $MoWpnsUtility = new MoWpnsUtility();
68
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
- $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
- $fields = array (
71
- 'emailAddress' => $email,
72
- 'companyName'=>$company,
73
- 'cmsName'=>"WP",
74
- 'applicationType'=>'Two Factor Upgrade',
75
- 'applicationName'=>$applicationName,
76
- 'pluginVersion'=>MO2F_VERSION,
77
- 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
- );
79
-
80
-
81
-
82
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
-
84
- $field_string = json_encode ( $fields );
85
-
86
- $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
- return $response;
88
-
89
- }
90
-
91
- function send_email_alert( $email, $phone, $message ) {
92
-
93
- $url = MO_HOST_NAME . '/moas/api/notify/send';
94
-
95
- $mo2fApi= new Mo2f_Api();
96
- $customerKey = "16555";
97
- $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
-
99
- $currentTimeInMillis = $mo2fApi->get_timestamp();
100
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
- $hashValue = hash( "sha512", $stringToHash );
102
- $fromEmail = $email;
103
- $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
-
105
- global $user;
106
- $user = wp_get_current_user();
107
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
-
110
-
111
- $customer_feature = "";
112
-
113
- if ( $is_ec_with_1_user ) {
114
- $customer_feature = "V1";
115
- }else if ( $is_nc_with_1_user ) {
116
- $customer_feature = "V3";
117
- }
118
-
119
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
-
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
-
123
- $fields = array(
124
- 'customerKey' => $customerKey,
125
- 'sendEmail' => true,
126
- 'email' => array(
127
- 'customerKey' => $customerKey,
128
- 'fromEmail' => $fromEmail,
129
- 'fromName' => 'Xecurify',
130
- 'toEmail' => '2fasupport@xecurify.com',
131
- 'toName' => '2fasupport@xecurify.com',
132
- 'subject' => $subject,
133
- 'content' => $content
134
- ),
135
- );
136
- $field_string = json_encode( $fields );
137
-
138
- $headers = $mo2fApi->get_http_header_array();
139
-
140
- $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
- return $response;
142
-
143
-
144
- }
145
-
146
- function create_customer() {
147
- global $Mo2fdbQueries;
148
- if ( ! MO2f_Utility::is_curl_installed() ) {
149
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
-
151
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
- }
153
-
154
- $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
- $mo2fApi= new Mo2f_Api();
156
- global $user;
157
- $user = wp_get_current_user();
158
- $this->email = get_option( 'mo2f_email' );
159
- $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
- $password = get_option( 'mo2f_password' );
161
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
-
163
- $fields = array(
164
- 'companyName' => $company,
165
- 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
- 'productInterest' => 'API_2FA',
167
- 'email' => $this->email,
168
- 'phone' => $this->phone,
169
- 'password' => $password
170
- );
171
- $field_string = json_encode( $fields );
172
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
-
174
- $content = $mo2fApi->make_curl_call( $url, $field_string );
175
-
176
- return $content;
177
- }
178
-
179
-
180
- function get_customer_key() {
181
- if ( ! MO2f_Utility::is_curl_installed() ) {
182
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
-
184
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
- }
186
-
187
- $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
-
189
- $email = get_option( "mo2f_email" );
190
- $password = get_option( "mo2f_password" );
191
- $mo2fApi= new Mo2f_Api();
192
- $fields = array(
193
- 'email' => $email,
194
- 'password' => $password
195
- );
196
- $field_string = json_encode( $fields );
197
-
198
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
-
200
- $content = $mo2fApi->make_curl_call( $url, $field_string );
201
-
202
- return $content;
203
- }
204
-
205
-
206
- function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
-
208
- if ( ! MO2f_Utility::is_curl_installed()) {
209
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
-
211
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
- }
213
-
214
- $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
- $mo2fApi = new Mo2f_Api();
216
- /* The customer Key provided to you */
217
- $customerKey = $cKey;
218
-
219
- /* The customer API Key provided to you */
220
- $apiKey = $apiKey;
221
-
222
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
- $currentTimeInMillis = $mo2fApi->get_timestamp();
224
-
225
- /* Creating the Hash using SHA-512 algorithm */
226
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
- $hashValue = hash( "sha512", $stringToHash );
228
-
229
- $headers = $mo2fApi->get_http_header_array();
230
-
231
- $fields = '';
232
- if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
- $fields = array(
234
- 'customerKey' => $customerKey,
235
- 'email' => $uKey,
236
- 'authType' => $authType,
237
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
- );
239
- } else if ( $authType == 'SMS' ) {
240
- $authType = "SMS";
241
- $fields = array(
242
- 'customerKey' => $customerKey,
243
- 'phone' => $uKey,
244
- 'authType' => $authType
245
- );
246
- } else {
247
- $fields = array(
248
- 'customerKey' => $customerKey,
249
- 'username' => $uKey,
250
- 'authType' => $authType,
251
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
- );
253
- }
254
-
255
- $field_string = json_encode( $fields );
256
-
257
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
-
259
- $content1 = json_decode($content,true);
260
-
261
- if ( $content1['status'] == "SUCCESS" ) {
262
- if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
- Miniorange_Authentication::low_otp_alert("sms");
264
- }
265
- if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
- Miniorange_Authentication::low_otp_alert("email");
267
- }
268
- }
269
-
270
- return $content;
271
- }
272
-
273
-
274
-
275
-
276
- function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
-
278
- $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
-
280
- $customerKey = $cKey;
281
- $apiKey = $apiKey;
282
- $mo2fApi= new Mo2f_Api();
283
- $currentTimeInMillis = $mo2fApi->get_timestamp();
284
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
- $hashValue = hash( "sha512", $stringToHash );
286
-
287
- $fields = '';
288
- $fields = array(
289
- 'customerId' => $customerKey,
290
- 'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
291
- 'licenseType' => $license_type
292
- );
293
-
294
- $field_string = json_encode( $fields );
295
-
296
- $headers = $mo2fApi->get_http_header_array();
297
-
298
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
299
-
300
-
301
- return $content;
302
- }
303
-
304
- public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
305
-
306
-
307
- $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
308
-
309
- $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
310
-
311
- $postdata = array('mo2f_email'=> $mo2f_user_email,
312
- 'mo2f_domain' =>$site_url,
313
- 'headers'=>$headers['header'],
314
- 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
315
-
316
- $handle = curl_init();
317
-
318
- curl_setopt_array($handle,
319
- array(
320
- CURLOPT_URL => $url,
321
- CURLOPT_POST => true,
322
- CURLOPT_POSTFIELDS => $postdata,
323
- CURLOPT_RETURNTRANSFER => true,
324
- CURLOPT_SSL_VERIFYHOST => FALSE,
325
- CURLOPT_SSL_VERIFYPEER => FALSE,
326
- )
327
- );
328
-
329
- $data = curl_exec($handle);
330
-
331
- curl_close($handle);
332
- return $data;
333
-
334
- }
335
-
336
- public function mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email){
337
- $url = 'https://sitestats.xecurify.com/backupcodeservice/backup_code_validation.php';
338
-
339
- $site_url = site_url();
340
- $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
341
-
342
- $postdata = array('mo2f_otp_token' => $mo2f_backup_code,
343
- 'mo2f_user_email'=> $mo2f_user_email,
344
- 'headers'=>$headers['header'],
345
- 'mo2f_site_url' => $site_url);
346
-
347
- $handle = curl_init();
348
-
349
- curl_setopt_array($handle,
350
- array(
351
- CURLOPT_URL => $url,
352
- CURLOPT_POST => true,
353
- CURLOPT_POSTFIELDS => $postdata,
354
- CURLOPT_RETURNTRANSFER => true,
355
- CURLOPT_SSL_VERIFYHOST => FALSE,
356
- CURLOPT_SSL_VERIFYPEER => FALSE,
357
- )
358
- );
359
-
360
- $data = curl_exec($handle);
361
-
362
- curl_close($handle);
363
-
364
- return $data;
365
- }
366
-
367
-
368
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
369
- $content='';
370
- if ( ! MO2f_Utility::is_curl_installed() ) {
371
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
372
-
373
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
374
- }
375
-
376
- $url = MO_HOST_NAME . '/moas/api/auth/validate';
377
- $mo2fApi= new Mo2f_Api();
378
- /* The customer Key provided to you */
379
- $customerKey = $cKey;
380
-
381
- /* The customer API Key provided to you */
382
- $apiKey = $customerApiKey;
383
-
384
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
385
- $currentTimeInMillis = $mo2fApi->get_timestamp();
386
-
387
- /* Creating the Hash using SHA-512 algorithm */
388
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
389
- $hashValue = hash( "sha512", $stringToHash );
390
-
391
- $headers = $mo2fApi->get_http_header_array();
392
- $fields = '';
393
- if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
394
- /*check for soft token*/
395
- $fields = array(
396
- 'customerKey' => $customerKey,
397
- 'username' => $username,
398
- 'token' => $otpToken,
399
- 'authType' => $authType
400
- );
401
- } else if ( $authType == 'KBA' ) {
402
- $fields = array(
403
- 'txId' => $transactionId,
404
- 'answers' => array(
405
- array(
406
- 'question' => $otpToken[0],
407
- 'answer' => $otpToken[1]
408
- ),
409
- array(
410
- 'question' => $otpToken[2],
411
- 'answer' => $otpToken[3]
412
- )
413
- )
414
- );
415
-
416
- } else {
417
- //*check for otp over sms/email
418
- $fields = array(
419
- 'txId' => $transactionId,
420
- 'token' => $otpToken
421
- );
422
- }
423
- $field_string = json_encode( $fields );
424
-
425
-
426
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
427
- return $content;
428
- }
429
-
430
- function submit_contact_us( $q_email, $q_phone, $query ) {
431
- if ( ! MO2f_Utility::is_curl_installed() ) {
432
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
433
-
434
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
435
- }
436
-
437
- $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
438
- global $user;
439
- $user = wp_get_current_user();
440
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
441
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
442
-
443
- $mo2fApi= new Mo2f_Api();
444
- $customer_feature = "";
445
-
446
- if ( $is_ec_with_1_user ) {
447
- $customer_feature = "V1";
448
- } else if ( $is_nc_with_1_user ) {
449
- $customer_feature = "V3";
450
- }
451
- global $moWpnsUtility;
452
-
453
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
454
- $fields = array(
455
- 'firstName' => $user->user_firstname,
456
- 'lastName' => $user->user_lastname,
457
- 'company' => $_SERVER['SERVER_NAME'],
458
- 'email' => $q_email,
459
- 'ccEmail' => '2fasupport@xecurify.com',
460
- 'phone' => $q_phone,
461
- 'query' => $query
462
- );
463
- $field_string = json_encode( $fields );
464
-
465
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
466
-
467
- $content = $mo2fApi->make_curl_call( $url, $field_string );
468
-
469
- return true;
470
- }
471
-
472
- }
473
-
474
-
475
- ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Cloud_Setup {
29
+
30
+ public $email;
31
+ public $phone;
32
+ public $customerKey;
33
+ public $transactionId;
34
+
35
+ private $auth_mode = 2; // miniorange test or not
36
+ private $https_mode = false; // website http or https
37
+
38
+
39
+ function check_customer() {
40
+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
+ $email = get_option( "mo2f_email" );
42
+ $mo2fApi= new Mo2f_Api();
43
+ $fields = array (
44
+ 'email' => $email
45
+ );
46
+ $field_string = json_encode ( $fields );
47
+
48
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
+
50
+ $response = $mo2fApi->make_curl_call( $url, $field_string );
51
+ return $response;
52
+
53
+ }
54
+
55
+ function guest_audit() {
56
+ $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
+ $email = get_option( "mo2f_email" );
58
+
59
+ $user = wp_get_current_user();
60
+
61
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
+ if (empty($email))
63
+ $email = $user->user_email;
64
+ }
65
+
66
+ $mo2fApi= new Mo2f_Api();
67
+ $MoWpnsUtility = new MoWpnsUtility();
68
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
+ $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
+ $fields = array (
71
+ 'emailAddress' => $email,
72
+ 'companyName'=>$company,
73
+ 'cmsName'=>"WP",
74
+ 'applicationType'=>'Two Factor Upgrade',
75
+ 'applicationName'=>$applicationName,
76
+ 'pluginVersion'=>MO2F_VERSION,
77
+ 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
+ );
79
+
80
+
81
+
82
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
+
84
+ $field_string = json_encode ( $fields );
85
+
86
+ $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
+ return $response;
88
+
89
+ }
90
+
91
+ function send_email_alert( $email, $phone, $message ) {
92
+
93
+ $url = MO_HOST_NAME . '/moas/api/notify/send';
94
+
95
+ $mo2fApi= new Mo2f_Api();
96
+ $customerKey = "16555";
97
+ $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
+
99
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
100
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
+ $hashValue = hash( "sha512", $stringToHash );
102
+ $fromEmail = $email;
103
+ $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
+
105
+ global $user;
106
+ $user = wp_get_current_user();
107
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
+
110
+
111
+ $customer_feature = "";
112
+
113
+ if ( $is_ec_with_1_user ) {
114
+ $customer_feature = "V1";
115
+ }else if ( $is_nc_with_1_user ) {
116
+ $customer_feature = "V3";
117
+ }
118
+
119
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
+
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
+
123
+ $fields = array(
124
+ 'customerKey' => $customerKey,
125
+ 'sendEmail' => true,
126
+ 'email' => array(
127
+ 'customerKey' => $customerKey,
128
+ 'fromEmail' => $fromEmail,
129
+ 'fromName' => 'Xecurify',
130
+ 'toEmail' => '2fasupport@xecurify.com',
131
+ 'toName' => '2fasupport@xecurify.com',
132
+ 'subject' => $subject,
133
+ 'content' => $content
134
+ ),
135
+ );
136
+ $field_string = json_encode( $fields );
137
+
138
+ $headers = $mo2fApi->get_http_header_array();
139
+
140
+ $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
+ return $response;
142
+
143
+
144
+ }
145
+
146
+ function create_customer() {
147
+ global $Mo2fdbQueries;
148
+ if ( ! MO2f_Utility::is_curl_installed() ) {
149
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
+
151
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
+ }
153
+
154
+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
+ $mo2fApi= new Mo2f_Api();
156
+ global $user;
157
+ $user = wp_get_current_user();
158
+ $this->email = get_option( 'mo2f_email' );
159
+ $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
+ $password = get_option( 'mo2f_password' );
161
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
+
163
+ $fields = array(
164
+ 'companyName' => $company,
165
+ 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
+ 'productInterest' => 'API_2FA',
167
+ 'email' => $this->email,
168
+ 'phone' => $this->phone,
169
+ 'password' => $password
170
+ );
171
+ $field_string = json_encode( $fields );
172
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
+
174
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
175
+
176
+ return $content;
177
+ }
178
+
179
+
180
+ function get_customer_key() {
181
+ if ( ! MO2f_Utility::is_curl_installed() ) {
182
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
+
184
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
+ }
186
+
187
+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
+
189
+ $email = get_option( "mo2f_email" );
190
+ $password = get_option( "mo2f_password" );
191
+ $mo2fApi= new Mo2f_Api();
192
+ $fields = array(
193
+ 'email' => $email,
194
+ 'password' => $password
195
+ );
196
+ $field_string = json_encode( $fields );
197
+
198
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
+
200
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
201
+
202
+ return $content;
203
+ }
204
+
205
+
206
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
+
208
+ if ( ! MO2f_Utility::is_curl_installed()) {
209
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
+
211
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
+ }
213
+
214
+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
+ $mo2fApi = new Mo2f_Api();
216
+ /* The customer Key provided to you */
217
+ $customerKey = $cKey;
218
+
219
+ /* The customer API Key provided to you */
220
+ $apiKey = $apiKey;
221
+
222
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
224
+
225
+ /* Creating the Hash using SHA-512 algorithm */
226
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
+ $hashValue = hash( "sha512", $stringToHash );
228
+
229
+ $headers = $mo2fApi->get_http_header_array();
230
+
231
+ $fields = '';
232
+ if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
+ $fields = array(
234
+ 'customerKey' => $customerKey,
235
+ 'email' => $uKey,
236
+ 'authType' => $authType,
237
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
+ );
239
+ } else if ( $authType == 'SMS' ) {
240
+ $authType = "SMS";
241
+ $fields = array(
242
+ 'customerKey' => $customerKey,
243
+ 'phone' => $uKey,
244
+ 'authType' => $authType
245
+ );
246
+ } else {
247
+ $fields = array(
248
+ 'customerKey' => $customerKey,
249
+ 'username' => $uKey,
250
+ 'authType' => $authType,
251
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
+ );
253
+ }
254
+
255
+ $field_string = json_encode( $fields );
256
+
257
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
+
259
+ $content1 = json_decode($content,true);
260
+
261
+ if ( $content1['status'] == "SUCCESS" ) {
262
+ if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
+ Miniorange_Authentication::low_otp_alert("sms");
264
+ }
265
+ if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
+ Miniorange_Authentication::low_otp_alert("email");
267
+ }
268
+ }
269
+
270
+ return $content;
271
+ }
272
+
273
+
274
+
275
+
276
+ function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
+
278
+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
+
280
+ $customerKey = $cKey;
281
+ $apiKey = $apiKey;
282
+ $mo2fApi= new Mo2f_Api();
283
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
284
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
+ $hashValue = hash( "sha512", $stringToHash );
286
+
287
+ $fields = '';
288
+ $fields = array(
289
+ 'customerId' => $customerKey,
290
+ 'applicationName' => 'WP_OTP_VERIFICATION_PLUGIN',
291
+ 'licenseType' => $license_type
292
+ );
293
+
294
+ $field_string = json_encode( $fields );
295
+
296
+ $headers = $mo2fApi->get_http_header_array();
297
+
298
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
299
+
300
+
301
+ return $content;
302
+ }
303
+
304
+ public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
305
+
306
+
307
+ $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
308
+
309
+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
310
+
311
+ $postdata = array('mo2f_email'=> $mo2f_user_email,
312
+ 'mo2f_domain' =>$site_url,
313
+ 'headers'=>$headers['header'],
314
+ 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
315
+
316
+ $handle = curl_init();
317
+
318
+ curl_setopt_array($handle,
319
+ array(
320
+ CURLOPT_URL => $url,
321
+ CURLOPT_POST => true,
322
+ CURLOPT_POSTFIELDS => $postdata,
323
+ CURLOPT_RETURNTRANSFER => true,
324
+ CURLOPT_SSL_VERIFYHOST => FALSE,
325
+ CURLOPT_SSL_VERIFYPEER => FALSE,
326
+ )
327
+ );
328
+
329
+ $data = curl_exec($handle);
330
+
331
+ curl_close($handle);
332
+ return $data;
333
+
334
+ }
335
+
336
+ public function mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email){
337
+ $url = 'https://sitestats.xecurify.com/backupcodeservice/backup_code_validation.php';
338
+
339
+ $site_url = site_url();
340
+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
341
+
342
+ $postdata = array('mo2f_otp_token' => $mo2f_backup_code,
343
+ 'mo2f_user_email'=> $mo2f_user_email,
344
+ 'headers'=>$headers['header'],
345
+ 'mo2f_site_url' => $site_url);
346
+
347
+ $handle = curl_init();
348
+
349
+ curl_setopt_array($handle,
350
+ array(
351
+ CURLOPT_URL => $url,
352
+ CURLOPT_POST => true,
353
+ CURLOPT_POSTFIELDS => $postdata,
354
+ CURLOPT_RETURNTRANSFER => true,
355
+ CURLOPT_SSL_VERIFYHOST => FALSE,
356
+ CURLOPT_SSL_VERIFYPEER => FALSE,
357
+ )
358
+ );
359
+
360
+ $data = curl_exec($handle);
361
+
362
+ curl_close($handle);
363
+
364
+ return $data;
365
+ }
366
+
367
+
368
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
369
+ $content='';
370
+ if ( ! MO2f_Utility::is_curl_installed() ) {
371
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
372
+
373
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
374
+ }
375
+
376
+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
377
+ $mo2fApi= new Mo2f_Api();
378
+ /* The customer Key provided to you */
379
+ $customerKey = $cKey;
380
+
381
+ /* The customer API Key provided to you */
382
+ $apiKey = $customerApiKey;
383
+
384
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
385
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
386
+
387
+ /* Creating the Hash using SHA-512 algorithm */
388
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
389
+ $hashValue = hash( "sha512", $stringToHash );
390
+
391
+ $headers = $mo2fApi->get_http_header_array();
392
+ $fields = '';
393
+ if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
394
+ /*check for soft token*/
395
+ $fields = array(
396
+ 'customerKey' => $customerKey,
397
+ 'username' => $username,
398
+ 'token' => $otpToken,
399
+ 'authType' => $authType
400
+ );
401
+ } else if ( $authType == 'KBA' ) {
402
+ $fields = array(
403
+ 'txId' => $transactionId,
404
+ 'answers' => array(
405
+ array(
406
+ 'question' => $otpToken[0],
407
+ 'answer' => $otpToken[1]
408
+ ),
409
+ array(
410
+ 'question' => $otpToken[2],
411
+ 'answer' => $otpToken[3]
412
+ )
413
+ )
414
+ );
415
+
416
+ } else {
417
+ //*check for otp over sms/email
418
+ $fields = array(
419
+ 'txId' => $transactionId,
420
+ 'token' => $otpToken
421
+ );
422
+ }
423
+ $field_string = json_encode( $fields );
424
+
425
+
426
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
427
+ return $content;
428
+ }
429
+
430
+ function submit_contact_us( $q_email, $q_phone, $query ) {
431
+ if ( ! MO2f_Utility::is_curl_installed() ) {
432
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
433
+
434
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
435
+ }
436
+
437
+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
438
+ global $user;
439
+ $user = wp_get_current_user();
440
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
441
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
442
+
443
+ $mo2fApi= new Mo2f_Api();
444
+ $customer_feature = "";
445
+
446
+ if ( $is_ec_with_1_user ) {
447
+ $customer_feature = "V1";
448
+ } else if ( $is_nc_with_1_user ) {
449
+ $customer_feature = "V3";
450
+ }
451
+ global $moWpnsUtility;
452
+
453
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
454
+ $fields = array(
455
+ 'firstName' => $user->user_firstname,
456
+ 'lastName' => $user->user_lastname,
457
+ 'company' => $_SERVER['SERVER_NAME'],
458
+ 'email' => $q_email,
459
+ 'ccEmail' => '2fasupport@xecurify.com',
460
+ 'phone' => $q_phone,
461
+ 'query' => $query
462
+ );
463
+ $field_string = json_encode( $fields );
464
+
465
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
466
+
467
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
468
+
469
+ return true;
470
+ }
471
+
472
+ }
473
+
474
+
475
+ ?>
api/class-customer-onprem-setup.php CHANGED
@@ -1,73 +1,73 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
-
31
-
32
- function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
33
-
34
- $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
- if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
- if(is_null($currentuser) or !isset($currentuser))
39
- $currentuser = wp_get_current_user();
40
- $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
-
42
- }else {
43
-
44
- $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey, $currentuser=null);
45
-
46
- }
47
-
48
- return $content;
49
- }
50
-
51
-
52
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
- $content='';
54
- if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
- include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
- if(!isset($current_user) or is_null($current_user) )
58
- $current_user = wp_get_current_user();
59
- $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
- //change parameters as per your requirement but make sure other methods are not affected.
61
-
62
- }else{
63
-
64
- $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
-
66
- }
67
- return $content;
68
- }
69
-
70
-
71
- }
72
-
73
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+
31
+
32
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
33
+
34
+ $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS');
35
+ if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
36
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
37
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
38
+ if(is_null($currentuser) or !isset($currentuser))
39
+ $currentuser = wp_get_current_user();
40
+ $content = $mo2fOnPremRedirect->OnpremSendRedirect($uKey,$authType,$currentuser);//change parameters as per your requirement but make sure other methods are not affected.
41
+
42
+ }else {
43
+
44
+ $content= parent::send_otp_token($uKey, $authType, $cKey, $apiKey, $currentuser=null);
45
+
46
+ }
47
+
48
+ return $content;
49
+ }
50
+
51
+
52
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
53
+ $content='';
54
+ if(MO2F_IS_ONPREM and $authType != 'SOFT TOKEN' and $authType !='OTP Over Email' and $authType != 'SMS' and $authType != 'OTP Over SMS'){
55
+ include_once dirname(__FILE__).DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
56
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
57
+ if(!isset($current_user) or is_null($current_user) )
58
+ $current_user = wp_get_current_user();
59
+ $content = $mo2fOnPremRedirect->OnpremValidateRedirect($authType, $otpToken,$current_user );
60
+ //change parameters as per your requirement but make sure other methods are not affected.
61
+
62
+ }else{
63
+
64
+ $content= parent::validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null);
65
+
66
+ }
67
+ return $content;
68
+ }
69
+
70
+
71
+ }
72
+
73
  ?>
api/class-customer-setup.php CHANGED
@@ -1,34 +1,34 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Setup extends Customer_Cloud_Setup {
29
-
30
- //all parent methods
31
- }
32
-
33
-
34
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Setup extends Customer_Cloud_Setup {
29
+
30
+ //all parent methods
31
+ }
32
+
33
+
34
  ?>
api/class-rba-attributes.php CHANGED
@@ -1,184 +1,184 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Miniorange_Rba_Attributes {
29
-
30
- private $auth_mode = 2; // miniorange test or not
31
- private $https_mode = false; // website http or https
32
-
33
- function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
-
35
- if ( ! MO2f_Utility::is_curl_installed() ) {
36
- return $this->get_curl_error_message();
37
- }
38
-
39
- $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
- $customerKey = get_option( 'mo2f_customerKey' );
41
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
- $mo2fApi= new Mo2f_Api();
43
- $http_header_array = $mo2fApi->get_http_header_array();
44
-
45
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
- }
47
-
48
- function get_curl_error_message() {
49
- $message = mo2f_lt( 'Please enable curl extension.' ) .
50
- ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
- mo2f_lt( 'Click here' ) .
52
- ' </a> ' .
53
- mo2f_lt( 'for the steps to enable curl.' );
54
-
55
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
- }
57
-
58
- function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
-
60
- if ( ! MO2f_Utility::is_curl_installed() ) {
61
- return $this->get_curl_error_message();
62
- }
63
-
64
- $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
- $customerKey = get_option( 'mo2f_customerKey' );
66
- $field_string = array(
67
- 'customerKey' => $customerKey,
68
- 'appSecret' => get_option( 'mo2f_app_secret' ),
69
- 'userKey' => $useremail,
70
- 'sessionUuid' => $sessionUuid
71
- );
72
- $mo2fApi= new Mo2f_Api();
73
-
74
- $http_header_array = $mo2fApi->get_http_header_array();
75
-
76
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
- }
78
-
79
- function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
-
81
- if ( ! MO2f_Utility::is_curl_installed() ) {
82
- return $this->get_curl_error_message();
83
- }
84
-
85
- $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
- $customerKey = get_option( 'mo2f_customerKey' );
87
- $field_string = array(
88
- 'customerKey' => $customerKey,
89
- 'userKey' => $useremail,
90
- 'sessionUuid' => $sessionUuid
91
- );
92
- $mo2fApi= new Mo2f_Api();
93
- $http_header_array = $mo2fApi->get_http_header_array();
94
-
95
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
- }
97
-
98
- function mo2f_get_app_secret() {
99
-
100
- if ( ! MO2f_Utility::is_curl_installed() ) {
101
- return $this->get_curl_error_message();
102
- }
103
-
104
- $mo2fApi= new Mo2f_Api();
105
-
106
- $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
- $customerKey = get_option( 'mo2f_customerKey' );
108
- $field_string = array(
109
- 'customerId' => $customerKey
110
- );
111
-
112
- $http_header_array = $mo2fApi->get_http_header_array();
113
-
114
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
- }
116
-
117
- function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
-
119
- if ( ! MO2f_Utility::is_curl_installed() ) {
120
- return $this->get_curl_error_message();
121
- }
122
- $mo2fApi= new Mo2f_Api();
123
- $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
- $customerKey = get_option( 'mo2f_customerKey' );
125
- $field_string = array(
126
- 'customerKey' => $customerKey,
127
- 'username' => $useremail,
128
- 'googleAuthenticatorName' => $googleAuthenticatorName
129
- );
130
-
131
- $http_header_array = $mo2fApi->get_http_header_array();
132
-
133
- return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
- }
135
-
136
- function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
- if(MO2F_IS_ONPREM){
138
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
- $gauth_obj= new Google_auth_onpremise();
140
- $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
- if($session_id_encrypt){
142
- $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
- }else{
144
- $secret_ga = $secret;
145
- }
146
- $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
- $value = json_decode($content,true);
148
- if($value['status'] == 'SUCCESS'){
149
- $user = wp_get_current_user();
150
- $user_id = $user->ID;
151
- $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
- update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
- update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
- global $Mo2fdbQueries;//might not need this
155
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
- }
157
- }else{
158
- if ( ! MO2f_Utility::is_curl_installed() ) {
159
- return $this->get_curl_error_message();
160
- }
161
-
162
-
163
- $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
- $mo2fApi= new Mo2f_Api();
165
-
166
- $customerKey = get_option( 'mo2f_customerKey' );
167
- $field_string = array(
168
- 'customerKey' => $customerKey,
169
- 'username' => $useremail,
170
- 'secret' => $secret,
171
- 'otpToken' => $otptoken,
172
- 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
- );
174
-
175
- $http_header_array = $mo2fApi->get_http_header_array();
176
- $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
- }
178
-
179
- return $content;
180
- }
181
-
182
- }
183
-
184
  ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Miniorange_Rba_Attributes {
29
+
30
+ private $auth_mode = 2; // miniorange test or not
31
+ private $https_mode = false; // website http or https
32
+
33
+ function mo2f_collect_attributes( $useremail, $rba_attributes ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/rest/rba/acs';
40
+ $customerKey = get_option( 'mo2f_customerKey' );
41
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"userKey\":\"" . $useremail . "\",\"attributes\":" . $rba_attributes . "}";
42
+ $mo2fApi= new Mo2f_Api();
43
+ $http_header_array = $mo2fApi->get_http_header_array();
44
+
45
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
46
+ }
47
+
48
+ function get_curl_error_message() {
49
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
50
+ ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
51
+ mo2f_lt( 'Click here' ) .
52
+ ' </a> ' .
53
+ mo2f_lt( 'for the steps to enable curl.' );
54
+
55
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
56
+ }
57
+
58
+ function mo2f_evaluate_risk( $useremail, $sessionUuid ) {
59
+
60
+ if ( ! MO2f_Utility::is_curl_installed() ) {
61
+ return $this->get_curl_error_message();
62
+ }
63
+
64
+ $url = MO_HOST_NAME . '/moas/rest/rba/evaluate-risk';
65
+ $customerKey = get_option( 'mo2f_customerKey' );
66
+ $field_string = array(
67
+ 'customerKey' => $customerKey,
68
+ 'appSecret' => get_option( 'mo2f_app_secret' ),
69
+ 'userKey' => $useremail,
70
+ 'sessionUuid' => $sessionUuid
71
+ );
72
+ $mo2fApi= new Mo2f_Api();
73
+
74
+ $http_header_array = $mo2fApi->get_http_header_array();
75
+
76
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
77
+ }
78
+
79
+ function mo2f_register_rba_profile( $useremail, $sessionUuid ) {
80
+
81
+ if ( ! MO2f_Utility::is_curl_installed() ) {
82
+ return $this->get_curl_error_message();
83
+ }
84
+
85
+ $url = MO_HOST_NAME . '/moas/rest/rba/register-profile';
86
+ $customerKey = get_option( 'mo2f_customerKey' );
87
+ $field_string = array(
88
+ 'customerKey' => $customerKey,
89
+ 'userKey' => $useremail,
90
+ 'sessionUuid' => $sessionUuid
91
+ );
92
+ $mo2fApi= new Mo2f_Api();
93
+ $http_header_array = $mo2fApi->get_http_header_array();
94
+
95
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
96
+ }
97
+
98
+ function mo2f_get_app_secret() {
99
+
100
+ if ( ! MO2f_Utility::is_curl_installed() ) {
101
+ return $this->get_curl_error_message();
102
+ }
103
+
104
+ $mo2fApi= new Mo2f_Api();
105
+
106
+ $url = MO_HOST_NAME . '/moas/rest/customer/getapp-secret';
107
+ $customerKey = get_option( 'mo2f_customerKey' );
108
+ $field_string = array(
109
+ 'customerId' => $customerKey
110
+ );
111
+
112
+ $http_header_array = $mo2fApi->get_http_header_array();
113
+
114
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
115
+ }
116
+
117
+ function mo2f_google_auth_service( $useremail, $googleAuthenticatorName="" ) {
118
+
119
+ if ( ! MO2f_Utility::is_curl_installed() ) {
120
+ return $this->get_curl_error_message();
121
+ }
122
+ $mo2fApi= new Mo2f_Api();
123
+ $url = MO_HOST_NAME . '/moas/api/auth/google-auth-secret';
124
+ $customerKey = get_option( 'mo2f_customerKey' );
125
+ $field_string = array(
126
+ 'customerKey' => $customerKey,
127
+ 'username' => $useremail,
128
+ 'googleAuthenticatorName' => $googleAuthenticatorName
129
+ );
130
+
131
+ $http_header_array = $mo2fApi->get_http_header_array();
132
+
133
+ return $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
134
+ }
135
+
136
+ function mo2f_validate_google_auth( $useremail, $otptoken, $secret ) {
137
+ if(MO2F_IS_ONPREM){
138
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
139
+ $gauth_obj= new Google_auth_onpremise();
140
+ $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
141
+ if($session_id_encrypt){
142
+ $secret_ga = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
143
+ }else{
144
+ $secret_ga = $secret;
145
+ }
146
+ $content=$gauth_obj->verifyCode($secret_ga , $otptoken );
147
+ $value = json_decode($content,true);
148
+ if($value['status'] == 'SUCCESS'){
149
+ $user = wp_get_current_user();
150
+ $user_id = $user->ID;
151
+ $gauth_obj->mo_GAuth_set_secret($user_id, $secret_ga);
152
+ update_user_meta($user_id,'mo2f_2FA_method_to_configure','Google Authenticator');
153
+ update_user_meta( $user_id, 'mo2f_external_app_type', "Google Authenticator" );
154
+ global $Mo2fdbQueries;//might not need this
155
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Google Authenticator') );
156
+ }
157
+ }else{
158
+ if ( ! MO2f_Utility::is_curl_installed() ) {
159
+ return $this->get_curl_error_message();
160
+ }
161
+
162
+
163
+ $url = MO_HOST_NAME . '/moas/api/auth/validate-google-auth-secret';
164
+ $mo2fApi= new Mo2f_Api();
165
+
166
+ $customerKey = get_option( 'mo2f_customerKey' );
167
+ $field_string = array(
168
+ 'customerKey' => $customerKey,
169
+ 'username' => $useremail,
170
+ 'secret' => $secret,
171
+ 'otpToken' => $otptoken,
172
+ 'authenticatorType' => 'GOOGLE AUTHENTICATOR',
173
+ );
174
+
175
+ $http_header_array = $mo2fApi->get_http_header_array();
176
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
177
+ }
178
+
179
+ return $content;
180
+ }
181
+
182
+ }
183
+
184
  ?>
api/class-two-factor-setup.php CHANGED
@@ -1,197 +1,197 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Two_Factor_Setup {
29
-
30
- public $email;
31
- private $auth_mode = 2; // miniorange test or not
32
- private $https_mode = false; // website http or https
33
- function check_mobile_status( $tId ) {
34
-
35
- if ( ! MO2f_Utility::is_curl_installed() ) {
36
- return $this->get_curl_error_message();
37
- }
38
-
39
- $url = MO_HOST_NAME . '/moas/api/auth/auth-status';
40
- $fields = array(
41
- 'txId' => $tId
42
- );
43
- $mo2fApi= new Mo2f_Api();
44
- $http_header_array = $mo2fApi->get_http_header_array();
45
-
46
- return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
47
- }
48
-
49
-
50
- function get_curl_error_message() {
51
- $message = mo2f_lt( 'Please enable curl extension.' ) .
52
- ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
53
- mo2f_lt( 'Click here' ) .
54
- ' </a> ' .
55
- mo2f_lt( 'for the steps to enable curl.' );
56
-
57
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
58
- }
59
-
60
- function register_mobile( $useremail ) {
61
-
62
- if ( ! MO2f_Utility::is_curl_installed() ) {
63
- return $this->get_curl_error_message();
64
- }
65
-
66
- $url = MO_HOST_NAME . '/moas/api/auth/register-mobile';
67
- $customerKey = get_option( 'mo2f_customerKey' );
68
- $fields = array(
69
- 'customerId' => $customerKey,
70
- 'username' => $useremail
71
- );
72
- $mo2fApi= new Mo2f_Api();
73
-
74
- $http_header_array = $mo2fApi->get_http_header_array();
75
-
76
- return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
77
- }
78
-
79
- function mo_check_user_already_exist( $email ) {
80
-
81
- if ( ! MO2f_Utility::is_curl_installed() ) {
82
- return $this->get_curl_error_message();
83
- }
84
-
85
- $url = MO_HOST_NAME . '/moas/api/admin/users/search';
86
- $customerKey = get_option( 'mo2f_customerKey' );
87
- $fields = array(
88
- 'customerKey' => $customerKey,
89
- 'username' => $email,
90
- );
91
- $mo2fApi= new Mo2f_Api();
92
- $http_header_array = $mo2fApi->get_http_header_array();
93
-
94
- return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
95
- }
96
-
97
- function mo_create_user( $currentuser, $email ) {
98
-
99
- if ( ! MO2f_Utility::is_curl_installed() ) {
100
- return $this->get_curl_error_message();
101
- }
102
-
103
- $url = MO_HOST_NAME . '/moas/api/admin/users/create';
104
- $customerKey = get_option( 'mo2f_customerKey' );
105
- $fields = array(
106
- 'customerKey' => $customerKey,
107
- 'username' => $email,
108
- 'firstName' => $currentuser->user_firstname,
109
- 'lastName' => $currentuser->user_lastname
110
- );
111
- $mo2fApi= new Mo2f_Api();
112
- $http_header_array = $mo2fApi->get_http_header_array();
113
-
114
- return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
115
- }
116
-
117
- function mo2f_get_userinfo( $email ) {
118
-
119
- if ( ! MO2f_Utility::is_curl_installed() ) {
120
- return $this->get_curl_error_message();
121
- }
122
-
123
- $url = MO_HOST_NAME . '/moas/api/admin/users/get';
124
- $customerKey = get_option( 'mo2f_customerKey' );
125
- $fields = array(
126
- 'customerKey' => $customerKey,
127
- 'username' => $email,
128
- );
129
- $mo2fApi= new Mo2f_Api();
130
- $http_header_array = $mo2fApi->get_http_header_array();
131
-
132
- return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
133
- }
134
-
135
- function mo2f_update_userinfo( $email, $authType, $phone, $tname, $enableAdminSecondFactor ) {
136
- $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS', 'SOFT TOKEN');
137
- if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
138
- $response=json_encode(array("status"=>'SUCCESS'));
139
- }else {
140
-
141
- if ( ! MO2f_Utility::is_curl_installed() ) {
142
- return $this->get_curl_error_message();
143
- }
144
-
145
- $url = MO_HOST_NAME . '/moas/api/admin/users/update';
146
- $customerKey = get_option( 'mo2f_customerKey' );
147
-
148
-
149
- $fields = array(
150
- 'customerKey' => $customerKey,
151
- 'username' => $email,
152
- 'phone' => $phone,
153
- 'authType' => $authType,
154
- 'transactionName' => $tname,
155
- 'adminLoginSecondFactor' => $enableAdminSecondFactor
156
- );
157
-
158
- $mo2fApi = new Mo2f_Api();
159
-
160
- $http_header_array = $mo2fApi->get_http_header_array();
161
-
162
- $response = $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
163
- }
164
- return $response;
165
- }
166
-
167
- function register_kba_details( $email, $question1, $answer1, $question2, $answer2, $question3, $answer3, $user_id=null ) {
168
-
169
- if(MO2F_IS_ONPREM){
170
- $answer1 = md5($answer1);
171
- $answer2 = md5($answer2);
172
- $answer3 = md5($answer3);
173
- $question_answer = array($question1 => $answer1 ,$question2 => $answer2 , $question3 => $answer3 );
174
- update_user_meta( $user_id , 'mo2f_kba_challenge', $question_answer );
175
- global $Mo2fdbQueries;
176
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Security Questions') );
177
- $response=json_encode(array("status"=>'SUCCESS'));
178
- }else {
179
- if ( ! MO2f_Utility::is_curl_installed() ) {
180
- return $this->get_curl_error_message();
181
- }
182
-
183
- $url = MO_HOST_NAME . '/moas/api/auth/register';
184
- $customerKey = get_option( 'mo2f_customerKey' );
185
- $q_and_a_list = "[{\"question\":\"" . $question1 . "\",\"answer\":\"" . $answer1 . "\" },{\"question\":\"" . $question2 . "\",\"answer\":\"" . $answer2 . "\" },{\"question\":\"" . $question3 . "\",\"answer\":\"" . $answer3 . "\" }]";
186
- $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"username\":\"" . $email . "\",\"questionAnswerList\":" . $q_and_a_list . "}";
187
-
188
- $mo2fApi = new Mo2f_Api();
189
- $http_header_array = $mo2fApi->get_http_header_array();
190
-
191
- $response= $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
192
- }
193
- return $response;
194
-
195
- }
196
- }
197
-
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Two_Factor_Setup {
29
+
30
+ public $email;
31
+ private $auth_mode = 2; // miniorange test or not
32
+ private $https_mode = false; // website http or https
33
+ function check_mobile_status( $tId ) {
34
+
35
+ if ( ! MO2f_Utility::is_curl_installed() ) {
36
+ return $this->get_curl_error_message();
37
+ }
38
+
39
+ $url = MO_HOST_NAME . '/moas/api/auth/auth-status';
40
+ $fields = array(
41
+ 'txId' => $tId
42
+ );
43
+ $mo2fApi= new Mo2f_Api();
44
+ $http_header_array = $mo2fApi->get_http_header_array();
45
+
46
+ return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
47
+ }
48
+
49
+
50
+ function get_curl_error_message() {
51
+ $message = mo2f_lt( 'Please enable curl extension.' ) .
52
+ ' <a href="admin.php?page=mo_2fa_troubleshooting">' .
53
+ mo2f_lt( 'Click here' ) .
54
+ ' </a> ' .
55
+ mo2f_lt( 'for the steps to enable curl.' );
56
+
57
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
58
+ }
59
+
60
+ function register_mobile( $useremail ) {
61
+
62
+ if ( ! MO2f_Utility::is_curl_installed() ) {
63
+ return $this->get_curl_error_message();
64
+ }
65
+
66
+ $url = MO_HOST_NAME . '/moas/api/auth/register-mobile';
67
+ $customerKey = get_option( 'mo2f_customerKey' );
68
+ $fields = array(
69
+ 'customerId' => $customerKey,
70
+ 'username' => $useremail
71
+ );
72
+ $mo2fApi= new Mo2f_Api();
73
+
74
+ $http_header_array = $mo2fApi->get_http_header_array();
75
+
76
+ return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
77
+ }
78
+
79
+ function mo_check_user_already_exist( $email ) {
80
+
81
+ if ( ! MO2f_Utility::is_curl_installed() ) {
82
+ return $this->get_curl_error_message();
83
+ }
84
+
85
+ $url = MO_HOST_NAME . '/moas/api/admin/users/search';
86
+ $customerKey = get_option( 'mo2f_customerKey' );
87
+ $fields = array(
88
+ 'customerKey' => $customerKey,
89
+ 'username' => $email,
90
+ );
91
+ $mo2fApi= new Mo2f_Api();
92
+ $http_header_array = $mo2fApi->get_http_header_array();
93
+
94
+ return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
95
+ }
96
+
97
+ function mo_create_user( $currentuser, $email ) {
98
+
99
+ if ( ! MO2f_Utility::is_curl_installed() ) {
100
+ return $this->get_curl_error_message();
101
+ }
102
+
103
+ $url = MO_HOST_NAME . '/moas/api/admin/users/create';
104
+ $customerKey = get_option( 'mo2f_customerKey' );
105
+ $fields = array(
106
+ 'customerKey' => $customerKey,
107
+ 'username' => $email,
108
+ 'firstName' => $currentuser->user_firstname,
109
+ 'lastName' => $currentuser->user_lastname
110
+ );
111
+ $mo2fApi= new Mo2f_Api();
112
+ $http_header_array = $mo2fApi->get_http_header_array();
113
+
114
+ return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
115
+ }
116
+
117
+ function mo2f_get_userinfo( $email ) {
118
+
119
+ if ( ! MO2f_Utility::is_curl_installed() ) {
120
+ return $this->get_curl_error_message();
121
+ }
122
+
123
+ $url = MO_HOST_NAME . '/moas/api/admin/users/get';
124
+ $customerKey = get_option( 'mo2f_customerKey' );
125
+ $fields = array(
126
+ 'customerKey' => $customerKey,
127
+ 'username' => $email,
128
+ );
129
+ $mo2fApi= new Mo2f_Api();
130
+ $http_header_array = $mo2fApi->get_http_header_array();
131
+
132
+ return $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
133
+ }
134
+
135
+ function mo2f_update_userinfo( $email, $authType, $phone, $tname, $enableAdminSecondFactor ) {
136
+ $cloud_methods = array('MOBILE AUTHENTICATION','PUSH NOTIFICATIONS','SMS', 'SOFT TOKEN');
137
+ if(MO2F_IS_ONPREM and !in_array($authType, $cloud_methods)){
138
+ $response=json_encode(array("status"=>'SUCCESS'));
139
+ }else {
140
+
141
+ if ( ! MO2f_Utility::is_curl_installed() ) {
142
+ return $this->get_curl_error_message();
143
+ }
144
+
145
+ $url = MO_HOST_NAME . '/moas/api/admin/users/update';
146
+ $customerKey = get_option( 'mo2f_customerKey' );
147
+
148
+
149
+ $fields = array(
150
+ 'customerKey' => $customerKey,
151
+ 'username' => $email,
152
+ 'phone' => $phone,
153
+ 'authType' => $authType,
154
+ 'transactionName' => $tname,
155
+ 'adminLoginSecondFactor' => $enableAdminSecondFactor
156
+ );
157
+
158
+ $mo2fApi = new Mo2f_Api();
159
+
160
+ $http_header_array = $mo2fApi->get_http_header_array();
161
+
162
+ $response = $mo2fApi->make_curl_call( $url, $fields, $http_header_array );
163
+ }
164
+ return $response;
165
+ }
166
+
167
+ function register_kba_details( $email, $question1, $answer1, $question2, $answer2, $question3, $answer3, $user_id=null ) {
168
+
169
+ if(MO2F_IS_ONPREM){
170
+ $answer1 = md5($answer1);
171
+ $answer2 = md5($answer2);
172
+ $answer3 = md5($answer3);
173
+ $question_answer = array($question1 => $answer1 ,$question2 => $answer2 , $question3 => $answer3 );
174
+ update_user_meta( $user_id , 'mo2f_kba_challenge', $question_answer );
175
+ global $Mo2fdbQueries;
176
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'Security Questions') );
177
+ $response=json_encode(array("status"=>'SUCCESS'));
178
+ }else {
179
+ if ( ! MO2f_Utility::is_curl_installed() ) {
180
+ return $this->get_curl_error_message();
181
+ }
182
+
183
+ $url = MO_HOST_NAME . '/moas/api/auth/register';
184
+ $customerKey = get_option( 'mo2f_customerKey' );
185
+ $q_and_a_list = "[{\"question\":\"" . $question1 . "\",\"answer\":\"" . $answer1 . "\" },{\"question\":\"" . $question2 . "\",\"answer\":\"" . $answer2 . "\" },{\"question\":\"" . $question3 . "\",\"answer\":\"" . $answer3 . "\" }]";
186
+ $field_string = "{\"customerKey\":\"" . $customerKey . "\",\"username\":\"" . $email . "\",\"questionAnswerList\":" . $q_and_a_list . "}";
187
+
188
+ $mo2fApi = new Mo2f_Api();
189
+ $http_header_array = $mo2fApi->get_http_header_array();
190
+
191
+ $response= $mo2fApi->make_curl_call( $url, $field_string, $http_header_array );
192
+ }
193
+ return $response;
194
+
195
+ }
196
+ }
197
+
api/mo2f_api.php CHANGED
@@ -1,72 +1,72 @@
1
- <?php
2
-
3
- class Mo2f_Api
4
- {
5
-
6
- public function mo2f_wp_remote_post($url, $args = array()){
7
- $response = wp_remote_post($url, $args);
8
- if(!is_wp_error($response)){
9
- return $response['body'];
10
- } else {
11
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
12
-
13
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
14
- }
15
- }
16
-
17
- function get_timestamp() {
18
-
19
- $currentTimeInMillis = round( microtime( true ) * 1000 );
20
- $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
21
-
22
- return $currentTimeInMillis ;
23
- }
24
-
25
- function make_curl_call( $url, $fields, $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic")) {
26
-
27
- if ( gettype( $fields ) !== 'string' ) {
28
- $fields = json_encode( $fields );
29
- }
30
-
31
- $args = array(
32
- 'method' => 'POST',
33
- 'body' => $fields,
34
- 'timeout' => '5',
35
- 'redirection' => '5',
36
- 'sslverify' =>true,
37
- 'httpversion' => '1.0',
38
- 'blocking' => true,
39
- 'headers' => $http_header_array
40
- );
41
-
42
- // 'sslverify' => true,//MO_TEST_MODE ? false: true
43
- //wp_remote_retrieve_body
44
-
45
- $response = Mo2f_Api::mo2f_wp_remote_post($url, $args);
46
- return $response;
47
-
48
- }
49
-
50
- function get_http_header_array() {
51
-
52
- $customerKey = get_option( 'mo2f_customerKey' );
53
- $apiKey = get_option( 'mo2f_api_key' );
54
-
55
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
56
- $currentTimeInMillis = Mo2f_Api::get_timestamp();
57
-
58
- /* Creating the Hash using SHA-512 algorithm */
59
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;;
60
- $hashValue = hash( "sha512", $stringToHash );
61
-
62
- $headers = array(
63
- "Content-Type" => "application/json",
64
- "Customer-Key" => $customerKey,
65
- "Timestamp" => $currentTimeInMillis,
66
- "Authorization" => $hashValue
67
- );
68
-
69
- return $headers;
70
- }
71
-
72
  }
1
+ <?php
2
+
3
+ class Mo2f_Api
4
+ {
5
+
6
+ public function mo2f_wp_remote_post($url, $args = array()){
7
+ $response = wp_remote_post($url, $args);
8
+ if(!is_wp_error($response)){
9
+ return $response['body'];
10
+ } else {
11
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
12
+
13
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
14
+ }
15
+ }
16
+
17
+ function get_timestamp() {
18
+
19
+ $currentTimeInMillis = round( microtime( true ) * 1000 );
20
+ $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
21
+
22
+ return $currentTimeInMillis ;
23
+ }
24
+
25
+ function make_curl_call( $url, $fields, $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic")) {
26
+
27
+ if ( gettype( $fields ) !== 'string' ) {
28
+ $fields = json_encode( $fields );
29
+ }
30
+
31
+ $args = array(
32
+ 'method' => 'POST',
33
+ 'body' => $fields,
34
+ 'timeout' => '5',
35
+ 'redirection' => '5',
36
+ 'sslverify' =>true,
37
+ 'httpversion' => '1.0',
38
+ 'blocking' => true,
39
+ 'headers' => $http_header_array
40
+ );
41
+
42
+ // 'sslverify' => true,//MO_TEST_MODE ? false: true
43
+ //wp_remote_retrieve_body
44
+
45
+ $response = Mo2f_Api::mo2f_wp_remote_post($url, $args);
46
+ return $response;
47
+
48
+ }
49
+
50
+ function get_http_header_array() {
51
+
52
+ $customerKey = get_option( 'mo2f_customerKey' );
53
+ $apiKey = get_option( 'mo2f_api_key' );
54
+
55
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
56
+ $currentTimeInMillis = Mo2f_Api::get_timestamp();
57
+
58
+ /* Creating the Hash using SHA-512 algorithm */
59
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;;
60
+ $hashValue = hash( "sha512", $stringToHash );
61
+
62
+ $headers = array(
63
+ "Content-Type" => "application/json",
64
+ "Customer-Key" => $customerKey,
65
+ "Timestamp" => $currentTimeInMillis,
66
+ "Authorization" => $hashValue
67
+ );
68
+
69
+ return $headers;
70
+ }
71
+
72
  }
controllers/PointersManager.php CHANGED
@@ -1,54 +1,54 @@
1
- <?php
2
-
3
- class Mo2FAPointersManager {
4
-
5
- private $pfile;
6
- private $version;
7
- private $prefix;
8
- private $pointers = array();
9
-
10
- public function __construct( $file, $version, $prefix ) {
11
- $this->pfile = file_exists( $file ) ? $file : FALSE;
12
- $this->version = str_replace( '.', '_', $version );
13
- $this->prefix = $prefix;
14
- }
15
-
16
- public function parse() {
17
- if ( empty( $this->pfile ) ) return;
18
- $pointers = (array) require_once $this->pfile;
19
- if ( empty($pointers) ) return;
20
- foreach ( $pointers as $i => $pointer ) {
21
- if(is_array($pointer)){
22
- $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
- $this->pointers[$pointer['id']] = (object) $pointer;
24
- }
25
- }
26
- }
27
-
28
- public function filter( $page ) {
29
- if ( empty( $this->pointers ) ) return array();
30
- $uid = get_current_user_id();
31
- $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
-
33
- $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
-
35
-
36
- $good = array();
37
-
38
- foreach( $this->pointers as $i => $pointer ) {
39
- if (
40
- in_array( $i, $active_ids, TRUE ) // is active
41
- && isset( $pointer->where ) // has where
42
- && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
- ) {
44
- $good[] = $pointer;
45
- }
46
- }
47
- $count = count( $good );
48
- if ( $good === 0 ) return array();
49
- foreach( array_values( $good ) as $i => $pointer ) {
50
- $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
- }
52
- return $good;
53
- }
54
  }
1
+ <?php
2
+
3
+ class Mo2FAPointersManager {
4
+
5
+ private $pfile;
6
+ private $version;
7
+ private $prefix;
8
+ private $pointers = array();
9
+
10
+ public function __construct( $file, $version, $prefix ) {
11
+ $this->pfile = file_exists( $file ) ? $file : FALSE;
12
+ $this->version = str_replace( '.', '_', $version );
13
+ $this->prefix = $prefix;
14
+ }
15
+
16
+ public function parse() {
17
+ if ( empty( $this->pfile ) ) return;
18
+ $pointers = (array) require_once $this->pfile;
19
+ if ( empty($pointers) ) return;
20
+ foreach ( $pointers as $i => $pointer ) {
21
+ if(is_array($pointer)){
22
+ $pointer['id'] = "{$this->prefix}{$this->version}_{$i}";
23
+ $this->pointers[$pointer['id']] = (object) $pointer;
24
+ }
25
+ }
26
+ }
27
+
28
+ public function filter( $page ) {
29
+ if ( empty( $this->pointers ) ) return array();
30
+ $uid = get_current_user_id();
31
+ $visited = explode( ',', (string) get_user_meta( $uid, 'mo2f_visited_pointers', TRUE ) );
32
+
33
+ $active_ids = array_diff( array_keys( $this->pointers ), $visited );
34
+
35
+
36
+ $good = array();
37
+
38
+ foreach( $this->pointers as $i => $pointer ) {
39
+ if (
40
+ in_array( $i, $active_ids, TRUE ) // is active
41
+ && isset( $pointer->where ) // has where
42
+ && in_array( $page, (array) $pointer->where, TRUE ) // current page is in where
43
+ ) {
44
+ $good[] = $pointer;
45
+ }
46
+ }
47
+ $count = count( $good );
48
+ if ( $good === 0 ) return array();
49
+ foreach( array_values( $good ) as $i => $pointer ) {
50
+ $good[$i]->next = $i+1 < $count ? $good[$i+1]->id : '';
51
+ }
52
+ return $good;
53
+ }
54
  }
controllers/account.php CHANGED
@@ -1,303 +1,303 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName,$Mo2fdbQueries;
4
-
5
- if(isset($_POST['option']))
6
- {
7
- $option = trim($_POST['option']);
8
- switch($option)
9
- {
10
- case "mo_wpns_register_customer":
11
- _register_customer($_POST); break;
12
- case "mo_wpns_verify_customer":
13
- _verify_customer($_POST); break;
14
- case "mo_wpns_cancel":
15
- _revert_back_registration(); break;
16
- case "mo_wpns_reset_password":
17
- _reset_password(); break;
18
- case "mo2f_goto_verifycustomer":
19
- _goto_sign_in_page(); break;
20
- }
21
- }
22
-
23
- $user = wp_get_current_user();
24
- $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
25
-
26
- if((get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_SUCCESS'
27
- || get_option('mo_wpns_registration_status') == 'MO_OTP_VALIDATION_FAILURE'
28
- || get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_FAILURE') && in_array($mo2f_current_registration_status, array("MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE")))
29
- {
30
- $admin_phone = get_option('mo_wpns_admin_phone') ? get_option('mo_wpns_admin_phone') : "";
31
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'verify.php';
32
- }
33
- else if ((get_option ( 'mo_wpns_verify_customer' ) == 'true' || (get_option('mo2f_email') && !get_option('mo2f_customerKey'))) && $mo2f_current_registration_status == "MO_2_FACTOR_VERIFY_CUSTOMER")
34
- {
35
- $admin_email = get_option('mo2f_email') ? get_option('mo2f_email') : "";
36
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'login.php';
37
- }
38
- else if (! $moWpnsUtility->icr())
39
- {
40
- delete_option ( 'password_mismatch' );
41
- update_option ( 'mo_wpns_new_registration', 'true' );
42
- update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
43
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'register.php';
44
- }
45
- else
46
- {
47
- $email = get_option('mo2f_email');
48
- $key = get_option('mo2f_customerKey');
49
- $api = get_option('mo2f_api_key');
50
- $token = get_option('mo2f_customer_token');
51
- $EmailTransactions = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
52
- $EmailTransactions = $EmailTransactions? $EmailTransactions : 0;
53
- $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
54
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'profile.php';
55
- }
56
-
57
- /* REGISTRATION RELATED FUNCTIONS */
58
-
59
- //Function to register new customer
60
- function _register_customer($post)
61
- {
62
- //validate and sanitize
63
- global $moWpnsUtility, $Mo2fdbQueries;
64
- $user = wp_get_current_user();
65
- $email = sanitize_email($post['email']);
66
- $company = $_SERVER["SERVER_NAME"];
67
-
68
- $password = sanitize_text_field($post['password']);
69
- $confirmPassword = sanitize_text_field($post['confirmPassword']);
70
-
71
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
72
- {
73
- do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_LENGTH'),'ERROR');
74
- return;
75
- }
76
-
77
- if( $password != $confirmPassword )
78
- {
79
- do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_MISMATCH'),'ERROR');
80
- return;
81
- }
82
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
83
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
84
- {
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
86
- return;
87
- }
88
-
89
- update_option( 'mo2f_email', $email );
90
-
91
- update_option( 'mo_wpns_company' , $company );
92
-
93
- update_option( 'mo_wpns_password' , $password );
94
-
95
- $customer = new MocURL();
96
- $content = json_decode($customer->check_customer($email), true);
97
- $Mo2fdbQueries->insert_user( $user->ID );
98
- switch ($content['status'])
99
- {
100
- case 'CUSTOMER_NOT_FOUND':
101
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
102
-
103
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
104
- {
105
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
106
- update_option( 'mo2f_email', $email );
107
- save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
108
- _get_current_customer($email,$password);
109
- }
110
-
111
- break;
112
- default:
113
- _get_current_customer($email,$password);
114
- break;
115
- }
116
-
117
- }
118
-
119
-
120
- function _goto_sign_in_page(){
121
- global $Mo2fdbQueries;
122
- $user = wp_get_current_user();
123
- update_option('mo_wpns_verify_customer','true');
124
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
125
- }
126
-
127
- //Function to go back to the registration page
128
- function _revert_back_registration()
129
- {
130
- global $Mo2fdbQueries;
131
- $user = wp_get_current_user();
132
- delete_option('mo2f_email');
133
- delete_option('mo_wpns_registration_status');
134
- delete_option('mo_wpns_verify_customer');
135
- update_option('mo_2factor_user_registration_status','');
136
- }
137
-
138
-
139
- //Function to reset customer's password
140
- function _reset_password()
141
- {
142
- $customer = new MocURL();
143
- $forgot_password_response = json_decode($customer->mo_wpns_forgot_password());
144
- if($forgot_password_response->status == 'SUCCESS')
145
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RESET_PASS'),'SUCCESS');
146
- }
147
-
148
-
149
- //Function to verify customer
150
- function _verify_customer($post)
151
- {
152
- global $moWpnsUtility;
153
- $email = sanitize_email( $post['email'] );
154
- $password = sanitize_text_field( $post['password'] );
155
-
156
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
157
- {
158
- do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
159
- return;
160
- }
161
- _get_current_customer($email,$password);
162
- }
163
-
164
-
165
- //Function to get customer details
166
- function _get_current_customer($email,$password)
167
- {
168
- global $Mo2fdbQueries;
169
- $user = wp_get_current_user();
170
- $customer = new MocURL();
171
- $content = $customer->get_customer_key($email, $password);
172
- $customerKey = json_decode($content, true);
173
- if(json_last_error() == JSON_ERROR_NONE)
174
- {
175
- if(isset($customerKey['phone'])){
176
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
177
- }
178
- update_option('mo2f_email',$email);
179
-
180
- save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
182
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
183
- $customerT = new Customer_Cloud_Setup();
184
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
185
- if($content['status'] == 'SUCCESS')
186
- {
187
- update_site_option('mo2f_license_type','PREMIUM');
188
- }
189
- else
190
- {
191
- update_site_option('mo2f_license_type','DEMO');
192
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
193
- }
194
- if(isset($content['smsRemaining']))
195
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
196
- else if($content['status'] =='SUCCESS')
197
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
198
-
199
- if(isset($content['emailRemaining']))
200
- {
201
- if($content['emailRemaining']>30)
202
- {
203
- $currentTransaction = $content['emailRemaining'];
204
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
205
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
206
- }
207
- else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
208
- {
209
- update_site_option('cmVtYWluaW5nT1RQ',30);
210
- }
211
- }
212
-
213
- }
214
- else
215
- {
216
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
217
- update_option('mo_wpns_verify_customer', 'true');
218
- delete_option('mo_wpns_new_registration');
219
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ACCOUNT_EXISTS'),'ERROR');
220
- }
221
- }
222
-
223
-
224
- //Save all required fields on customer registration/retrieval complete.
225
- function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
226
- {
227
- global $Mo2fdbQueries;
228
-
229
- $user = wp_get_current_user();
230
- update_option( 'mo2f_customerKey' , $id );
231
- update_option( 'mo2f_api_key' , $apiKey );
232
- update_option( 'mo2f_customer_token' , $token );
233
- update_option( 'mo2f_app_secret' , $appSecret );
234
- update_option( 'mo_wpns_enable_log_requests' , true );
235
- update_option( 'mo2f_miniorange_admin', $user->ID );
236
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
237
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
238
-
239
- $Mo2fdbQueries->update_user_details( $user->ID, array(
240
- 'mo2f_user_email' => $email,
241
- 'user_registration_with_miniorange' => 'SUCCESS'
242
- ) );
243
- $enduser = new Two_Factor_Setup();
244
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
245
-
246
- $mo2f_second_factor = 'NONE';
247
- if ( json_last_error() == JSON_ERROR_NONE) {
248
- if ( $userinfo['status'] == 'SUCCESS' ) {
249
- $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
250
- }
251
- }
252
- $configured_2FA_method='';
253
- if( $mo2f_second_factor == 'EMAIL'){
254
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
255
- $configured_2FA_method = 'NONE';
256
- }else if ( $mo2f_second_factor != 'NONE' ) {
257
- $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
258
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
259
- $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
260
- } else {
261
- if ( in_array( $configured_2FA_method, array(
262
- 'Email Verification',
263
- 'Authy Authenticator',
264
- 'OTP over SMS'
265
- ) ) ) {
266
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
267
- }
268
- }
269
- }
270
-
271
- $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
272
- if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
273
- $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '. ';
274
- }
275
- $mo2f_message .= '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
276
-
277
- delete_user_meta( $user->ID, 'register_account' );
278
-
279
- $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
280
- if ( ! empty( $mo2f_customer_selected_plan ) ) {
281
- delete_option( 'mo2f_customer_selected_plan' );
282
-
283
- if (MoWpnsUtility::get_mo2f_db_option('mo2f_planname', 'get_option') == 'addon_plan')
284
- {
285
- ?><script>window.location.href="admin.php?page=mo_2fa_addons";</script><?php
286
- }
287
- else
288
- {
289
- ?><script>window.location.href="admin.php?page=mo_2fa_upgrade";</script><?php
290
- }
291
-
292
- } else if ( $mo2f_second_factor == 'NONE' ) {
293
- if(get_user_meta( $user->ID, 'register_account_popup', true)){
294
- update_user_meta( $user->ID, 'configure_2FA', 1 );
295
- }
296
- }
297
-
298
- update_option( 'mo2f_message', $mo2f_message );
299
- delete_user_meta( $user->ID, 'register_account_popup' );
300
- delete_option( 'mo_wpns_verify_customer' );
301
- delete_option( 'mo_wpns_registration_status' );
302
- delete_option( 'mo_wpns_password' );
303
- }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName,$Mo2fdbQueries;
4
+
5
+ if(isset($_POST['option']))
6
+ {
7
+ $option = trim($_POST['option']);
8
+ switch($option)
9
+ {
10
+ case "mo_wpns_register_customer":
11
+ _register_customer($_POST); break;
12
+ case "mo_wpns_verify_customer":
13
+ _verify_customer($_POST); break;
14
+ case "mo_wpns_cancel":
15
+ _revert_back_registration(); break;
16
+ case "mo_wpns_reset_password":
17
+ _reset_password(); break;
18
+ case "mo2f_goto_verifycustomer":
19
+ _goto_sign_in_page(); break;
20
+ }
21
+ }
22
+
23
+ $user = wp_get_current_user();
24
+ $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
25
+
26
+ if((get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_SUCCESS'
27
+ || get_option('mo_wpns_registration_status') == 'MO_OTP_VALIDATION_FAILURE'
28
+ || get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_FAILURE') && in_array($mo2f_current_registration_status, array("MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE")))
29
+ {
30
+ $admin_phone = get_option('mo_wpns_admin_phone') ? get_option('mo_wpns_admin_phone') : "";
31
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'verify.php';
32
+ }
33
+ else if ((get_option ( 'mo_wpns_verify_customer' ) == 'true' || (get_option('mo2f_email') && !get_option('mo2f_customerKey'))) && $mo2f_current_registration_status == "MO_2_FACTOR_VERIFY_CUSTOMER")
34
+ {
35
+ $admin_email = get_option('mo2f_email') ? get_option('mo2f_email') : "";
36
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'login.php';
37
+ }
38
+ else if (! $moWpnsUtility->icr())
39
+ {
40
+ delete_option ( 'password_mismatch' );
41
+ update_option ( 'mo_wpns_new_registration', 'true' );
42
+ update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
43
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'register.php';
44
+ }
45
+ else
46
+ {
47
+ $email = get_option('mo2f_email');
48
+ $key = get_option('mo2f_customerKey');
49
+ $api = get_option('mo2f_api_key');
50
+ $token = get_option('mo2f_customer_token');
51
+ $EmailTransactions = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
52
+ $EmailTransactions = $EmailTransactions? $EmailTransactions : 0;
53
+ $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
54
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'profile.php';
55
+ }
56
+
57
+ /* REGISTRATION RELATED FUNCTIONS */
58
+
59
+ //Function to register new customer
60
+ function _register_customer($post)
61
+ {
62
+ //validate and sanitize
63
+ global $moWpnsUtility, $Mo2fdbQueries;
64
+ $user = wp_get_current_user();
65
+ $email = sanitize_email($post['email']);
66
+ $company = $_SERVER["SERVER_NAME"];
67
+
68
+ $password = sanitize_text_field($post['password']);
69
+ $confirmPassword = sanitize_text_field($post['confirmPassword']);
70
+
71
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
72
+ {
73
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_LENGTH'),'ERROR');
74
+ return;
75
+ }
76
+
77
+ if( $password != $confirmPassword )
78
+ {
79
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_MISMATCH'),'ERROR');
80
+ return;
81
+ }
82
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
83
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
84
+ {
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
86
+ return;
87
+ }
88
+
89
+ update_option( 'mo2f_email', $email );
90
+
91
+ update_option( 'mo_wpns_company' , $company );
92
+
93
+ update_option( 'mo_wpns_password' , $password );
94
+
95
+ $customer = new MocURL();
96
+ $content = json_decode($customer->check_customer($email), true);
97
+ $Mo2fdbQueries->insert_user( $user->ID );
98
+ switch ($content['status'])
99
+ {
100
+ case 'CUSTOMER_NOT_FOUND':
101
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
102
+
103
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
104
+ {
105
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
106
+ update_option( 'mo2f_email', $email );
107
+ save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
108
+ _get_current_customer($email,$password);
109
+ }
110
+
111
+ break;
112
+ default:
113
+ _get_current_customer($email,$password);
114
+ break;
115
+ }
116
+
117
+ }
118
+
119
+
120
+ function _goto_sign_in_page(){
121
+ global $Mo2fdbQueries;
122
+ $user = wp_get_current_user();
123
+ update_option('mo_wpns_verify_customer','true');
124
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
125
+ }
126
+
127
+ //Function to go back to the registration page
128
+ function _revert_back_registration()
129
+ {
130
+ global $Mo2fdbQueries;
131
+ $user = wp_get_current_user();
132
+ delete_option('mo2f_email');
133
+ delete_option('mo_wpns_registration_status');
134
+ delete_option('mo_wpns_verify_customer');
135
+ update_option('mo_2factor_user_registration_status','');
136
+ }
137
+
138
+
139
+ //Function to reset customer's password
140
+ function _reset_password()
141
+ {
142
+ $customer = new MocURL();
143
+ $forgot_password_response = json_decode($customer->mo_wpns_forgot_password());
144
+ if($forgot_password_response->status == 'SUCCESS')
145
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RESET_PASS'),'SUCCESS');
146
+ }
147
+
148
+
149
+ //Function to verify customer
150
+ function _verify_customer($post)
151
+ {
152
+ global $moWpnsUtility;
153
+ $email = sanitize_email( $post['email'] );
154
+ $password = sanitize_text_field( $post['password'] );
155
+
156
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
157
+ {
158
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
159
+ return;
160
+ }
161
+ _get_current_customer($email,$password);
162
+ }
163
+
164
+
165
+ //Function to get customer details
166
+ function _get_current_customer($email,$password)
167
+ {
168
+ global $Mo2fdbQueries;
169
+ $user = wp_get_current_user();
170
+ $customer = new MocURL();
171
+ $content = $customer->get_customer_key($email, $password);
172
+ $customerKey = json_decode($content, true);
173
+ if(json_last_error() == JSON_ERROR_NONE)
174
+ {
175
+ if(isset($customerKey['phone'])){
176
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
177
+ }
178
+ update_option('mo2f_email',$email);
179
+
180
+ save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
182
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
183
+ $customerT = new Customer_Cloud_Setup();
184
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
185
+ if($content['status'] == 'SUCCESS')
186
+ {
187
+ update_site_option('mo2f_license_type','PREMIUM');
188
+ }
189
+ else
190
+ {
191
+ update_site_option('mo2f_license_type','DEMO');
192
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
193
+ }
194
+ if(isset($content['smsRemaining']))
195
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
196
+ else if($content['status'] =='SUCCESS')
197
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
198
+
199
+ if(isset($content['emailRemaining']))
200
+ {
201
+ if($content['emailRemaining']>30)
202
+ {
203
+ $currentTransaction = $content['emailRemaining'];
204
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
205
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
206
+ }
207
+ else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
208
+ {
209
+ update_site_option('cmVtYWluaW5nT1RQ',30);
210
+ }
211
+ }
212
+
213
+ }
214
+ else
215
+ {
216
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
217
+ update_option('mo_wpns_verify_customer', 'true');
218
+ delete_option('mo_wpns_new_registration');
219
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ACCOUNT_EXISTS'),'ERROR');
220
+ }
221
+ }
222
+
223
+
224
+ //Save all required fields on customer registration/retrieval complete.
225
+ function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
226
+ {
227
+ global $Mo2fdbQueries;
228
+
229
+ $user = wp_get_current_user();
230
+ update_option( 'mo2f_customerKey' , $id );
231
+ update_option( 'mo2f_api_key' , $apiKey );
232
+ update_option( 'mo2f_customer_token' , $token );
233
+ update_option( 'mo2f_app_secret' , $appSecret );
234
+ update_option( 'mo_wpns_enable_log_requests' , true );
235
+ update_option( 'mo2f_miniorange_admin', $user->ID );
236
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
237
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
238
+
239
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
240
+ 'mo2f_user_email' => $email,
241
+ 'user_registration_with_miniorange' => 'SUCCESS'
242
+ ) );
243
+ $enduser = new Two_Factor_Setup();
244
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
245
+
246
+ $mo2f_second_factor = 'NONE';
247
+ if ( json_last_error() == JSON_ERROR_NONE) {
248
+ if ( $userinfo['status'] == 'SUCCESS' ) {
249
+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
250
+ }
251
+ }
252
+ $configured_2FA_method='';
253
+ if( $mo2f_second_factor == 'EMAIL'){
254
+ $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
255
+ $configured_2FA_method = 'NONE';
256
+ }else if ( $mo2f_second_factor != 'NONE' ) {
257
+ $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
258
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
259
+ $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
260
+ } else {
261
+ if ( in_array( $configured_2FA_method, array(
262
+ 'Email Verification',
263
+ 'Authy Authenticator',
264
+ 'OTP over SMS'
265
+ ) ) ) {
266
+ $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
267
+ }
268
+ }
269
+ }
270
+
271
+ $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
272
+ if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
273
+ $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '. ';
274
+ }
275
+ $mo2f_message .= '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
276
+
277
+ delete_user_meta( $user->ID, 'register_account' );
278
+
279
+ $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
280
+ if ( ! empty( $mo2f_customer_selected_plan ) ) {
281
+ delete_option( 'mo2f_customer_selected_plan' );
282
+
283
+ if (MoWpnsUtility::get_mo2f_db_option('mo2f_planname', 'get_option') == 'addon_plan')
284
+ {
285
+ ?><script>window.location.href="admin.php?page=mo_2fa_addons";</script><?php
286
+ }
287
+ else
288
+ {
289
+ ?><script>window.location.href="admin.php?page=mo_2fa_upgrade";</script><?php
290
+ }
291
+
292
+ } else if ( $mo2f_second_factor == 'NONE' ) {
293
+ if(get_user_meta( $user->ID, 'register_account_popup', true)){
294
+ update_user_meta( $user->ID, 'configure_2FA', 1 );
295
+ }
296
+ }
297
+
298
+ update_option( 'mo2f_message', $mo2f_message );
299
+ delete_user_meta( $user->ID, 'register_account_popup' );
300
+ delete_option( 'mo_wpns_verify_customer' );
301
+ delete_option( 'mo_wpns_registration_status' );
302
+ delete_option( 'mo_wpns_password' );
303
+ }
controllers/addons.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'addons.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'addons.php';
controllers/advanced-blocking.php CHANGED
@@ -1,186 +1,186 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_block_ip_range":
10
- wpns_handle_range_blocking($_POST); break;
11
- case "mo_wpns_browser_blocking":
12
- wpns_handle_browser_blocking($_POST); break;
13
- case "mo_wpns_enable_htaccess_blocking":
14
- wpns_handle_htaccess_blocking($_POST); break;
15
- case "mo_wpns_enable_user_agent_blocking":
16
- wpns_handle_user_agent_blocking($_POST); break;
17
- case "mo_wpns_block_countries":
18
- wpns_handle_country_block($_POST); break;
19
- case "mo_wpns_block_referrer":
20
- wpns_handle_block_referrer($_POST); break;
21
-
22
- }
23
- }
24
-
25
- $range_count = is_numeric(get_option('mo_wpns_iprange_count'))
26
- && intval(get_option('mo_wpns_iprange_count')) !=0 ? intval(get_option('mo_wpns_iprange_count')) : 1;
27
- $htaccess_block = get_option('mo_wpns_enable_htaccess_blocking') ? "checked" : "";
28
- $user_agent = get_option('mo_wpns_enable_user_agent_blocking') ? "checked" : "";
29
- $block_chrome = get_option('mo_wpns_block_chrome') ? "checked" : "";
30
- $block_ie = get_option('mo_wpns_block_ie') ? "checked" : "";
31
- $block_firefox = get_option('mo_wpns_block_firefox') ? "checked" : "";
32
- $block_safari = get_option('mo_wpns_block_safari') ? "checked" : "";
33
- $block_opera = get_option('mo_wpns_block_opera') ? "checked" : "";
34
- $block_edge = get_option('mo_wpns_block_edge') ? "checked" : "";
35
- $country = MoWpnsConstants::$country;
36
- $codes = get_option( "mo_wpns_countrycodes");
37
- $referrers = get_option( 'mo_wpns_referrers');
38
- $referrers = explode(";",$referrers);
39
- $current_browser= $moWpnsUtility->getCurrentBrowser();
40
- $start = array();
41
- $end = array();
42
- for($i = 1 ; $i <= $range_count ; $i++){
43
- $ip_range = get_option("mo_wpns_iprange_range_".$i);
44
- if($ip_range){
45
- $a = explode('-', $ip_range);
46
-
47
- $start[$i] = $a[0];
48
- $end[$i] = $a[1];
49
- }
50
-
51
- }
52
- if(!isset($start[1])){
53
- $start[1] = '';
54
- }
55
- if(!isset($end[1])){
56
- $end[1] = '';
57
- }
58
-
59
- switch($current_browser)
60
- {
61
- case "chrome":
62
- $block_chrome = 'disabled'; break;
63
- case "ie":
64
- $block_ie = 'disabled'; break;
65
- case "firefox":
66
- $block_firefox= 'disabled'; break;
67
- case "safari":
68
- $block_safari = 'disabled'; break;
69
- case "edge":
70
- $block_edge = 'disabled'; break;
71
- case "opera":
72
- $block_opera = 'disabled'; break;
73
- }
74
-
75
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'advanced-blocking.php';
76
-
77
-
78
- /* ADVANCD BLOCKING FUNCTIONS */
79
-
80
- //Function to save range of ips
81
- function wpns_handle_range_blocking($postedValue)
82
- {
83
- $flag=0;
84
- $max_allowed_ranges = 100;
85
- $added_mappings_ranges = 0 ;
86
- for($i=1;$i<=$max_allowed_ranges;$i++){
87
- if(isset($postedValue['start_'.$i]) && isset($postedValue['end_'.$i]) && !empty($postedValue['start_'.$i]) && !empty($postedValue['end_'.$i])){
88
-
89
- $postedValue['start_'.$i] = sanitize_text_field($postedValue['start_'.$i]);
90
- $postedValue['end_'.$i] = sanitize_text_field($postedValue['end_'.$i]);
91
-
92
- if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
93
- $range = '';
94
- $range = $postedValue['start_'.$i];
95
- $range .= '-';
96
- $range .= $postedValue['end_'.$i];
97
- $added_mappings_ranges++;
98
- update_option( 'mo_wpns_iprange_range_'.$added_mappings_ranges, $range );
99
-
100
- }
101
- else{
102
- $flag = 1;
103
- do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_IP'),'ERROR');
104
- return;
105
- }
106
- }
107
- }
108
-
109
-
110
- if($added_mappings_ranges==0)
111
- update_option( 'mo_wpns_iprange_range_1','');
112
- update_option( 'mo_wpns_iprange_count', $added_mappings_ranges);
113
- if($flag == 0){
114
- do_action('wpns_show_message',MoWpnsMessages::showMessage('IP_PERMANENTLY_BLOCKED'),'SUCCESS');
115
- }
116
- }
117
-
118
- //Function to handle browser blocking
119
- function wpns_handle_browser_blocking($postedValue)
120
- {
121
- isset($postedValue['mo_wpns_block_chrome']) ? update_option( 'mo_wpns_block_chrome' , $postedValue['mo_wpns_block_chrome'] ) : update_option( 'mo_wpns_block_chrome' , false );
122
- isset($postedValue['mo_wpns_block_firefox']) ? update_option( 'mo_wpns_block_firefox' , $postedValue['mo_wpns_block_firefox'] ) : update_option( 'mo_wpns_block_firefox' , false );
123
- isset($postedValue['mo_wpns_block_ie']) ? update_option( 'mo_wpns_block_ie' , $postedValue['mo_wpns_block_ie'] ) : update_option( 'mo_wpns_block_ie' , false );
124
- isset($postedValue['mo_wpns_block_safari']) ? update_option( 'mo_wpns_block_safari' , $postedValue['mo_wpns_block_safari'] ) : update_option( 'mo_wpns_block_safari' , false );
125
- isset($postedValue['mo_wpns_block_opera']) ? update_option( 'mo_wpns_block_opera' , $postedValue['mo_wpns_block_opera'] ) : update_option( 'mo_wpns_block_opera' , false );
126
- isset($postedValue['mo_wpns_block_edge']) ? update_option( 'mo_wpns_block_edge' , $postedValue['mo_wpns_block_edge'] ) : update_option( 'mo_wpns_block_edge' , false );
127
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
128
- }
129
-
130
-
131
- //Function to handle Htaccess blocking
132
- function wpns_handle_htaccess_blocking($postdata)
133
- {
134
- $htaccess = isset($postdata['mo_wpns_enable_htaccess_blocking']) ? true : false;
135
- update_option( 'mo_wpns_enable_htaccess_blocking', $htaccess);
136
- $mo_wpns_config = new MoWpnsHandler();
137
- if($htaccess)
138
- {
139
- $mo_wpns_config->add_htaccess_ips();
140
- do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_ENABLED'),'SUCCESS');
141
- }
142
- else
143
- {
144
- $mo_wpns_config->remove_htaccess_ips();
145
- do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_DISABLED'),'ERROR');
146
- }
147
- }
148
-
149
-
150
- //Function to handle user agent blocking
151
- function wpns_handle_user_agent_blocking($postvalue)
152
- {
153
- $user_agent = isset($postvalue['mo_wpns_enable_user_agent_blocking']) ? true : false;
154
- update_option( 'mo_wpns_enable_user_agent_blocking', $user_agent);
155
- if($user_agent)
156
- do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_ENABLED'),'SUCCESS');
157
- else
158
- do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_DISABLED'),'ERROR');
159
- }
160
-
161
-
162
- //Function to handle country block
163
- function wpns_handle_country_block($post)
164
- {
165
- $countrycodes = "";
166
- foreach($post as $countrycode=>$value){
167
- if($countrycode!="option")
168
- $countrycodes .= $countrycode.";";
169
- }
170
- update_option( 'mo_wpns_countrycodes', $countrycodes);
171
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
172
- }
173
-
174
-
175
- //Function to handle block referrer
176
- function wpns_handle_block_referrer($post)
177
- {
178
- $referrers = "";
179
- foreach($post as $key => $value)
180
- {
181
- if(strpos($key, 'referrer_') !== false)
182
- if(!empty($value))
183
- $referrers .= $value.";";
184
- }
185
- update_option( 'mo_wpns_referrers', $referrers);
186
- }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_block_ip_range":
10
+ wpns_handle_range_blocking($_POST); break;
11
+ case "mo_wpns_browser_blocking":
12
+ wpns_handle_browser_blocking($_POST); break;
13
+ case "mo_wpns_enable_htaccess_blocking":
14
+ wpns_handle_htaccess_blocking($_POST); break;
15
+ case "mo_wpns_enable_user_agent_blocking":
16
+ wpns_handle_user_agent_blocking($_POST); break;
17
+ case "mo_wpns_block_countries":
18
+ wpns_handle_country_block($_POST); break;
19
+ case "mo_wpns_block_referrer":
20
+ wpns_handle_block_referrer($_POST); break;
21
+
22
+ }
23
+ }
24
+
25
+ $range_count = is_numeric(get_option('mo_wpns_iprange_count'))
26
+ && intval(get_option('mo_wpns_iprange_count')) !=0 ? intval(get_option('mo_wpns_iprange_count')) : 1;
27
+ $htaccess_block = get_option('mo_wpns_enable_htaccess_blocking') ? "checked" : "";
28
+ $user_agent = get_option('mo_wpns_enable_user_agent_blocking') ? "checked" : "";
29
+ $block_chrome = get_option('mo_wpns_block_chrome') ? "checked" : "";
30
+ $block_ie = get_option('mo_wpns_block_ie') ? "checked" : "";
31
+ $block_firefox = get_option('mo_wpns_block_firefox') ? "checked" : "";
32
+ $block_safari = get_option('mo_wpns_block_safari') ? "checked" : "";
33
+ $block_opera = get_option('mo_wpns_block_opera') ? "checked" : "";
34
+ $block_edge = get_option('mo_wpns_block_edge') ? "checked" : "";
35
+ $country = MoWpnsConstants::$country;
36
+ $codes = get_option( "mo_wpns_countrycodes");
37
+ $referrers = get_option( 'mo_wpns_referrers');
38
+ $referrers = explode(";",$referrers);
39
+ $current_browser= $moWpnsUtility->getCurrentBrowser();
40
+ $start = array();
41
+ $end = array();
42
+ for($i = 1 ; $i <= $range_count ; $i++){
43
+ $ip_range = get_option("mo_wpns_iprange_range_".$i);
44
+ if($ip_range){
45
+ $a = explode('-', $ip_range);
46
+
47
+ $start[$i] = $a[0];
48
+ $end[$i] = $a[1];
49
+ }
50
+
51
+ }
52
+ if(!isset($start[1])){
53
+ $start[1] = '';
54
+ }
55
+ if(!isset($end[1])){
56
+ $end[1] = '';
57
+ }
58
+
59
+ switch($current_browser)
60
+ {
61
+ case "chrome":
62
+ $block_chrome = 'disabled'; break;
63
+ case "ie":
64
+ $block_ie = 'disabled'; break;
65
+ case "firefox":
66
+ $block_firefox= 'disabled'; break;
67
+ case "safari":
68
+ $block_safari = 'disabled'; break;
69
+ case "edge":
70
+ $block_edge = 'disabled'; break;
71
+ case "opera":
72
+ $block_opera = 'disabled'; break;
73
+ }
74
+
75
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'advanced-blocking.php';
76
+
77
+
78
+ /* ADVANCD BLOCKING FUNCTIONS */
79
+
80
+ //Function to save range of ips
81
+ function wpns_handle_range_blocking($postedValue)
82
+ {
83
+ $flag=0;
84
+ $max_allowed_ranges = 100;
85
+ $added_mappings_ranges = 0 ;
86
+ for($i=1;$i<=$max_allowed_ranges;$i++){
87
+ if(isset($postedValue['start_'.$i]) && isset($postedValue['end_'.$i]) && !empty($postedValue['start_'.$i]) && !empty($postedValue['end_'.$i])){
88
+
89
+ $postedValue['start_'.$i] = sanitize_text_field($postedValue['start_'.$i]);
90
+ $postedValue['end_'.$i] = sanitize_text_field($postedValue['end_'.$i]);
91
+
92
+ if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
93
+ $range = '';
94
+ $range = $postedValue['start_'.$i];
95
+ $range .= '-';
96
+ $range .= $postedValue['end_'.$i];
97
+ $added_mappings_ranges++;
98
+ update_option( 'mo_wpns_iprange_range_'.$added_mappings_ranges, $range );
99
+
100
+ }
101
+ else{
102
+ $flag = 1;
103
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_IP'),'ERROR');
104
+ return;
105
+ }
106
+ }
107
+ }
108
+
109
+
110
+ if($added_mappings_ranges==0)
111
+ update_option( 'mo_wpns_iprange_range_1','');
112
+ update_option( 'mo_wpns_iprange_count', $added_mappings_ranges);
113
+ if($flag == 0){
114
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('IP_PERMANENTLY_BLOCKED'),'SUCCESS');
115
+ }
116
+ }
117
+
118
+ //Function to handle browser blocking
119
+ function wpns_handle_browser_blocking($postedValue)
120
+ {
121
+ isset($postedValue['mo_wpns_block_chrome']) ? update_option( 'mo_wpns_block_chrome' , $postedValue['mo_wpns_block_chrome'] ) : update_option( 'mo_wpns_block_chrome' , false );
122
+ isset($postedValue['mo_wpns_block_firefox']) ? update_option( 'mo_wpns_block_firefox' , $postedValue['mo_wpns_block_firefox'] ) : update_option( 'mo_wpns_block_firefox' , false );
123
+ isset($postedValue['mo_wpns_block_ie']) ? update_option( 'mo_wpns_block_ie' , $postedValue['mo_wpns_block_ie'] ) : update_option( 'mo_wpns_block_ie' , false );
124
+ isset($postedValue['mo_wpns_block_safari']) ? update_option( 'mo_wpns_block_safari' , $postedValue['mo_wpns_block_safari'] ) : update_option( 'mo_wpns_block_safari' , false );
125
+ isset($postedValue['mo_wpns_block_opera']) ? update_option( 'mo_wpns_block_opera' , $postedValue['mo_wpns_block_opera'] ) : update_option( 'mo_wpns_block_opera' , false );
126
+ isset($postedValue['mo_wpns_block_edge']) ? update_option( 'mo_wpns_block_edge' , $postedValue['mo_wpns_block_edge'] ) : update_option( 'mo_wpns_block_edge' , false );
127
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
128
+ }
129
+
130
+
131
+ //Function to handle Htaccess blocking
132
+ function wpns_handle_htaccess_blocking($postdata)
133
+ {
134
+ $htaccess = isset($postdata['mo_wpns_enable_htaccess_blocking']) ? true : false;
135
+ update_option( 'mo_wpns_enable_htaccess_blocking', $htaccess);
136
+ $mo_wpns_config = new MoWpnsHandler();
137
+ if($htaccess)
138
+ {
139
+ $mo_wpns_config->add_htaccess_ips();
140
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_ENABLED'),'SUCCESS');
141
+ }
142
+ else
143
+ {
144
+ $mo_wpns_config->remove_htaccess_ips();
145
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_DISABLED'),'ERROR');
146
+ }
147
+ }
148
+
149
+
150
+ //Function to handle user agent blocking
151
+ function wpns_handle_user_agent_blocking($postvalue)
152
+ {
153
+ $user_agent = isset($postvalue['mo_wpns_enable_user_agent_blocking']) ? true : false;
154
+ update_option( 'mo_wpns_enable_user_agent_blocking', $user_agent);
155
+ if($user_agent)
156
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_ENABLED'),'SUCCESS');
157
+ else
158
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_DISABLED'),'ERROR');
159
+ }
160
+
161
+
162
+ //Function to handle country block
163
+ function wpns_handle_country_block($post)
164
+ {
165
+ $countrycodes = "";
166
+ foreach($post as $countrycode=>$value){
167
+ if($countrycode!="option")
168
+ $countrycodes .= $countrycode.";";
169
+ }
170
+ update_option( 'mo_wpns_countrycodes', $countrycodes);
171
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
172
+ }
173
+
174
+
175
+ //Function to handle block referrer
176
+ function wpns_handle_block_referrer($post)
177
+ {
178
+ $referrers = "";
179
+ foreach($post as $key => $value)
180
+ {
181
+ if(strpos($key, 'referrer_') !== false)
182
+ if(!empty($value))
183
+ $referrers .= $value.";";
184
+ }
185
+ update_option( 'mo_wpns_referrers', $referrers);
186
+ }
controllers/backup/backup.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include $mo2f_dirName. 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup.php';
1
+ <?php
2
  include $mo2f_dirName. 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup.php';
controllers/backup/backup_ajax.php CHANGED
@@ -1,157 +1,157 @@
1
- <?php
2
- class Mo_wpns_file_db_backup{
3
-
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_file_db_backup_functions' ) );
6
- }
7
-
8
- public function mo_wpns_file_db_backup_functions(){
9
- add_action('wp_ajax_mo_wpns_backup_redirect', array( $this, 'mo_wpns_backup_redirect' ));
10
- }
11
-
12
- public function mo_wpns_backup_redirect(){
13
-
14
- switch($_POST['call_type'])
15
- {
16
- case "submit_backup_settings_form":
17
- $this->mo_wpns_save_backup_config_form($_POST);
18
- break;
19
- case "submit_schedule_settings_form":
20
- $this->mo_wpns_save_schedule_backup_config_form($_POST);
21
- break;
22
- case "delete_backup":
23
- $this->delete_backup($_POST);
24
- break;
25
- }
26
- }
27
-
28
- public function mo_wpns_save_backup_config_form($postData){
29
- $nonce = $postData['nonce'];
30
- if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
- wp_send_json('ERROR');
32
- }
33
-
34
- if(! isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database'])){
35
- wp_send_json('folder_error');
36
- }
37
-
38
- isset($postData['backup_plugin']) ? update_site_option( 'mo_file_manual_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_manual_backup_plugins', 0);
39
-
40
- isset($postData['backup_themes']) ? update_site_option( 'mo_file_manual_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_manual_backup_themes', 0);
41
-
42
- isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_manual_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_manual_backup_wp_files', 0);
43
-
44
- isset($postData['database']) ? update_site_option( 'mo_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_database_backup', 0);
45
-
46
- if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
47
- $handler_obj = new MoBackupSite();
48
- update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
49
- $handler_obj->file_manual_backup();
50
- }
51
- if(isset($postData['database'])) {
52
- $handler_obj = new MoBackupSite();
53
- update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
54
- $handler_obj->backupDB();
55
- }
56
- wp_send_json('created_backup');
57
- }
58
-
59
- function mo_wpns_save_schedule_backup_config_form($postData){
60
- $nonce = $postData['nonce'];
61
- if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
- wp_send_json('ERROR');
63
-
64
- }
65
-
66
- $handler_obj = new MoBackupSite;
67
- if(!isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database']))
68
- {
69
- wp_send_json('folder_error');
70
-
71
- }
72
-
73
- isset($postData['backup_plugin']) ? update_site_option( 'mo_file_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_backup_plugins', 0);
74
-
75
- isset($postData['backup_themes']) ? update_site_option( 'mo_file_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_backup_themes', 0);
76
-
77
- isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_backup_wp_files', 0);
78
-
79
- isset($postData['database']) ? update_site_option( 'mo_schedule_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_schedule_database_backup', 0);
80
-
81
- if($postData['backup_time']==='12'||$postData['backup_time']==='24'||$postData['backup_time']==='168'||$postData['backup_time']==='360'||$postData['backup_time']==='720')
82
- {
83
- isset($postData['backup_time']) ? update_site_option( 'mo_wpns_backup_time', sanitize_text_field($postData['backup_time'])) : update_site_option( 'mo_wpns_backup_time', 0);
84
- }else{
85
- wp_send_json('invalid_hours');
86
-
87
- }
88
-
89
- isset($postData['enable_backup_schedule']) ? update_site_option( 'enable_backup_schedule', sanitize_text_field($postData['enable_backup_schedule'])) : update_site_option( 'enable_backup_schedule', 0);
90
-
91
- isset($postData['local_storage']) ? update_site_option( 'storage_type', sanitize_text_field($postData['local_storage'])) : update_site_option( 'storage_type', 0);
92
-
93
- if(get_site_option('enable_backup_schedule') === '1'){
94
-
95
- if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
96
- $handler_obj-> file_backup_deactivate();
97
- if (!wp_next_scheduled( 'mo_eb_file_cron_hook')) {
98
- wp_schedule_event( time(), 'file_eb_backup_time', 'mo_eb_file_cron_hook' );
99
- }
100
- update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
101
- update_site_option('scheduled_file_backup',1);
102
- }
103
- else
104
- $handler_obj-> file_backup_deactivate();
105
-
106
- if(MoWpnsUtility::get_mo2f_db_option('mo_schedule_database_backup', 'site_option') === '1'){
107
- $handler_obj->bl_deactivate();
108
- if ( ! wp_next_scheduled( 'mo_eb_bl_cron_hook' ) ) {
109
- wp_schedule_event( time(), 'db_eb_backup_time', 'mo_eb_bl_cron_hook' );
110
- }
111
- update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
112
- update_site_option('scheduled_db_backup',1);
113
- }
114
- else
115
- $handler_obj->bl_deactivate();
116
-
117
- wp_send_json('success');
118
-
119
- }else{
120
- $handler_obj-> file_backup_deactivate();
121
- $handler_obj->bl_deactivate();
122
- update_site_option('scheduled_db_backup',0);
123
- update_site_option('scheduled_file_backup',0);
124
- wp_send_json('disable');
125
-
126
- }
127
- }
128
-
129
-
130
-
131
- function delete_backup($postData){
132
-
133
- $nonce = $postData['nonce'];
134
- if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
- wp_send_json('ERROR');
136
-
137
- }
138
-
139
- if(current_user_can('administrator')){
140
- global $wpnsDbQueries;
141
- $id = $postData['id'];
142
- $row_exist = (int)$wpnsDbQueries->row_exist($id);
143
- $status = file_exists($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
144
- if($status){
145
- unlink($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
146
- if($row_exist)
147
- $wpnsDbQueries->delete_file($id);
148
- wp_send_json('success');
149
-
150
- }else{
151
- $wpnsDbQueries->delete_file($id);
152
- wp_send_json('notexist');
153
- }
154
- }
155
- }
156
- }new Mo_wpns_file_db_backup();
157
  ?>
1
+ <?php
2
+ class Mo_wpns_file_db_backup{
3
+
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_file_db_backup_functions' ) );
6
+ }
7
+
8
+ public function mo_wpns_file_db_backup_functions(){
9
+ add_action('wp_ajax_mo_wpns_backup_redirect', array( $this, 'mo_wpns_backup_redirect' ));
10
+ }
11
+
12
+ public function mo_wpns_backup_redirect(){
13
+
14
+ switch($_POST['call_type'])
15
+ {
16
+ case "submit_backup_settings_form":
17
+ $this->mo_wpns_save_backup_config_form($_POST);
18
+ break;
19
+ case "submit_schedule_settings_form":
20
+ $this->mo_wpns_save_schedule_backup_config_form($_POST);
21
+ break;
22
+ case "delete_backup":
23
+ $this->delete_backup($_POST);
24
+ break;
25
+ }
26
+ }
27
+
28
+ public function mo_wpns_save_backup_config_form($postData){
29
+ $nonce = $postData['nonce'];
30
+ if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
+ wp_send_json('ERROR');
32
+ }
33
+
34
+ if(! isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database'])){
35
+ wp_send_json('folder_error');
36
+ }
37
+
38
+ isset($postData['backup_plugin']) ? update_site_option( 'mo_file_manual_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_manual_backup_plugins', 0);
39
+
40
+ isset($postData['backup_themes']) ? update_site_option( 'mo_file_manual_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_manual_backup_themes', 0);
41
+
42
+ isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_manual_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_manual_backup_wp_files', 0);
43
+
44
+ isset($postData['database']) ? update_site_option( 'mo_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_database_backup', 0);
45
+
46
+ if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
47
+ $handler_obj = new MoBackupSite();
48
+ update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
49
+ $handler_obj->file_manual_backup();
50
+ }
51
+ if(isset($postData['database'])) {
52
+ $handler_obj = new MoBackupSite();
53
+ update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
54
+ $handler_obj->backupDB();
55
+ }
56
+ wp_send_json('created_backup');
57
+ }
58
+
59
+ function mo_wpns_save_schedule_backup_config_form($postData){
60
+ $nonce = $postData['nonce'];
61
+ if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
+ wp_send_json('ERROR');
63
+
64
+ }
65
+
66
+ $handler_obj = new MoBackupSite;
67
+ if(!isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database']))
68
+ {
69
+ wp_send_json('folder_error');
70
+
71
+ }
72
+
73
+ isset($postData['backup_plugin']) ? update_site_option( 'mo_file_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_backup_plugins', 0);
74
+
75
+ isset($postData['backup_themes']) ? update_site_option( 'mo_file_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_backup_themes', 0);
76
+
77
+ isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_backup_wp_files', 0);
78
+
79
+ isset($postData['database']) ? update_site_option( 'mo_schedule_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_schedule_database_backup', 0);
80
+
81
+ if($postData['backup_time']==='12'||$postData['backup_time']==='24'||$postData['backup_time']==='168'||$postData['backup_time']==='360'||$postData['backup_time']==='720')
82
+ {
83
+ isset($postData['backup_time']) ? update_site_option( 'mo_wpns_backup_time', sanitize_text_field($postData['backup_time'])) : update_site_option( 'mo_wpns_backup_time', 0);
84
+ }else{
85
+ wp_send_json('invalid_hours');
86
+
87
+ }
88
+
89
+ isset($postData['enable_backup_schedule']) ? update_site_option( 'enable_backup_schedule', sanitize_text_field($postData['enable_backup_schedule'])) : update_site_option( 'enable_backup_schedule', 0);
90
+
91
+ isset($postData['local_storage']) ? update_site_option( 'storage_type', sanitize_text_field($postData['local_storage'])) : update_site_option( 'storage_type', 0);
92
+
93
+ if(get_site_option('enable_backup_schedule') === '1'){
94
+
95
+ if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
96
+ $handler_obj-> file_backup_deactivate();
97
+ if (!wp_next_scheduled( 'mo_eb_file_cron_hook')) {
98
+ wp_schedule_event( time(), 'file_eb_backup_time', 'mo_eb_file_cron_hook' );
99
+ }
100
+ update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
101
+ update_site_option('scheduled_file_backup',1);
102
+ }
103
+ else
104
+ $handler_obj-> file_backup_deactivate();
105
+
106
+ if(MoWpnsUtility::get_mo2f_db_option('mo_schedule_database_backup', 'site_option') === '1'){
107
+ $handler_obj->bl_deactivate();
108
+ if ( ! wp_next_scheduled( 'mo_eb_bl_cron_hook' ) ) {
109
+ wp_schedule_event( time(), 'db_eb_backup_time', 'mo_eb_bl_cron_hook' );
110
+ }
111
+ update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
112
+ update_site_option('scheduled_db_backup',1);
113
+ }
114
+ else
115
+ $handler_obj->bl_deactivate();
116
+
117
+ wp_send_json('success');
118
+
119
+ }else{
120
+ $handler_obj-> file_backup_deactivate();
121
+ $handler_obj->bl_deactivate();
122
+ update_site_option('scheduled_db_backup',0);
123
+ update_site_option('scheduled_file_backup',0);
124
+ wp_send_json('disable');
125
+
126
+ }
127
+ }
128
+
129
+
130
+
131
+ function delete_backup($postData){
132
+
133
+ $nonce = $postData['nonce'];
134
+ if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
+ wp_send_json('ERROR');
136
+
137
+ }
138
+
139
+ if(current_user_can('administrator')){
140
+ global $wpnsDbQueries;
141
+ $id = $postData['id'];
142
+ $row_exist = (int)$wpnsDbQueries->row_exist($id);
143
+ $status = file_exists($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
144
+ if($status){
145
+ unlink($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
146
+ if($row_exist)
147
+ $wpnsDbQueries->delete_file($id);
148
+ wp_send_json('success');
149
+
150
+ }else{
151
+ $wpnsDbQueries->delete_file($id);
152
+ wp_send_json('notexist');
153
+ }
154
+ }
155
+ }
156
+ }new Mo_wpns_file_db_backup();
157
  ?>
controllers/backup/backup_controller.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_setting_view.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_setting_view.php';
controllers/backup/backup_created_report.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_created_report.php';
controllers/backup/backup_created_result.php CHANGED
@@ -1,14 +1,14 @@
1
- <?php
2
- function showBackupResults(){
3
- global $wpnsDbQueries;
4
- $array = $wpnsDbQueries->get_table_content();
5
- $array_size = sizeof($array);
6
- for($i=0; $i<(int)$array_size; $i++){
7
- $backup_file_path = $array[$i]->plugin_path.DIRECTORY_SEPARATOR.$array[$i]->file_name;
8
- if(file_exists($backup_file_path))
9
- show_backup_report($array[$i]->plugin_path, $array[$i]->file_name, $array[$i]->created_timestamp,$array[$i]->id);
10
- else
11
- $wpnsDbQueries->delete_file($array[$i]->id);
12
- }
13
- }
14
  ?>
1
+ <?php
2
+ function showBackupResults(){
3
+ global $wpnsDbQueries;
4
+ $array = $wpnsDbQueries->get_table_content();
5
+ $array_size = sizeof($array);
6
+ for($i=0; $i<(int)$array_size; $i++){
7
+ $backup_file_path = $array[$i]->plugin_path.DIRECTORY_SEPARATOR.$array[$i]->file_name;
8
+ if(file_exists($backup_file_path))
9
+ show_backup_report($array[$i]->plugin_path, $array[$i]->file_name, $array[$i]->created_timestamp,$array[$i]->id);
10
+ else
11
+ $wpnsDbQueries->delete_file($array[$i]->id);
12
+ }
13
+ }
14
  ?>
controllers/backup/backup_schdule.php CHANGED
@@ -1,22 +1,22 @@
1
- <?php
2
-
3
- $file_backup_time = MoWpnsUtility::get_mo2f_db_option('file_backup_created_time', 'site_option');
4
- $db_eb_backup_time = MoWpnsUtility::get_mo2f_db_option('db_backup_created_time', 'site_option');
5
- $file_schedule_status = MoWpnsUtility::get_mo2f_db_option('scheduled_file_backup', 'site_option');
6
- $db_backup_status = MoWpnsUtility::get_mo2f_db_option('scheduled_db_backup', 'site_option');
7
- $next_file_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option');
8
- $next_db_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option');
9
- $img_loader_url = plugins_url('backup-wordpress'.DIRECTORY_SEPARATOR .'includes'.DIRECTORY_SEPARATOR .'images'.DIRECTORY_SEPARATOR .'loader.gif');
10
- $page_url = "";
11
- $file_next_backup_timestamp = wp_next_scheduled( 'mo_eb_file_cron_hook' );
12
- $db_next_backup_timestamp = wp_next_scheduled( 'mo_eb_bl_cron_hook' );
13
-
14
- $file_date = date('d-m-Y', $file_next_backup_timestamp);
15
- $file_time = date('H:i', $file_next_backup_timestamp);
16
- $file_day = date('l',$file_next_backup_timestamp);
17
-
18
- $db_date = date('d-m-Y', $db_next_backup_timestamp);
19
- $db_time = date('H:i', $db_next_backup_timestamp);
20
- $db_day = date('l',$db_next_backup_timestamp);
21
-
22
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_schdule.php';
1
+ <?php
2
+
3
+ $file_backup_time = MoWpnsUtility::get_mo2f_db_option('file_backup_created_time', 'site_option');
4
+ $db_eb_backup_time = MoWpnsUtility::get_mo2f_db_option('db_backup_created_time', 'site_option');
5
+ $file_schedule_status = MoWpnsUtility::get_mo2f_db_option('scheduled_file_backup', 'site_option');
6
+ $db_backup_status = MoWpnsUtility::get_mo2f_db_option('scheduled_db_backup', 'site_option');
7
+ $next_file_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option');
8
+ $next_db_backup_hours = MoWpnsUtility::get_mo2f_db_option('mo_wpns_backup_time', 'site_option');
9
+ $img_loader_url = plugins_url('backup-wordpress'.DIRECTORY_SEPARATOR .'includes'.DIRECTORY_SEPARATOR .'images'.DIRECTORY_SEPARATOR .'loader.gif');
10
+ $page_url = "";
11
+ $file_next_backup_timestamp = wp_next_scheduled( 'mo_eb_file_cron_hook' );
12
+ $db_next_backup_timestamp = wp_next_scheduled( 'mo_eb_bl_cron_hook' );
13
+
14
+ $file_date = date('d-m-Y', $file_next_backup_timestamp);
15
+ $file_time = date('H:i', $file_next_backup_timestamp);
16
+ $file_day = date('l',$file_next_backup_timestamp);
17
+
18
+ $db_date = date('d-m-Y', $db_next_backup_timestamp);
19
+ $db_time = date('H:i', $db_next_backup_timestamp);
20
+ $db_day = date('l',$db_next_backup_timestamp);
21
+
22
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'backup'.DIRECTORY_SEPARATOR.'backup_schdule.php';
controllers/change-password.php CHANGED
@@ -1,13 +1,13 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $username = $user->data->user_login;
6
- $message = isset($newpassword) && ($newpassword != $confirmpassword) ? "Both Passwords do not match." : "Please enter a stronger password.";
7
- $css_file = plugins_url('wp-security-pro/includes/css/style_settings.css',$mo2f_dirName);
8
- $js_file = plugins_url('wp-security-pro/includes/js/settings_page.js',$mo2f_dirName);
9
- $js_url = 'https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js';
10
-
11
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'change-password.php';
12
- exit;
13
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $username = $user->data->user_login;
6
+ $message = isset($newpassword) && ($newpassword != $confirmpassword) ? "Both Passwords do not match." : "Please enter a stronger password.";
7
+ $css_file = plugins_url('wp-security-pro/includes/css/style_settings.css',$mo2f_dirName);
8
+ $js_file = plugins_url('wp-security-pro/includes/js/settings_page.js',$mo2f_dirName);
9
+ $js_url = 'https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js';
10
+
11
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'change-password.php';
12
+ exit;
13
+
controllers/content-protection.php CHANGED
@@ -1,95 +1,95 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_wpns_content_protection":
9
- wpns_handle_content_protection($_POST); break;
10
- case "mo_wpns_enable_comment_spam_blocking":
11
- wpns_handle_comment_spam_blocking($_POST); break;
12
- case "mo_wpns_enable_comment_recaptcha":
13
- wpns_handle_comment_recaptcha($_POST); break;
14
- case "mo_wpns_comment_recaptcha_settings":
15
- wpns_save_comment_recaptcha($_POST); break;
16
- }
17
- }
18
-
19
-
20
- $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
- $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
- $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
- $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
- $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
- $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
- $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
- $test_recaptcha_url = "";
28
- $test_recaptcha_url_v3 = "";
29
- $wp_config = site_url().'/wp-config.php';
30
- $wp_uploads = get_site_url().'/wp-content/uploads';
31
- $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
32
- $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
33
- $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
- if($enable_recaptcha)
35
- {
36
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
37
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
- }
40
-
41
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
42
-
43
- /* CONTENT PROTECTION FUNCTIONS */
44
-
45
- //Function to save content protection settings
46
- function wpns_handle_content_protection()
47
- {
48
- isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
49
- isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
50
- isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
51
- isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
52
- if(isset($_POST['restrictAPI'])){
53
- update_site_option('mo2f_restrict_restAPI', 1);
54
- }
55
- else{
56
- update_site_option('mo2f_restrict_restAPI',0);
57
- }
58
-
59
-
60
-
61
-
62
- $mo_wpns_htaccess_handler = new MoWpnsHandler();
63
- $mo_wpns_htaccess_handler->update_htaccess_configuration();
64
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
65
- }
66
-
67
-
68
- //Function to handle comment spam blocking
69
- function wpns_handle_comment_spam_blocking($postvalue)
70
- {
71
- $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
72
- update_option('mo_wpns_enable_comment_spam_blocking', $enable);
73
- if($enable)
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
75
- else
76
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
77
- }
78
-
79
-
80
- //Function to handle reCAPTCHA for comments
81
- function wpns_handle_comment_recaptcha($postvalue)
82
- {
83
- $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
84
- update_option('mo_wpns_enable_comment_recaptcha', $enable);
85
- if($enable)
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
87
- else
88
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
89
- }
90
-
91
- function wpns_save_comment_recaptcha($postvalue){
92
- update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
93
- update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
94
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
95
  }
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_wpns_content_protection":
9
+ wpns_handle_content_protection($_POST); break;
10
+ case "mo_wpns_enable_comment_spam_blocking":
11
+ wpns_handle_comment_spam_blocking($_POST); break;
12
+ case "mo_wpns_enable_comment_recaptcha":
13
+ wpns_handle_comment_recaptcha($_POST); break;
14
+ case "mo_wpns_comment_recaptcha_settings":
15
+ wpns_save_comment_recaptcha($_POST); break;
16
+ }
17
+ }
18
+
19
+
20
+ $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
+ $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
+ $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
+ $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
+ $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
+ $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
+ $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
+ $test_recaptcha_url = "";
28
+ $test_recaptcha_url_v3 = "";
29
+ $wp_config = site_url().'/wp-config.php';
30
+ $wp_uploads = get_site_url().'/wp-content/uploads';
31
+ $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
32
+ $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
33
+ $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
+ if($enable_recaptcha)
35
+ {
36
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
37
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
+ }
40
+
41
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
42
+
43
+ /* CONTENT PROTECTION FUNCTIONS */
44
+
45
+ //Function to save content protection settings
46
+ function wpns_handle_content_protection()
47
+ {
48
+ isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
49
+ isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
50
+ isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
51
+ isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
52
+ if(isset($_POST['restrictAPI'])){
53
+ update_site_option('mo2f_restrict_restAPI', 1);
54
+ }
55
+ else{
56
+ update_site_option('mo2f_restrict_restAPI',0);
57
+ }
58
+
59
+
60
+
61
+
62
+ $mo_wpns_htaccess_handler = new MoWpnsHandler();
63
+ $mo_wpns_htaccess_handler->update_htaccess_configuration();
64
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
65
+ }
66
+
67
+
68
+ //Function to handle comment spam blocking
69
+ function wpns_handle_comment_spam_blocking($postvalue)
70
+ {
71
+ $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
72
+ update_option('mo_wpns_enable_comment_spam_blocking', $enable);
73
+ if($enable)
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
75
+ else
76
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
77
+ }
78
+
79
+
80
+ //Function to handle reCAPTCHA for comments
81
+ function wpns_handle_comment_recaptcha($postvalue)
82
+ {
83
+ $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
84
+ update_option('mo_wpns_enable_comment_recaptcha', $enable);
85
+ if($enable)
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
87
+ else
88
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
89
+ }
90
+
91
+ function wpns_save_comment_recaptcha($postvalue){
92
+ update_option('mo_wpns_recaptcha_site_key', $postvalue['mo_wpns_recaptcha_site_key']);
93
+ update_option('mo_wpns_recaptcha_secret_key', $postvalue['mo_wpns_recaptcha_secret_key']);
94
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
95
  }
controllers/dashboard.php CHANGED
@@ -1,23 +1,23 @@
1
- <?php
2
-
3
-
4
-
5
- //all the variables and links
6
- $wpns_database = new MoWpnsDB;
7
- $wpns_count_ips_blocked = $wpns_database->get_count_of_blocked_ips();
8
- $wpns_count_ips_whitelisted = $wpns_database->get_number_of_whitelisted_ips();
9
- $wpns_attacks_blocked = $wpns_database->get_count_of_attacks_blocked();
10
-
11
- $mo_wpns_handler = new MoWpnsHandler();
12
- $sqlC = $mo_wpns_handler->get_blocked_attacks_count("SQL");
13
- $rceC = $mo_wpns_handler->get_blocked_attacks_count("RCE");
14
- $rfiC = $mo_wpns_handler->get_blocked_attacks_count("RFI");
15
- $lfiC = $mo_wpns_handler->get_blocked_attacks_count("LFI");
16
- $xssC = $mo_wpns_handler->get_blocked_attacks_count("XSS");
17
- $totalAttacks = $sqlC+$lfiC+$rfiC+$xssC+$rceC;
18
- $total_malicious=$wpns_database->count_malicious_files();
19
- if($total_malicious > 999){
20
- $total_malicious=($total_malicious/1000);
21
- $total_malicious= round($total_malicious,1)."k";
22
- }
23
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'dashboard.php';
1
+ <?php
2
+
3
+
4
+
5
+ //all the variables and links
6
+ $wpns_database = new MoWpnsDB;
7
+ $wpns_count_ips_blocked = $wpns_database->get_count_of_blocked_ips();
8
+ $wpns_count_ips_whitelisted = $wpns_database->get_number_of_whitelisted_ips();
9
+ $wpns_attacks_blocked = $wpns_database->get_count_of_attacks_blocked();
10
+
11
+ $mo_wpns_handler = new MoWpnsHandler();
12
+ $sqlC = $mo_wpns_handler->get_blocked_attacks_count("SQL");
13
+ $rceC = $mo_wpns_handler->get_blocked_attacks_count("RCE");
14
+ $rfiC = $mo_wpns_handler->get_blocked_attacks_count("RFI");
15
+ $lfiC = $mo_wpns_handler->get_blocked_attacks_count("LFI");
16
+ $xssC = $mo_wpns_handler->get_blocked_attacks_count("XSS");
17
+ $totalAttacks = $sqlC+$lfiC+$rfiC+$xssC+$rceC;
18
+ $total_malicious=$wpns_database->count_malicious_files();
19
+ if($total_malicious > 999){
20
+ $total_malicious=($total_malicious/1000);
21
+ $total_malicious= round($total_malicious,1)."k";
22
+ }
23
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'dashboard.php';
controllers/dashboard_ajax.php CHANGED
@@ -1,211 +1,211 @@
1
- <?php
2
- class Mo2f_ajax_dashboard
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
- }
7
-
8
- public function mo2f_switch_functions(){
9
- if(isset($_POST) && isset($_POST['option'])){
10
- $tab_count= get_site_option('mo2f_tab_count', 0);
11
- if($tab_count == 5)
12
- update_site_option('mo_2f_switch_all', 1);
13
- else if($tab_count == 0)
14
- update_site_option('mo_2f_switch_all', 0);
15
- $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
- switch(sanitize_text_field($_POST['option']))
17
- {
18
- case "tab_all_switch":
19
- $this->mo2f_handle_all_enable($santizied_post);
20
- break;
21
- case "tab_2fa_switch":
22
- $this->mo2f_handle_2fa_enable($santizied_post);
23
- break;
24
- case "tab_waf_switch":
25
- $this->mo2f_handle_waf_enable($santizied_post);
26
- break;
27
- case "tab_login_switch":
28
- $this->mo2f_handle_login_enable($santizied_post);
29
- break;
30
- case "tab_backup_switch":
31
- $this->mo2f_handle_backup_enable($santizied_post);
32
- break;
33
- case "tab_malware_switch":
34
- $this->mo2f_handle_malware_enable($santizied_post);
35
- break;
36
- case "tab_block_switch":
37
- $this->mo2f_handle_block_enable($santizied_post);
38
- break;
39
-
40
- }
41
- }
42
- }
43
-
44
- public function mo2f_handle_all_enable($POSTED){
45
- $this->mo2f_handle_waf_enable($POSTED);
46
- $this->mo2f_handle_login_enable($POSTED);
47
- $this->mo2f_handle_backup_enable($POSTED);
48
- $this->mo2f_handle_malware_enable($POSTED);
49
- $this->mo2f_handle_block_enable($POSTED);
50
- if($POSTED){
51
- update_option('mo_2f_switch_all',1);
52
- update_site_option('mo2f_tab_count', 5);
53
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
- }
55
- else{
56
- update_option('mo_2f_switch_all', 0);
57
- update_site_option('mo2f_tab_count', 0);
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
- }
60
- }
61
-
62
- public function mo2f_handle_2fa_enable($POSTED){
63
- global $Mo2fdbQueries;
64
- $user= wp_get_current_user();
65
- $user_id= $user->user_ID;
66
- if($POSTED){
67
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
- if(sanitize_text_field($_POST['tab_2fa_switch']))
69
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
- }
71
- else{
72
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
- if(sanitize_text_field($_POST['tab_2fa_switch']))
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
- }
76
- }
77
-
78
- public function mo2f_handle_waf_enable($POSTED){
79
- if($POSTED){
80
- update_site_option('mo_2f_switch_waf', 1);
81
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
- if (isset($_POST['option'] ))
83
- {
84
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
- {
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
- }
88
- }
89
- }
90
- else{
91
- update_site_option('mo_2f_switch_waf', 0);
92
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
- update_option('WAFEnabled', 0);
94
- update_option('WAF','wafDisable');
95
- update_site_option('Rate_limiting', 0);
96
- $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
- $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
- $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
- $filePath = str_replace('\\', '/', $filePath);
100
- $file = file_get_contents($dir_name1);
101
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
- $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
- $cont .= '# END miniOrange WAF'.PHP_EOL;
104
- $file =str_replace($cont,'',$file);
105
- file_put_contents($dir_name1, $file);
106
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
- }
109
- }
110
-
111
- public function mo2f_handle_login_enable($POSTED){
112
- if($POSTED){
113
- update_site_option('mo_2f_switch_loginspam', 1);
114
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
- if (isset($_POST['option'] ))
116
- {
117
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
- }
120
- }
121
- else{
122
- update_site_option('mo_2f_switch_loginspam', 0);
123
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
- update_site_option('mo2f_enable_brute_force', false);
125
- update_site_option('mo_wpns_activate_recaptcha', false);
126
- update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
- update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
- update_site_option('mo2f_enforce_strong_passswords', 0);
131
- update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
- update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
- update_site_option('mo_wpns_enable_social_integration', false);
134
- update_site_option('mo2f_protect_wp_config', 0);
135
- update_site_option('mo2f_prevent_directory_browsing', 0);
136
- update_site_option('mo2f_disable_file_editing', 0);
137
- update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
- update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
- update_site_option('mo2f_htaccess_file', 0);
140
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
- }
143
- }
144
-
145
- public function mo2f_handle_backup_enable($POSTED){
146
- if($POSTED){
147
- update_site_option('mo_2f_switch_backup', 1);
148
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
- if (isset($_POST['option'] ))
150
- {
151
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
- }
154
- }
155
- else{
156
- update_site_option('mo_2f_switch_backup', 0);
157
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
- $handler_obj = new MoBackupSite;
159
- $handler_obj->bl_deactivate();
160
- update_site_option('mo2f_enable_cron_backup', 0);
161
- $handler_obj->file_backup_deactivate();
162
- update_site_option('mo2f_enable_cron_file_backup', 0);
163
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
- }
166
- }
167
-
168
- public function mo2f_handle_malware_enable($POSTED){
169
- if($POSTED){
170
- update_site_option('mo_2f_switch_malware', 1);
171
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
- if (isset($_POST['option'] ))
173
- {
174
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
- }
177
- }else{
178
- update_site_option('mo_2f_switch_malware', 0);
179
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
- }
183
- }
184
-
185
- public function mo2f_handle_block_enable($POSTED){
186
- if($POSTED){
187
- update_site_option('mo_2f_switch_adv_block', 1);
188
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
- if (isset($_POST['option'] ))
190
- {
191
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
- }
194
- }
195
- else{
196
- update_site_option('mo_2f_switch_adv_block', 0);
197
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
- update_site_option('mo_wpns_iprange_count', 0);
199
- update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
- update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
- update_site_option('mo_wpns_referrers', false);
202
- update_site_option('mo_wpns_countrycodes', false);
203
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
- }
206
- }
207
-
208
-
209
- }
210
- new Mo2f_ajax_dashboard();
211
  ?>
1
+ <?php
2
+ class Mo2f_ajax_dashboard
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
+ }
7
+
8
+ public function mo2f_switch_functions(){
9
+ if(isset($_POST) && isset($_POST['option'])){
10
+ $tab_count= get_site_option('mo2f_tab_count', 0);
11
+ if($tab_count == 5)
12
+ update_site_option('mo_2f_switch_all', 1);
13
+ else if($tab_count == 0)
14
+ update_site_option('mo_2f_switch_all', 0);
15
+ $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
+ switch(sanitize_text_field($_POST['option']))
17
+ {
18
+ case "tab_all_switch":
19
+ $this->mo2f_handle_all_enable($santizied_post);
20
+ break;
21
+ case "tab_2fa_switch":
22
+ $this->mo2f_handle_2fa_enable($santizied_post);
23
+ break;
24
+ case "tab_waf_switch":
25
+ $this->mo2f_handle_waf_enable($santizied_post);
26
+ break;
27
+ case "tab_login_switch":
28
+ $this->mo2f_handle_login_enable($santizied_post);
29
+ break;
30
+ case "tab_backup_switch":
31
+ $this->mo2f_handle_backup_enable($santizied_post);
32
+ break;
33
+ case "tab_malware_switch":
34
+ $this->mo2f_handle_malware_enable($santizied_post);
35
+ break;
36
+ case "tab_block_switch":
37
+ $this->mo2f_handle_block_enable($santizied_post);
38
+ break;
39
+
40
+ }
41
+ }
42
+ }
43
+
44
+ public function mo2f_handle_all_enable($POSTED){
45
+ $this->mo2f_handle_waf_enable($POSTED);
46
+ $this->mo2f_handle_login_enable($POSTED);
47
+ $this->mo2f_handle_backup_enable($POSTED);
48
+ $this->mo2f_handle_malware_enable($POSTED);
49
+ $this->mo2f_handle_block_enable($POSTED);
50
+ if($POSTED){
51
+ update_option('mo_2f_switch_all',1);
52
+ update_site_option('mo2f_tab_count', 5);
53
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
+ }
55
+ else{
56
+ update_option('mo_2f_switch_all', 0);
57
+ update_site_option('mo2f_tab_count', 0);
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
+ }
60
+ }
61
+
62
+ public function mo2f_handle_2fa_enable($POSTED){
63
+ global $Mo2fdbQueries;
64
+ $user= wp_get_current_user();
65
+ $user_id= $user->user_ID;
66
+ if($POSTED){
67
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
69
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
+ }
71
+ else{
72
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
+ }
76
+ }
77
+
78
+ public function mo2f_handle_waf_enable($POSTED){
79
+ if($POSTED){
80
+ update_site_option('mo_2f_switch_waf', 1);
81
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
+ if (isset($_POST['option'] ))
83
+ {
84
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
+ {
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
+ }
88
+ }
89
+ }
90
+ else{
91
+ update_site_option('mo_2f_switch_waf', 0);
92
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
+ update_option('WAFEnabled', 0);
94
+ update_option('WAF','wafDisable');
95
+ update_site_option('Rate_limiting', 0);
96
+ $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
+ $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
+ $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
+ $filePath = str_replace('\\', '/', $filePath);
100
+ $file = file_get_contents($dir_name1);
101
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
+ $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
104
+ $file =str_replace($cont,'',$file);
105
+ file_put_contents($dir_name1, $file);
106
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
+ }
109
+ }
110
+
111
+ public function mo2f_handle_login_enable($POSTED){
112
+ if($POSTED){
113
+ update_site_option('mo_2f_switch_loginspam', 1);
114
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
+ if (isset($_POST['option'] ))
116
+ {
117
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
+ }
120
+ }
121
+ else{
122
+ update_site_option('mo_2f_switch_loginspam', 0);
123
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
+ update_site_option('mo2f_enable_brute_force', false);
125
+ update_site_option('mo_wpns_activate_recaptcha', false);
126
+ update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
+ update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
+ update_site_option('mo2f_enforce_strong_passswords', 0);
131
+ update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
+ update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
+ update_site_option('mo_wpns_enable_social_integration', false);
134
+ update_site_option('mo2f_protect_wp_config', 0);
135
+ update_site_option('mo2f_prevent_directory_browsing', 0);
136
+ update_site_option('mo2f_disable_file_editing', 0);
137
+ update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
+ update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
+ update_site_option('mo2f_htaccess_file', 0);
140
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
+ }
143
+ }
144
+
145
+ public function mo2f_handle_backup_enable($POSTED){
146
+ if($POSTED){
147
+ update_site_option('mo_2f_switch_backup', 1);
148
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
+ if (isset($_POST['option'] ))
150
+ {
151
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
+ }
154
+ }
155
+ else{
156
+ update_site_option('mo_2f_switch_backup', 0);
157
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
+ $handler_obj = new MoBackupSite;
159
+ $handler_obj->bl_deactivate();
160
+ update_site_option('mo2f_enable_cron_backup', 0);
161
+ $handler_obj->file_backup_deactivate();
162
+ update_site_option('mo2f_enable_cron_file_backup', 0);
163
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
+ }
166
+ }
167
+
168
+ public function mo2f_handle_malware_enable($POSTED){
169
+ if($POSTED){
170
+ update_site_option('mo_2f_switch_malware', 1);
171
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
+ if (isset($_POST['option'] ))
173
+ {
174
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
+ }
177
+ }else{
178
+ update_site_option('mo_2f_switch_malware', 0);
179
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
+ }
183
+ }
184
+
185
+ public function mo2f_handle_block_enable($POSTED){
186
+ if($POSTED){
187
+ update_site_option('mo_2f_switch_adv_block', 1);
188
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
+ if (isset($_POST['option'] ))
190
+ {
191
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
+ }
194
+ }
195
+ else{
196
+ update_site_option('mo_2f_switch_adv_block', 0);
197
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
+ update_site_option('mo_wpns_iprange_count', 0);
199
+ update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
+ update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
+ update_site_option('mo_wpns_referrers', false);
202
+ update_site_option('mo_wpns_countrycodes', false);
203
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
+ }
206
+ }
207
+
208
+
209
+ }
210
+ new Mo2f_ajax_dashboard();
211
  ?>
controllers/duo_authenticator/duo_authenticator_ajax.php CHANGED
@@ -1,74 +1,74 @@
1
- <?php
2
- class Mo_2f_duo_authenticator
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
-
7
- }
8
-
9
- public function mo2f_duo_authenticator_functions(){
10
- add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
- add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
- }
13
-
14
- public function mo2f_duo_ajax_request(){
15
-
16
- switch ($_POST['call_type']) {
17
- case "check_duo_push_auth_status":
18
- $this->mo2f_check_duo_push_auth_status();
19
- break;
20
- }
21
- }
22
-
23
- public function mo2f_duo_authenticator_ajax(){
24
- switch($_POST['call_type'])
25
- {
26
-
27
- case "check_duo_push_auth_status":
28
- $this->mo2f_check_duo_push_auth_status();
29
- break;
30
- }
31
- }
32
-
33
-
34
- function mo2f_check_duo_push_auth_status(){
35
-
36
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
- {
38
- wp_send_json("ERROR");
39
- exit;
40
- }else{
41
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
- $ikey = get_site_option('mo2f_d_integration_key');
43
- $skey = get_site_option('mo2f_d_secret_key');
44
- $host = get_site_option('mo2f_d_api_hostname');
45
- $current_user = wp_get_current_user();
46
-
47
- $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
- $user_email = get_user_meta($user_id,'current_user_email');
50
- $user_email = isset($user_email[0])? $user_email[0]:'';
51
-
52
- if($user_email == '' || empty($user_email))
53
- $user_email = $current_user->user_email;
54
-
55
- $device['device'] = 'auto';
56
-
57
- $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
-
59
-
60
- if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
-
62
- wp_send_json('SUCCESS');
63
- }else{
64
-
65
- wp_send_json('ERROR');
66
- }
67
- }
68
-
69
-
70
- }
71
-
72
- }
73
- new Mo_2f_duo_authenticator();
74
- ?>
1
+ <?php
2
+ class Mo_2f_duo_authenticator
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
+
7
+ }
8
+
9
+ public function mo2f_duo_authenticator_functions(){
10
+ add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
+ add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
+ }
13
+
14
+ public function mo2f_duo_ajax_request(){
15
+
16
+ switch ($_POST['call_type']) {
17
+ case "check_duo_push_auth_status":
18
+ $this->mo2f_check_duo_push_auth_status();
19
+ break;
20
+ }
21
+ }
22
+
23
+ public function mo2f_duo_authenticator_ajax(){
24
+ switch($_POST['call_type'])
25
+ {
26
+
27
+ case "check_duo_push_auth_status":
28
+ $this->mo2f_check_duo_push_auth_status();
29
+ break;
30
+ }
31
+ }
32
+
33
+
34
+ function mo2f_check_duo_push_auth_status(){
35
+
36
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
37
+ {
38
+ wp_send_json("ERROR");
39
+ exit;
40
+ }else{
41
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
42
+ $ikey = get_site_option('mo2f_d_integration_key');
43
+ $skey = get_site_option('mo2f_d_secret_key');
44
+ $host = get_site_option('mo2f_d_api_hostname');
45
+ $current_user = wp_get_current_user();
46
+
47
+ $session_id_encrypt = isset($_POST['session_id_encrypt']) ? $_POST['session_id_encrypt'] : '';
48
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
49
+ $user_email = get_user_meta($user_id,'current_user_email');
50
+ $user_email = isset($user_email[0])? $user_email[0]:'';
51
+
52
+ if($user_email == '' || empty($user_email))
53
+ $user_email = $current_user->user_email;
54
+
55
+ $device['device'] = 'auto';
56
+
57
+ $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
58
+
59
+
60
+ if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
61
+
62
+ wp_send_json('SUCCESS');
63
+ }else{
64
+
65
+ wp_send_json('ERROR');
66
+ }
67
+ }
68
+
69
+
70
+ }
71
+
72
+ }
73
+ new Mo_2f_duo_authenticator();
74
+ ?>
controllers/feedback_footer.php CHANGED
@@ -1,57 +1,57 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch($_POST['option'])
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
- break;
12
- }
13
- }
14
-
15
- $current_user = wp_get_current_user();
16
- $email = get_option("mo2f_email");
17
- $phone = get_option("mo_wpns_admin_phone");
18
-
19
-
20
- /* SUPPORT FORM RELATED FUNCTIONS */
21
-
22
- //Function to handle support form submit
23
-
24
- if(empty($email))
25
- $email = $current_user->user_email;
26
-
27
- function wpns_handle_support_form_new($email,$query,$phone)
28
- {
29
- $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
30
-
31
- if(empty($email) || empty($query)){
32
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
33
- return;
34
- }
35
-
36
- $query = sanitize_text_field( $query );
37
- $email = sanitize_text_field( $email );
38
- $phone = sanitize_text_field( $phone );
39
- $contact_us = new MocURL();
40
-
41
- if($send_configuration)
42
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
43
- else
44
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
45
-
46
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
- } else {
49
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
50
- }
51
- if(json_last_error() == JSON_ERROR_NONE && $submited){
52
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
53
- }else{
54
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
55
- }
56
- }
57
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch($_POST['option'])
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
+ break;
12
+ }
13
+ }
14
+
15
+ $current_user = wp_get_current_user();
16
+ $email = get_option("mo2f_email");
17
+ $phone = get_option("mo_wpns_admin_phone");
18
+
19
+
20
+ /* SUPPORT FORM RELATED FUNCTIONS */
21
+
22
+ //Function to handle support form submit
23
+
24
+ if(empty($email))
25
+ $email = $current_user->user_email;
26
+
27
+ function wpns_handle_support_form_new($email,$query,$phone)
28
+ {
29
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
30
+
31
+ if(empty($email) || empty($query)){
32
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
33
+ return;
34
+ }
35
+
36
+ $query = sanitize_text_field( $query );
37
+ $email = sanitize_text_field( $email );
38
+ $phone = sanitize_text_field( $phone );
39
+ $contact_us = new MocURL();
40
+
41
+ if($send_configuration)
42
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
43
+ else
44
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
45
+
46
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ } else {
49
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
50
+ }
51
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
52
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
53
+ }else{
54
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
55
+ }
56
+ }
57
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
controllers/ip-blocking.php CHANGED
@@ -1,257 +1,257 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- $mo_wpns_handler = new MoWpnsHandler();
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch($_POST['option'])
9
- {
10
- case "mo_wpns_manual_block_ip":
11
- wpns_handle_manual_block_ip($_POST['IP']); break;
12
- case "mo_wpns_unblock_ip":
13
- wpns_handle_unblock_ip($_POST['id']); break;
14
- case "mo_wpns_whitelist_ip":
15
- wpns_handle_whitelist_ip($_POST['IP']); break;
16
- case "mo_wpns_remove_whitelist":
17
- wpns_handle_remove_whitelist($_POST['id'] ); break;
18
- }
19
- }
20
-
21
- $blockedips = $mo_wpns_handler->get_blocked_ips();
22
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
- $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
- $path = explode('plugins', $path);
25
- $img_loader_url = plugins_url().$path[1];
26
-
27
- $page_url = "";
28
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
-
30
-
31
- /** IP BLOCKING RELATED FUNCTIONS **/
32
-
33
- // Function to handle Manual Block IP form submit
34
- function wpns_handle_manual_block_ip($ip)
35
- {
36
-
37
- global $moWpnsUtility;
38
-
39
- if( $moWpnsUtility->check_empty_or_null( $ip) )
40
- {
41
- //Improper message
42
- echo("empty IP");
43
- exit;
44
- }
45
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
- {
47
- echo("INVALID_IP_FORMAT");
48
- exit;
49
- }
50
- else
51
- {
52
- $ipAddress = sanitize_text_field( $ip );
53
- $mo_wpns_config = new MoWpnsHandler();
54
- $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
- if(!$isWhitelisted)
56
- {
57
- if($mo_wpns_config->mo_wpns_is_ip_blocked($ipAddress)){
58
- //Change message
59
- echo("already blocked");
60
- exit;
61
- } else{
62
- $mo_wpns_config->mo_wpns_block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
- //not in structures
64
- ?>
65
- <table id="blockedips_table1" class="display">
66
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
- <tbody>
68
- <?php
69
- $mo_wpns_handler = new MoWpnsHandler();
70
- $blockedips = $mo_wpns_handler->get_blocked_ips();
71
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
- global $mo2f_dirName;
73
- foreach($blockedips as $blockedip)
74
- {
75
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
- if(empty($blockedip->blocked_for_time))
77
- echo "<span class=redtext>Permanently</span>";
78
- else
79
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
- }
82
- ?>
83
- </tbody>
84
- </table>
85
- <script type="text/javascript">
86
- jQuery("#blockedips_table1").DataTable({
87
- "order": [[ 3, "desc" ]]
88
- });
89
- </script>
90
- <?php
91
- exit;
92
- }
93
- }
94
- else
95
- {
96
- // Change message
97
- echo("IP_IN_WHITELISTED");
98
- exit;
99
- }
100
- }
101
- }
102
-
103
-
104
- // Function to handle Manual Block IP form submit
105
- function wpns_handle_unblock_ip($entryID)
106
- {
107
- global $moWpnsUtility;
108
-
109
- if( $moWpnsUtility->check_empty_or_null($entryID))
110
- {
111
- // Change message
112
- echo("UNKNOWN_ERROR");
113
- exit;
114
- }
115
- else
116
- {
117
- $entryid = sanitize_text_field($entryID);
118
- $mo_wpns_config = new MoWpnsHandler();
119
- $mo_wpns_config->unblock_ip_entry($entryid);
120
- //not is structure
121
- ?>
122
- <table id="blockedips_table1" class="display">
123
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
- <tbody>
125
- <?php
126
- $mo_wpns_handler = new MoWpnsHandler();
127
- $blockedips = $mo_wpns_handler->get_blocked_ips();
128
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
- global $mo2f_dirName;
130
- foreach($blockedips as $blockedip)
131
- {
132
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
- if(empty($blockedip->blocked_for_time))
134
- echo "<span class=redtext>Permanently</span>";
135
- else
136
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
- }
139
- ?>
140
- </tbody>
141
- </table>
142
- <script type="text/javascript">
143
- jQuery("#blockedips_table1").DataTable({
144
- "order": [[ 3, "desc" ]]
145
- });
146
- </script>
147
- <?php
148
-
149
- exit;
150
- }
151
- }
152
-
153
-
154
- // Function to handle Whitelist IP form submit
155
- function wpns_handle_whitelist_ip($ip)
156
- {
157
- global $moWpnsUtility;
158
- if( $moWpnsUtility->check_empty_or_null($ip))
159
- {
160
- //change message
161
- echo("EMPTY IP");
162
- exit;
163
- }
164
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
- { //change message
166
- echo("INVALID_IP");
167
- exit;
168
- }
169
- else
170
- {
171
- $ipAddress = sanitize_text_field($ip);
172
- $mo_wpns_config = new MoWpnsHandler();
173
- if($mo_wpns_config->is_whitelisted($ipAddress))
174
- {
175
- //change message
176
- echo("IP_ALREADY_WHITELISTED");
177
- exit;
178
- }
179
- else
180
- {
181
- $mo_wpns_config->whitelist_ip($ip);
182
- //Structures issues
183
- $mo_wpns_handler = new MoWpnsHandler();
184
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
-
186
- ?>
187
- <table id="whitelistedips_table1" class="display">
188
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
- <tbody>
190
- <?php
191
- foreach($whitelisted_ips as $whitelisted_ip)
192
- {
193
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
- }
195
-
196
-
197
- ?>
198
- </tbody>
199
- </table>
200
- <script type="text/javascript">
201
- jQuery("#whitelistedips_table1").DataTable({
202
- "order": [[ 1, "desc" ]]
203
- });
204
- </script>
205
-
206
- <?php
207
- exit;
208
- }
209
- }
210
- }
211
-
212
-
213
- // Function to handle remove whitelisted IP form submit
214
- function wpns_handle_remove_whitelist($entryID)
215
- {
216
- global $moWpnsUtility;
217
- if( $moWpnsUtility->check_empty_or_null($entryID))
218
- {
219
- //change Message
220
- echo("UNKNOWN_ERROR");
221
- exit;
222
- }
223
- else
224
- {
225
- $entryid = sanitize_text_field($entryID);
226
- $mo_wpns_config = new MoWpnsHandler();
227
- $mo_wpns_config->remove_whitelist_entry($entryid);
228
- //structures
229
- $mo_wpns_handler = new MoWpnsHandler();
230
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
-
232
- ?>
233
- <table id="whitelistedips_table1" class="display">
234
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
- <tbody>
236
- <?php
237
- foreach($whitelisted_ips as $whitelisted_ip)
238
- {
239
- echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
- }
241
-
242
-
243
- ?>
244
- </tbody>
245
- </table>
246
- <script type="text/javascript">
247
- jQuery("#whitelistedips_table1").DataTable({
248
- "order": [[ 1, "desc" ]]
249
- });
250
- </script>
251
-
252
- <?php
253
- exit;
254
- }
255
- }
256
-
257
 
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ $mo_wpns_handler = new MoWpnsHandler();
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch($_POST['option'])
9
+ {
10
+ case "mo_wpns_manual_block_ip":
11
+ wpns_handle_manual_block_ip($_POST['IP']); break;
12
+ case "mo_wpns_unblock_ip":
13
+ wpns_handle_unblock_ip($_POST['id']); break;
14
+ case "mo_wpns_whitelist_ip":
15
+ wpns_handle_whitelist_ip($_POST['IP']); break;
16
+ case "mo_wpns_remove_whitelist":
17
+ wpns_handle_remove_whitelist($_POST['id'] ); break;
18
+ }
19
+ }
20
+
21
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
22
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
23
+ $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
24
+ $path = explode('plugins', $path);
25
+ $img_loader_url = plugins_url().$path[1];
26
+
27
+ $page_url = "";
28
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
29
+
30
+
31
+ /** IP BLOCKING RELATED FUNCTIONS **/
32
+
33
+ // Function to handle Manual Block IP form submit
34
+ function wpns_handle_manual_block_ip($ip)
35
+ {
36
+
37
+ global $moWpnsUtility;
38
+
39
+ if( $moWpnsUtility->check_empty_or_null( $ip) )
40
+ {
41
+ //Improper message
42
+ echo("empty IP");
43
+ exit;
44
+ }
45
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
46
+ {
47
+ echo("INVALID_IP_FORMAT");
48
+ exit;
49
+ }
50
+ else
51
+ {
52
+ $ipAddress = sanitize_text_field( $ip );
53
+ $mo_wpns_config = new MoWpnsHandler();
54
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
55
+ if(!$isWhitelisted)
56
+ {
57
+ if($mo_wpns_config->mo_wpns_is_ip_blocked($ipAddress)){
58
+ //Change message
59
+ echo("already blocked");
60
+ exit;
61
+ } else{
62
+ $mo_wpns_config->mo_wpns_block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
63
+ //not in structures
64
+ ?>
65
+ <table id="blockedips_table1" class="display">
66
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
67
+ <tbody>
68
+ <?php
69
+ $mo_wpns_handler = new MoWpnsHandler();
70
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
71
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
72
+ global $mo2f_dirName;
73
+ foreach($blockedips as $blockedip)
74
+ {
75
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
76
+ if(empty($blockedip->blocked_for_time))
77
+ echo "<span class=redtext>Permanently</span>";
78
+ else
79
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
80
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
81
+ }
82
+ ?>
83
+ </tbody>
84
+ </table>
85
+ <script type="text/javascript">
86
+ jQuery("#blockedips_table1").DataTable({
87
+ "order": [[ 3, "desc" ]]
88
+ });
89
+ </script>
90
+ <?php
91
+ exit;
92
+ }
93
+ }
94
+ else
95
+ {
96
+ // Change message
97
+ echo("IP_IN_WHITELISTED");
98
+ exit;
99
+ }
100
+ }
101
+ }
102
+
103
+
104
+ // Function to handle Manual Block IP form submit
105
+ function wpns_handle_unblock_ip($entryID)
106
+ {
107
+ global $moWpnsUtility;
108
+
109
+ if( $moWpnsUtility->check_empty_or_null($entryID))
110
+ {
111
+ // Change message
112
+ echo("UNKNOWN_ERROR");
113
+ exit;
114
+ }
115
+ else
116
+ {
117
+ $entryid = sanitize_text_field($entryID);
118
+ $mo_wpns_config = new MoWpnsHandler();
119
+ $mo_wpns_config->unblock_ip_entry($entryid);
120
+ //not is structure
121
+ ?>
122
+ <table id="blockedips_table1" class="display">
123
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
124
+ <tbody>
125
+ <?php
126
+ $mo_wpns_handler = new MoWpnsHandler();
127
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
128
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
129
+ global $mo2f_dirName;
130
+ foreach($blockedips as $blockedip)
131
+ {
132
+ echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
133
+ if(empty($blockedip->blocked_for_time))
134
+ echo "<span class=redtext>Permanently</span>";
135
+ else
136
+ echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
137
+ echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
138
+ }
139
+ ?>
140
+ </tbody>
141
+ </table>
142
+ <script type="text/javascript">
143
+ jQuery("#blockedips_table1").DataTable({
144
+ "order": [[ 3, "desc" ]]
145
+ });
146
+ </script>
147
+ <?php
148
+
149
+ exit;
150
+ }
151
+ }
152
+
153
+
154
+ // Function to handle Whitelist IP form submit
155
+ function wpns_handle_whitelist_ip($ip)
156
+ {
157
+ global $moWpnsUtility;
158
+ if( $moWpnsUtility->check_empty_or_null($ip))
159
+ {
160
+ //change message
161
+ echo("EMPTY IP");
162
+ exit;
163
+ }
164
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
165
+ { //change message
166
+ echo("INVALID_IP");
167
+ exit;
168
+ }
169
+ else
170
+ {
171
+ $ipAddress = sanitize_text_field($ip);
172
+ $mo_wpns_config = new MoWpnsHandler();
173
+ if($mo_wpns_config->is_whitelisted($ipAddress))
174
+ {
175
+ //change message
176
+ echo("IP_ALREADY_WHITELISTED");
177
+ exit;
178
+ }
179
+ else
180
+ {
181
+ $mo_wpns_config->whitelist_ip($ip);
182
+ //Structures issues
183
+ $mo_wpns_handler = new MoWpnsHandler();
184
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
185
+
186
+ ?>
187
+ <table id="whitelistedips_table1" class="display">
188
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
189
+ <tbody>
190
+ <?php
191
+ foreach($whitelisted_ips as $whitelisted_ip)
192
+ {
193
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
194
+ }
195
+
196
+
197
+ ?>
198
+ </tbody>
199
+ </table>
200
+ <script type="text/javascript">
201
+ jQuery("#whitelistedips_table1").DataTable({
202
+ "order": [[ 1, "desc" ]]
203
+ });
204
+ </script>
205
+
206
+ <?php
207
+ exit;
208
+ }
209
+ }
210
+ }
211
+
212
+
213
+ // Function to handle remove whitelisted IP form submit
214
+ function wpns_handle_remove_whitelist($entryID)
215
+ {
216
+ global $moWpnsUtility;
217
+ if( $moWpnsUtility->check_empty_or_null($entryID))
218
+ {
219
+ //change Message
220
+ echo("UNKNOWN_ERROR");
221
+ exit;
222
+ }
223
+ else
224
+ {
225
+ $entryid = sanitize_text_field($entryID);
226
+ $mo_wpns_config = new MoWpnsHandler();
227
+ $mo_wpns_config->remove_whitelist_entry($entryid);
228
+ //structures
229
+ $mo_wpns_handler = new MoWpnsHandler();
230
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
231
+
232
+ ?>
233
+ <table id="whitelistedips_table1" class="display">
234
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
235
+ <tbody>
236
+ <?php
237
+ foreach($whitelisted_ips as $whitelisted_ip)
238
+ {
239
+ echo "<tr class='mo_wpns_not_bold'><td>".$whitelisted_ip->ip_address."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
240
+ }
241
+
242
+
243
+ ?>
244
+ </tbody>
245
+ </table>
246
+ <script type="text/javascript">
247
+ jQuery("#whitelistedips_table1").DataTable({
248
+ "order": [[ 1, "desc" ]]
249
+ });
250
+ </script>
251
+
252
+ <?php
253
+ exit;
254
+ }
255
+ }
256
+
257
 
controllers/licensing.php CHANGED
@@ -1,50 +1,50 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $default_url = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
6
- $form_action = MoWpnsConstants::HOST_NAME.'/moas/login';
7
- $admin_email = get_option('mo2f_email');
8
- $redirect_url = MoWpnsConstants::HOST_NAME .'/moas/initializepayment';
9
-
10
- $basic_plan_price = '$9 / year';
11
- $premium_plan_price = '$9 / year + One Time Setup Fees';
12
-
13
-
14
- $basic_plan_features= array(
15
- "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
16
- "User Registration Security - Disallow Disposable / Fake email addresses",
17
- "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
18
- "Advanced Blocking based on: IP range",
19
- "Protection for WP files",
20
- "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
21
- "Database Backup",
22
- "Google reCAPTCHA",
23
- "Password protection - Enforce Strong Password : Check Password strength for all users",
24
- "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
25
- "Advanced activity logs auditing and reporting",
26
- "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
27
- "Advanced User Verification",
28
- "Social Login Integration",
29
- ""
30
- );
31
-
32
- $premium_plan_features= array(
33
- "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
34
- "User Registration Security - Disallow Disposable / Fake email addresses",
35
- "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
36
- "Advanced Blocking based on: IP range",
37
- "Protection for WP files",
38
- "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
39
- "Database Backup",
40
- "Google reCAPTCHA",
41
- "Password protection - Enforce Strong Password : Check Password strength for all users",
42
- "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
43
- "Advanced activity logs auditing and reporting",
44
- "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
45
- "Advanced User Verification",
46
- "Social Login Integration",
47
- 'End to End Integration Support'
48
- );
49
-
50
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'licensing.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $default_url = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
6
+ $form_action = MoWpnsConstants::HOST_NAME.'/moas/login';
7
+ $admin_email = get_option('mo2f_email');
8
+ $redirect_url = MoWpnsConstants::HOST_NAME .'/moas/initializepayment';
9
+
10
+ $basic_plan_price = '$9 / year';
11
+ $premium_plan_price = '$9 / year + One Time Setup Fees';
12
+
13
+
14
+ $basic_plan_features= array(
15
+ "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
16
+ "User Registration Security - Disallow Disposable / Fake email addresses",
17
+ "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
18
+ "Advanced Blocking based on: IP range",
19
+ "Protection for WP files",
20
+ "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
21
+ "Database Backup",
22
+ "Google reCAPTCHA",
23
+ "Password protection - Enforce Strong Password : Check Password strength for all users",
24
+ "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
25
+ "Advanced activity logs auditing and reporting",
26
+ "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
27
+ "Advanced User Verification",
28
+ "Social Login Integration",
29
+ ""
30
+ );
31
+
32
+ $premium_plan_features= array(
33
+ "Brute Force Protection ( Login Security and Monitoring - Limit Login Attempts and track user logins. )",
34
+ "User Registration Security - Disallow Disposable / Fake email addresses",
35
+ "IP Blocking:(manual and automatic) [Blaclisting and whitelisting included",
36
+ "Advanced Blocking based on: IP range",
37
+ "Protection for WP files",
38
+ "Security Log - Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging",
39
+ "Database Backup",
40
+ "Google reCAPTCHA",
41
+ "Password protection - Enforce Strong Password : Check Password strength for all users",
42
+ "Mobile authentication based on QR code, OTP over SMS and email, Push, Soft token (15+ methods to choose from)<br>For Unlimited Users",
43
+ "Advanced activity logs auditing and reporting",
44
+ "Risk based access - Contextual authentication based on device, location, time of access and user behavior",
45
+ "Advanced User Verification",
46
+ "Social Login Integration",
47
+ 'End to End Integration Support'
48
+ );
49
+
50
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'licensing.php';
controllers/login-security.php CHANGED
@@ -1,216 +1,216 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $twofactor_url = add_query_arg(
6
- array('page' => 'mo_2fa_two_fa')
7
- , $_SERVER['REQUEST_URI']
8
- );
9
-
10
-
11
-
12
- if(current_user_can( 'manage_options' ) && isset($_REQUEST['option']))
13
- {
14
- switch($_REQUEST['option'])
15
- {
16
- case "mo_wpns_enable_brute_force":
17
- wpns_handle_bf_enable_form($_POST); break;
18
- case "mo_wpns_brute_force_configuration":
19
- wpns_handle_bf_configuration_form($_POST); break;
20
- case "mo_wpns_slow_down_attacks":
21
- wpns_handle_dos_enable_form($_POST); break;
22
- case "mo_wpns_slow_down_attacks_config":
23
- wpns_handle_dos_configuration($_POST); break;
24
- case "mo_wpns_enable_2fa":
25
- wpns_handle_enable_2fa($_POST); break;
26
- case "mo2f_enforce_strong_passswords":
27
- wpns_handle_enable_strong_password($_POST); break;
28
- case "mo_wpns_rba_enable_2fa":
29
- wpns_handle_enable_rba(); break;
30
- case "mo_wpns_recaptcha_settings":
31
- wpns_handle_recaptcha_configuration($_POST); break;
32
- case "mo_wpns_enable_rename_login_url":
33
- wpns_handle_enable_rename_login_url($_POST); break;
34
-
35
- }
36
- }
37
-
38
- $allwed_login_attempts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
39
- $time_of_blocking_type = get_option('mo2f_time_of_blocking_type') ? get_option('mo2f_time_of_blocking_type') : "permanent";
40
- $time_of_blocking_val = get_option('mo2f_time_of_blocking_val') ? get_option('mo2f_time_of_blocking_val') : 3;
41
- $brute_force_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option') ? "checked" : "";
42
- $remaining_attempts = MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option') ? "checked" : "";
43
- $slow_down_attacks = get_option('mo_wpns_slow_down_attacks') ? "checked" : "";
44
- $enable_2fa = get_option('mo_wpns_enable_2fa') ? "checked" : "";
45
-
46
- $enforce_strong_password= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') ? "checked" : "";
47
- $attack_delay = get_option('mo_wpns_slow_down_attacks_delay') ? get_option('mo_wpns_slow_down_attacks_delay'): 2 ;
48
- $google_recaptcha = get_option('mo_wpns_activate_recaptcha') ? "checked": "";
49
-
50
-
51
-
52
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
53
-
54
-
55
- $test_recaptcha_url_v3 = add_query_arg( array('option'=>'testrecaptchaconfig3'), $_SERVER['REQUEST_URI'] );
56
- $captcha_url_v2 = 'https://www.google.com/recaptcha/admin#list';
57
- $captcha_url_v3 = 'https://www.google.com/recaptcha/admin/create';
58
-
59
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2'){
60
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key');
61
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');}
62
-
63
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3'){
64
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key_v3');
65
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key_v3');
66
- }
67
-
68
- $captcha_login = get_option('mo_wpns_activate_recaptcha_for_login') ? "checked" : "";
69
- $captcha_reg = get_option('mo_wpns_activate_recaptcha_for_registration') ? "checked" : "";
70
-
71
-
72
- $strong_password_account= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') ? MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') : "all";
73
-
74
-
75
- $mo2FAPlugin = new TwoFAPlugin();
76
- $twofa_status= $mo2FAPlugin->getstatus();
77
- switch ($twofa_status)
78
- {
79
-
80
- case "ACTIVE":
81
- $mo2FAPlugin->updatePluginConfiguration();
82
- break;
83
- case "INSTALLED":
84
- $path = "miniorange-2-factor-authentication/miniorange_2_factor_settings.php";
85
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
86
- break;
87
- default:
88
- $action = 'install-plugin';
89
- $slug = 'miniorange-2-factor-authentication';
90
- $install_link = wp_nonce_url(
91
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
92
- $action.'_'.$slug
93
- );
94
- break;
95
- }
96
-
97
-
98
-
99
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login-security.php';
100
-
101
-
102
-
103
- /** LOGIN SECURITY RELATED FUNCTIONS **/
104
-
105
- //Function to handle enabling and disabling of brute force protection
106
- function wpns_handle_bf_enable_form($postData)
107
- {
108
- $enable = isset($postData['enable_brute_force_protection']) ? $postData['enable_brute_force_protection'] : false;
109
- update_option( 'mo2f_enable_brute_force', $enable );
110
-
111
- if($enable)
112
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_ENABLED'),'SUCCESS');
113
- else
114
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_DISABLED'),'ERROR');
115
- }
116
-
117
-
118
- //Function to handle brute force configuration
119
- function wpns_handle_bf_configuration_form($postData)
120
- {
121
- $login_attempts = $postData['allwed_login_attempts'];
122
- $blocking_type = $postData['time_of_blocking_type'];
123
- $blocking_value = isset($postData['time_of_blocking_val']) ? $postData['time_of_blocking_val'] : false;
124
- $remaining_attempts = isset($postData['show_remaining_attempts'])? $postData['show_remaining_attempts'] : false;
125
-
126
- update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
- update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
128
- update_option( 'mo2f_time_of_blocking_val' , $blocking_value );
129
- update_option( 'mo2f_show_remaining_attempts', $remaining_attempts );
130
-
131
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
132
- }
133
-
134
-
135
-
136
-
137
-
138
- //Function to handle enabling and disabling of two factor
139
- function wpns_handle_enable_2fa($postData)
140
- {
141
- $enable_2fa = isset($postData['mo_wpns_enable_2fa']) ? true : false;
142
- update_option( 'mo_wpns_enable_2fa', $enable_2fa);
143
-
144
- if($enable_2fa)
145
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_ENABLED'),'SUCCESS');
146
- else
147
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_DISABLED'),'ERROR');
148
- }
149
-
150
-
151
- //Function to handle enabling and disabling enforcement of strong password
152
- function wpns_handle_enable_strong_password($postData)
153
- {
154
- $set = isset($postData['mo2f_enforce_strong_passswords']) ? $postData['mo2f_enforce_strong_passswords'] : 0;
155
- update_option( 'mo2f_enforce_strong_passswords' , $set);
156
- update_option( 'mo2f_enforce_strong_passswords_for_accounts', $postData['mo2f_enforce_strong_passswords_for_accounts']);
157
- if($set)
158
- do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_ENABLED'),'SUCCESS');
159
- else
160
- do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_DISABLED'),'ERROR');
161
- }
162
-
163
-
164
- //Function to handle enabling and disabling RBA
165
- function wpns_handle_enable_rba()
166
- {
167
- update_option( 'mo_wpns_enable_2fa' , 1);
168
- update_option( 'mo2f_activate_plugin' , 1);
169
- update_option( 'mo_wpns_risk_based_access', 1);
170
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RBA_ENABLED'),'SUCCESS');
171
- }
172
-
173
-
174
- //Function to handle RBA configuration
175
-
176
-
177
- //Function to handle enabling and disabling google recaptcha
178
- function wpns_handle_enable_recaptcha($postData)
179
- {
180
- $enable = isset($postData['mo_wpns_activate_recaptcha']) ? $postData['mo_wpns_activate_recaptcha'] : false;
181
- update_option( 'mo_wpns_activate_recaptcha', $enable );
182
-
183
- if($enable)
184
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
185
- else
186
- {
187
- update_option( 'mo_wpns_activate_recaptcha_for_login' , false );
188
- update_option( 'mo_wpns_activate_recaptcha_for_registration', false );
189
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login' , false );
190
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration', false );
191
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_DISABLED'),'ERROR');
192
- }
193
- }
194
-
195
-
196
- //Function to handle recaptcha configuration
197
-
198
-
199
-
200
-
201
- function wpns_handle_enable_rename_login_url($postData){
202
- $enable_rename_login_url_checkbox = false;
203
- if(isset($postData['enable_rename_login_url_checkbox']) && $postData['enable_rename_login_url_checkbox']){
204
- $enable_rename_login_url_checkbox = sanitize_text_field($postData['enable_rename_login_url_checkbox']);
205
- do_action('wpns_show_message','Rename Admin Login Page URL is enabled.','SUCCESS');
206
- }else {
207
- do_action('wpns_show_message','Rename Admin Login Page URL is disabled.','SUCCESS');
208
- }
209
- $loginurl = get_option('login_page_url');
210
- if ($loginurl == "") {
211
- update_option('login_page_url', "mylogin");
212
- }
213
- update_option( 'mo_wpns_enable_rename_login_url', $enable_rename_login_url_checkbox);
214
- }
215
-
216
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $twofactor_url = add_query_arg(
6
+ array('page' => 'mo_2fa_two_fa')
7
+ , $_SERVER['REQUEST_URI']
8
+ );
9
+
10
+
11
+
12
+ if(current_user_can( 'manage_options' ) && isset($_REQUEST['option']))
13
+ {
14
+ switch($_REQUEST['option'])
15
+ {
16
+ case "mo_wpns_enable_brute_force":
17
+ wpns_handle_bf_enable_form($_POST); break;
18
+ case "mo_wpns_brute_force_configuration":
19
+ wpns_handle_bf_configuration_form($_POST); break;
20
+ case "mo_wpns_slow_down_attacks":
21
+ wpns_handle_dos_enable_form($_POST); break;
22
+ case "mo_wpns_slow_down_attacks_config":
23
+ wpns_handle_dos_configuration($_POST); break;
24
+ case "mo_wpns_enable_2fa":
25
+ wpns_handle_enable_2fa($_POST); break;
26
+ case "mo2f_enforce_strong_passswords":
27
+ wpns_handle_enable_strong_password($_POST); break;
28
+ case "mo_wpns_rba_enable_2fa":
29
+ wpns_handle_enable_rba(); break;
30
+ case "mo_wpns_recaptcha_settings":
31
+ wpns_handle_recaptcha_configuration($_POST); break;
32
+ case "mo_wpns_enable_rename_login_url":
33
+ wpns_handle_enable_rename_login_url($_POST); break;
34
+
35
+ }
36
+ }
37
+
38
+ $allwed_login_attempts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
39
+ $time_of_blocking_type = get_option('mo2f_time_of_blocking_type') ? get_option('mo2f_time_of_blocking_type') : "permanent";
40
+ $time_of_blocking_val = get_option('mo2f_time_of_blocking_val') ? get_option('mo2f_time_of_blocking_val') : 3;
41
+ $brute_force_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option') ? "checked" : "";
42
+ $remaining_attempts = MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option') ? "checked" : "";
43
+ $slow_down_attacks = get_option('mo_wpns_slow_down_attacks') ? "checked" : "";
44
+ $enable_2fa = get_option('mo_wpns_enable_2fa') ? "checked" : "";
45
+
46
+ $enforce_strong_password= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') ? "checked" : "";
47
+ $attack_delay = get_option('mo_wpns_slow_down_attacks_delay') ? get_option('mo_wpns_slow_down_attacks_delay'): 2 ;
48
+ $google_recaptcha = get_option('mo_wpns_activate_recaptcha') ? "checked": "";
49
+
50
+
51
+
52
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
53
+
54
+
55
+ $test_recaptcha_url_v3 = add_query_arg( array('option'=>'testrecaptchaconfig3'), $_SERVER['REQUEST_URI'] );
56
+ $captcha_url_v2 = 'https://www.google.com/recaptcha/admin#list';
57
+ $captcha_url_v3 = 'https://www.google.com/recaptcha/admin/create';
58
+
59
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2'){
60
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key');
61
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');}
62
+
63
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3'){
64
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key_v3');
65
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key_v3');
66
+ }
67
+
68
+ $captcha_login = get_option('mo_wpns_activate_recaptcha_for_login') ? "checked" : "";
69
+ $captcha_reg = get_option('mo_wpns_activate_recaptcha_for_registration') ? "checked" : "";
70
+
71
+
72
+ $strong_password_account= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') ? MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') : "all";
73
+
74
+
75
+ $mo2FAPlugin = new TwoFAPlugin();
76
+ $twofa_status= $mo2FAPlugin->getstatus();
77
+ switch ($twofa_status)
78
+ {
79
+
80
+ case "ACTIVE":
81
+ $mo2FAPlugin->updatePluginConfiguration();
82
+ break;
83
+ case "INSTALLED":
84
+ $path = "miniorange-2-factor-authentication/miniorange_2_factor_settings.php";
85
+ $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
86
+ break;
87
+ default:
88
+ $action = 'install-plugin';
89
+ $slug = 'miniorange-2-factor-authentication';
90
+ $install_link = wp_nonce_url(
91
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
92
+ $action.'_'.$slug
93
+ );
94
+ break;
95
+ }
96
+
97
+
98
+
99
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login-security.php';
100
+
101
+
102
+
103
+ /** LOGIN SECURITY RELATED FUNCTIONS **/
104
+
105
+ //Function to handle enabling and disabling of brute force protection
106
+ function wpns_handle_bf_enable_form($postData)
107
+ {
108
+ $enable = isset($postData['enable_brute_force_protection']) ? $postData['enable_brute_force_protection'] : false;
109
+ update_option( 'mo2f_enable_brute_force', $enable );
110
+
111
+ if($enable)
112
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_ENABLED'),'SUCCESS');
113
+ else
114
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_DISABLED'),'ERROR');
115
+ }
116
+
117
+
118
+ //Function to handle brute force configuration
119
+ function wpns_handle_bf_configuration_form($postData)
120
+ {
121
+ $login_attempts = $postData['allwed_login_attempts'];
122
+ $blocking_type = $postData['time_of_blocking_type'];
123
+ $blocking_value = isset($postData['time_of_blocking_val']) ? $postData['time_of_blocking_val'] : false;
124
+ $remaining_attempts = isset($postData['show_remaining_attempts'])? $postData['show_remaining_attempts'] : false;
125
+
126
+ update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
+ update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
128
+ update_option( 'mo2f_time_of_blocking_val' , $blocking_value );
129
+ update_option( 'mo2f_show_remaining_attempts', $remaining_attempts );
130
+
131
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
132
+ }
133
+
134
+
135
+
136
+
137
+
138
+ //Function to handle enabling and disabling of two factor
139
+ function wpns_handle_enable_2fa($postData)
140
+ {
141
+ $enable_2fa = isset($postData['mo_wpns_enable_2fa']) ? true : false;
142
+ update_option( 'mo_wpns_enable_2fa', $enable_2fa);
143
+
144
+ if($enable_2fa)
145
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_ENABLED'),'SUCCESS');
146
+ else
147
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_DISABLED'),'ERROR');
148
+ }
149
+
150
+
151
+ //Function to handle enabling and disabling enforcement of strong password
152
+ function wpns_handle_enable_strong_password($postData)
153
+ {
154
+ $set = isset($postData['mo2f_enforce_strong_passswords']) ? $postData['mo2f_enforce_strong_passswords'] : 0;
155
+ update_option( 'mo2f_enforce_strong_passswords' , $set);
156
+ update_option( 'mo2f_enforce_strong_passswords_for_accounts', $postData['mo2f_enforce_strong_passswords_for_accounts']);
157
+ if($set)
158
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_ENABLED'),'SUCCESS');
159
+ else
160
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_DISABLED'),'ERROR');
161
+ }
162
+
163
+
164
+ //Function to handle enabling and disabling RBA
165
+ function wpns_handle_enable_rba()
166
+ {
167
+ update_option( 'mo_wpns_enable_2fa' , 1);
168
+ update_option( 'mo2f_activate_plugin' , 1);
169
+ update_option( 'mo_wpns_risk_based_access', 1);
170
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RBA_ENABLED'),'SUCCESS');
171
+ }
172
+
173
+
174
+ //Function to handle RBA configuration
175
+
176
+
177
+ //Function to handle enabling and disabling google recaptcha
178
+ function wpns_handle_enable_recaptcha($postData)
179
+ {
180
+ $enable = isset($postData['mo_wpns_activate_recaptcha']) ? $postData['mo_wpns_activate_recaptcha'] : false;
181
+ update_option( 'mo_wpns_activate_recaptcha', $enable );
182
+
183
+ if($enable)
184
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
185
+ else
186
+ {
187
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , false );
188
+ update_option( 'mo_wpns_activate_recaptcha_for_registration', false );
189
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login' , false );
190
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration', false );
191
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_DISABLED'),'ERROR');
192
+ }
193
+ }
194
+
195
+
196
+ //Function to handle recaptcha configuration
197
+
198
+
199
+
200
+
201
+ function wpns_handle_enable_rename_login_url($postData){
202
+ $enable_rename_login_url_checkbox = false;
203
+ if(isset($postData['enable_rename_login_url_checkbox']) && $postData['enable_rename_login_url_checkbox']){
204
+ $enable_rename_login_url_checkbox = sanitize_text_field($postData['enable_rename_login_url_checkbox']);
205
+ do_action('wpns_show_message','Rename Admin Login Page URL is enabled.','SUCCESS');
206
+ }else {
207
+ do_action('wpns_show_message','Rename Admin Login Page URL is disabled.','SUCCESS');
208
+ }
209
+ $loginurl = get_option('login_page_url');
210
+ if ($loginurl == "") {
211
+ update_option('login_page_url', "mylogin");
212
+ }
213
+ update_option( 'mo_wpns_enable_rename_login_url', $enable_rename_login_url_checkbox);
214
+ }
215
+
216
+
controllers/login-spam.php CHANGED
@@ -1,10 +1,10 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
- if( isset( $_GET[ 'tab' ] ) ) {
4
- $active_tab = $_GET[ 'tab' ];
5
- } else {
6
- $active_tab = 'default';
7
- }
8
- update_site_option('mo2f_visit_login_and_spam',true);
9
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login_spam.php';
10
  ?>
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+ if( isset( $_GET[ 'tab' ] ) ) {
4
+ $active_tab = $_GET[ 'tab' ];
5
+ } else {
6
+ $active_tab = 'default';
7
+ }
8
+ update_site_option('mo2f_visit_login_and_spam',true);
9
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login_spam.php';
10
  ?>
controllers/main_controller.php CHANGED
@@ -1,103 +1,103 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
-
7
- include $controller . 'navbar.php';
8
- if(current_user_can('administrator'))
9
- {
10
-
11
- include $controller . 'newtork_security_features.php';
12
-
13
-
14
- if( isset( $_GET[ 'page' ]))
15
- {
16
- switch($_GET['page'])
17
- {
18
- case 'mo_2fa_dashboard':
19
- include $controller . 'dashboard.php'; break;
20
- case 'mo_2fa_login_and_spam':
21
- include $controller . 'login-spam.php'; break;
22
- case 'default':
23
- include $controller . 'login-security.php'; break;
24
- case 'mo_2fa_account':
25
- include $controller . 'account.php'; break;
26
- case 'mo_2fa_backup':
27
- include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
28
- case 'mo_2fa_upgrade':
29
- include $controller . 'upgrade.php'; break;
30
- case 'mo_2fa_waf':
31
- include $controller . 'waf.php'; break;
32
- case 'mo_2fa_blockedips':
33
- include $controller . 'ip-blocking.php'; break;
34
- case 'mo_2fa_advancedblocking':
35
- include $controller . 'advanced-blocking.php'; break;
36
- case 'mo_2fa_notifications':
37
- include $controller . 'notification-settings.php'; break;
38
- case 'mo_2fa_reports':
39
- include $controller . 'reports.php'; break;
40
- case 'mo_2fa_licensing':
41
- include $controller . 'licensing.php'; break;
42
- case 'mo_2fa_troubleshooting':
43
- include $controller . 'troubleshooting.php'; break;
44
- case 'mo_2fa_addons':
45
- include $controller . 'addons.php'; break;
46
- case 'mo_2fa_malwarescan':
47
- include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
48
- case 'mo_2fa_two_fa':
49
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
50
- case 'mo_2fa_request_demo':
51
- include $controller . 'request_demo.php'; break;
52
- case 'mo_2fa_request_offer':
53
- include $controller . 'request_offer.php';
54
- }
55
- }
56
-
57
- }
58
- else
59
- {
60
- if( isset( $_GET[ 'page' ]))
61
- {
62
- switch($_GET['page'])
63
- {
64
- case 'mo_2fa_two_fa':
65
- include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
66
-
67
- }
68
-
69
- }
70
-
71
- }
72
- if (isset( $_GET[ 'page' ])) {
73
-
74
- if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons" || $_GET['page'] == "mo_2fa_account"
75
- || $_GET['page']=="mo_2fa_waf" || $_GET['page']=="mo_2fa_login_and_spam" || $_GET['page']=="mo_2fa_dashboard")
76
- {
77
- include $controller . 'feedback_footer.php';
78
- }
79
- }
80
- ?>
81
-
82
- <!-- <script>
83
- jQuery(document).ready(function(){
84
- var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
85
- var data={
86
- 'action':'mo_wpns_malware_redirect',
87
- 'call_type':'malware_scan_initiate',
88
- 'scan':'scan_start',
89
- 'scantype':'quick_scan',
90
- 'nonce': nonce
91
- };
92
- jQuery.post(ajaxurl, data, function(response){
93
- jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
94
- document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
95
- jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
96
- document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
97
- jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
98
- document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
99
- document.getElementById("quick_scan_button").value = "Quick Scan";
100
- });
101
- });
102
- </script> -->
103
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $controller = $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR;
6
+
7
+ include $controller . 'navbar.php';
8
+ if(current_user_can('administrator'))
9
+ {
10
+
11
+ include $controller . 'newtork_security_features.php';
12
+
13
+
14
+ if( isset( $_GET[ 'page' ]))
15
+ {
16
+ switch($_GET['page'])
17
+ {
18
+ case 'mo_2fa_dashboard':
19
+ include $controller . 'dashboard.php'; break;
20
+ case 'mo_2fa_login_and_spam':
21
+ include $controller . 'login-spam.php'; break;
22
+ case 'default':
23
+ include $controller . 'login-security.php'; break;
24
+ case 'mo_2fa_account':
25
+ include $controller . 'account.php'; break;
26
+ case 'mo_2fa_backup':
27
+ include $controller . 'backup'.DIRECTORY_SEPARATOR.'backup.php'; break;
28
+ case 'mo_2fa_upgrade':
29
+ include $controller . 'upgrade.php'; break;
30
+ case 'mo_2fa_waf':
31
+ include $controller . 'waf.php'; break;
32
+ case 'mo_2fa_blockedips':
33
+ include $controller . 'ip-blocking.php'; break;
34
+ case 'mo_2fa_advancedblocking':
35
+ include $controller . 'advanced-blocking.php'; break;
36
+ case 'mo_2fa_notifications':
37
+ include $controller . 'notification-settings.php'; break;
38
+ case 'mo_2fa_reports':
39
+ include $controller . 'reports.php'; break;
40
+ case 'mo_2fa_licensing':
41
+ include $controller . 'licensing.php'; break;
42
+ case 'mo_2fa_troubleshooting':
43
+ include $controller . 'troubleshooting.php'; break;
44
+ case 'mo_2fa_addons':
45
+ include $controller . 'addons.php'; break;
46
+ case 'mo_2fa_malwarescan':
47
+ include $controller . 'malware_scanner'.DIRECTORY_SEPARATOR.'scan_malware.php'; break;
48
+ case 'mo_2fa_two_fa':
49
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
50
+ case 'mo_2fa_request_demo':
51
+ include $controller . 'request_demo.php'; break;
52
+ case 'mo_2fa_request_offer':
53
+ include $controller . 'request_offer.php';
54
+ }
55
+ }
56
+
57
+ }
58
+ else
59
+ {
60
+ if( isset( $_GET[ 'page' ]))
61
+ {
62
+ switch($_GET['page'])
63
+ {
64
+ case 'mo_2fa_two_fa':
65
+ include $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
66
+
67
+ }
68
+
69
+ }
70
+
71
+ }
72
+ if (isset( $_GET[ 'page' ])) {
73
+
74
+ if ($_GET[ 'page' ] == "mo_2fa_upgrade" || $_GET[ 'page' ] == "mo_2fa_addons" || $_GET['page'] == "mo_2fa_account"
75
+ || $_GET['page']=="mo_2fa_waf" || $_GET['page']=="mo_2fa_login_and_spam" || $_GET['page']=="mo_2fa_dashboard")
76
+ {
77
+ include $controller . 'feedback_footer.php';
78
+ }
79
+ }
80
+ ?>
81
+
82
+ <!-- <script>
83
+ jQuery(document).ready(function(){
84
+ var nonce = "<?php //echo wp_create_nonce('wpns-quick-scan');?>";
85
+ var data={
86
+ 'action':'mo_wpns_malware_redirect',
87
+ 'call_type':'malware_scan_initiate',
88
+ 'scan':'scan_start',
89
+ 'scantype':'quick_scan',
90
+ 'nonce': nonce
91
+ };
92
+ jQuery.post(ajaxurl, data, function(response){
93
+ jQuery('input[name="quick_scan_button"]').removeAttr('disabled');
94
+ document.getElementById('quick_scan_button').style.backgroundColor = '#20b2aa';
95
+ jQuery('input[name="standard_scan_button"]').removeAttr('disabled');
96
+ document.getElementById('standard_scan_button').style.backgroundColor = '#20b2aa';
97
+ jQuery('input[name="custom_scan_button"]').removeAttr('disabled');
98
+ document.getElementById('custom_scan_button').style.backgroundColor = '#20b2aa';
99
+ document.getElementById("quick_scan_button").value = "Quick Scan";
100
+ });
101
+ });
102
+ </script> -->
103
+
controllers/malware_scanner/malware_scan_ajax.php CHANGED
@@ -1,421 +1,421 @@
1
- <?php
2
- class Mo_wpns_scan_malware
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_malware_scanner_functions' ) );
6
-
7
- }
8
-
9
- public function mo_wpns_malware_scanner_functions(){
10
- add_action('wp_ajax_mo_wpns_malware_redirect', array( $this, 'mo_wpns_malware_redirect' ));
11
-
12
-
13
- }
14
-
15
- public function mo_wpns_malware_redirect(){
16
- switch($_POST['call_type'])
17
- {
18
- case "submit_malware_settings_form":
19
- $this->mo_wpns_save_malware_config_form($_POST);
20
- break;
21
- case "malware_scan_initiate":
22
- $this->mo_wpns_start_malware_scan($_POST);
23
- break;
24
- case "wpns_enable_tour":
25
- update_option('skip_tour', 0);
26
- break;
27
- case "wpns_disable_tour":
28
- update_option('skip_tour', 1);
29
- break;
30
- case "malware_progress_bar":
31
- $this->mo_wpns_get_progress();
32
- break;
33
- case "malware_scan_last_result":
34
- $this->mo_wpns_get_scan_result();
35
- break;
36
- case "malware_scan_terminate":
37
- $this->mo_wpns_stop_scan();
38
- break;
39
-
40
- }
41
- }
42
-
43
- public function mo_wpns_save_malware_config_form($POSTED){
44
- $nonce = $POSTED['nonce'];
45
- if ( ! wp_verify_nonce( $nonce, 'mo-wpns-scan-settings' ) ){
46
- wp_send_json('ERROR');
47
- return;
48
- }
49
- if(! isset($POSTED['scan_plugin']) && ! isset($POSTED['scan_themes']) && ! isset($POSTED['scan_core'])){
50
- wp_send_json('folder_error');
51
- }elseif (! isset($POSTED['vulnerable_check']) && ! isset($POSTED['sql_check']) && ! isset($POSTED['rfi_check']) && ! isset($POSTED['ext_link']) && ! isset($POSTED['repo_check'])) {
52
- wp_send_json('level_error');
53
- }
54
- else{
55
- $mo_wpns_scan_plugins=isset($POSTED['scan_plugin']) ? sanitize_text_field($POSTED['scan_plugin']) : 0;
56
- $mo_wpns_scan_themes=isset($POSTED['scan_themes']) ? sanitize_text_field($POSTED['scan_themes']) : 0;
57
- $mo_wpns_scan_wp_files= isset($POSTED['scan_core']) ? sanitize_text_field($POSTED['scan_core']) : 0;
58
- $mo_wpns_scan_files_extensions= sanitize_text_field($POSTED['file_type']);
59
- $mo_wpns_check_vulnerable_code=isset($POSTED['vulnerable_check']) ? sanitize_text_field($POSTED['vulnerable_check']) : 0;
60
- $mo_wpns_check_sql_injection=isset($POSTED['sql_check']) ? sanitize_text_field($POSTED['sql_check']) : 0;
61
- $mo_wpns_check_external_link=isset($POSTED['ext_link']) ? sanitize_text_field($POSTED['ext_link']) : 0;
62
- $mo_wpns_scan_files_with_repo=isset($POSTED['repo_check']) ? sanitize_text_field($POSTED['repo_check']) : 0;
63
- $folders_to_skip= sanitize_text_field($POSTED['skip_path']);
64
- $folders_to_skip = str_replace('\\\\', '/', $folders_to_skip);
65
- $str="";
66
-
67
- $mo_wpns_skip_folders="";
68
- if(!empty($folders_to_skip)){
69
- $folders_to_skip_array=explode(";",$folders_to_skip);
70
- for($i=0; $i< count($folders_to_skip_array); $i++){
71
- if(is_dir($folders_to_skip_array[$i])){
72
- $str.= $folders_to_skip_array[$i];
73
- if($i!= count($folders_to_skip_array)-1){
74
- $str.=";";
75
- }
76
- }elseif($folders_to_skip_array[$i] == ''){
77
- $str.= $folders_to_skip_array[$i];
78
- }
79
- else{
80
- wp_send_json('path_error');
81
- }
82
- }
83
- $mo_wpns_skip_folders=$str;
84
- }else{
85
- $mo_wpns_skip_folders=$folders_to_skip;
86
- }
87
-
88
- $scan_configuration = array(
89
- 'plugin_scan' => $mo_wpns_scan_plugins,
90
- 'theme_scan' => $mo_wpns_scan_themes,
91
- 'core_scan' => $mo_wpns_scan_wp_files,
92
- 'file_extension' => $mo_wpns_scan_files_extensions,
93
- 'check_vulnerable' => $mo_wpns_check_vulnerable_code,
94
- 'check_sql' => $mo_wpns_check_sql_injection,
95
- 'ext_link_check' => $mo_wpns_check_external_link,
96
- 'check_repo' => $mo_wpns_scan_files_with_repo,
97
- 'path_skip' => $mo_wpns_skip_folders,
98
- 'type_scan' => "",
99
- );
100
-
101
- $encoded_scan_configuration=json_encode($scan_configuration);
102
- update_site_option("mo_wpns_scan_configuration",$encoded_scan_configuration);
103
- wp_send_json('save_success');
104
- }
105
- }
106
-
107
- public function mo_wpns_start_malware_scan($POSTED){
108
- $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
109
- if(isset($decoded_scan_configuration)){
110
- $status = $decoded_scan_configuration->scan_progress;
111
- }else{
112
- $status=false;
113
- $scan_mode=false;
114
- }
115
- if($status == "IN PROGRESS"){
116
- wp_send_json('scanning_already');
117
- }
118
- global $moWpnsUtility, $mo2f_dirName;
119
-
120
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
121
- $mo2f_malware_db_handler = new MoWpnsDB();
122
-
123
- $current_time= time();
124
- update_site_option('mo_wpns_last_scan_time', $current_time);
125
- $plugin_current= get_plugins();
126
- update_site_option('mo_wpns_last_plugins', $plugin_current);
127
- $args=array();
128
- $theme_current= wp_get_themes($args);
129
- update_site_option('mo_wpns_last_themes', $theme_current);
130
- update_site_option('malware_notification_option',1);
131
-
132
- update_site_option('mo2f_scan_initialize', 0);
133
- update_site_option('mo_wpns_hide_malware_popup', 1);
134
-
135
- $mo_wpns_malware_scan_in_progress="IN PROGRESS";
136
- $mo_wpns_files_scanned=0;
137
- $mo_wpns_infected_files=0;
138
- $mo_wpns_warning_files=0;
139
- $wordpress_download_status=false;
140
-
141
- update_site_option('mo_wpns_infected_files',0);
142
- update_site_option('mo_wpns_warning_files',0);
143
- update_site_option('mo2f_files_skipped', 0);
144
- update_site_option('mo2f_file_size_excess', 0);
145
- update_site_option('mo2f_download_done', 0);
146
-
147
-
148
- $scan_status = array(
149
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
150
- 'files_scanned' => $mo_wpns_files_scanned,
151
- 'infected_files' => $mo_wpns_infected_files,
152
- 'warning_files' => $mo_wpns_warning_files,
153
- 'total_files' => 0,
154
- 'check_with_repo' => 0,
155
- 'extlink_check' => 0,
156
- 'scan_mode' => "",
157
- 'average_time_each_file' => 0,
158
- 'total_files_processed' => 0,
159
- 'status_download_time' => $wordpress_download_status
160
- );
161
-
162
- $encoded_scan_status=json_encode($scan_status);
163
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
164
-
165
-
166
- $mo2f_malware_db_handler->delete_files_parts();
167
-
168
- if(isset($POSTED['scan']) && $POSTED['scan']=='scan_start'){
169
- $scan_configuration = array();
170
- switch($POSTED['scantype'])
171
- {
172
- case "quick_scan":
173
- $nonce = $POSTED['nonce'];
174
- if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
175
- wp_send_json('ERROR');
176
- return;
177
- }
178
- $scan_configuration = MoWpnsConstants::$quick_scan_configuration;
179
- update_site_option('mo_wpns_scan_mode','quick_scan');
180
- $scan_status = array(
181
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
182
- 'files_scanned' => $mo_wpns_files_scanned,
183
- 'infected_files' => $mo_wpns_infected_files,
184
- 'warning_files' => $mo_wpns_warning_files,
185
- 'total_files' => 0,
186
- 'check_with_repo' => 0,
187
- 'extlink_check' => 0,
188
- 'average_time_each_file' => 0,
189
- 'total_files_processed' => 0,
190
- 'scan_mode' => "quick_scan",
191
- 'status_download_time' => $wordpress_download_status
192
- );
193
-
194
- $encoded_scan_status=json_encode($scan_status);
195
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
196
- $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
197
- break;
198
- case "standard_scan":
199
- $nonce = $POSTED['nonce'];
200
- if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
201
- wp_send_json('ERROR');
202
- return;
203
- }
204
- $scan_configuration = MoWpnsConstants::$standard_scan_configuration;
205
- update_site_option('mo_wpns_scan_mode','standard_scan');
206
- $scan_status = array(
207
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
208
- 'files_scanned' => $mo_wpns_files_scanned,
209
- 'infected_files' => $mo_wpns_infected_files,
210
- 'warning_files' => $mo_wpns_warning_files,
211
- 'total_files' => 0,
212
- 'check_with_repo' => 1,
213
- 'extlink_check' => 1,
214
- 'total_files_processed' => 0,
215
- 'average_time_each_file' => 0,
216
- 'scan_mode' => "standard_scan",
217
- 'status_download_time' => $wordpress_download_status
218
- );
219
-
220
- $encoded_scan_status=json_encode($scan_status);
221
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
222
- $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
223
- break;
224
- case "custom_scan":
225
- $nonce = $POSTED['nonce'];
226
- if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
227
- wp_send_json('ERROR');
228
- return;
229
- }
230
- $decode_scan_configuration=json_decode(get_site_option("mo_wpns_scan_configuration"));
231
- if(is_null($decode_scan_configuration))
232
- {
233
- delete_option("mo_wpns_scan_status",$encoded_scan_status);
234
- wp_send_json("RECONFIGURE");
235
- }
236
-
237
- $scan_configuration = array('plugin_scan' => $decode_scan_configuration->plugin_scan,
238
- 'theme_scan' => $decode_scan_configuration->theme_scan,
239
- 'core_scan' => $decode_scan_configuration->core_scan,
240
- 'file_extension' => $decode_scan_configuration->file_extension,
241
- 'check_vulnerable' => $decode_scan_configuration->check_vulnerable,
242
- 'check_sql' => $decode_scan_configuration->check_sql,
243
- 'ext_link_check' => $decode_scan_configuration->ext_link_check,
244
- 'check_repo' => $decode_scan_configuration->check_repo,
245
- 'path_skip' => $decode_scan_configuration->path_skip,
246
- 'type_scan' => "Custom Scan"
247
- );
248
-
249
-
250
- $scan_status = array(
251
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
252
- 'files_scanned' => $mo_wpns_files_scanned,
253
- 'infected_files' => $mo_wpns_infected_files,
254
- 'warning_files' => $mo_wpns_warning_files,
255
- 'total_files' => 0,
256
- 'extlink_check' => $decode_scan_configuration->ext_link_check,
257
- 'check_with_repo' => $decode_scan_configuration->check_repo,
258
- 'average_time_each_file' => 0,
259
- 'total_files_processed' => 0,
260
- 'scan_mode' => "custom_scan",
261
- 'status_download_time' => $wordpress_download_status
262
- );
263
-
264
- $encoded_scan_status=json_encode($scan_status);
265
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
266
- update_site_option('mo_wpns_scan_mode','custom_scan');
267
- update_site_option('mo2f_custom_scan_config', $scan_configuration);
268
- $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
269
- break;
270
- }
271
- }
272
- }
273
-
274
-
275
- public function mo_wpns_get_progress(){
276
-
277
- $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
278
- $status= $decoded_scan_status->scan_progress;
279
- $files_scanned= $decoded_scan_status->files_scanned;
280
- $total_files = $decoded_scan_status->total_files;
281
- $check_repo = $decoded_scan_status->check_with_repo;
282
- $extlink_check = $decoded_scan_status->extlink_check;
283
- $scan_mode= $decoded_scan_status->scan_mode;
284
- $status_download= $decoded_scan_status->status_download_time;
285
- $averageFileScanTime= $decoded_scan_status->average_time_each_file;
286
- $total_files_processed= $decoded_scan_status->total_files_processed;
287
- if($status_download != false && $status == "IN PROGRESS"){
288
- $time_spent_in_downloading= time()-$status_download;
289
-
290
- if($time_spent_in_downloading > 600){
291
- $mo2f_malware_db_handler = new MoWpnsDB();
292
- $reportid= get_site_option('mo2f_report_id');
293
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
294
- if(!empty($last_report)){
295
- $issue = $last_report[0]->repo_key;
296
- $repo_key = get_site_option('mo2f_current_repo_key');
297
- if($repo_key == 'core'){
298
- $issue.= "WordPress Core Files;";
299
- }else{
300
- $issue.= $repo_key.";";
301
- }
302
- $mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
303
- }
304
- $scan_mode = get_site_option('mo_wpns_scan_mode');
305
- if ( $scan_mode == 'Quick Scan' ) {
306
- $scan_config = MoWpnsConstants::$quick_scan_configuration;
307
- } elseif ( $scan_mode == 'Standard Scan' ) {
308
- $scan_config = MoWpnsConstants::$standard_scan_configuration;
309
- } else {
310
- $scan_config = get_site_option( 'mo2f_custom_scan_config' );
311
- }
312
- $uploads_dir = wp_upload_dir();
313
- $uploads_path= $uploads_dir['basedir'];
314
- $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
315
- $scanverification = get_site_option( "mo2f_scanverification" );
316
- $req_obj = new mo2f_scanner_parts();
317
- $req_obj->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
318
- }
319
- }
320
- $repo_scan=0;
321
- if($scan_mode == "standard_scan" || ($scan_mode == "custom_scan" && $check_repo == 1)){
322
- $repo_scan=1;
323
- }
324
- if($status == "IN PROGRESS"){
325
- $result=array("status"=>$status, "scanned"=>$files_scanned, "total"=>$total_files, "repo_scan"=> $repo_scan,"extlink_check"=> $extlink_check,"AverageFileTime"=>$averageFileScanTime,"total_files_processed"=>$total_files_processed);
326
- wp_send_json($result);
327
- }
328
- else{
329
- //stop scan check
330
- $stop_scan=get_site_option('mo_stop_scan');
331
-
332
- $mo_wpns_db_handler = new MoWpnsDB();
333
- $total_scan=$mo_wpns_db_handler->count_files();
334
- $total_malicious=$mo_wpns_db_handler->count_malicious_files();
335
- $last_id=$mo_wpns_db_handler->get_last_id();
336
- $send_id=$last_id[0]->max;
337
- $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
338
- $malicious_last_scan= get_site_option('mo_wpns_infected_files');
339
- $warning_last_scan = get_site_option('mo_wpns_warning_files');
340
- if($total_scan > 999){
341
- $total_scan=($total_scan/1000);
342
- $total_scan= round($total_scan,1)."k";
343
- }
344
- if($total_malicious > 999){
345
- $total_malicious=($total_malicious/1000);
346
- $total_malicious= round($total_malicious,1)."k";
347
- }
348
- if($last_scan > 999){
349
- $last_scan = ($last_scan/1000);
350
- $last_scan = round($last_scan,1)."k";
351
- }
352
- if($stop_scan){
353
- $status="ABORTED";
354
- $result = array("status"=>$status, 'total_files'=>$total_scan,"AverageFileTime"=>$averageFileScanTime, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
355
- wp_send_json($result);
356
- }
357
- $result = array("status"=>$status, 'total_files'=>$total_scan, 'total_mal'=>$total_malicious,"AverageFileTime"=>$averageFileScanTime, 'scan_files'=>$total_files, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
358
- wp_send_json($result);
359
- }
360
- }
361
-
362
- function mo_wpns_stop_scan(){
363
- update_site_option('mo_stop_scan','1');
364
- $mo2f_malware_db_handler = new MoWpnsDB();
365
- $mo2f_malware_db_handler->delete_files_parts();
366
- wp_send_json('success');
367
- }
368
-
369
-
370
-
371
-
372
-
373
-
374
- function mo_wpns_get_scan_result(){
375
- $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
376
- $status=$decoded_scan_configuration->scan_progress;
377
- $mo_wpns_db_handler = new MoWpnsDB();
378
- $result = $mo_wpns_db_handler->get_report();
379
- $str1= $_SERVER['REQUEST_URI'];
380
- $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
381
- $currenturl = remove_query_arg('delete',$str1);
382
- $currenturl = remove_query_arg('view',$currenturl);
383
- $currenturl = remove_query_arg('trust',$currenturl);
384
- $currenturl = remove_query_arg('trustchanged',$currenturl);
385
- $htmldata = "";
386
- if(!empty($result)){
387
- foreach($result as $report){
388
- if(empty($report->scan_mode)){
389
- $report->scan_mode="Custom Scan";
390
- }
391
- $repo_count = $report->repo_issues >= 0 ? $report->repo_issues : 0;
392
- $htmldata .= "<tr><td style=text-align:center>".$report->scan_mode."</td>";
393
- $htmldata .= "<td style=text-align:center>";
394
- if(!empty($report->scanned_folders)){
395
- foreach(explode(";",$report->scanned_folders) as $folder){
396
- if(!empty($folder)){
397
- $htmldata .= $folder."<br>";
398
- }
399
- }
400
- }
401
- $htmldata .= "</td><td style=text-align:center>";
402
- $htmldata .= "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
403
- $htmldata .= "<span style=color:red id=malicious_files>".$report->malware_count." malware found<br></span>";
404
- if($report->repo_issues < 0){
405
- $htmldata .= "<span style=color:orange id=malicious_files>Issues with repository check<br></span>";
406
- }
407
- $htmldata .= "<span style=color:orange id=warning_files>".($repo_count+$report->malicious_links)." warnings found</span>";
408
- $htmldata .= "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
409
- $htmldata .= "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
410
- $htmldata .= "</tr>";
411
-
412
- }
413
- }else{
414
- $htmldata .= '<tr class="odd"><td valign="top" colspan="5" class="dataTables_empty">No data available in table</td></tr>';
415
- }
416
- wp_send_json($htmldata);
417
-
418
- }
419
- }
420
- new Mo_wpns_scan_malware();
421
- ?>
1
+ <?php
2
+ class Mo_wpns_scan_malware
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_malware_scanner_functions' ) );
6
+
7
+ }
8
+
9
+ public function mo_wpns_malware_scanner_functions(){
10
+ add_action('wp_ajax_mo_wpns_malware_redirect', array( $this, 'mo_wpns_malware_redirect' ));
11
+
12
+
13
+ }
14
+
15
+ public function mo_wpns_malware_redirect(){
16
+ switch($_POST['call_type'])
17
+ {
18
+ case "submit_malware_settings_form":
19
+ $this->mo_wpns_save_malware_config_form($_POST);
20
+ break;
21
+ case "malware_scan_initiate":
22
+ $this->mo_wpns_start_malware_scan($_POST);
23
+ break;
24
+ case "wpns_enable_tour":
25
+ update_option('skip_tour', 0);
26
+ break;
27
+ case "wpns_disable_tour":
28
+ update_option('skip_tour', 1);
29
+ break;
30
+ case "malware_progress_bar":
31
+ $this->mo_wpns_get_progress();
32
+ break;
33
+ case "malware_scan_last_result":
34
+ $this->mo_wpns_get_scan_result();
35
+ break;
36
+ case "malware_scan_terminate":
37
+ $this->mo_wpns_stop_scan();
38
+ break;
39
+
40
+ }
41
+ }
42
+
43
+ public function mo_wpns_save_malware_config_form($POSTED){
44
+ $nonce = $POSTED['nonce'];
45
+ if ( ! wp_verify_nonce( $nonce, 'mo-wpns-scan-settings' ) ){
46
+ wp_send_json('ERROR');
47
+ return;
48
+ }
49
+ if(! isset($POSTED['scan_plugin']) && ! isset($POSTED['scan_themes']) && ! isset($POSTED['scan_core'])){
50
+ wp_send_json('folder_error');
51
+ }elseif (! isset($POSTED['vulnerable_check']) && ! isset($POSTED['sql_check']) && ! isset($POSTED['rfi_check']) && ! isset($POSTED['ext_link']) && ! isset($POSTED['repo_check'])) {
52
+ wp_send_json('level_error');
53
+ }
54
+ else{
55
+ $mo_wpns_scan_plugins=isset($POSTED['scan_plugin']) ? sanitize_text_field($POSTED['scan_plugin']) : 0;
56
+ $mo_wpns_scan_themes=isset($POSTED['scan_themes']) ? sanitize_text_field($POSTED['scan_themes']) : 0;
57
+ $mo_wpns_scan_wp_files= isset($POSTED['scan_core']) ? sanitize_text_field($POSTED['scan_core']) : 0;
58
+ $mo_wpns_scan_files_extensions= sanitize_text_field($POSTED['file_type']);
59
+ $mo_wpns_check_vulnerable_code=isset($POSTED['vulnerable_check']) ? sanitize_text_field($POSTED['vulnerable_check']) : 0;
60
+ $mo_wpns_check_sql_injection=isset($POSTED['sql_check']) ? sanitize_text_field($POSTED['sql_check']) : 0;
61
+ $mo_wpns_check_external_link=isset($POSTED['ext_link']) ? sanitize_text_field($POSTED['ext_link']) : 0;
62
+ $mo_wpns_scan_files_with_repo=isset($POSTED['repo_check']) ? sanitize_text_field($POSTED['repo_check']) : 0;
63
+ $folders_to_skip= sanitize_text_field($POSTED['skip_path']);
64
+ $folders_to_skip = str_replace('\\\\', '/', $folders_to_skip);
65
+ $str="";
66
+
67
+ $mo_wpns_skip_folders="";
68
+ if(!empty($folders_to_skip)){
69
+ $folders_to_skip_array=explode(";",$folders_to_skip);
70
+ for($i=0; $i< count($folders_to_skip_array); $i++){
71
+ if(is_dir($folders_to_skip_array[$i])){
72
+ $str.= $folders_to_skip_array[$i];
73
+ if($i!= count($folders_to_skip_array)-1){
74
+ $str.=";";
75
+ }
76
+ }elseif($folders_to_skip_array[$i] == ''){
77
+ $str.= $folders_to_skip_array[$i];
78
+ }
79
+ else{
80
+ wp_send_json('path_error');
81
+ }
82
+ }
83
+ $mo_wpns_skip_folders=$str;
84
+ }else{
85
+ $mo_wpns_skip_folders=$folders_to_skip;
86
+ }
87
+
88
+ $scan_configuration = array(
89
+ 'plugin_scan' => $mo_wpns_scan_plugins,
90
+ 'theme_scan' => $mo_wpns_scan_themes,
91
+ 'core_scan' => $mo_wpns_scan_wp_files,
92
+ 'file_extension' => $mo_wpns_scan_files_extensions,
93
+ 'check_vulnerable' => $mo_wpns_check_vulnerable_code,
94
+ 'check_sql' => $mo_wpns_check_sql_injection,
95
+ 'ext_link_check' => $mo_wpns_check_external_link,
96
+ 'check_repo' => $mo_wpns_scan_files_with_repo,
97
+ 'path_skip' => $mo_wpns_skip_folders,
98
+ 'type_scan' => "",
99
+ );
100
+
101
+ $encoded_scan_configuration=json_encode($scan_configuration);
102
+ update_site_option("mo_wpns_scan_configuration",$encoded_scan_configuration);
103
+ wp_send_json('save_success');
104
+ }
105
+ }
106
+
107
+ public function mo_wpns_start_malware_scan($POSTED){
108
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
109
+ if(isset($decoded_scan_configuration)){
110
+ $status = $decoded_scan_configuration->scan_progress;
111
+ }else{
112
+ $status=false;
113
+ $scan_mode=false;
114
+ }
115
+ if($status == "IN PROGRESS"){
116
+ wp_send_json('scanning_already');
117
+ }
118
+ global $moWpnsUtility, $mo2f_dirName;
119
+
120
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
121
+ $mo2f_malware_db_handler = new MoWpnsDB();
122
+
123
+ $current_time= time();
124
+ update_site_option('mo_wpns_last_scan_time', $current_time);
125
+ $plugin_current= get_plugins();
126
+ update_site_option('mo_wpns_last_plugins', $plugin_current);
127
+ $args=array();
128
+ $theme_current= wp_get_themes($args);
129
+ update_site_option('mo_wpns_last_themes', $theme_current);
130
+ update_site_option('malware_notification_option',1);
131
+
132
+ update_site_option('mo2f_scan_initialize', 0);
133
+ update_site_option('mo_wpns_hide_malware_popup', 1);
134
+
135
+ $mo_wpns_malware_scan_in_progress="IN PROGRESS";
136
+ $mo_wpns_files_scanned=0;
137
+ $mo_wpns_infected_files=0;
138
+ $mo_wpns_warning_files=0;
139
+ $wordpress_download_status=false;
140
+
141
+ update_site_option('mo_wpns_infected_files',0);
142
+ update_site_option('mo_wpns_warning_files',0);
143
+ update_site_option('mo2f_files_skipped', 0);
144
+ update_site_option('mo2f_file_size_excess', 0);
145
+ update_site_option('mo2f_download_done', 0);
146
+
147
+
148
+ $scan_status = array(
149
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
150
+ 'files_scanned' => $mo_wpns_files_scanned,
151
+ 'infected_files' => $mo_wpns_infected_files,
152
+ 'warning_files' => $mo_wpns_warning_files,
153
+ 'total_files' => 0,
154
+ 'check_with_repo' => 0,
155
+ 'extlink_check' => 0,
156
+ 'scan_mode' => "",
157
+ 'average_time_each_file' => 0,
158
+ 'total_files_processed' => 0,
159
+ 'status_download_time' => $wordpress_download_status
160
+ );
161
+
162
+ $encoded_scan_status=json_encode($scan_status);
163
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
164
+
165
+
166
+ $mo2f_malware_db_handler->delete_files_parts();
167
+
168
+ if(isset($POSTED['scan']) && $POSTED['scan']=='scan_start'){
169
+ $scan_configuration = array();
170
+ switch($POSTED['scantype'])
171
+ {
172
+ case "quick_scan":
173
+ $nonce = $POSTED['nonce'];
174
+ if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
175
+ wp_send_json('ERROR');
176
+ return;
177
+ }
178
+ $scan_configuration = MoWpnsConstants::$quick_scan_configuration;
179
+ update_site_option('mo_wpns_scan_mode','quick_scan');
180
+ $scan_status = array(
181
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
182
+ 'files_scanned' => $mo_wpns_files_scanned,
183
+ 'infected_files' => $mo_wpns_infected_files,
184
+ 'warning_files' => $mo_wpns_warning_files,
185
+ 'total_files' => 0,
186
+ 'check_with_repo' => 0,
187
+ 'extlink_check' => 0,
188
+ 'average_time_each_file' => 0,
189
+ 'total_files_processed' => 0,
190
+ 'scan_mode' => "quick_scan",
191
+ 'status_download_time' => $wordpress_download_status
192
+ );
193
+
194
+ $encoded_scan_status=json_encode($scan_status);
195
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
196
+ $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
197
+ break;
198
+ case "standard_scan":
199
+ $nonce = $POSTED['nonce'];
200
+ if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
201
+ wp_send_json('ERROR');
202
+ return;
203
+ }
204
+ $scan_configuration = MoWpnsConstants::$standard_scan_configuration;
205
+ update_site_option('mo_wpns_scan_mode','standard_scan');
206
+ $scan_status = array(
207
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
208
+ 'files_scanned' => $mo_wpns_files_scanned,
209
+ 'infected_files' => $mo_wpns_infected_files,
210
+ 'warning_files' => $mo_wpns_warning_files,
211
+ 'total_files' => 0,
212
+ 'check_with_repo' => 1,
213
+ 'extlink_check' => 1,
214
+ 'total_files_processed' => 0,
215
+ 'average_time_each_file' => 0,
216
+ 'scan_mode' => "standard_scan",
217
+ 'status_download_time' => $wordpress_download_status
218
+ );
219
+
220
+ $encoded_scan_status=json_encode($scan_status);
221
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
222
+ $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
223
+ break;
224
+ case "custom_scan":
225
+ $nonce = $POSTED['nonce'];
226
+ if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
227
+ wp_send_json('ERROR');
228
+ return;
229
+ }
230
+ $decode_scan_configuration=json_decode(get_site_option("mo_wpns_scan_configuration"));
231
+ if(is_null($decode_scan_configuration))
232
+ {
233
+ delete_option("mo_wpns_scan_status",$encoded_scan_status);
234
+ wp_send_json("RECONFIGURE");
235
+ }
236
+
237
+ $scan_configuration = array('plugin_scan' => $decode_scan_configuration->plugin_scan,
238
+ 'theme_scan' => $decode_scan_configuration->theme_scan,
239
+ 'core_scan' => $decode_scan_configuration->core_scan,
240
+ 'file_extension' => $decode_scan_configuration->file_extension,
241
+ 'check_vulnerable' => $decode_scan_configuration->check_vulnerable,
242
+ 'check_sql' => $decode_scan_configuration->check_sql,
243
+ 'ext_link_check' => $decode_scan_configuration->ext_link_check,
244
+ 'check_repo' => $decode_scan_configuration->check_repo,
245
+ 'path_skip' => $decode_scan_configuration->path_skip,
246
+ 'type_scan' => "Custom Scan"
247
+ );
248
+
249
+
250
+ $scan_status = array(
251
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
252
+ 'files_scanned' => $mo_wpns_files_scanned,
253
+ 'infected_files' => $mo_wpns_infected_files,
254
+ 'warning_files' => $mo_wpns_warning_files,
255
+ 'total_files' => 0,
256
+ 'extlink_check' => $decode_scan_configuration->ext_link_check,
257
+ 'check_with_repo' => $decode_scan_configuration->check_repo,
258
+ 'average_time_each_file' => 0,
259
+ 'total_files_processed' => 0,
260
+ 'scan_mode' => "custom_scan",
261
+ 'status_download_time' => $wordpress_download_status
262
+ );
263
+
264
+ $encoded_scan_status=json_encode($scan_status);
265
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
266
+ update_site_option('mo_wpns_scan_mode','custom_scan');
267
+ update_site_option('mo2f_custom_scan_config', $scan_configuration);
268
+ $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
269
+ break;
270
+ }
271
+ }
272
+ }
273
+
274
+
275
+ public function mo_wpns_get_progress(){
276
+
277
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
278
+ $status= $decoded_scan_status->scan_progress;
279
+ $files_scanned= $decoded_scan_status->files_scanned;
280
+ $total_files = $decoded_scan_status->total_files;
281
+ $check_repo = $decoded_scan_status->check_with_repo;
282
+ $extlink_check = $decoded_scan_status->extlink_check;
283
+ $scan_mode= $decoded_scan_status->scan_mode;
284
+ $status_download= $decoded_scan_status->status_download_time;
285
+ $averageFileScanTime= $decoded_scan_status->average_time_each_file;
286
+ $total_files_processed= $decoded_scan_status->total_files_processed;
287
+ if($status_download != false && $status == "IN PROGRESS"){
288
+ $time_spent_in_downloading= time()-$status_download;
289
+
290
+ if($time_spent_in_downloading > 600){
291
+ $mo2f_malware_db_handler = new MoWpnsDB();
292
+ $reportid= get_site_option('mo2f_report_id');
293
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
294
+ if(!empty($last_report)){
295
+ $issue = $last_report[0]->repo_key;
296
+ $repo_key = get_site_option('mo2f_current_repo_key');
297
+ if($repo_key == 'core'){
298
+ $issue.= "WordPress Core Files;";
299
+ }else{
300
+ $issue.= $repo_key.";";
301
+ }
302
+ $mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
303
+ }
304
+ $scan_mode = get_site_option('mo_wpns_scan_mode');
305
+ if ( $scan_mode == 'Quick Scan' ) {
306
+ $scan_config = MoWpnsConstants::$quick_scan_configuration;
307
+ } elseif ( $scan_mode == 'Standard Scan' ) {
308
+ $scan_config = MoWpnsConstants::$standard_scan_configuration;
309
+ } else {
310
+ $scan_config = get_site_option( 'mo2f_custom_scan_config' );
311
+ }
312
+ $uploads_dir = wp_upload_dir();
313
+ $uploads_path= $uploads_dir['basedir'];
314
+ $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
315
+ $scanverification = get_site_option( "mo2f_scanverification" );
316
+ $req_obj = new mo2f_scanner_parts();
317
+ $req_obj->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
318
+ }
319
+ }
320
+ $repo_scan=0;
321
+ if($scan_mode == "standard_scan" || ($scan_mode == "custom_scan" && $check_repo == 1)){
322
+ $repo_scan=1;
323
+ }
324
+ if($status == "IN PROGRESS"){
325
+ $result=array("status"=>$status, "scanned"=>$files_scanned, "total"=>$total_files, "repo_scan"=> $repo_scan,"extlink_check"=> $extlink_check,"AverageFileTime"=>$averageFileScanTime,"total_files_processed"=>$total_files_processed);
326
+ wp_send_json($result);
327
+ }
328
+ else{
329
+ //stop scan check
330
+ $stop_scan=get_site_option('mo_stop_scan');
331
+
332
+ $mo_wpns_db_handler = new MoWpnsDB();
333
+ $total_scan=$mo_wpns_db_handler->count_files();
334
+ $total_malicious=$mo_wpns_db_handler->count_malicious_files();
335
+ $last_id=$mo_wpns_db_handler->get_last_id();
336
+ $send_id=$last_id[0]->max;
337
+ $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
338
+ $malicious_last_scan= get_site_option('mo_wpns_infected_files');
339
+ $warning_last_scan = get_site_option('mo_wpns_warning_files');
340
+ if($total_scan > 999){
341
+ $total_scan=($total_scan/1000);
342
+ $total_scan= round($total_scan,1)."k";
343
+ }
344
+ if($total_malicious > 999){
345
+ $total_malicious=($total_malicious/1000);
346
+ $total_malicious= round($total_malicious,1)."k";
347
+ }
348
+ if($last_scan > 999){
349
+ $last_scan = ($last_scan/1000);
350
+ $last_scan = round($last_scan,1)."k";
351
+ }
352
+ if($stop_scan){
353
+ $status="ABORTED";
354
+ $result = array("status"=>$status, 'total_files'=>$total_scan,"AverageFileTime"=>$averageFileScanTime, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
355
+ wp_send_json($result);
356
+ }
357
+ $result = array("status"=>$status, 'total_files'=>$total_scan, 'total_mal'=>$total_malicious,"AverageFileTime"=>$averageFileScanTime, 'scan_files'=>$total_files, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
358
+ wp_send_json($result);
359
+ }
360
+ }
361
+
362
+ function mo_wpns_stop_scan(){
363
+ update_site_option('mo_stop_scan','1');
364
+ $mo2f_malware_db_handler = new MoWpnsDB();
365
+ $mo2f_malware_db_handler->delete_files_parts();
366
+ wp_send_json('success');
367
+ }
368
+
369
+
370
+
371
+
372
+
373
+
374
+ function mo_wpns_get_scan_result(){
375
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
376
+ $status=$decoded_scan_configuration->scan_progress;
377
+ $mo_wpns_db_handler = new MoWpnsDB();
378
+ $result = $mo_wpns_db_handler->get_report();
379
+ $str1= $_SERVER['REQUEST_URI'];
380
+ $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
381
+ $currenturl = remove_query_arg('delete',$str1);
382
+ $currenturl = remove_query_arg('view',$currenturl);
383
+ $currenturl = remove_query_arg('trust',$currenturl);
384
+ $currenturl = remove_query_arg('trustchanged',$currenturl);
385
+ $htmldata = "";
386
+ if(!empty($result)){
387
+ foreach($result as $report){
388
+ if(empty($report->scan_mode)){
389
+ $report->scan_mode="Custom Scan";
390
+ }
391
+ $repo_count = $report->repo_issues >= 0 ? $report->repo_issues : 0;
392
+ $htmldata .= "<tr><td style=text-align:center>".$report->scan_mode."</td>";
393
+ $htmldata .= "<td style=text-align:center>";
394
+ if(!empty($report->scanned_folders)){
395
+ foreach(explode(";",$report->scanned_folders) as $folder){
396
+ if(!empty($folder)){
397
+ $htmldata .= $folder."<br>";
398
+ }
399
+ }
400
+ }
401
+ $htmldata .= "</td><td style=text-align:center>";
402
+ $htmldata .= "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
403
+ $htmldata .= "<span style=color:red id=malicious_files>".$report->malware_count." malware found<br></span>";
404
+ if($report->repo_issues < 0){
405
+ $htmldata .= "<span style=color:orange id=malicious_files>Issues with repository check<br></span>";
406
+ }
407
+ $htmldata .= "<span style=color:orange id=warning_files>".($repo_count+$report->malicious_links)." warnings found</span>";
408
+ $htmldata .= "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
409
+ $htmldata .= "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
410
+ $htmldata .= "</tr>";
411
+
412
+ }
413
+ }else{
414
+ $htmldata .= '<tr class="odd"><td valign="top" colspan="5" class="dataTables_empty">No data available in table</td></tr>';
415
+ }
416
+ wp_send_json($htmldata);
417
+
418
+ }
419
+ }
420
+ new Mo_wpns_scan_malware();
421
+ ?>
controllers/malware_scanner/malware_scan_result.php CHANGED
@@ -1,41 +1,41 @@
1
- <?php
2
-
3
- function showScanResults(){
4
- $mo_wpns_db_handler = new MoWpnsDB();
5
- if(isset($_GET['view'])){
6
- if(isset($_GET['trust'])){
7
- $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
- }
9
- else if(isset($_GET['trustchanged'])){
10
- $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
- }
12
- $last_id=$mo_wpns_db_handler->get_last_id();
13
- $send_id=$last_id[0]->max;
14
- $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
15
- $listofignorefiles = $mo_wpns_db_handler->getlistofignorefiles();
16
- $ignorefiles = array();
17
- foreach($listofignorefiles as $row)
18
- $ignorefiles[$row->path] = array('signature'=>$row->signature,"id"=>$row->id);
19
-
20
- $result = $mo_wpns_db_handler->get_report_with_id($_GET['view']);
21
- if(sizeof($result)>0){
22
- $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
23
- show_scan_details($detailreport, $result, $ignorefiles, $last_scan);
24
- }
25
- }
26
- else{
27
- $str1= $_SERVER['REQUEST_URI'];
28
- $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
29
- $currenturl = remove_query_arg('delete',$str1);
30
- $currenturl = remove_query_arg('view',$currenturl);
31
- $currenturl = remove_query_arg('trust',$currenturl);
32
- $currenturl = remove_query_arg('trustchanged',$currenturl);
33
- if(isset($_GET['delete'])){
34
- $mo_wpns_db_handler->delete_report($_GET['delete']);
35
- }
36
- $result = $mo_wpns_db_handler->get_report();
37
- show_scan_report($currenturl, $result);
38
- }
39
- }
40
-
41
  ?>
1
+ <?php
2
+
3
+ function showScanResults(){
4
+ $mo_wpns_db_handler = new MoWpnsDB();
5
+ if(isset($_GET['view'])){
6
+ if(isset($_GET['trust'])){
7
+ $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
+ }
9
+ else if(isset($_GET['trustchanged'])){
10
+ $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
+ }
12
+ $last_id=$mo_wpns_db_handler->get_last_id();
13
+ $send_id=$last_id[0]->max;
14
+ $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
15
+ $listofignorefiles = $mo_wpns_db_handler->getlistofignorefiles();
16
+ $ignorefiles = array();
17
+ foreach($listofignorefiles as $row)
18
+ $ignorefiles[$row->path] = array('signature'=>$row->signature,"id"=>$row->id);
19
+
20
+ $result = $mo_wpns_db_handler->get_report_with_id($_GET['view']);
21
+ if(sizeof($result)>0){
22
+ $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
23
+ show_scan_details($detailreport, $result, $ignorefiles, $last_scan);
24
+ }
25
+ }
26
+ else{
27
+ $str1= $_SERVER['REQUEST_URI'];
28
+ $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
29
+ $currenturl = remove_query_arg('delete',$str1);
30
+ $currenturl = remove_query_arg('view',$currenturl);
31
+ $currenturl = remove_query_arg('trust',$currenturl);
32
+ $currenturl = remove_query_arg('trustchanged',$currenturl);
33
+ if(isset($_GET['delete'])){
34
+ $mo_wpns_db_handler->delete_report($_GET['delete']);
35
+ }
36
+ $result = $mo_wpns_db_handler->get_report();
37
+ show_scan_report($currenturl, $result);
38
+ }
39
+ }
40
+
41
  ?>
controllers/malware_scanner/scan_malware.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- update_site_option('mo2f_visit_malware',true);
6
-
7
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
- ?>
9
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ update_site_option('mo2f_visit_malware',true);
6
+
7
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'malware_scan.php';
8
+ ?>
9
+
controllers/malware_scanner/scan_malware_report.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_report_view.php';
4
-
5
  ?>
1
+ <?php
2
+
3
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_report_view.php';
4
+
5
  ?>
controllers/malware_scanner/scan_malware_settings.php CHANGED
@@ -1,47 +1,47 @@
1
- <?php
2
-
3
-
4
-
5
- $scan_configuration = json_decode(get_site_option('mo_wpns_scan_configuration'));
6
- if(is_null($scan_configuration)){
7
- $mo_wpns_scan_files_extensions = "";
8
- $mo_wpns_skip_folders = "";
9
- $mo_wpns_scan_plugins = 1;
10
- $mo_wpns_scan_themes = 1;
11
- $mo_wpns_core_scan = 0;
12
- $mo_wpns_check_vulnerable = 1;
13
- $mo_wpns_check_sql = 1;
14
- $mo_wpns_check_extl = 0;
15
- $mo_wpns_check_repo = 0;
16
- }else{
17
- $mo_wpns_scan_files_extensions = $scan_configuration->file_extension;
18
- $mo_wpns_skip_folders = $scan_configuration->path_skip;
19
- $mo_wpns_scan_plugins = $scan_configuration->plugin_scan;
20
- $mo_wpns_scan_themes = $scan_configuration->theme_scan;
21
- $mo_wpns_core_scan = $scan_configuration->core_scan;
22
- $mo_wpns_check_vulnerable = $scan_configuration->check_vulnerable;
23
- $mo_wpns_check_sql = $scan_configuration->check_sql;
24
- $mo_wpns_check_extl = $scan_configuration->ext_link_check;
25
- $mo_wpns_check_repo = $scan_configuration->check_repo;
26
- }
27
- $mo_wpns_check_rfi = 0;
28
- $mo_wpns_adv_sign = 0;
29
- $mo_wpns_check_domain = 0;
30
- $mo_wpns_check_trojan = 0;
31
- $mo_wpns_check_backdoor = 0;
32
- $mo_wpns_skip_folders_array = array();
33
- if(!empty($mo_wpns_skip_folders)){
34
- $mo_wpns_skip_folders_array = explode(";",$mo_wpns_skip_folders);
35
- }
36
- $mo_wpns_white_url = "";
37
- $mo_wpns_white_urls_array = array();
38
- if(!empty($mo_wpns_white_url)){
39
- $mo_wpns_white_urls_array = explode(";",$mo_wpns_white_url);
40
- }
41
- $mo_wpns_custom_sign = "";
42
- $mo_wpns_custom_sign_array = array();
43
- if(!empty($mo_wpns_custom_sign)){
44
- $mo_wpns_custom_sign_array = explode(";",$mo_wpns_custom_sign);
45
- }
46
- include_once $mo2f_dirName. 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_settings_view.php';
47
- ?>
1
+ <?php
2
+
3
+
4
+
5
+ $scan_configuration = json_decode(get_site_option('mo_wpns_scan_configuration'));
6
+ if(is_null($scan_configuration)){
7
+ $mo_wpns_scan_files_extensions = "";
8
+ $mo_wpns_skip_folders = "";
9
+ $mo_wpns_scan_plugins = 1;
10
+ $mo_wpns_scan_themes = 1;
11
+ $mo_wpns_core_scan = 0;
12
+ $mo_wpns_check_vulnerable = 1;
13
+ $mo_wpns_check_sql = 1;
14
+ $mo_wpns_check_extl = 0;
15
+ $mo_wpns_check_repo = 0;
16
+ }else{
17
+ $mo_wpns_scan_files_extensions = $scan_configuration->file_extension;
18
+ $mo_wpns_skip_folders = $scan_configuration->path_skip;
19
+ $mo_wpns_scan_plugins = $scan_configuration->plugin_scan;
20
+ $mo_wpns_scan_themes = $scan_configuration->theme_scan;
21
+ $mo_wpns_core_scan = $scan_configuration->core_scan;
22
+ $mo_wpns_check_vulnerable = $scan_configuration->check_vulnerable;
23
+ $mo_wpns_check_sql = $scan_configuration->check_sql;
24
+ $mo_wpns_check_extl = $scan_configuration->ext_link_check;
25
+ $mo_wpns_check_repo = $scan_configuration->check_repo;
26
+ }
27
+ $mo_wpns_check_rfi = 0;
28
+ $mo_wpns_adv_sign = 0;
29
+ $mo_wpns_check_domain = 0;
30
+ $mo_wpns_check_trojan = 0;
31
+ $mo_wpns_check_backdoor = 0;
32
+ $mo_wpns_skip_folders_array = array();
33
+ if(!empty($mo_wpns_skip_folders)){
34
+ $mo_wpns_skip_folders_array = explode(";",$mo_wpns_skip_folders);
35
+ }
36
+ $mo_wpns_white_url = "";
37
+ $mo_wpns_white_urls_array = array();
38
+ if(!empty($mo_wpns_white_url)){
39
+ $mo_wpns_white_urls_array = explode(";",$mo_wpns_white_url);
40
+ }
41
+ $mo_wpns_custom_sign = "";
42
+ $mo_wpns_custom_sign_array = array();
43
+ if(!empty($mo_wpns_custom_sign)){
44
+ $mo_wpns_custom_sign_array = explode(";",$mo_wpns_custom_sign);
45
+ }
46
+ include_once $mo2f_dirName. 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_settings_view.php';
47
+ ?>
controllers/malware_scanner/scan_malware_summary.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_summary_view.php';
4
-
5
  ?>
1
+ <?php
2
+
3
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'malware_scanner'.DIRECTORY_SEPARATOR.'scan_summary_view.php';
4
+
5
  ?>
controllers/navbar.php CHANGED
@@ -1,94 +1,94 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
- {
8
- case "mo_wpns_2fa_with_network_security":
9
- $security_features = new Mo_2fa_security_features();
10
- $security_features->wpns_2fa_with_network_security($_POST); break;
11
- }
12
- }
13
- $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
-
15
- if( isset( $_GET[ 'page' ])){
16
- $tab_count= get_site_option('mo2f_tab_count', 0);
17
- if($tab_count == 5)
18
- update_site_option('mo_2f_switch_all', 1);
19
- else
20
- update_site_option('mo_2f_switch_all', 0);
21
- switch($_GET['page'])
22
- {
23
- case 'mo_2fa_login_and_spam':
24
- update_option('mo_2f_switch_loginspam', 1);
25
- if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
- break;
28
- case 'mo_2fa_backup':
29
- update_option('mo_2f_switch_backup', 1);
30
- if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
- break;
33
- case 'mo_2fa_waf':
34
- update_option('mo_2f_switch_waf', 1);
35
- if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
- break;
38
- case 'mo_2fa_advancedblocking':
39
- update_option('mo_2f_switch_adv_block', 1);
40
- if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
- break;
43
-
44
- case 'mo_2fa_malwarescan':
45
- update_option('mo_2f_switch_malware', 1);
46
- if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
- break;
49
- }
50
- }
51
- $profile_url = add_query_arg( array('page' => 'mo_2fa_account' ), $_SERVER['REQUEST_URI'] );
52
- $login_security = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
53
- $waf = add_query_arg( array('page' => 'mo_2fa_waf' ), $_SERVER['REQUEST_URI'] );
54
- $login_and_spam = add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), $_SERVER['REQUEST_URI'] );
55
- $register_url = add_query_arg( array('page' => 'registration' ), $_SERVER['REQUEST_URI'] );
56
- $blocked_ips = add_query_arg( array('page' => 'mo_2fa_blockedips' ), $_SERVER['REQUEST_URI'] );
57
- $advance_block = add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), $_SERVER['REQUEST_URI'] );
58
- $notif_url = add_query_arg( array('page' => 'mo_2fa_notifications' ), $_SERVER['REQUEST_URI'] );
59
- $reports_url = add_query_arg( array('page' => 'mo_2fa_reports' ), $_SERVER['REQUEST_URI'] );
60
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI'] );
61
- $help_url = add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), $_SERVER['REQUEST_URI'] );
62
- $addons_url = add_query_arg( array('page' => 'mo_2fa_addons' ), $_SERVER['REQUEST_URI'] );
63
- $content_protect= add_query_arg( array('page' => 'content_protect' ), $_SERVER['REQUEST_URI'] );
64
- $backup = add_query_arg( array('page' => 'mo_2fa_backup' ), $_SERVER['REQUEST_URI'] );
65
- $scan_url = add_query_arg( array('page' => 'mo_2fa_malwarescan' ), $_SERVER['REQUEST_URI'] );
66
- $two_fa = add_query_arg( array('page' => 'mo_2fa_two_fa' ), $_SERVER['REQUEST_URI'] );
67
- //Added for new design
68
- $dashboard_url = add_query_arg(array('page' => 'mo_2fa_dashboard' ), $_SERVER['REQUEST_URI']);
69
- $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
70
- $request_demo_url = add_query_arg(array('page' => 'mo_2fa_request_demo' ), $_SERVER['REQUEST_URI']);
71
- $request_offer_url = add_query_arg(array('page' => 'mo_2fa_request_offer' ), $_SERVER['REQUEST_URI']);
72
-
73
- //dynamic
74
- $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
75
- $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-password-and-2fa.png';
76
- $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_login_form.png';
77
- $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
78
- $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
79
-
80
- $moPluginHandler= new MoWpnsHandler();
81
- $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
82
-
83
- $active_tab = $_GET['page'];
84
-
85
- $user_id = get_current_user_id();
86
- $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
87
- $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
88
- if(is_array($backup_codes_remaining)){
89
- $backup_codes_remaining = sizeof($backup_codes_remaining);
90
- }else{
91
- $backup_codes_remaining = 0;
92
- }
93
-
94
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
+ {
8
+ case "mo_wpns_2fa_with_network_security":
9
+ $security_features = new Mo_2fa_security_features();
10
+ $security_features->wpns_2fa_with_network_security($_POST); break;
11
+ }
12
+ }
13
+ $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
+
15
+ if( isset( $_GET[ 'page' ])){
16
+ $tab_count= get_site_option('mo2f_tab_count', 0);
17
+ if($tab_count == 5)
18
+ update_site_option('mo_2f_switch_all', 1);
19
+ else
20
+ update_site_option('mo_2f_switch_all', 0);
21
+ switch($_GET['page'])
22
+ {
23
+ case 'mo_2fa_login_and_spam':
24
+ update_option('mo_2f_switch_loginspam', 1);
25
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
+ break;
28
+ case 'mo_2fa_backup':
29
+ update_option('mo_2f_switch_backup', 1);
30
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
+ break;
33
+ case 'mo_2fa_waf':
34
+ update_option('mo_2f_switch_waf', 1);
35
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
+ break;
38
+ case 'mo_2fa_advancedblocking':
39
+ update_option('mo_2f_switch_adv_block', 1);
40
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
+ break;
43
+
44
+ case 'mo_2fa_malwarescan':
45
+ update_option('mo_2f_switch_malware', 1);
46
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
+ break;
49
+ }
50
+ }
51
+ $profile_url = add_query_arg( array('page' => 'mo_2fa_account' ), $_SERVER['REQUEST_URI'] );
52
+ $login_security = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
53
+ $waf = add_query_arg( array('page' => 'mo_2fa_waf' ), $_SERVER['REQUEST_URI'] );
54
+ $login_and_spam = add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), $_SERVER['REQUEST_URI'] );
55
+ $register_url = add_query_arg( array('page' => 'registration' ), $_SERVER['REQUEST_URI'] );
56
+ $blocked_ips = add_query_arg( array('page' => 'mo_2fa_blockedips' ), $_SERVER['REQUEST_URI'] );
57
+ $advance_block = add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), $_SERVER['REQUEST_URI'] );
58
+ $notif_url = add_query_arg( array('page' => 'mo_2fa_notifications' ), $_SERVER['REQUEST_URI'] );
59
+ $reports_url = add_query_arg( array('page' => 'mo_2fa_reports' ), $_SERVER['REQUEST_URI'] );
60
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI'] );
61
+ $help_url = add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), $_SERVER['REQUEST_URI'] );
62
+ $addons_url = add_query_arg( array('page' => 'mo_2fa_addons' ), $_SERVER['REQUEST_URI'] );
63
+ $content_protect= add_query_arg( array('page' => 'content_protect' ), $_SERVER['REQUEST_URI'] );
64
+ $backup = add_query_arg( array('page' => 'mo_2fa_backup' ), $_SERVER['REQUEST_URI'] );
65
+ $scan_url = add_query_arg( array('page' => 'mo_2fa_malwarescan' ), $_SERVER['REQUEST_URI'] );
66
+ $two_fa = add_query_arg( array('page' => 'mo_2fa_two_fa' ), $_SERVER['REQUEST_URI'] );
67
+ //Added for new design
68
+ $dashboard_url = add_query_arg(array('page' => 'mo_2fa_dashboard' ), $_SERVER['REQUEST_URI']);
69
+ $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
70
+ $request_demo_url = add_query_arg(array('page' => 'mo_2fa_request_demo' ), $_SERVER['REQUEST_URI']);
71
+ $request_offer_url = add_query_arg(array('page' => 'mo_2fa_request_offer' ), $_SERVER['REQUEST_URI']);
72
+
73
+ //dynamic
74
+ $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
75
+ $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-password-and-2fa.png';
76
+ $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_login_form.png';
77
+ $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
78
+ $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
79
+
80
+ $moPluginHandler= new MoWpnsHandler();
81
+ $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
82
+
83
+ $active_tab = $_GET['page'];
84
+
85
+ $user_id = get_current_user_id();
86
+ $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
87
+ $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
88
+ if(is_array($backup_codes_remaining)){
89
+ $backup_codes_remaining = sizeof($backup_codes_remaining);
90
+ }else{
91
+ $backup_codes_remaining = 0;
92
+ }
93
+
94
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
controllers/newtork_security_features.php CHANGED
@@ -1,24 +1,24 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
- if(current_user_can( 'manage_options' ) && isset($_POST['mo_wpns_features']))
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['mo_wpns_features'])))
7
- {
8
- case "mo_wpns_2fa_with_network_security":
9
- $security_features = new Mo_2fa_security_features();
10
- $security_features->wpns_2fa_with_network_security($_POST); break;
11
- case "mo_wpns_2fa_features":
12
- $security_features = new Mo_2fa_security_features();
13
- $security_features->wpns_2fa_features_only(); break;
14
-
15
-
16
- }
17
- }
18
-
19
-
20
- $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
21
-
22
-
23
-
24
  // include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'network_security_features.php';
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['mo_wpns_features']))
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['mo_wpns_features'])))
7
+ {
8
+ case "mo_wpns_2fa_with_network_security":
9
+ $security_features = new Mo_2fa_security_features();
10
+ $security_features->wpns_2fa_with_network_security($_POST); break;
11
+ case "mo_wpns_2fa_features":
12
+ $security_features = new Mo_2fa_security_features();
13
+ $security_features->wpns_2fa_features_only(); break;
14
+
15
+
16
+ }
17
+ }
18
+
19
+
20
+ $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
21
+
22
+
23
+
24
  // include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'network_security_features.php';
controllers/notification-settings.php CHANGED
@@ -1,101 +1,101 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
- $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
-
8
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
- {
10
- switch($_POST['option'])
11
- {
12
- case "mo_wpns_enable_ip_blocked_email_to_admin":
13
- wpns_handle_notify_admin_on_ip_block($_POST); break;
14
- case "mo_wpns_enable_unusual_activity_email_to_user":
15
- wpns_handle_notify_unusual_activity($_POST); break;
16
- case "custom_user_template":
17
- wpns_handle_custom_template($_POST['custom_user_template']); break;
18
- case "mo_wpns_get_manual_email" :
19
- wpns_handle_admin_email($_POST); break;
20
- case "custom_admin_template":
21
- wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
- }
23
- }
24
- if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
- update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
- $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "" : "unchacked";
27
- }
28
- $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "checked" : "";
29
- $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
-
31
- $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
- $template_type1 = 'custom_admin_template';
33
- $ip_blocking_template = array(
34
- 'textarea_name' => 'custom_admin_template',
35
- 'wpautop' => false
36
- );
37
- $fromEmail = get_option('mo2f_email');
38
- $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
- $template_type2 = 'custom_user_template';
40
- $user_activity_template = array(
41
- 'textarea_name' => 'custom_user_template',
42
- 'wpautop' => false
43
- );
44
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
-
46
-
47
-
48
- /* ADMIN NOTIFICATION SETTINGS */
49
- function wpns_handle_admin_email($postValue)
50
- {
51
- $email = sanitize_email($_POST['admin_email_address']);
52
- if(validate_email($email)){
53
- $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
54
- update_option('admin_email_address',$email);
55
- update_option( 'admin_email_address_status', $admin_email_address_status);
56
- do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
57
- }else{
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
59
- }
60
- }
61
- function validate_email($str) {
62
- return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
63
- }
64
-
65
- //Function to handle enabling and disabling of admin notification on ip blocking
66
- function wpns_handle_notify_admin_on_ip_block($postValue)
67
- {
68
- $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
69
- update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
70
-
71
- if($enable_ip_blocked_email_to_admin)
72
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
73
- else
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
75
- }
76
-
77
-
78
- //Function to handle enabling and disabling of admin notification on unusual activity
79
- function wpns_handle_notify_unusual_activity($postValue)
80
- {
81
- $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
82
- update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
83
-
84
- if($enable_unusual_activity_email_to_user)
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
86
- else
87
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
88
- }
89
-
90
-
91
- //Function to save unusual activity email template
92
- function wpns_handle_custom_template($template1,$template2=null)
93
- {
94
- if(!is_null($template1))
95
- update_option('custom_user_template', stripslashes($template1));
96
-
97
- if(!is_null($template2))
98
- update_option('custom_admin_template', stripslashes($template2));
99
-
100
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
101
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
+ $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
+
8
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
+ {
10
+ switch($_POST['option'])
11
+ {
12
+ case "mo_wpns_enable_ip_blocked_email_to_admin":
13
+ wpns_handle_notify_admin_on_ip_block($_POST); break;
14
+ case "mo_wpns_enable_unusual_activity_email_to_user":
15
+ wpns_handle_notify_unusual_activity($_POST); break;
16
+ case "custom_user_template":
17
+ wpns_handle_custom_template($_POST['custom_user_template']); break;
18
+ case "mo_wpns_get_manual_email" :
19
+ wpns_handle_admin_email($_POST); break;
20
+ case "custom_admin_template":
21
+ wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
+ }
23
+ }
24
+ if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
+ update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "" : "unchacked";
27
+ }
28
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "checked" : "";
29
+ $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
+
31
+ $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
+ $template_type1 = 'custom_admin_template';
33
+ $ip_blocking_template = array(
34
+ 'textarea_name' => 'custom_admin_template',
35
+ 'wpautop' => false
36
+ );
37
+ $fromEmail = get_option('mo2f_email');
38
+ $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
+ $template_type2 = 'custom_user_template';
40
+ $user_activity_template = array(
41
+ 'textarea_name' => 'custom_user_template',
42
+ 'wpautop' => false
43
+ );
44
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
+
46
+
47
+
48
+ /* ADMIN NOTIFICATION SETTINGS */
49
+ function wpns_handle_admin_email($postValue)
50
+ {
51
+ $email = sanitize_email($_POST['admin_email_address']);
52
+ if(validate_email($email)){
53
+ $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
54
+ update_option('admin_email_address',$email);
55
+ update_option( 'admin_email_address_status', $admin_email_address_status);
56
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
57
+ }else{
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
59
+ }
60
+ }
61
+ function validate_email($str) {
62
+ return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
63
+ }
64
+
65
+ //Function to handle enabling and disabling of admin notification on ip blocking
66
+ function wpns_handle_notify_admin_on_ip_block($postValue)
67
+ {
68
+ $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
69
+ update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
70
+
71
+ if($enable_ip_blocked_email_to_admin)
72
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
73
+ else
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
75
+ }
76
+
77
+
78
+ //Function to handle enabling and disabling of admin notification on unusual activity
79
+ function wpns_handle_notify_unusual_activity($postValue)
80
+ {
81
+ $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
82
+ update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
83
+
84
+ if($enable_unusual_activity_email_to_user)
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
86
+ else
87
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
88
+ }
89
+
90
+
91
+ //Function to save unusual activity email template
92
+ function wpns_handle_custom_template($template1,$template2=null)
93
+ {
94
+ if(!is_null($template1))
95
+ update_option('custom_user_template', stripslashes($template1));
96
+
97
+ if(!is_null($template2))
98
+ update_option('custom_admin_template', stripslashes($template2));
99
+
100
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
101
  }
controllers/pointers.php CHANGED
@@ -1,581 +1,581 @@
1
- <?php
2
-
3
- $pointers = array();
4
- $tab= 'default';
5
- if(array_key_exists('tab',$_GET))
6
- $tab = $_GET['tab'];
7
-
8
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
-
10
- {
11
- $pointers['default-miniorange-2fa-select-authentication'] = array(
12
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
- 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
- 'isdefault' => 'yes',
16
- 'edge' => 'bottom',
17
- 'align' => 'middle',
18
- 'index' => 'default-miniorange-2fa-select-authentication',
19
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
- );
21
- $pointers['default-miniorange-2fa-configure'] = array(
22
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
- 'anchor_id' => '#GoogleAuthenticator_configuration',
25
- 'isdefault' => 'yes',
26
- 'edge' => 'top',
27
- 'align' => 'left',
28
- 'index' => 'default-miniorange-2fa-configure',
29
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
- );
31
-
32
- $pointers['default-miniorange-2fa-choose_app'] = array(
33
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
- 'anchor_id' => '#mo2f_choose_app_tour',
36
- 'isdefault' => 'yes',
37
- 'edge' => 'left',
38
- 'align' => 'left',
39
- 'index' => 'default-miniorange-2fa-choose_app1',
40
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
- );
42
-
43
- $pointers['default-miniorange-2fa-download_app'] = array(
44
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
- 'anchor_id' => '#links_to_apps_tour',
47
- 'isdefault' => 'yes',
48
- 'edge' => 'left',
49
- 'align' => 'left',
50
- 'index' => 'default-miniorange-2fa-download_app1',
51
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
- );
53
-
54
-
55
- $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
- 'anchor_id' => '#displayGAQrCodeTour',
59
- 'isdefault' => 'yes',
60
- 'edge' => 'left',
61
- 'align' => 'left',
62
- 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
- );
65
- $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
- 'anchor_id' => '#mo2f_change_app_name',
69
- 'isdefault' => 'yes',
70
- 'edge' => 'left',
71
- 'align' => 'left',
72
- 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
- );
75
-
76
- $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
- 'anchor_id' => '#mo2f_scanbarcode_a',
80
- 'isdefault' => 'yes',
81
- 'edge' => 'left',
82
- 'align' => 'left',
83
- 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
- );
86
-
87
- $pointers['default-miniorange-2fa-enter-otp'] = array(
88
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
- 'anchor_id' => '#EnterOTPGATour',
91
- 'isdefault' => 'yes',
92
- 'edge' => 'right',
93
- 'align' => 'left',
94
- 'index' => 'default-miniorange-2fa-enter-otp1',
95
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
- );
97
- $pointers['default-miniorange-2fa-save-otp'] = array(
98
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
- 'anchor_id' => '#SaveOTPGATour',
101
- 'isdefault' => 'yes',
102
- 'edge' => 'right',
103
- 'align' => 'left',
104
- 'index' => 'default-miniorange-2fa-save-otp1',
105
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
- );
107
- $pointers['default-miniorange-2fa-test'] = array(
108
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
- 'anchor_id' => '#test',
111
- 'isdefault' => 'yes',
112
- 'edge' => 'right',
113
- 'align' => 'left',
114
- 'index' => 'default-miniorange-2fa-test',
115
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
- );
117
-
118
- $pointers['default-miniorange-2fa-customizations'] = array(
119
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
- 'anchor_id' => '#disable_two_factor_tour',
122
- 'isdefault' => 'yes',
123
- 'edge' => 'top',
124
- 'align' => 'left',
125
- 'index' => 'default-miniorange-2fa-customizations',
126
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
- );
128
- $pointers['default-miniorange-2fa-inline-registration'] = array(
129
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
- 'anchor_id' => '#mo2f_inline_registration_tour',
132
- 'isdefault' => 'yes',
133
- 'edge' => 'top',
134
- 'align' => 'left',
135
- 'index' => 'default-miniorange-2fa-inline-registration',
136
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
- );
138
- $pointers['default-minorange-2fa-integration'] = array(
139
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
- 'anchor_id' => '#custom_form_2fa_div',
142
- 'isdefault' => 'yes',
143
- 'edge' => 'bottom',
144
- 'align' => 'middle',
145
- 'index' => 'default-minorange-2fa-integration',
146
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
- );
148
- $pointers['default-minorange-2fa-premium-features'] = array(
149
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
- 'anchor_id' => '#custom_login_2fa',
152
- 'isdefault' => 'yes',
153
- 'edge' => 'left',
154
- 'align' => 'left',
155
- 'index' => 'default-minorange-2fa-premium-features',
156
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
- );
158
-
159
- $pointers['default-miniorange-2fa-upgrade'] = array(
160
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
- 'anchor_id' => '#mo_2fa_upgrade_tour',
163
- 'isdefault' => 'yes',
164
- 'edge' => 'top',
165
- 'align' => 'left',
166
- 'index' => 'default-miniorange-2fa-upgrade',
167
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
- );
169
- $pointers['default-miniorange-2fa-support_open'] = array(
170
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
- 'anchor_id' => '#mo_wpns_support_layout_tour',
173
- 'isdefault' => 'yes',
174
- 'edge' => 'bottom',
175
- 'align' => 'right',
176
- 'index' => 'default-miniorange-2fa-support_open',
177
- 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
- );
179
-
180
-
181
- }
182
- if(get_option('mo2f_tour_firewall') == 1 ){
183
- $pointers['default-miniorange-firewall-level'] = array(
184
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
- 'anchor_id' => '#mo_waf_options_tour',
187
- 'isfirewall'=> 'yes',
188
- 'edge' => 'top',
189
- 'align' => 'left',
190
- 'index' => 'default-miniorange-firewall-level',
191
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
- );
193
- $pointers['default-miniorange-firewall-attacks'] = array(
194
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
- 'anchor_id' => '#mo2f_AttackTypes',
197
- 'isfirewall'=> 'yes',
198
- 'edge' => 'bottom',
199
- 'align' => 'left',
200
- 'index' => 'default-miniorange-firewall-attacks',
201
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
- );
203
- $pointers['default-miniorange-firewall-attack-limit'] = array(
204
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
- 'anchor_id' => '#mo2f_waf_block_after',
207
- 'isfirewall'=> 'yes',
208
- 'edge' => 'bottom',
209
- 'align' => 'left',
210
- 'index' => 'default-miniorange-firewall-attack-limit',
211
- 'align' => 'left',
212
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
- );
214
-
215
- $pointers['default-miniorange-firewall-rate-limit'] = array(
216
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
- 'anchor_id' => '#mo2f_ratelimiting',
219
- 'isfirewall'=> 'yes',
220
- 'edge' => 'top',
221
- 'align' => 'left',
222
- 'index' => 'default-miniorange-firewall-rate-limit',
223
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
- );
225
- $pointers['default-miniorange-firewall-check-attacks'] = array(
226
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
- 'anchor_id' => '#mo2f_firewall_attack_dash',
229
- 'isfirewall'=> 'yes',
230
- 'edge' => 'top',
231
- 'align' => 'left',
232
- 'index' => 'default-miniorange-firewall-check-attacks',
233
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
- );
235
- $pointers['default-miniorange-2fa-upgrade'] = array(
236
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
- 'anchor_id' => '#mo_2fa_upgrade_tour',
239
- 'isfirewall' => 'yes',
240
- 'edge' => 'top',
241
- 'align' => 'left',
242
- 'index' => 'default-miniorange-2fa-upgrade',
243
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
- );
245
-
246
- $pointers['default-miniorange-firewall-support'] = array(
247
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
- 'anchor_id' => '#mo_wpns_support_layout_tour',
250
- 'isfirewall' => 'yes',
251
- 'edge' => 'bottom',
252
- 'align' => 'left',
253
- 'index' => 'default-miniorange-firewall-support',
254
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
- );
256
-
257
- }
258
-
259
- if(get_option('mo2f_tour_malware_scan') ==1){
260
- $pointers['default-miniorange-malware-scan-modes'] = array(
261
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
- 'anchor_id' => '#scan_status_table',
264
- 'ismalware' => 'yes',
265
- 'edge' => 'bottom',
266
- 'align' => 'left',
267
- 'index' => 'default-miniorange-malware-scan-modes',
268
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
- );
270
- $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
- 'anchor_id' => '#mo2f_select_scanning_files',
274
- 'ismalware' => 'yes',
275
- 'edge' => 'bottom',
276
- 'align' => 'left',
277
- 'index' => 'default-miniorange-malware-custom-scan-files',
278
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
- );
280
- $pointers['default-miniorange-malware-scan-reports'] = array(
281
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
- 'anchor_id' => '#scan_report_table',
284
- 'ismalware' => 'yes',
285
- 'edge' => 'top',
286
- 'align' => 'left',
287
- 'index' => 'default-miniorange-malware-scan-reports',
288
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
- );
290
-
291
- $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
- 'anchor_id' => '#mo2f_scan_dash',
295
- 'ismalware' => 'yes',
296
- 'edge' => 'top',
297
- 'align' => 'left',
298
- 'index' => 'default-miniorange-malware-scan-dashboard',
299
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
- );
301
- $pointers['default-miniorange-2fa-upgrade'] = array(
302
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
- 'anchor_id' => '#mo_2fa_upgrade_tour',
305
- 'ismalware' => 'yes',
306
- 'edge' => 'top',
307
- 'align' => 'left',
308
- 'index' => 'default-miniorange-2fa-upgrade',
309
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
- );
311
-
312
- $pointers['default-miniorange-malware-support'] = array(
313
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
- 'anchor_id' => '#mo_wpns_support_layout_tour',
316
- 'ismalware' => 'yes',
317
- 'edge' => 'bottom',
318
- 'align' => 'left',
319
- 'index' => 'default-miniorange-malware-support',
320
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
- );
322
-
323
- }
324
-
325
- if(get_option('mo2f_tour_advance_blocking') ==1){
326
- $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
- 'anchor_id' => '#mo2f_manual_ip_blocking',
330
- 'advcblock' => 'yes',
331
- 'edge' => 'top',
332
- 'align' => 'left',
333
- 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
- );
336
- $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
- 'anchor_id' => '#mo2f_ip_whitelisting',
340
- 'advcblock' => 'yes',
341
- 'edge' => 'top',
342
- 'align' => 'left',
343
- 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
- );
346
-
347
- $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
- 'anchor_id' => '#mo2f_ip_lookup',
351
- 'advcblock' => 'yes',
352
- 'edge' => 'bottom',
353
- 'align' => 'left',
354
- 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
- );
357
-
358
-
359
- $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
- 'anchor_id' => '#mo2f_ip_range_blocking',
363
- 'advcblock' => 'yes',
364
- 'edge' => 'top',
365
- 'align' => 'left',
366
- 'index' => 'default-miniorange-advance-blocking-IP-range',
367
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
- );
369
- $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
- 'anchor_id' => '#mo2f_htaccess_blocking',
373
- 'advcblock' => 'yes',
374
- 'edge' => 'top',
375
- 'align' => 'left',
376
- 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
- );
379
- $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
- 'anchor_id' => '#mo2f_browser_blocking',
383
- 'advcblock' => 'yes',
384
- 'edge' => 'top',
385
- 'align' => 'left',
386
- 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
- );
389
- $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
- 'anchor_id' => '#mo2f_country_blocking',
393
- 'advcblock' => 'yes',
394
- 'edge' => 'bottom',
395
- 'align' => 'left',
396
- 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
- );
399
-
400
- $pointers['default-miniorange-2fa-upgrade'] = array(
401
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
- 'anchor_id' => '#mo_2fa_upgrade_tour',
404
- 'advcblock' => 'yes',
405
- 'edge' => 'top',
406
- 'align' => 'left',
407
- 'index' => 'default-miniorange-2fa-upgrade',
408
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
- );
410
- $pointers['default-miniorange-advance-blocking-support'] = array(
411
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
- 'anchor_id' => '#mo_wpns_support_layout_tour',
414
- 'advcblock' => 'yes',
415
- 'edge' => 'bottom',
416
- 'align' => 'left',
417
- 'index' => 'default-miniorange-advance-blocking-support',
418
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
- );
420
-
421
- }
422
-
423
-
424
- if(get_option('mo2f_tour_backup') == 1 ){
425
- $pointers['default-miniorange-backup-manual-db'] = array(
426
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
- 'anchor_id' => '#mo2f_select_files_backup',
429
- 'isBackup'=> 'yes',
430
- 'edge' => 'top',
431
- 'align' => 'left',
432
- 'index' => 'default-miniorange-backup-manual-db',
433
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
- );
435
- $pointers['default-miniorange-backup-auto-db'] = array(
436
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
- 'anchor_id' => '#mo2f_auto_dbbackup',
439
- 'isBackup'=> 'yes',
440
- 'edge' => 'bottom',
441
- 'align' => 'left',
442
- 'index' => 'default-miniorange-backup-auto-db',
443
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
- );
445
- $pointers['default-miniorange-backup-file'] = array(
446
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
- 'anchor_id' => '#mo2f_schedule_backup_status',
449
- 'isBackup'=> 'yes',
450
- 'edge' => 'top',
451
- 'align' => 'left',
452
- 'index' => 'default-miniorange-backup-file',
453
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
- );
455
- $pointers['default-miniorange-backup-report'] = array(
456
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
- 'anchor_id' => '#backup_report_table',
459
- 'isBackup'=> 'yes',
460
- 'edge' => 'bottom',
461
- 'align' => 'left',
462
- 'index' => 'default-miniorange-backup-report',
463
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
- );
465
-
466
- $pointers['default-miniorange-2fa-upgrade'] = array(
467
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
- 'anchor_id' => '#mo_2fa_upgrade_tour',
470
- 'isBackup' => 'yes',
471
- 'edge' => 'top',
472
- 'align' => 'left',
473
- 'index' => 'default-miniorange-2fa-upgrade',
474
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
- );
476
- $pointers['default-miniorange-backup-support'] = array(
477
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
- 'anchor_id' => '#mo_wpns_support_layout_tour',
480
- 'isBackup' => 'yes',
481
- 'edge' => 'bottom',
482
- 'align' => 'left',
483
- 'index' => 'default-miniorange-backup-support',
484
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
- );
486
-
487
- }
488
-
489
- if(get_option('mo2f_tour_loginSpam') == 1){
490
- $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
- 'anchor_id' => '#mo2f_bruteforce',
494
- 'loginSpam' => 'yes',
495
- 'edge' => 'top',
496
- 'align' => 'left',
497
- 'index' => 'default-miniorange-login-spam-bruteforce',
498
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
- );
500
- $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
- 'anchor_id' => '#mo2f_google_recaptcha',
504
- 'loginSpam' => 'yes',
505
- 'edge' => 'top',
506
- 'align' => 'left',
507
- 'index' => 'default-miniorange-login-spam-recaptcha',
508
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
- );
510
- $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
- 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
- 'loginSpam' => 'yes',
515
- 'edge' => 'bottom',
516
- 'align' => 'left',
517
- 'index' => 'default-miniorange-login-spam-strong-pass',
518
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
- );
520
-
521
- $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
- 'anchor_id' => '#mo2f_block_registration',
525
- 'loginSpam' => 'yes',
526
- 'edge' => 'top',
527
- 'align' => 'left',
528
- 'index' => 'default-miniorange-login-spam-fake-registration',
529
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
- );
531
- $pointers['default-miniorange-login-spam-content'] = array(
532
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
- 'anchor_id' => '#mo2f_content_protection',
535
- 'loginSpam' => 'yes',
536
- 'edge' => 'bottom',
537
- 'align' => 'left',
538
- 'index' => 'default-miniorange-login-spam-content',
539
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
- );
541
- $pointers['default-miniorange-login-spam-block-spam'] = array(
542
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
- 'anchor_id' => '#mo2f_comment_protection',
545
- 'loginSpam' => 'yes',
546
- 'edge' => 'bottom',
547
- 'align' => 'left',
548
- 'index' => 'default-miniorange-login-spam-block-spam',
549
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
- );
551
- $pointers['default-miniorange-2fa-upgrade'] = array(
552
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
- 'anchor_id' => '#mo_2fa_upgrade_tour',
555
- 'loginSpam' => 'yes',
556
- 'edge' => 'top',
557
- 'align' => 'left',
558
- 'index' => 'default-miniorange-2fa-upgrade',
559
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
- );
561
-
562
- $pointers['default-miniorange-login-spam-support'] = array(
563
- 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
- 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
- 'anchor_id' => '#mo_wpns_support_layout_tour',
566
- 'loginSpam' => 'yes',
567
- 'edge' => 'bottom',
568
- 'align' => 'left',
569
- 'index' => 'default-miniorange-login-spam-support',
570
- 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
- );
572
-
573
-
574
- }
575
-
576
-
577
-
578
-
579
-
580
-
581
- return $pointers;
1
+ <?php
2
+
3
+ $pointers = array();
4
+ $tab= 'default';
5
+ if(array_key_exists('tab',$_GET))
6
+ $tab = $_GET['tab'];
7
+
8
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
+
10
+ {
11
+ $pointers['default-miniorange-2fa-select-authentication'] = array(
12
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select Authentication Method (Step 1 out of 9)' ) ),
13
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose your Two Factor authentication method.' ) ),
14
+ 'anchor_id' => '#mo2f_save_free_plan_auth_methods_form',
15
+ 'isdefault' => 'yes',
16
+ 'edge' => 'bottom',
17
+ 'align' => 'middle',
18
+ 'index' => 'default-miniorange-2fa-select-authentication',
19
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
20
+ );
21
+ $pointers['default-miniorange-2fa-configure'] = array(
22
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Click on configure(Step 2 out of 9)' ) ),
23
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Setup the two-factor authentication here.' ) ),
24
+ 'anchor_id' => '#GoogleAuthenticator_configuration',
25
+ 'isdefault' => 'yes',
26
+ 'edge' => 'top',
27
+ 'align' => 'left',
28
+ 'index' => 'default-miniorange-2fa-configure',
29
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
30
+ );
31
+
32
+ $pointers['default-miniorange-2fa-choose_app'] = array(
33
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose the app type(Step 1 out of 6)' ) ),
34
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the app which you want to use as the second factor' ) ),
35
+ 'anchor_id' => '#mo2f_choose_app_tour',
36
+ 'isdefault' => 'yes',
37
+ 'edge' => 'left',
38
+ 'align' => 'left',
39
+ 'index' => 'default-miniorange-2fa-choose_app1',
40
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
41
+ );
42
+
43
+ $pointers['default-miniorange-2fa-download_app'] = array(
44
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Download app(Step 2 out of 6)' ) ),
45
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you do not have app in your phone then you can donwload the app here.' ) ),
46
+ 'anchor_id' => '#links_to_apps_tour',
47
+ 'isdefault' => 'yes',
48
+ 'edge' => 'left',
49
+ 'align' => 'left',
50
+ 'index' => 'default-miniorange-2fa-download_app1',
51
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
52
+ );
53
+
54
+
55
+ $pointers['default-miniorange-2fa-scan-qrcode'] = array(
56
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan the QR code(Step 3 out of 6)' ) ),
57
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Scan the QR code with your app on your phone.' ) ),
58
+ 'anchor_id' => '#displayGAQrCodeTour',
59
+ 'isdefault' => 'yes',
60
+ 'edge' => 'left',
61
+ 'align' => 'left',
62
+ 'index' => 'default-miniorange-2fa-scan-qrcode1',
63
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
64
+ );
65
+ $pointers['default-miniorange-2fa-choose_name_on_app'] = array(
66
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose app name(Step 4 out of 6)' ) ),
67
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the app name which you want to display on your app for the code.' ) ),
68
+ 'anchor_id' => '#mo2f_change_app_name',
69
+ 'isdefault' => 'yes',
70
+ 'edge' => 'left',
71
+ 'align' => 'left',
72
+ 'index' => 'default-miniorange-2fa-choose_name_on_app1',
73
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
74
+ );
75
+
76
+ $pointers['default-miniorange-2fa-enter_code_manually'] = array(
77
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Can\'t scan the QR code?(Step 5 out of 6)' ) ),
78
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'If you can not scan the QR code then you can follow these steps to configure the two-factor without scanning the code.' ) ),
79
+ 'anchor_id' => '#mo2f_scanbarcode_a',
80
+ 'isdefault' => 'yes',
81
+ 'edge' => 'left',
82
+ 'align' => 'left',
83
+ 'index' => 'default-miniorange-2fa-enter_code_manually1',
84
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
85
+ );
86
+
87
+ $pointers['default-miniorange-2fa-enter-otp'] = array(
88
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enter the OTP(Step 6 of 6)' ) ),
89
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After Scanning the QR code please enter the OTP generated in the app on your phone.' ) ),
90
+ 'anchor_id' => '#EnterOTPGATour',
91
+ 'isdefault' => 'yes',
92
+ 'edge' => 'right',
93
+ 'align' => 'left',
94
+ 'index' => 'default-miniorange-2fa-enter-otp1',
95
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
96
+ );
97
+ $pointers['default-miniorange-2fa-save-otp'] = array(
98
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Verify and Save(Step 7 of 7)' ) ),
99
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Verify and Save the google-authentication code.' ) ),
100
+ 'anchor_id' => '#SaveOTPGATour',
101
+ 'isdefault' => 'yes',
102
+ 'edge' => 'right',
103
+ 'align' => 'left',
104
+ 'index' => 'default-miniorange-2fa-save-otp1',
105
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
106
+ );
107
+ $pointers['default-miniorange-2fa-test'] = array(
108
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Test the method(Step 3 out of 9).' ) ),
109
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'After configuring the 2-factor you can test it here by clicking on Test button.' ) ),
110
+ 'anchor_id' => '#test',
111
+ 'isdefault' => 'yes',
112
+ 'edge' => 'right',
113
+ 'align' => 'left',
114
+ 'index' => 'default-miniorange-2fa-test',
115
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
116
+ );
117
+
118
+ $pointers['default-miniorange-2fa-customizations'] = array(
119
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Temporary disable two-factor(Step 4 of 9)' ) ),
120
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'While testing if you need to disable the plugin. You can do it from here.' ) ),
121
+ 'anchor_id' => '#disable_two_factor_tour',
122
+ 'isdefault' => 'yes',
123
+ 'edge' => 'top',
124
+ 'align' => 'left',
125
+ 'index' => 'default-miniorange-2fa-customizations',
126
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
127
+ );
128
+ $pointers['default-miniorange-2fa-inline-registration'] = array(
129
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'User Enrollment(Step 5 of 9)' ) ),
130
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can force two-factor setup of login for other user here.' ) ),
131
+ 'anchor_id' => '#mo2f_inline_registration_tour',
132
+ 'isdefault' => 'yes',
133
+ 'edge' => 'top',
134
+ 'align' => 'left',
135
+ 'index' => 'default-miniorange-2fa-inline-registration',
136
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
137
+ );
138
+ $pointers['default-minorange-2fa-integration'] = array(
139
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Integrate 2fa with custom forms(Step 6 of 9)' ) ),
140
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'We support almost all worpdress forms and some popular forms are listed here. If your form is not in the list you can contact us.' ) ),
141
+ 'anchor_id' => '#custom_form_2fa_div',
142
+ 'isdefault' => 'yes',
143
+ 'edge' => 'bottom',
144
+ 'align' => 'middle',
145
+ 'index' => 'default-minorange-2fa-integration',
146
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
147
+ );
148
+ $pointers['default-minorange-2fa-premium-features'] = array(
149
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Premium features (Step 7 of 9)' ) ),
150
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check what features you will get in the premium and upgrade to your preferred plan.' ) ),
151
+ 'anchor_id' => '#custom_login_2fa',
152
+ 'isdefault' => 'yes',
153
+ 'edge' => 'left',
154
+ 'align' => 'left',
155
+ 'index' => 'default-minorange-2fa-premium-features',
156
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
157
+ );
158
+
159
+ $pointers['default-miniorange-2fa-upgrade'] = array(
160
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 8 out of 9)' ) ),
161
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
162
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
163
+ 'isdefault' => 'yes',
164
+ 'edge' => 'top',
165
+ 'align' => 'left',
166
+ 'index' => 'default-miniorange-2fa-upgrade',
167
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
168
+ );
169
+ $pointers['default-miniorange-2fa-support_open'] = array(
170
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
171
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
172
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
173
+ 'isdefault' => 'yes',
174
+ 'edge' => 'bottom',
175
+ 'align' => 'right',
176
+ 'index' => 'default-miniorange-2fa-support_open',
177
+ 'where' => array( 'toplevel_page_mo_2fa_two_fa' ) // <-- Please note this
178
+ );
179
+
180
+
181
+ }
182
+ if(get_option('mo2f_tour_firewall') == 1 ){
183
+ $pointers['default-miniorange-firewall-level'] = array(
184
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose your level of the firewall(step 1 out of 7)' ) ),
185
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose on which level you want to enable firewall. htaccess level is the recommended one.' ) ),
186
+ 'anchor_id' => '#mo_waf_options_tour',
187
+ 'isfirewall'=> 'yes',
188
+ 'edge' => 'top',
189
+ 'align' => 'left',
190
+ 'index' => 'default-miniorange-firewall-level',
191
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
192
+ );
193
+ $pointers['default-miniorange-firewall-attacks'] = array(
194
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select the types of attacks you want to stop.(step 2 out of 7)' ) ),
195
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable attack protection here for different attacks.' ) ),
196
+ 'anchor_id' => '#mo2f_AttackTypes',
197
+ 'isfirewall'=> 'yes',
198
+ 'edge' => 'bottom',
199
+ 'align' => 'left',
200
+ 'index' => 'default-miniorange-firewall-attacks',
201
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
202
+ );
203
+ $pointers['default-miniorange-firewall-attack-limit'] = array(
204
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Choose attack limit(step 3 out of 7)' ) ),
205
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attacks an IP can make before getting blocked. If an IP reach the limit it will be blocked on the next attack.' ) ),
206
+ 'anchor_id' => '#mo2f_waf_block_after',
207
+ 'isfirewall'=> 'yes',
208
+ 'edge' => 'bottom',
209
+ 'align' => 'left',
210
+ 'index' => 'default-miniorange-firewall-attack-limit',
211
+ 'align' => 'left',
212
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
213
+ );
214
+
215
+ $pointers['default-miniorange-firewall-rate-limit'] = array(
216
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on rate limiting(step 4 out of 7)' ) ),
217
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Turn on rate limiting to protect from Dos attack. Choose request limit and action for rate limiting.' ) ),
218
+ 'anchor_id' => '#mo2f_ratelimiting',
219
+ 'isfirewall'=> 'yes',
220
+ 'edge' => 'top',
221
+ 'align' => 'left',
222
+ 'index' => 'default-miniorange-firewall-rate-limit',
223
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
224
+ );
225
+ $pointers['default-miniorange-firewall-check-attacks'] = array(
226
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Check blocked IPs and attacks.(step 5 out of 7)' ) ),
227
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about blocked IPs and Attacks here.' ) ),
228
+ 'anchor_id' => '#mo2f_firewall_attack_dash',
229
+ 'isfirewall'=> 'yes',
230
+ 'edge' => 'top',
231
+ 'align' => 'left',
232
+ 'index' => 'default-miniorange-firewall-check-attacks',
233
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
234
+ );
235
+ $pointers['default-miniorange-2fa-upgrade'] = array(
236
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 6 out of 7)' ) ),
237
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
238
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
239
+ 'isfirewall' => 'yes',
240
+ 'edge' => 'top',
241
+ 'align' => 'left',
242
+ 'index' => 'default-miniorange-2fa-upgrade',
243
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
244
+ );
245
+
246
+ $pointers['default-miniorange-firewall-support'] = array(
247
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 7 out of 7)' ) ),
248
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
249
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
250
+ 'isfirewall' => 'yes',
251
+ 'edge' => 'bottom',
252
+ 'align' => 'left',
253
+ 'index' => 'default-miniorange-firewall-support',
254
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_waf' ) // <-- Please note this
255
+ );
256
+
257
+ }
258
+
259
+ if(get_option('mo2f_tour_malware_scan') ==1){
260
+ $pointers['default-miniorange-malware-scan-modes'] = array(
261
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scanning Modes (Step 1 of 6)' ) ),
262
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the Scanning mode ' ) ),
263
+ 'anchor_id' => '#scan_status_table',
264
+ 'ismalware' => 'yes',
265
+ 'edge' => 'bottom',
266
+ 'align' => 'left',
267
+ 'index' => 'default-miniorange-malware-scan-modes',
268
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
269
+ );
270
+ $pointers['default-miniorange-malware-custom-scan-files'] = array(
271
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Select files from custom scan (Step 2 of 6)' ) ),
272
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can select the files you want to scan. Just select the files and start the custom scan' ) ),
273
+ 'anchor_id' => '#mo2f_select_scanning_files',
274
+ 'ismalware' => 'yes',
275
+ 'edge' => 'bottom',
276
+ 'align' => 'left',
277
+ 'index' => 'default-miniorange-malware-custom-scan-files',
278
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
279
+ );
280
+ $pointers['default-miniorange-malware-scan-reports'] = array(
281
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan report.(Step 3 of 6)' ) ),
282
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the scan report here.' ) ),
283
+ 'anchor_id' => '#scan_report_table',
284
+ 'ismalware' => 'yes',
285
+ 'edge' => 'top',
286
+ 'align' => 'left',
287
+ 'index' => 'default-miniorange-malware-scan-reports',
288
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
289
+ );
290
+
291
+ $pointers['default-miniorange-malware-scan-dashboard'] = array(
292
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scan dashboard (Step 4 of 6)' ) ),
293
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the Information about the files being scanned currently, files scanned in last scans & Infected files' ) ),
294
+ 'anchor_id' => '#mo2f_scan_dash',
295
+ 'ismalware' => 'yes',
296
+ 'edge' => 'top',
297
+ 'align' => 'left',
298
+ 'index' => 'default-miniorange-malware-scan-dashboard',
299
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
300
+ );
301
+ $pointers['default-miniorange-2fa-upgrade'] = array(
302
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 5 out of 6)' ) ),
303
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
304
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
305
+ 'ismalware' => 'yes',
306
+ 'edge' => 'top',
307
+ 'align' => 'left',
308
+ 'index' => 'default-miniorange-2fa-upgrade',
309
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
310
+ );
311
+
312
+ $pointers['default-miniorange-malware-support'] = array(
313
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
314
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
315
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
316
+ 'ismalware' => 'yes',
317
+ 'edge' => 'bottom',
318
+ 'align' => 'left',
319
+ 'index' => 'default-miniorange-malware-support',
320
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_malwarescan' ) // <-- Please note this
321
+ );
322
+
323
+ }
324
+
325
+ if(get_option('mo2f_tour_advance_blocking') ==1){
326
+ $pointers['default-miniorange-advance-blocking-IP-blocking'] = array(
327
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual IP Blocking (Step 1 of 9)' ) ),
328
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific IP. Access for that IP will be blocked for your site.' ) ),
329
+ 'anchor_id' => '#mo2f_manual_ip_blocking',
330
+ 'advcblock' => 'yes',
331
+ 'edge' => 'top',
332
+ 'align' => 'left',
333
+ 'index' => 'default-miniorange-advance-blocking-IP-blocking',
334
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
335
+ );
336
+ $pointers['default-miniorange-advance-blocking-IP-whitelisting'] = array(
337
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Whitelist IP (Step 2 of 9)' ) ),
338
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can Whitelist a specific IP. The IP will never get blocked on your site.' ) ),
339
+ 'anchor_id' => '#mo2f_ip_whitelisting',
340
+ 'advcblock' => 'yes',
341
+ 'edge' => 'top',
342
+ 'align' => 'left',
343
+ 'index' => 'default-miniorange-advance-blocking-IP-whitelisting',
344
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
345
+ );
346
+
347
+ $pointers['default-miniorange-advance-blocking-IP-lookup'] = array(
348
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Lookup IP(Step 3 of 9)' ) ),
349
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can get details of an IP here. Example country, city, etc.' ) ),
350
+ 'anchor_id' => '#mo2f_ip_lookup',
351
+ 'advcblock' => 'yes',
352
+ 'edge' => 'bottom',
353
+ 'align' => 'left',
354
+ 'index' => 'default-miniorange-advance-blocking-IP-lookup',
355
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
356
+ );
357
+
358
+
359
+ $pointers['default-miniorange-advance-blocking-IP-range'] = array(
360
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'IP range Blocking.(Step 4 of 9)' ) ),
361
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block a specific range of IPs. Access from those IP will be blocked for your site.' ) ),
362
+ 'anchor_id' => '#mo2f_ip_range_blocking',
363
+ 'advcblock' => 'yes',
364
+ 'edge' => 'top',
365
+ 'align' => 'left',
366
+ 'index' => 'default-miniorange-advance-blocking-IP-range',
367
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
368
+ );
369
+ $pointers['default-miniorange-advance-blocking-htaccess-blocking'] = array(
370
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Htaccess Blocking (Step 5 of 9)' ) ),
371
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'htaccess level blocking will block the IP before wordpress load on your site. So it will minimize server resources from illegitimate users.' ) ),
372
+ 'anchor_id' => '#mo2f_htaccess_blocking',
373
+ 'advcblock' => 'yes',
374
+ 'edge' => 'top',
375
+ 'align' => 'left',
376
+ 'index' => 'default-miniorange-advance-blocking-htaccess-blocking',
377
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
378
+ );
379
+ $pointers['default-miniorange-advance-blocking-browser-blocking'] = array(
380
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Browser Blocking (Step 6 of 9)' ) ),
381
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can block specific browser from which you don\'t want users to access.' ) ),
382
+ 'anchor_id' => '#mo2f_browser_blocking',
383
+ 'advcblock' => 'yes',
384
+ 'edge' => 'top',
385
+ 'align' => 'left',
386
+ 'index' => 'default-miniorange-advance-blocking-browser-blocking',
387
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
388
+ );
389
+ $pointers['default-miniorange-advance-blocking-country-blocking'] = array(
390
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Country Blocking (Step 7 of 9)' ) ),
391
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can choose the countries from where you don\'t want access to your site.' ) ),
392
+ 'anchor_id' => '#mo2f_country_blocking',
393
+ 'advcblock' => 'yes',
394
+ 'edge' => 'bottom',
395
+ 'align' => 'left',
396
+ 'index' => 'default-miniorange-advance-blocking-country-blocking',
397
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
398
+ );
399
+
400
+ $pointers['default-miniorange-2fa-upgrade'] = array(
401
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 8 out of 9)' ) ),
402
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
403
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
404
+ 'advcblock' => 'yes',
405
+ 'edge' => 'top',
406
+ 'align' => 'left',
407
+ 'index' => 'default-miniorange-2fa-upgrade',
408
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
409
+ );
410
+ $pointers['default-miniorange-advance-blocking-support'] = array(
411
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 9 out of 9)' ) ),
412
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
413
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
414
+ 'advcblock' => 'yes',
415
+ 'edge' => 'bottom',
416
+ 'align' => 'left',
417
+ 'index' => 'default-miniorange-advance-blocking-support',
418
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_advancedblocking' ) // <-- Please note this
419
+ );
420
+
421
+ }
422
+
423
+
424
+ if(get_option('mo2f_tour_backup') == 1 ){
425
+ $pointers['default-miniorange-backup-manual-db'] = array(
426
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Manual database backup.(Step 1 of 6)' ) ),
427
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can take manual database backup here.The backup will be saved in your uploads directory.' ) ),
428
+ 'anchor_id' => '#mo2f_select_files_backup',
429
+ 'isBackup'=> 'yes',
430
+ 'edge' => 'top',
431
+ 'align' => 'left',
432
+ 'index' => 'default-miniorange-backup-manual-db',
433
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
434
+ );
435
+ $pointers['default-miniorange-backup-auto-db'] = array(
436
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Scheduled/Automated Database backups.(Step 2 of 6)' ) ),
437
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'With the help of this you can specify the time duration after which an automatic backup will be taken.' ) ),
438
+ 'anchor_id' => '#mo2f_auto_dbbackup',
439
+ 'isBackup'=> 'yes',
440
+ 'edge' => 'bottom',
441
+ 'align' => 'left',
442
+ 'index' => 'default-miniorange-backup-auto-db',
443
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
444
+ );
445
+ $pointers['default-miniorange-backup-file'] = array(
446
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Auto backup status(Step 3 of 6)' ) ),
447
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the auto backup status.' ) ),
448
+ 'anchor_id' => '#mo2f_schedule_backup_status',
449
+ 'isBackup'=> 'yes',
450
+ 'edge' => 'top',
451
+ 'align' => 'left',
452
+ 'index' => 'default-miniorange-backup-file',
453
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
454
+ );
455
+ $pointers['default-miniorange-backup-report'] = array(
456
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Report of backups.(Step 4 of 6)' ) ),
457
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check backup taken details.' ) ),
458
+ 'anchor_id' => '#backup_report_table',
459
+ 'isBackup'=> 'yes',
460
+ 'edge' => 'bottom',
461
+ 'align' => 'left',
462
+ 'index' => 'default-miniorange-backup-report',
463
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
464
+ );
465
+
466
+ $pointers['default-miniorange-2fa-upgrade'] = array(
467
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan (step 5 out of 6)' ) ),
468
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
469
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
470
+ 'isBackup' => 'yes',
471
+ 'edge' => 'top',
472
+ 'align' => 'left',
473
+ 'index' => 'default-miniorange-2fa-upgrade',
474
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
475
+ );
476
+ $pointers['default-miniorange-backup-support'] = array(
477
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 6 out of 6)' ) ),
478
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
479
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
480
+ 'isBackup' => 'yes',
481
+ 'edge' => 'bottom',
482
+ 'align' => 'left',
483
+ 'index' => 'default-miniorange-backup-support',
484
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_backup' ) // <-- Please note this
485
+ );
486
+
487
+ }
488
+
489
+ if(get_option('mo2f_tour_loginSpam') == 1){
490
+ $pointers['default-miniorange-login-spam-bruteforce'] = array(
491
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable BruteForce protection.(step 1 out of 8)' ) ),
492
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Choose the number of attempts before blocking an IP on login page. It will protect you from bruteforce attack.' ) ),
493
+ 'anchor_id' => '#mo2f_bruteforce',
494
+ 'loginSpam' => 'yes',
495
+ 'edge' => 'top',
496
+ 'align' => 'left',
497
+ 'index' => 'default-miniorange-login-spam-bruteforce',
498
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
499
+ );
500
+ $pointers['default-miniorange-login-spam-recaptcha'] = array(
501
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enable google reCaptcha.(step 2 out of 8)' ) ),
502
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enable google reCaptcha ' ) ),
503
+ 'anchor_id' => '#mo2f_google_recaptcha',
504
+ 'loginSpam' => 'yes',
505
+ 'edge' => 'top',
506
+ 'align' => 'left',
507
+ 'index' => 'default-miniorange-login-spam-recaptcha',
508
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
509
+ );
510
+ $pointers['default-miniorange-login-spam-strong-pass'] = array(
511
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Enforce strong password(step 3 out of 8)' ) ),
512
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Enforce strong password to your users so that their account will not get hacked easily.' ) ),
513
+ 'anchor_id' => '#mo2f_enforce_strong_password_div',
514
+ 'loginSpam' => 'yes',
515
+ 'edge' => 'bottom',
516
+ 'align' => 'left',
517
+ 'index' => 'default-miniorange-login-spam-strong-pass',
518
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
519
+ );
520
+
521
+ $pointers['default-miniorange-login-spam-fake-registration'] = array(
522
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Turn on block fake registration(step 4 out of 8)' ) ),
523
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'This will block fake registration on your site.' ) ),
524
+ 'anchor_id' => '#mo2f_block_registration',
525
+ 'loginSpam' => 'yes',
526
+ 'edge' => 'top',
527
+ 'align' => 'left',
528
+ 'index' => 'default-miniorange-login-spam-fake-registration',
529
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
530
+ );
531
+ $pointers['default-miniorange-login-spam-content'] = array(
532
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Content Protection.(step 5 out of 8)' ) ),
533
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can protect your content which is directly accessible from path/URL by anyone.' ) ),
534
+ 'anchor_id' => '#mo2f_content_protection',
535
+ 'loginSpam' => 'yes',
536
+ 'edge' => 'bottom',
537
+ 'align' => 'left',
538
+ 'index' => 'default-miniorange-login-spam-content',
539
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
540
+ );
541
+ $pointers['default-miniorange-login-spam-block-spam'] = array(
542
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Block Spam Comment(Step 6 out of 8)' ) ),
543
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Block automated scripts and bots on comment.' ) ),
544
+ 'anchor_id' => '#mo2f_comment_protection',
545
+ 'loginSpam' => 'yes',
546
+ 'edge' => 'bottom',
547
+ 'align' => 'left',
548
+ 'index' => 'default-miniorange-login-spam-block-spam',
549
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
550
+ );
551
+ $pointers['default-miniorange-2fa-upgrade'] = array(
552
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Upgrade your plan(step 7 out of 8)' ) ),
553
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'You can check the premium features and upgrade your plan here.' ) ),
554
+ 'anchor_id' => '#mo_2fa_upgrade_tour',
555
+ 'loginSpam' => 'yes',
556
+ 'edge' => 'top',
557
+ 'align' => 'left',
558
+ 'index' => 'default-miniorange-2fa-upgrade',
559
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
560
+ );
561
+
562
+ $pointers['default-miniorange-login-spam-support'] = array(
563
+ 'title' => sprintf( '<h3>%s</h3>', esc_html__( 'Contact us!!(step 8 out of 8)' ) ),
564
+ 'content' => sprintf( '<p>%s</p>', esc_html__( 'Need Help? We are just one click away.' ) ),
565
+ 'anchor_id' => '#mo_wpns_support_layout_tour',
566
+ 'loginSpam' => 'yes',
567
+ 'edge' => 'bottom',
568
+ 'align' => 'left',
569
+ 'index' => 'default-miniorange-login-spam-support',
570
+ 'where' => array( 'miniorange-2-factor_page_mo_2fa_login_and_spam' ) // <-- Please note this
571
+ );
572
+
573
+
574
+ }
575
+
576
+
577
+
578
+
579
+
580
+
581
+ return $pointers;
controllers/registration-security.php CHANGED
@@ -1,129 +1,129 @@
1
- <?php
2
-
3
- global $moWpnsUtility, $mo2f_dirName;
4
-
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch($_POST['option'])
9
- {
10
- case "mo_wpns_enable_fake_domain_blocking":
11
- wpns_handle_domain_blocking($_POST); break;
12
- case "mo_wpns_advanced_user_verification":
13
- wpns_handle_advanced_user_verification($_POST); break;
14
- case "mo_wpns_social_integration":
15
- wpns_handle_enable_social_login($_POST); break;
16
-
17
- }
18
- }
19
-
20
- $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), $_SERVER['REQUEST_URI'] );
21
- $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), $_SERVER['REQUEST_URI'] );
22
- $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
- $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
- $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
-
26
- if($user_verify)
27
- {
28
- $moOTPPlugin = new OTPPlugin();
29
- $status = $moOTPPlugin->getstatus();
30
- switch ($status)
31
- {
32
- case "ACTIVE":
33
- $html1 = "<br><a href='".$otpVerify_url."'>Click here to configure.</a>";
34
- $moOTPPlugin->updatePluginConfiguration();
35
- break;
36
- case "INSTALLED":
37
- $path = "miniorange-otp-verification/miniorange_validation_settings.php";
38
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
39
- $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate OTP Verification Plugin</a>';
40
- break;
41
- default:
42
- $action = 'install-plugin';
43
- $slug = 'miniorange-otp-verification';
44
- $install_link = wp_nonce_url(
45
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
46
- $action.'_'.$slug
47
- );
48
- $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="'.$install_link.'">Install OTP Verification plugin</a>';
49
- break;
50
- }
51
- }
52
-
53
-
54
- if($social_login)
55
- {
56
- $moSocialLogin = new SocialPlugin();
57
- $status = $moSocialLogin->getstatus();
58
- switch ($status)
59
- {
60
- case "ACTIVE":
61
- $html2 = "<br><a href='".$openid_url."'>Click here to configure.</a>";
62
- break;
63
- case "INSTALLED":
64
- $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
65
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
66
- $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate Social Login, Sharing Plugin</a>';
67
- break;
68
- default:
69
- $action = 'install-plugin';
70
- $slug = 'miniorange-login-openid';
71
- $install_link = wp_nonce_url(
72
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
73
- $action.'_'.$slug
74
- );
75
- $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="'.$install_link.'">Install Social Login, Sharing plugin</a>';
76
- break;
77
- }
78
- }
79
-
80
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
81
-
82
-
83
-
84
-
85
- /* REGISTRATION SECURITY RELATED FUNCTIONS*/
86
-
87
- //Function to handle enabling and disabling domain blocking
88
- function wpns_handle_domain_blocking($postvalue)
89
- {
90
- $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
91
- update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
92
-
93
- if($enable_fake_emails)
94
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
95
- else
96
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
97
- }
98
-
99
-
100
- //Function to enable and disable User Verification for the Default Registration Page
101
- function wpns_handle_advanced_user_verification($postvalue)
102
- {
103
- $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
104
- update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
105
-
106
- if($enable_advanced_user_verification)
107
- {
108
- update_option('mo_customer_validation_wp_default_enable',1);
109
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
110
- }
111
- else
112
- {
113
- update_option('mo_customer_validation_wp_default_enable',0);
114
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
115
- }
116
- }
117
-
118
-
119
- //Function to enable and disable Social Login
120
- function wpns_handle_enable_social_login($postvalue)
121
- {
122
- $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
123
- update_option( 'mo_wpns_enable_social_integration', $social_login);
124
-
125
- if($social_login)
126
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
127
- else
128
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
129
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility, $mo2f_dirName;
4
+
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch($_POST['option'])
9
+ {
10
+ case "mo_wpns_enable_fake_domain_blocking":
11
+ wpns_handle_domain_blocking($_POST); break;
12
+ case "mo_wpns_advanced_user_verification":
13
+ wpns_handle_advanced_user_verification($_POST); break;
14
+ case "mo_wpns_social_integration":
15
+ wpns_handle_enable_social_login($_POST); break;
16
+
17
+ }
18
+ }
19
+
20
+ $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), $_SERVER['REQUEST_URI'] );
21
+ $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), $_SERVER['REQUEST_URI'] );
22
+ $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
+ $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
+ $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
+
26
+ if($user_verify)
27
+ {
28
+ $moOTPPlugin = new OTPPlugin();
29
+ $status = $moOTPPlugin->getstatus();
30
+ switch ($status)
31
+ {
32
+ case "ACTIVE":
33
+ $html1 = "<br><a href='".$otpVerify_url."'>Click here to configure.</a>";
34
+ $moOTPPlugin->updatePluginConfiguration();
35
+ break;
36
+ case "INSTALLED":
37
+ $path = "miniorange-otp-verification/miniorange_validation_settings.php";
38
+ $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
39
+ $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate OTP Verification Plugin</a>';
40
+ break;
41
+ default:
42
+ $action = 'install-plugin';
43
+ $slug = 'miniorange-otp-verification';
44
+ $install_link = wp_nonce_url(
45
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
46
+ $action.'_'.$slug
47
+ );
48
+ $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="'.$install_link.'">Install OTP Verification plugin</a>';
49
+ break;
50
+ }
51
+ }
52
+
53
+
54
+ if($social_login)
55
+ {
56
+ $moSocialLogin = new SocialPlugin();
57
+ $status = $moSocialLogin->getstatus();
58
+ switch ($status)
59
+ {
60
+ case "ACTIVE":
61
+ $html2 = "<br><a href='".$openid_url."'>Click here to configure.</a>";
62
+ break;
63
+ case "INSTALLED":
64
+ $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
65
+ $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
66
+ $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate Social Login, Sharing Plugin</a>';
67
+ break;
68
+ default:
69
+ $action = 'install-plugin';
70
+ $slug = 'miniorange-login-openid';
71
+ $install_link = wp_nonce_url(
72
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
73
+ $action.'_'.$slug
74
+ );
75
+ $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="'.$install_link.'">Install Social Login, Sharing plugin</a>';
76
+ break;
77
+ }
78
+ }
79
+
80
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
81
+
82
+
83
+
84
+
85
+ /* REGISTRATION SECURITY RELATED FUNCTIONS*/
86
+
87
+ //Function to handle enabling and disabling domain blocking
88
+ function wpns_handle_domain_blocking($postvalue)
89
+ {
90
+ $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
91
+ update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
92
+
93
+ if($enable_fake_emails)
94
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
95
+ else
96
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
97
+ }
98
+
99
+
100
+ //Function to enable and disable User Verification for the Default Registration Page
101
+ function wpns_handle_advanced_user_verification($postvalue)
102
+ {
103
+ $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
104
+ update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
105
+
106
+ if($enable_advanced_user_verification)
107
+ {
108
+ update_option('mo_customer_validation_wp_default_enable',1);
109
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
110
+ }
111
+ else
112
+ {
113
+ update_option('mo_customer_validation_wp_default_enable',0);
114
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
115
+ }
116
+ }
117
+
118
+
119
+ //Function to enable and disable Social Login
120
+ function wpns_handle_enable_social_login($postvalue)
121
+ {
122
+ $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
123
+ update_option( 'mo_wpns_enable_social_integration', $social_login);
124
+
125
+ if($social_login)
126
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
127
+ else
128
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
129
  }
controllers/reports.php CHANGED
@@ -1,25 +1,25 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
- global $wpdb;
7
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
-
9
- }
10
-
11
-
12
-
13
- if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
- global $wpdb;
15
- $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
-
17
- }
18
-
19
- $mo_wpns_handler = new MoWpnsHandler();
20
- $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
- $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
-
23
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
-
25
  ?>
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_clear'){
6
+ global $wpdb;
7
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='success' or Status= 'pastfailed' or Status='failed' ");
8
+
9
+ }
10
+
11
+
12
+
13
+ if(isset($_POST['option']) and sanitize_text_field($_POST['option'])=='mo_wpns_manual_errorclear'){
14
+ global $wpdb;
15
+ $wpdb->query("DELETE FROM ".$wpdb->prefix."mo2f_network_transactions WHERE Status='accessDenied'");
16
+
17
+ }
18
+
19
+ $mo_wpns_handler = new MoWpnsHandler();
20
+ $logintranscations = $mo_wpns_handler->get_login_transaction_report();
21
+ $errortranscations = $mo_wpns_handler->get_error_transaction_report();
22
+
23
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'reports.php';
24
+
25
  ?>
controllers/request_christmas_offer.php CHANGED
@@ -1,48 +1,48 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_christmas_request_form":
9
- wpns_handle_christmas_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
-
15
- function wpns_handle_christmas_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
- $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $usecase = sanitize_text_field( $usecase );
30
- $email = sanitize_text_field( $email );
31
- $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
- $query .= ' =>';
33
- $query .= ' : ';
34
- $query .= $usecase;
35
- $contact_us = new MocURL();
36
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
-
38
- if(json_last_error() == JSON_ERROR_NONE && $submited)
39
- {
40
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
- return;
42
- }
43
- else{
44
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
- }
46
- }
47
- }
48
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_christmas_request_form":
9
+ wpns_handle_christmas_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
+
15
+ function wpns_handle_christmas_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $usecase = sanitize_text_field( $usecase );
30
+ $email = sanitize_text_field( $email );
31
+ $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
+ $query .= ' =>';
33
+ $query .= ' : ';
34
+ $query .= $usecase;
35
+ $contact_us = new MocURL();
36
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
+
38
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
39
+ {
40
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
+ return;
42
+ }
43
+ else{
44
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
+ }
46
+ }
47
+ }
48
  ?>
controllers/request_demo.php CHANGED
@@ -1,51 +1,51 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_demo_request_form":
9
- wpns_handle_demo_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
-
15
- function wpns_handle_demo_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
- $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
- $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
- return;
22
- }
23
- if(empty($usecase) || empty($email) || empty($demo_plan) )
24
- {
25
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
- return;
27
- }
28
- else{
29
-
30
- $usecase = sanitize_text_field( $usecase );
31
- $email = sanitize_text_field( $email );
32
- $demo_plan = sanitize_text_field($demo_plan);
33
- $query = 'REQUEST FOR DEMO';
34
- $query .= ' =>';
35
- $query .= $demo_plan;
36
- $query .= ' : ';
37
- $query .= $usecase;
38
- $contact_us = new MocURL();
39
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
-
41
- if(json_last_error() == JSON_ERROR_NONE && $submited)
42
- {
43
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
- return;
45
- }
46
- else{
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
- }
49
- }
50
- }
51
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_demo_request_form":
9
+ wpns_handle_demo_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
+
15
+ function wpns_handle_demo_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
+ $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
+ return;
22
+ }
23
+ if(empty($usecase) || empty($email) || empty($demo_plan) )
24
+ {
25
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
+ return;
27
+ }
28
+ else{
29
+
30
+ $usecase = sanitize_text_field( $usecase );
31
+ $email = sanitize_text_field( $email );
32
+ $demo_plan = sanitize_text_field($demo_plan);
33
+ $query = 'REQUEST FOR DEMO';
34
+ $query .= ' =>';
35
+ $query .= $demo_plan;
36
+ $query .= ' : ';
37
+ $query .= $usecase;
38
+ $contact_us = new MocURL();
39
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
+
41
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
42
+ {
43
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
+ return;
45
+ }
46
+ else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ }
49
+ }
50
+ }
51
  ?>
controllers/request_offer.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch($_POST['option'])
7
- {
8
- case "mo_2FA_offer_request_form":
9
- wpns_handle_offer_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
-
15
- function wpns_handle_offer_request_form($post){
16
- $nonce = sanitize_text_field($post['nonce']);
17
- $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
- $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $query = 'REQUEST FOR SPECIAL OFFERS';
30
- $query .= ' =>';
31
- $query .= ' : ';
32
- $query .= $usecase;
33
- $contact_us = new MocURL();
34
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
-
36
- if(json_last_error() == JSON_ERROR_NONE && $submited)
37
- {
38
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
- return;
40
- }
41
- else{
42
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
- }
44
- }
45
- }
46
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch($_POST['option'])
7
+ {
8
+ case "mo_2FA_offer_request_form":
9
+ wpns_handle_offer_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
+
15
+ function wpns_handle_offer_request_form($post){
16
+ $nonce = sanitize_text_field($post['nonce']);
17
+ $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
+ $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $query = 'REQUEST FOR SPECIAL OFFERS';
30
+ $query .= ' =>';
31
+ $query .= ' : ';
32
+ $query .= $usecase;
33
+ $contact_us = new MocURL();
34
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
+
36
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
37
+ {
38
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
+ return;
40
+ }
41
+ else{
42
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
+ }
44
+ }
45
+ }
46
  ?>
controllers/support.php CHANGED
@@ -1,58 +1,58 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
-
8
-
9
- switch($_POST['option'])
10
- {
11
- case "mo_wpns_send_query":
12
- wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
13
- }
14
- }
15
-
16
- $current_user = wp_get_current_user();
17
- $email = get_option("mo2f_email");
18
- $phone = get_option("mo_wpns_admin_phone");
19
-
20
-
21
- if(empty($email))
22
- $email = $current_user->user_email;
23
-
24
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
25
-
26
-
27
- /* SUPPORT FORM RELATED FUNCTIONS */
28
-
29
- //Function to handle support form submit
30
- function wpns_handle_support_form($email,$query,$phone)
31
- {
32
-
33
- $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
34
- if(empty($email) || empty($query)){
35
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
36
- return;
37
- }
38
- $query = sanitize_text_field( $query );
39
- $email = sanitize_text_field( $email );
40
- $phone = sanitize_text_field( $phone );
41
- $contact_us = new MocURL();
42
-
43
- if($send_configuration)
44
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
45
- else
46
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
47
-
48
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
49
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
50
- } else {
51
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
52
- }
53
- if(json_last_error() == JSON_ERROR_NONE && $submited){
54
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
55
- }else{
56
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
57
- }
58
- }
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+
8
+
9
+ switch($_POST['option'])
10
+ {
11
+ case "mo_wpns_send_query":
12
+ wpns_handle_support_form($_POST['query_email'],$_POST['query'],$_POST['query_phone']); break;
13
+ }
14
+ }
15
+
16
+ $current_user = wp_get_current_user();
17
+ $email = get_option("mo2f_email");
18
+ $phone = get_option("mo_wpns_admin_phone");
19
+
20
+
21
+ if(empty($email))
22
+ $email = $current_user->user_email;
23
+
24
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
25
+
26
+
27
+ /* SUPPORT FORM RELATED FUNCTIONS */
28
+
29
+ //Function to handle support form submit
30
+ function wpns_handle_support_form($email,$query,$phone)
31
+ {
32
+
33
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
34
+ if(empty($email) || empty($query)){
35
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
36
+ return;
37
+ }
38
+ $query = sanitize_text_field( $query );
39
+ $email = sanitize_text_field( $email );
40
+ $phone = sanitize_text_field( $phone );
41
+ $contact_us = new MocURL();
42
+
43
+ if($send_configuration)
44
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
45
+ else
46
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
47
+
48
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
49
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
50
+ } else {
51
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
52
+ }
53
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
54
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
55
+ }else{
56
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
57
+ }
58
+ }
controllers/tour-model.php CHANGED
@@ -1,334 +1,334 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
- $current_user = wp_get_current_user();
5
- $email = get_option("mo2f_email");
6
- $phone = get_option("mo_wpns_admin_phone");
7
- $display = get_option('mo2f_tour_started') == 2?'block':'none';
8
- $networkSEnable = MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option');
9
- if(empty($email))
10
- $email = $current_user->user_email;
11
- $counter = 0;
12
- $enableTour = $networkSEnable == 1 ? '' : 'disabled';
13
- $tour_body = '<p class="modal-body-para">Hey, Thank you for installing <b style="color: #E85700">miniOrange 2-Factor plugin</b>.</p>
14
- <p class="modal-body-para">Two-factor will provide extra layer of security to your users account which will help to protect your users accounts from any outside attack.</p>';
15
- if($networkSEnable != 1)
16
- {
17
- $tour_body .= '<div style="margin-left:37.5%;margin-right:37.5%;">';
18
- }
19
-
20
- $tour_body .= '<table style="width: 100%; text-align: center; table-layout: fixed; font-size: medium;">
21
- <div class="mo2f_hiddenradio">
22
- <tr>
23
-
24
- <td style="border: 1px solid black;" id="2fa">
25
- <label>
26
- <input type="radio" name="mo2f_two_factor" value="2fa" checked style="display:none">
27
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/google-authenticator.png">
28
- </label>
29
- </td>';
30
- if($networkSEnable == 1)
31
- {
32
- $tour_body .= '<td style="border: 1px solid black;" id="waf">
33
- <label >
34
- <input type="radio" name="mo2f_two_factor" value="waf" style="display:none" '.$enableTour.'>
35
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/mo-waf-logo.png">
36
- </label>
37
- </td>
38
-
39
- <td style="border: 1px solid black;" id="login">
40
- <label >
41
- <input type="radio" name="mo2f_two_factor" value="login" style="display:none"'.$enableTour.'>
42
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-protection-logo.png">
43
- </label>
44
- </td>
45
-
46
- <td style="border: 1px solid black;" id="backup">
47
- <label>
48
- <input type="radio" name="mo2f_two_factor" value="backup" style="display:none"'.$enableTour.'>
49
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/database-backup-logo.png">
50
- </label>
51
- </td>
52
-
53
- <td style="border: 1px solid black;" id="malware">
54
- <label >
55
- <input type="radio" name="mo2f_two_factor" value="malware" style="display:none"'.$enableTour.'>
56
- <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/malware-scanner-logo.png">
57
- </label>
58
- </td>';
59
- }
60
- $tour_body .= '</tr>
61
- <tr>
62
- <th>
63
- Two-factor authentication
64
- </th>';
65
-
66
- if($networkSEnable == 1)
67
- {
68
-
69
- $tour_body .= '<th>
70
- Web Application Firewall(WAF)
71
- </th>
72
-
73
- <th>
74
- Login Protection
75
- </th>
76
-
77
- <th>
78
- Database Backup
79
- </th>
80
-
81
- <th>
82
- Malware scanner
83
- </th>';
84
- }
85
-
86
- $tour_body .= '</tr>
87
- </div>
88
- </table>';
89
- if($networkSEnable != 1)
90
- {
91
- $tour_body .= '</div>';
92
- }
93
-
94
- $waf_arr_ecc = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It includes very sensitive data such as user details, credit/debit card or bank details. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping, price scraping are also some scraping techniques which are used to degrade/destroy media files and change the price of products.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business. <div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
95
-
96
- $waf_arr_busi = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It may include company privileged data, admin users data which will affect on the business. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Price scraping is part of web scraping which is used to change prices of the products which affects a lot on business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
97
-
98
- $waf_arr_blog = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation. The data may include user details, privileged data, privileged blogs, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping can be done in the blog/news site which alter, degrade or destroy media files.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations. Content modification may mislead to blog/news site subscriber. It can be used to spread fake/malicious imformation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
99
-
100
- $waf_arr_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business. </div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
101
-
102
- $waf_body_ecommerce = '<div class="modal-body-div">
103
- <p class="modal-body-para" style="margin: 0;">Ecommerce sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
104
- $waf_body_business = '<div class="modal-body-div">
105
- <p class="modal-body-para" style="margin: 0;">Business sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
106
- $waf_body_blog = '<div class="modal-body-div">
107
- <p class="modal-body-para" style="margin: 0;">Blogs/News sites are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
108
- $waf_body_other = '<div class="modal-body-div">
109
- <p class="modal-body-para" style="margin: 0;">Other sites such as employment, portfolio, multilingual, etc are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
110
-
111
- $waf_body = '<div style="width:100%; display:inline-flex; margin-left: 20px;">
112
- <div style="width:50%;font-size: medium;">1: <b>Data theft and manipulation</b></div>
113
- <div style="width:50%;font-size: medium;">2: <b>Web Scraping</b></div></div>
114
- <div style="width:100%; display:inline-flex; margin-left: 20px;">
115
- <div style="width:50%;font-size: medium;">3: <b>File manipulation</b></div>
116
- <div style="width:50%;font-size: medium;">4: <b>Content modification</b></div></div>
117
- </div>';
118
-
119
- $registration_security_ecommerce = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Ecommerce sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
120
- $registration_security_business = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Business sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
121
-
122
- $registration_security_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> The sites such as employment, social networking, etc. need to prevent fake user registrations. The user will spam other users and share private data of others.';
123
-
124
- $registration_security = '<div style="margin:1em;"><ul>
125
- <li>
126
- <p class="modal-body-para" style="margin: 0;">1. Temporary/Fake email ban</p>
127
- </li>
128
- <li>
129
- <p class="modal-body-para" style="margin: 0;">2. OTP Verification during registrations</p>
130
- </li>
131
- <li>
132
- <p class="modal-body-para" style="margin: 0;">3. Social login</p>
133
- </li>
134
- </ul>
135
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-13" onclick="open_hide(this);">+</a></div></div>';
136
-
137
- $login_security_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites should have strong login security to prevent unauthorised access.</p></div>';
138
- $login_security_business = '<div class="modal-body-div"><p class="modal-body-para">Business sites should have strong login security to prevent unauthorised access.</p></div>';
139
- $login_security_blog = '<div class="modal-body-div"><p class="modal-body-para">Blogs/News sites should have strong login security to prevent unauthorised access.</p></div>';
140
- $login_security_other = '<div class="modal-body-div"><p class="modal-body-para">Other sites such as employment, portfolio, etc. should have strong login security to prevent unauthorised access.</p></div>';
141
-
142
- $login_security_body = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-10" style="width: 98%; overflow:; height: ;line-height: 1.5;"><b><u>Limit Login:</u></b> Password guessing/Brute force attack can be controlled/prevented by limiting the login attempts. Paasword guessing can be protected by:
143
- <div style="margin:1em;">
144
- <ul>
145
- <li>
146
- <p class="modal-body-para">1. Limit Login attempts: 10 (<b>Recommended</b>)</p>
147
- </li>
148
- <li>
149
- <p class="modal-body-para">2. Enforce Strong passwords</p>
150
- </li>
151
- </ul>
152
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-10" onclick="open_hide(this);">-</a></div></div>
153
-
154
- <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-11" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>2-Factor:</u></b> 2-factor authentication is important to prevent unauthorised login. 2-factor authentication can be enabled on top of login credentials at the time of login. Google authenticator, Authy authenticator, Lastpass authenticator applications can be used to configure 2FA. miniOrange supports 15+ 2FA methods, it includes OTP over SMS, Email, Security Questions, QR code authentication, push notification, Hardware Token, etc. 2FA can enabled to:
155
- <div style="margin:1em;">
156
- <ul>
157
- <li>
158
- <p class="modal-body-para">1. Enable 2FA for employees (<b>Recommended</b>)</p>
159
- </li>
160
- <li>
161
- <p class="modal-body-para">2. Enable 2FA for users</p>
162
- </li>
163
- <li>
164
- <p class="modal-body-para">3. Backup methods in case of emergency login</p>
165
- </li>
166
- </ul>
167
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-11" onclick="open_hide(this);">+</a></div></div>
168
- <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-12" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Remember device:</u></b> Remember device allows user to login from trusted devices. It keeps safe from unauthorised users who tries to gain access. It improves your login security by allowing you to login from limited and trusted deivces.
169
- <div style="margin:1em;">
170
- <ul>
171
- <li>
172
- <p class="modal-body-para">1. Allows multiple trusted devices</p>
173
- </li>
174
- <li>
175
- <p class="modal-body-para">2. Limit no. of trusted devices</p>
176
- </li>
177
- <li>
178
- <p class="modal-body-para">3. Block IP\'s of unauthorised users</p>
179
- </li>
180
- </ul>
181
- </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-12" onclick="open_hide(this);">+</a></div></div>';
182
-
183
-
184
- $media_body = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites are often attacked to degrade and destroy media files such as images of product, audios and videos about products. You need to secure your media data. Media protection is important because the users of ecommerce site buy product by viewing the media of products. The broad word media scraping can be used for these types attacks.</p>
185
- <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
186
- <div class="modal-body-div">The Media protection prevents media files listed below:</div>
187
- </div>
188
- <div style="margin:1em;">
189
- <ul>
190
- <li>
191
- <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
192
- </li>
193
- <li>
194
- <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
195
- </li>
196
- </ul>
197
- </div>';
198
-
199
- $media_body_1 = '<div class="modal-body-div"><p class="modal-body-para">Some sites such as Photo Gallery or other site which contains media files are often attacked to degrade and destroy media files. You need to secure your media data. Media protection is important because the these sites are totally based on media files.</p>
200
- <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
201
- <div class="modal-body-div">The Media protection prevents media files listed below:</div>
202
- </div>
203
- <div style="margin:1em;">
204
- <ul>
205
- <li>
206
- <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
207
- </li>
208
- <li>
209
- <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
210
- </li>
211
- </ul>
212
- </div>';
213
-
214
- $backup_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any e-commerce site. The ecommerce sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
215
- $backup_business = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Business site. The business sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
216
- $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Blog/News site. These sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
217
- $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any site such as social networking, employment, etc. There are several attacks happens on these sites to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
218
-
219
-
220
- $backup_body = '<div class="modal-body-div">
221
- <ul>
222
- <li>
223
- <p class="modal-body-para"><b>1. <u>Scheduled backup:</u></b> Scheduled backup used to create automatic backup after scheduled time. It allows you to relax because you know that all of your information is being backed up, and you are limiting what you may lose. Using this feature you can set a time interval to create a continuous backup. ';
224
- $backup_body_1 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">Set scheduled backup time 1/2 hr for ecommerce site.</span></div>';
225
- $backup_body_2 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 12 hrs time interval.</span></div>';
226
- $backup_body_3 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 4-5 hrs time interval.</span></div>';
227
- $backup_body_4 = '</p>
228
- </li>
229
- <li>
230
- <p class="modal-body-para"><b>2. <u>Manual backup:</u></b> Manual backup can be taken manually whenever user wants. It is important when you made any crucial changes and don\'t want to loose data then you can immediately take a backup and keep it securely.</p>
231
- </li>
232
- <li>
233
- <p class="modal-body-para"><b>3. <u>Password protected encrypted backup:</u></b> Password protected encrypted backup is very secure way to take a backup. If anyone gets it still no one can decode it because of its highly secure nature.</p>
234
- </li>
235
- <li>
236
- <p class="modal-body-para"><b>4. <u>Easy restoring and recovering:</u></b> Simple one-click restore using installer files created for your website. During backup, we create an installer.php file. At the time of restore and recovery, you just need to upload the zip file of backup and installer.php and run the installer file and follow instructions to set up your website.</p>
237
- </li>
238
- </ul>
239
- </div>';
240
-
241
- $comment_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce websites are attacked to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
242
- $comment_business = '<div class="modal-body-div"><p class="modal-body-para">Business websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
243
- $comment_blog = '<div class="modal-body-div"><p class="modal-body-para">Blog/News websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
244
- $comment_other = '<div class="modal-body-div"><p class="modal-body-para">Other websites such as employment, multilingual, etc. are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
245
-
246
- $comment_spam = '<div style="margin:1em;">
247
- <ul>
248
- <li>
249
- <p class="modal-body-para"><b>1. <u>Comment protection:</u></b> Spam comments generated by automated scripts can be prevented using captcha. Honeypot is another widely used technique to catch bots and block them.</p>
250
- </li>
251
- <li>
252
- <p class="modal-body-para"><b>2. <u>Post protection:</u></b> Automated scripts or botnets can prevented by using captcha. There are three forms of captcha availble text, math and google recaptcha. Honeypot is also another way to detect spam posts. Malware scanner can also used to scan the malware in the posts.</p>
253
- </li>
254
- </ul>
255
- </div>';
256
-
257
-
258
- $scanner = '<div class="modal-body-div"><p class="modal-body-para">Malware scanner detects the malicious code in the files. Compares the wordpress, plugins and theme files with Wordpress repo files. Detects changes present in any wordpress, theme and plugin files. It also checks outdated/vulnerable plugins, themes. It is also useful to detect malware in posts and comments.</p></div>
259
- <div style="margin:1em;">
260
- <ul>
261
- <li>
262
- <p class="modal-body-para"><b>1. <u>Malware scan:</u></b> Malware scan scans the wordpress core files, plugins and theme files to check malware. It detects the trojans, backdoors, viruses, worms, etc. in the files. </p>
263
- </li>
264
- <li>
265
- <p class="modal-body-para"><b>2. <u>Wordpress version and file compare:</u></b> Checks WordPress, plugins and themes version with Wordpress.org repository and compare WordPress core, plugins and themes files with the repository to detect any file changes. Detect any changes in the files present in the WordPress plugins and themes folder.</p>
266
- </li>
267
- <li>
268
- <p class="modal-body-para"><b>3. <u>Check vulnerable plugins and themes:</u></b> Checks vulnerable plugins and themes which contains malicious code. You can remove it to enhance your site security.</p>
269
- </li>
270
- </ul>
271
- </div>';
272
-
273
- $support_modal = '<div>
274
-
275
- <div style="width: unset; float: unset; margin: 10px 20%;" class="mo_wpns_support_layout_model">
276
-
277
- <img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/support3.png">
278
- <h1>Support</h1>
279
- <p>Need any help? We are available any time, Just send us a query so we can help you.</p>
280
- <form name="f" method="post" action="">
281
- <input type="hidden" name="option" value="mo_wpns_send_query"/>
282
- <table class="mo_wpns_settings_table">
283
- <tr><td>
284
- <input type="email" class="mo_wpns_table_textbox" id="query_email" name="query_email" value="'.$email.'" placeholder="Enter your email" required />
285
- </td>
286
- </tr>
287
- <tr><td>
288
- <input type="text" class="mo_wpns_table_textbox" name="query_phone" id="query_phone" value="'.$phone.'" placeholder="Enter your phone"/>
289
- </td>
290
- </tr>
291
- <tr>
292
- <td>
293
- <textarea id="query" name="query" class="mo_wpns_settings_textarea" style="resize: vertical;width:100%" cols="52" rows="7" placeholder="Write your query here"></textarea>
294
- </td>
295
- </tr>
296
- </table>
297
- <input type="submit" name="send_query" id="send_query" value="Submit Query" class="mo_wpns_button mo_wpns_button1" />
298
- </form>
299
- <br />
300
- </div>
301
- </div>
302
- <script>
303
- function moSharingSizeValidate(e){
304
- var t=parseInt(e.value.trim());t>60?e.value=60:10>t&&(e.value=10)
305
- }
306
- function moSharingSpaceValidate(e){
307
- var t=parseInt(e.value.trim());t>50?e.value=50:0>t&&(e.value=0)
308
- }
309
- function moLoginSizeValidate(e){
310
- var t=parseInt(e.value.trim());t>60?e.value=60:20>t&&(e.value=20)
311
- }
312
- function moLoginSpaceValidate(e){
313
- var t=parseInt(e.value.trim());t>60?e.value=60:0>t&&(e.value=0)
314
- }
315
- function moLoginWidthValidate(e){
316
- var t=parseInt(e.value.trim());t>1000?e.value=1000:140>t&&(e.value=140)
317
- }
318
- function moLoginHeightValidate(e){
319
- var t=parseInt(e.value.trim());t>50?e.value=50:35>t&&(e.value=35)
320
- }
321
- </script>';
322
-
323
-
324
- $ecommerce_site = array(array('Web Application Firewall(WAF)', $waf_body_ecommerce.$waf_body.$waf_arr_ecc), array('Login Security', $login_security_ecommerce.$login_security_body.$registration_security_ecommerce.$registration_security), array('Media Protection', $media_body), array('Encrypted Backup', $backup_ecommerce.$backup_body.$backup_body_1.$backup_body_4), array('Comment and Spam Protection', $comment_ecommerce.$comment_spam), array('Malware Scanner', $scanner), array('Support', $support_modal));
325
-
326
- $business_site = array(array('Web Application Firewall(WAF)', $waf_body_business.$waf_body.$waf_arr_busi), array('Encrypted Backup', $backup_business.$backup_body.$backup_body_2.$backup_body_4), array('Comment and Spam Protection', $comment_business.$comment_spam), array('Login Security', $login_security_business.$login_security_body.$registration_security_business.$registration_security), array('Malware Scanner', $scanner), array('Support', $support_modal));
327
-
328
- $blog_site = array(array('Web Application Firewall(WAF)', $waf_body_blog.$waf_body.$waf_arr_blog), array('Comment and Spam Protection', $comment_blog.$comment_spam), array('Login Security', $login_security_blog.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_3.$backup_body_4), array('Malware Scanner', $scanner), array('Support', $support_modal));
329
-
330
- $other_site = array(array('Web Application Firewall(WAF)', $waf_body_other.$waf_body.$waf_arr_other), array('Comment and Spam Protection', $comment_other.$comment_spam), array('Login Security', $login_security_other.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_4), array('Media Protection', $media_body_1), array('Malware Scanner', $scanner), array('Support', $support_modal));
331
-
332
- $main_pointer = array('Main' => array('Let\'s get Started', $tour_body), 'Ecommerce' => $ecommerce_site, 'Business' => $business_site, 'Blogs/News' => $blog_site, 'Other' => $other_site);
333
-
334
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'tour-model.php';
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+ $current_user = wp_get_current_user();
5
+ $email = get_option("mo2f_email");
6
+ $phone = get_option("mo_wpns_admin_phone");
7
+ $display = get_option('mo2f_tour_started') == 2?'block':'none';
8
+ $networkSEnable = MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option');
9
+ if(empty($email))
10
+ $email = $current_user->user_email;
11
+ $counter = 0;
12
+ $enableTour = $networkSEnable == 1 ? '' : 'disabled';
13
+ $tour_body = '<p class="modal-body-para">Hey, Thank you for installing <b style="color: #E85700">miniOrange 2-Factor plugin</b>.</p>
14
+ <p class="modal-body-para">Two-factor will provide extra layer of security to your users account which will help to protect your users accounts from any outside attack.</p>';
15
+ if($networkSEnable != 1)
16
+ {
17
+ $tour_body .= '<div style="margin-left:37.5%;margin-right:37.5%;">';
18
+ }
19
+
20
+ $tour_body .= '<table style="width: 100%; text-align: center; table-layout: fixed; font-size: medium;">
21
+ <div class="mo2f_hiddenradio">
22
+ <tr>
23
+
24
+ <td style="border: 1px solid black;" id="2fa">
25
+ <label>
26
+ <input type="radio" name="mo2f_two_factor" value="2fa" checked style="display:none">
27
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/google-authenticator.png">
28
+ </label>
29
+ </td>';
30
+ if($networkSEnable == 1)
31
+ {
32
+ $tour_body .= '<td style="border: 1px solid black;" id="waf">
33
+ <label >
34
+ <input type="radio" name="mo2f_two_factor" value="waf" style="display:none" '.$enableTour.'>
35
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/mo-waf-logo.png">
36
+ </label>
37
+ </td>
38
+
39
+ <td style="border: 1px solid black;" id="login">
40
+ <label >
41
+ <input type="radio" name="mo2f_two_factor" value="login" style="display:none"'.$enableTour.'>
42
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-protection-logo.png">
43
+ </label>
44
+ </td>
45
+
46
+ <td style="border: 1px solid black;" id="backup">
47
+ <label>
48
+ <input type="radio" name="mo2f_two_factor" value="backup" style="display:none"'.$enableTour.'>
49
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/database-backup-logo.png">
50
+ </label>
51
+ </td>
52
+
53
+ <td style="border: 1px solid black;" id="malware">
54
+ <label >
55
+ <input type="radio" name="mo2f_two_factor" value="malware" style="display:none"'.$enableTour.'>
56
+ <img src="'.plugin_dir_url(dirname(__FILE__)) . 'includes/images/malware-scanner-logo.png">
57
+ </label>
58
+ </td>';
59
+ }
60
+ $tour_body .= '</tr>
61
+ <tr>
62
+ <th>
63
+ Two-factor authentication
64
+ </th>';
65
+
66
+ if($networkSEnable == 1)
67
+ {
68
+
69
+ $tour_body .= '<th>
70
+ Web Application Firewall(WAF)
71
+ </th>
72
+
73
+ <th>
74
+ Login Protection
75
+ </th>
76
+
77
+ <th>
78
+ Database Backup
79
+ </th>
80
+
81
+ <th>
82
+ Malware scanner
83
+ </th>';
84
+ }
85
+
86
+ $tour_body .= '</tr>
87
+ </div>
88
+ </table>';
89
+ if($networkSEnable != 1)
90
+ {
91
+ $tour_body .= '</div>';
92
+ }
93
+
94
+ $waf_arr_ecc = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It includes very sensitive data such as user details, credit/debit card or bank details. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping, price scraping are also some scraping techniques which are used to degrade/destroy media files and change the price of products.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business. <div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
95
+
96
+ $waf_arr_busi = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It may include company privileged data, admin users data which will affect on the business. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Price scraping is part of web scraping which is used to change prices of the products which affects a lot on business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
97
+
98
+ $waf_arr_blog = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation. The data may include user details, privileged data, privileged blogs, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc. Media scraping can be done in the blog/news site which alter, degrade or destroy media files.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations. Content modification may mislead to blog/news site subscriber. It can be used to spread fake/malicious imformation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
99
+
100
+ $waf_arr_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-1" style="width: 98%; overflow: ; height: ;line-height: 1.5;"><b><u>Data theft and manipulation</u>:</b> Data manipulation can lead to alter, delete, destroy data. The manipulated data may or may not be regained. It is very necessary to fix the existing data vulnerability issues, data leaks, change weak passwords and provide high end security to stop data breach and manipulation.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection is web security vulnerability through SQL queries executed to modify, delete and destroy data. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-1" onclick="open_hide(this);">-</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-2" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Web Scraping</u>:</b> Web scraping is a used to extract large amount of data from websites and saved on local computer. The web scraping involves fetching and extracting data from it. It can be used to web indexing, web mining, data mining, research, tracking online presence and reputation, etc.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site scripts used to web scraping and data extraction.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-2" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-3" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>File manipualtion</u>:</b> The file manipuaiton used to alter, delete, execution of files on the sever. It leads to spoil site, spread malicious content which will harm to the business.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Remote File Inclusion attacks:</span> Remote file inclusion used to include local file into the server. RFI is type of vulnerability which can lead to add malicious file through a script on server.</div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Local File Inclusion attacks:</span> Local file inclusion used to access local file available on the server. LFI can be achieved by uploading malicious file to the server.</div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-3" onclick="open_hide(this);">+</a></div></div><div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-4" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Content modification</u>:</b> Cross-site scripting used to change or modify data shown on website. Content modification affects a lot on business due to irrelevent content, malicious links which leads to spoil the trust of clients and reputation of organizations.<div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent SQL-Injection attacks:</span> SQL-Injection attack can change data in database. The data used to view content such as statistical data, charts, graphs, etc. It may mislead to business. </div><div class="modal-waf-dinner"><span class="modal-waf-sinner">Prevent Cross-site scripting(XSS) attacks:</span> Cross site script can add malicious links, change content of site. </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-4" onclick="open_hide(this);">+</a></div></div>';
101
+
102
+ $waf_body_ecommerce = '<div class="modal-body-div">
103
+ <p class="modal-body-para" style="margin: 0;">Ecommerce sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
104
+ $waf_body_business = '<div class="modal-body-div">
105
+ <p class="modal-body-para" style="margin: 0;">Business sites are always under attack to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
106
+ $waf_body_blog = '<div class="modal-body-div">
107
+ <p class="modal-body-para" style="margin: 0;">Blogs/News sites are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
108
+ $waf_body_other = '<div class="modal-body-div">
109
+ <p class="modal-body-para" style="margin: 0;">Other sites such as employment, portfolio, multilingual, etc are attacked to spoil organizations reputaion, data theft and manipualation, file manipualation, web scraping, etc. WAF controls the access of web applications using rules designed to recognize and restrict suspicious activities.</p>';
110
+
111
+ $waf_body = '<div style="width:100%; display:inline-flex; margin-left: 20px;">
112
+ <div style="width:50%;font-size: medium;">1: <b>Data theft and manipulation</b></div>
113
+ <div style="width:50%;font-size: medium;">2: <b>Web Scraping</b></div></div>
114
+ <div style="width:100%; display:inline-flex; margin-left: 20px;">
115
+ <div style="width:50%;font-size: medium;">3: <b>File manipulation</b></div>
116
+ <div style="width:50%;font-size: medium;">4: <b>Content modification</b></div></div>
117
+ </div>';
118
+
119
+ $registration_security_ecommerce = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Ecommerce sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
120
+ $registration_security_business = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> Business sites need to prevent fake registrations. It helps to keep site safe from suspicious user.';
121
+
122
+ $registration_security_other = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-13" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Registratoin security:</u></b> The sites such as employment, social networking, etc. need to prevent fake user registrations. The user will spam other users and share private data of others.';
123
+
124
+ $registration_security = '<div style="margin:1em;"><ul>
125
+ <li>
126
+ <p class="modal-body-para" style="margin: 0;">1. Temporary/Fake email ban</p>
127
+ </li>
128
+ <li>
129
+ <p class="modal-body-para" style="margin: 0;">2. OTP Verification during registrations</p>
130
+ </li>
131
+ <li>
132
+ <p class="modal-body-para" style="margin: 0;">3. Social login</p>
133
+ </li>
134
+ </ul>
135
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-13" onclick="open_hide(this);">+</a></div></div>';
136
+
137
+ $login_security_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites should have strong login security to prevent unauthorised access.</p></div>';
138
+ $login_security_business = '<div class="modal-body-div"><p class="modal-body-para">Business sites should have strong login security to prevent unauthorised access.</p></div>';
139
+ $login_security_blog = '<div class="modal-body-div"><p class="modal-body-para">Blogs/News sites should have strong login security to prevent unauthorised access.</p></div>';
140
+ $login_security_other = '<div class="modal-body-div"><p class="modal-body-para">Other sites such as employment, portfolio, etc. should have strong login security to prevent unauthorised access.</p></div>';
141
+
142
+ $login_security_body = '<div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-10" style="width: 98%; overflow:; height: ;line-height: 1.5;"><b><u>Limit Login:</u></b> Password guessing/Brute force attack can be controlled/prevented by limiting the login attempts. Paasword guessing can be protected by:
143
+ <div style="margin:1em;">
144
+ <ul>
145
+ <li>
146
+ <p class="modal-body-para">1. Limit Login attempts: 10 (<b>Recommended</b>)</p>
147
+ </li>
148
+ <li>
149
+ <p class="modal-body-para">2. Enforce Strong passwords</p>
150
+ </li>
151
+ </ul>
152
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-10" onclick="open_hide(this);">-</a></div></div>
153
+
154
+ <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-11" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>2-Factor:</u></b> 2-factor authentication is important to prevent unauthorised login. 2-factor authentication can be enabled on top of login credentials at the time of login. Google authenticator, Authy authenticator, Lastpass authenticator applications can be used to configure 2FA. miniOrange supports 15+ 2FA methods, it includes OTP over SMS, Email, Security Questions, QR code authentication, push notification, Hardware Token, etc. 2FA can enabled to:
155
+ <div style="margin:1em;">
156
+ <ul>
157
+ <li>
158
+ <p class="modal-body-para">1. Enable 2FA for employees (<b>Recommended</b>)</p>
159
+ </li>
160
+ <li>
161
+ <p class="modal-body-para">2. Enable 2FA for users</p>
162
+ </li>
163
+ <li>
164
+ <p class="modal-body-para">3. Backup methods in case of emergency login</p>
165
+ </li>
166
+ </ul>
167
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-11" onclick="open_hide(this);">+</a></div></div>
168
+ <div class="modal-body-div-c modal-body-div-d"><div id="div-show-hide-12" style="width: 98%; overflow: hidden; height: 50px;line-height: 1.5;"><b><u>Remember device:</u></b> Remember device allows user to login from trusted devices. It keeps safe from unauthorised users who tries to gain access. It improves your login security by allowing you to login from limited and trusted deivces.
169
+ <div style="margin:1em;">
170
+ <ul>
171
+ <li>
172
+ <p class="modal-body-para">1. Allows multiple trusted devices</p>
173
+ </li>
174
+ <li>
175
+ <p class="modal-body-para">2. Limit no. of trusted devices</p>
176
+ </li>
177
+ <li>
178
+ <p class="modal-body-para">3. Block IP\'s of unauthorised users</p>
179
+ </li>
180
+ </ul>
181
+ </div></div><div style="width: 2%; font-size: xx-large;"><a id="show-hide-12" onclick="open_hide(this);">+</a></div></div>';
182
+
183
+
184
+ $media_body = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce sites are often attacked to degrade and destroy media files such as images of product, audios and videos about products. You need to secure your media data. Media protection is important because the users of ecommerce site buy product by viewing the media of products. The broad word media scraping can be used for these types attacks.</p>
185
+ <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
186
+ <div class="modal-body-div">The Media protection prevents media files listed below:</div>
187
+ </div>
188
+ <div style="margin:1em;">
189
+ <ul>
190
+ <li>
191
+ <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
192
+ </li>
193
+ <li>
194
+ <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
195
+ </li>
196
+ </ul>
197
+ </div>';
198
+
199
+ $media_body_1 = '<div class="modal-body-div"><p class="modal-body-para">Some sites such as Photo Gallery or other site which contains media files are often attacked to degrade and destroy media files. You need to secure your media data. Media protection is important because the these sites are totally based on media files.</p>
200
+ <div class="modal-body-div modal-body-para">Here is our <a target="_blank" href="https://wordpress.org/plugins/prevent-file-access/">Media protection</a> plugin.</div>
201
+ <div class="modal-body-div">The Media protection prevents media files listed below:</div>
202
+ </div>
203
+ <div style="margin:1em;">
204
+ <ul>
205
+ <li>
206
+ <p class="modal-body-para">1. It protects all type of image files, audio, video and gif files.</p>
207
+ </li>
208
+ <li>
209
+ <p class="modal-body-para">2. It also prevents access to documents such as pdf, doc, docx, txt, xls, xlsx, etc.</p>
210
+ </li>
211
+ </ul>
212
+ </div>';
213
+
214
+ $backup_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any e-commerce site. The ecommerce sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
215
+ $backup_business = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Business site. The business sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
216
+ $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any Blog/News site. These sites are attacked to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
217
+ $backup_blog = '<div class="modal-body-div"><p class="modal-body-para">The data is backbone of any site such as social networking, employment, etc. There are several attacks happens on these sites to steal data, data manipulation and files manipulation. You can take a backup of your data and files securely.</p></div>';
218
+
219
+
220
+ $backup_body = '<div class="modal-body-div">
221
+ <ul>
222
+ <li>
223
+ <p class="modal-body-para"><b>1. <u>Scheduled backup:</u></b> Scheduled backup used to create automatic backup after scheduled time. It allows you to relax because you know that all of your information is being backed up, and you are limiting what you may lose. Using this feature you can set a time interval to create a continuous backup. ';
224
+ $backup_body_1 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">Set scheduled backup time 1/2 hr for ecommerce site.</span></div>';
225
+ $backup_body_2 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 12 hrs time interval.</span></div>';
226
+ $backup_body_3 = '<div class="modal-waf-dinner"><span class="modal-waf-sinner">You can set automatic backup after 4-5 hrs time interval.</span></div>';
227
+ $backup_body_4 = '</p>
228
+ </li>
229
+ <li>
230
+ <p class="modal-body-para"><b>2. <u>Manual backup:</u></b> Manual backup can be taken manually whenever user wants. It is important when you made any crucial changes and don\'t want to loose data then you can immediately take a backup and keep it securely.</p>
231
+ </li>
232
+ <li>
233
+ <p class="modal-body-para"><b>3. <u>Password protected encrypted backup:</u></b> Password protected encrypted backup is very secure way to take a backup. If anyone gets it still no one can decode it because of its highly secure nature.</p>
234
+ </li>
235
+ <li>
236
+ <p class="modal-body-para"><b>4. <u>Easy restoring and recovering:</u></b> Simple one-click restore using installer files created for your website. During backup, we create an installer.php file. At the time of restore and recovery, you just need to upload the zip file of backup and installer.php and run the installer file and follow instructions to set up your website.</p>
237
+ </li>
238
+ </ul>
239
+ </div>';
240
+
241
+ $comment_ecommerce = '<div class="modal-body-div"><p class="modal-body-para">Ecommerce websites are attacked to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
242
+ $comment_business = '<div class="modal-body-div"><p class="modal-body-para">Business websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
243
+ $comment_blog = '<div class="modal-body-div"><p class="modal-body-para">Blog/News websites are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
244
+ $comment_other = '<div class="modal-body-div"><p class="modal-body-para">Other websites such as employment, multilingual, etc. are used to spread unwanted or irrelevant content by submitting automated posts, comments, contact forms, etc. A spam message, content or comment includes backlinks or excessive links that redirect to illegal websites or websites containing inappropriate content. Automated scripts and botnets are used to spread such spam comments and posts to spoil the organizations reputation or product reputation. </p></div>';
245
+
246
+ $comment_spam = '<div style="margin:1em;">
247
+ <ul>
248
+ <li>
249
+ <p class="modal-body-para"><b>1. <u>Comment protection:</u></b> Spam comments generated by automated scripts can be prevented using captcha. Honeypot is another widely used technique to catch bots and block them.</p>
250
+ </li>
251
+ <li>
252
+ <p class="modal-body-para"><b>2. <u>Post protection:</u></b> Automated scripts or botnets can prevented by using captcha. There are three forms of captcha availble text, math and google recaptcha. Honeypot is also another way to detect spam posts. Malware scanner can also used to scan the malware in the posts.</p>
253
+ </li>
254
+ </ul>
255
+ </div>';
256
+
257
+
258
+ $scanner = '<div class="modal-body-div"><p class="modal-body-para">Malware scanner detects the malicious code in the files. Compares the wordpress, plugins and theme files with Wordpress repo files. Detects changes present in any wordpress, theme and plugin files. It also checks outdated/vulnerable plugins, themes. It is also useful to detect malware in posts and comments.</p></div>
259
+ <div style="margin:1em;">
260
+ <ul>
261
+ <li>
262
+ <p class="modal-body-para"><b>1. <u>Malware scan:</u></b> Malware scan scans the wordpress core files, plugins and theme files to check malware. It detects the trojans, backdoors, viruses, worms, etc. in the files. </p>
263
+ </li>
264
+ <li>
265
+ <p class="modal-body-para"><b>2. <u>Wordpress version and file compare:</u></b> Checks WordPress, plugins and themes version with Wordpress.org repository and compare WordPress core, plugins and themes files with the repository to detect any file changes. Detect any changes in the files present in the WordPress plugins and themes folder.</p>
266
+ </li>
267
+ <li>
268
+ <p class="modal-body-para"><b>3. <u>Check vulnerable plugins and themes:</u></b> Checks vulnerable plugins and themes which contains malicious code. You can remove it to enhance your site security.</p>
269
+ </li>
270
+ </ul>
271
+ </div>';
272
+
273
+ $support_modal = '<div>
274
+
275
+ <div style="width: unset; float: unset; margin: 10px 20%;" class="mo_wpns_support_layout_model">
276
+
277
+ <img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/support3.png">
278
+ <h1>Support</h1>
279
+ <p>Need any help? We are available any time, Just send us a query so we can help you.</p>
280
+ <form name="f" method="post" action="">
281
+ <input type="hidden" name="option" value="mo_wpns_send_query"/>
282
+ <table class="mo_wpns_settings_table">
283
+ <tr><td>
284
+ <input type="email" class="mo_wpns_table_textbox" id="query_email" name="query_email" value="'.$email.'" placeholder="Enter your email" required />
285
+ </td>
286
+ </tr>
287
+ <tr><td>
288
+ <input type="text" class="mo_wpns_table_textbox" name="query_phone" id="query_phone" value="'.$phone.'" placeholder="Enter your phone"/>
289
+ </td>
290
+ </tr>
291
+ <tr>
292
+ <td>
293
+ <textarea id="query" name="query" class="mo_wpns_settings_textarea" style="resize: vertical;width:100%" cols="52" rows="7" placeholder="Write your query here"></textarea>
294
+ </td>
295
+ </tr>
296
+ </table>
297
+ <input type="submit" name="send_query" id="send_query" value="Submit Query" class="mo_wpns_button mo_wpns_button1" />
298
+ </form>
299
+ <br />
300
+ </div>
301
+ </div>
302
+ <script>
303
+ function moSharingSizeValidate(e){
304
+ var t=parseInt(e.value.trim());t>60?e.value=60:10>t&&(e.value=10)
305
+ }
306
+ function moSharingSpaceValidate(e){
307
+ var t=parseInt(e.value.trim());t>50?e.value=50:0>t&&(e.value=0)
308
+ }
309
+ function moLoginSizeValidate(e){
310
+ var t=parseInt(e.value.trim());t>60?e.value=60:20>t&&(e.value=20)
311
+ }
312
+ function moLoginSpaceValidate(e){
313
+ var t=parseInt(e.value.trim());t>60?e.value=60:0>t&&(e.value=0)
314
+ }
315
+ function moLoginWidthValidate(e){
316
+ var t=parseInt(e.value.trim());t>1000?e.value=1000:140>t&&(e.value=140)
317
+ }
318
+ function moLoginHeightValidate(e){
319
+ var t=parseInt(e.value.trim());t>50?e.value=50:35>t&&(e.value=35)
320
+ }
321
+ </script>';
322
+
323
+
324
+ $ecommerce_site = array(array('Web Application Firewall(WAF)', $waf_body_ecommerce.$waf_body.$waf_arr_ecc), array('Login Security', $login_security_ecommerce.$login_security_body.$registration_security_ecommerce.$registration_security), array('Media Protection', $media_body), array('Encrypted Backup', $backup_ecommerce.$backup_body.$backup_body_1.$backup_body_4), array('Comment and Spam Protection', $comment_ecommerce.$comment_spam), array('Malware Scanner', $scanner), array('Support', $support_modal));
325
+
326
+ $business_site = array(array('Web Application Firewall(WAF)', $waf_body_business.$waf_body.$waf_arr_busi), array('Encrypted Backup', $backup_business.$backup_body.$backup_body_2.$backup_body_4), array('Comment and Spam Protection', $comment_business.$comment_spam), array('Login Security', $login_security_business.$login_security_body.$registration_security_business.$registration_security), array('Malware Scanner', $scanner), array('Support', $support_modal));
327
+
328
+ $blog_site = array(array('Web Application Firewall(WAF)', $waf_body_blog.$waf_body.$waf_arr_blog), array('Comment and Spam Protection', $comment_blog.$comment_spam), array('Login Security', $login_security_blog.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_3.$backup_body_4), array('Malware Scanner', $scanner), array('Support', $support_modal));
329
+
330
+ $other_site = array(array('Web Application Firewall(WAF)', $waf_body_other.$waf_body.$waf_arr_other), array('Comment and Spam Protection', $comment_other.$comment_spam), array('Login Security', $login_security_other.$login_security_body), array('Encrypted Backup', $backup_blog.$backup_body.$backup_body_4), array('Media Protection', $media_body_1), array('Malware Scanner', $scanner), array('Support', $support_modal));
331
+
332
+ $main_pointer = array('Main' => array('Let\'s get Started', $tour_body), 'Ecommerce' => $ecommerce_site, 'Business' => $business_site, 'Blogs/News' => $blog_site, 'Other' => $other_site);
333
+
334
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'tour-model.php';
controllers/tour/tour_ajax.php CHANGED
@@ -1,146 +1,146 @@
1
- <?php
2
- class Mo_wpns_Tour
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
-
7
- }
8
-
9
- public function mo_wpns_save_tour_details(){
10
- if(isset($_REQUEST['page']))
11
- {
12
- switch ($_REQUEST['page']) {
13
- case 'mo_2fa_two_fa':
14
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
- update_option('mo2f_two_factor_tour',1);
16
-
17
- break;
18
- case 'mo_2fa_waf':
19
- if(!get_option('mo2f_tour_firewall'))
20
- update_option('mo2f_tour_firewall',1);
21
- break;
22
- case 'mo_2fa_login_and_spam':
23
- if(!get_option('mo2f_tour_loginSpam'))
24
- update_option('mo2f_tour_loginSpam',1);
25
- break;
26
-
27
- case 'mo_2fa_backup':
28
- if(!get_option('mo2f_tour_backup'))
29
- update_option('mo2f_tour_backup',1);
30
-
31
- break;
32
- case 'mo_2fa_malwarescan':
33
- if(!get_option('mo2f_tour_malware_scan'))
34
- update_option('mo2f_tour_malware_scan',1);
35
-
36
- break;
37
- case 'mo_2fa_advancedblocking':
38
- if(!get_option('mo2f_tour_advance_blocking'))
39
- update_option('mo2f_tour_advance_blocking',1);
40
- break;
41
-
42
- default:
43
- break;
44
- }
45
- }
46
- add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
-
48
- }
49
-
50
- public function mo_wpns_tour(){
51
- switch($_POST['call_type'])
52
- {
53
- case "wpns_enable_tour":
54
- update_option('skip_tour', 0);
55
- break;
56
- case "skip_entire_plugin_tour":
57
- $this->handle_skip_entire_plugin();
58
- break;
59
- case 'entire_plugin_tour_started':
60
- $this->entire_plugin_tour_started();
61
- break;
62
- case "mo2f_close_tour_details":
63
- $this->mo2f_close_tour_details();
64
- break;
65
- case "mo2f_visit_page_tour_details":
66
- $this->mo2f_visit_page_tour_details();
67
- break;
68
- case "mo2f_last_visit_tab":
69
- $this->mo2f_last_visit_tab();
70
- break;
71
- }
72
- }
73
-
74
-
75
- function mo2f_last_visit_tab()
76
- {
77
- $lasttab = sanitize_text_field($_POST['tab']);
78
- update_option('mo2f_tour_tab',$lasttab);
79
- }
80
- function mo2f_visit_page_tour_details()
81
- {
82
- $currentPointer = '';
83
- if(isset($_POST['index']))
84
- $currentPointer = sanitize_text_field($_POST['index']);
85
-
86
- if(strpos($currentPointer, 'support') != false)
87
- {
88
- exit;
89
- }
90
- $uid = get_current_user_id();
91
- $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
- $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
- update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
- }
95
- function entire_plugin_tour_started()
96
- {
97
- update_option('mo2f_tour_started',3);
98
- exit;
99
- }
100
-
101
- function handle_skip_entire_plugin(){
102
- update_option('mo2f_two_factor_tour',-1);
103
- update_option('mo2f_tour_firewall',-1);
104
- update_option('mo2f_tour_malware_scan',-1);
105
- update_option('mo2f_tour_advance_blocking',-1);
106
- update_option('mo2f_tour_backup',-1);
107
- update_option('mo2f_tour_loginSpam',-1);
108
- update_option('mo2f_tour_started',3);
109
- exit;
110
- }
111
-
112
-
113
- function mo2f_close_tour_details()
114
- {
115
- $uid = get_current_user_id();
116
- delete_user_meta($uid,'mo2f_visited_pointers');
117
- $page = $_POST['page'];
118
- $page = sanitize_text_field($page[0]);
119
- update_option('mo2f_tour_tab','');
120
- update_option("yeah",1);
121
- switch ($page) {
122
- case 'toplevel_page_mo_2fa_two_fa':
123
- update_option('mo2f_two_factor_tour',-1);
124
- break;
125
- case 'miniorange-2-factor_page_mo_2fa_waf':
126
- update_option('mo2f_tour_firewall',-1);
127
- break;
128
- case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
- update_option('mo2f_tour_malware_scan',-1);
130
- break;
131
- case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
- update_option('mo2f_tour_advance_blocking',-1);
133
- break;
134
- case 'miniorange-2-factor_page_mo_2fa_backup':
135
- update_option('mo2f_tour_backup',-1);
136
- break;
137
- case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
- update_option('mo2f_tour_loginSpam',-1);
139
- break;
140
- }
141
-
142
- }
143
-
144
- }
145
- new Mo_wpns_Tour();
146
  ?>
1
+ <?php
2
+ class Mo_wpns_Tour
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
+
7
+ }
8
+
9
+ public function mo_wpns_save_tour_details(){
10
+ if(isset($_REQUEST['page']))
11
+ {
12
+ switch ($_REQUEST['page']) {
13
+ case 'mo_2fa_two_fa':
14
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
+ update_option('mo2f_two_factor_tour',1);
16
+
17
+ break;
18
+ case 'mo_2fa_waf':
19
+ if(!get_option('mo2f_tour_firewall'))
20
+ update_option('mo2f_tour_firewall',1);
21
+ break;
22
+ case 'mo_2fa_login_and_spam':
23
+ if(!get_option('mo2f_tour_loginSpam'))
24
+ update_option('mo2f_tour_loginSpam',1);
25
+ break;
26
+
27
+ case 'mo_2fa_backup':
28
+ if(!get_option('mo2f_tour_backup'))
29
+ update_option('mo2f_tour_backup',1);
30
+
31
+ break;
32
+ case 'mo_2fa_malwarescan':
33
+ if(!get_option('mo2f_tour_malware_scan'))
34
+ update_option('mo2f_tour_malware_scan',1);
35
+
36
+ break;
37
+ case 'mo_2fa_advancedblocking':
38
+ if(!get_option('mo2f_tour_advance_blocking'))
39
+ update_option('mo2f_tour_advance_blocking',1);
40
+ break;
41
+
42
+ default:
43
+ break;
44
+ }
45
+ }
46
+ add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
+
48
+ }
49
+
50
+ public function mo_wpns_tour(){
51
+ switch($_POST['call_type'])
52
+ {
53
+ case "wpns_enable_tour":
54
+ update_option('skip_tour', 0);
55
+ break;
56
+ case "skip_entire_plugin_tour":
57
+ $this->handle_skip_entire_plugin();
58
+ break;
59
+ case 'entire_plugin_tour_started':
60
+ $this->entire_plugin_tour_started();
61
+ break;
62
+ case "mo2f_close_tour_details":
63
+ $this->mo2f_close_tour_details();
64
+ break;
65
+ case "mo2f_visit_page_tour_details":
66
+ $this->mo2f_visit_page_tour_details();
67
+ break;
68
+ case "mo2f_last_visit_tab":
69
+ $this->mo2f_last_visit_tab();
70
+ break;
71
+ }
72
+ }
73
+
74
+
75
+ function mo2f_last_visit_tab()
76
+ {
77
+ $lasttab = sanitize_text_field($_POST['tab']);
78
+ update_option('mo2f_tour_tab',$lasttab);
79
+ }
80
+ function mo2f_visit_page_tour_details()
81
+ {
82
+ $currentPointer = '';
83
+ if(isset($_POST['index']))
84
+ $currentPointer = sanitize_text_field($_POST['index']);
85
+
86
+ if(strpos($currentPointer, 'support') != false)
87
+ {
88
+ exit;
89
+ }
90
+ $uid = get_current_user_id();
91
+ $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
+ $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
+ update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
+ }
95
+ function entire_plugin_tour_started()
96
+ {
97
+ update_option('mo2f_tour_started',3);
98
+ exit;
99
+ }
100
+
101
+ function handle_skip_entire_plugin(){
102
+ update_option('mo2f_two_factor_tour',-1);
103
+ update_option('mo2f_tour_firewall',-1);
104
+ update_option('mo2f_tour_malware_scan',-1);
105
+ update_option('mo2f_tour_advance_blocking',-1);
106
+ update_option('mo2f_tour_backup',-1);
107
+ update_option('mo2f_tour_loginSpam',-1);
108
+ update_option('mo2f_tour_started',3);
109
+ exit;
110
+ }
111
+
112
+
113
+ function mo2f_close_tour_details()
114
+ {
115
+ $uid = get_current_user_id();
116
+ delete_user_meta($uid,'mo2f_visited_pointers');
117
+ $page = $_POST['page'];
118
+ $page = sanitize_text_field($page[0]);
119
+ update_option('mo2f_tour_tab','');
120
+ update_option("yeah",1);
121
+ switch ($page) {
122
+ case 'toplevel_page_mo_2fa_two_fa':
123
+ update_option('mo2f_two_factor_tour',-1);
124
+ break;
125
+ case 'miniorange-2-factor_page_mo_2fa_waf':
126
+ update_option('mo2f_tour_firewall',-1);
127
+ break;
128
+ case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
+ update_option('mo2f_tour_malware_scan',-1);
130
+ break;
131
+ case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
+ update_option('mo2f_tour_advance_blocking',-1);
133
+ break;
134
+ case 'miniorange-2-factor_page_mo_2fa_backup':
135
+ update_option('mo2f_tour_backup',-1);
136
+ break;
137
+ case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
+ update_option('mo2f_tour_loginSpam',-1);
139
+ break;
140
+ }
141
+
142
+ }
143
+
144
+ }
145
+ new Mo_wpns_Tour();
146
  ?>
controllers/troubleshooting.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'troubleshooting.php';
controllers/two-fa-intro.php CHANGED
@@ -1,222 +1,222 @@
1
-
2
- <div id="mo2f_2fa_intro" class = "modal" style="display: block;">
3
- <div id="mo2f_2fa_intro_modal" class="modal-content" style="width: 40%;overflow: hidden;padding:50px;" >
4
-
5
- <div class="modal-header" style="border-bottom: none;">
6
- <h2 class="modal-title" style="text-align: center; font-size: 20px; color: #2980b9">
7
- <span id="closeintromodal" class="close modal-span-close" onclick="skipintro();">X</span>
8
- </h2>
9
- </div>
10
-
11
- <div class="modal-body" style="height: auto;">
12
- <center>
13
- <div class="checkmark-circle" >
14
- <div class="background"></div>
15
- <div class="checkmark draw"></div>
16
- </div>
17
- <h1>Awesome!!</h1>
18
- <h2 style="color: black;font-size: 20px;">You are ready to use Two Factor.</h2>
19
- </center>
20
- <div >
21
- <h3 style="color: black;display:none;" ><span style="color:red;">Logout</span> : You can logout and get the same experience as your users. </h3>
22
-
23
- </div>
24
- </div>
25
-
26
- <div class="modal-footer" style="border: 0px;">
27
- <button type="button" class="button button-primary button-large modal-button readytogo mo2f_advance_setting" onclick="skipintro();">Advance Settings</button>
28
- <button type="button" class="button button-primary button-large modal-button mo2fa_tour_button" title="Logout and check the user experience" onclick="mo2f_userlogout()">Logout and Configure</button>
29
- <div class="mo2f_tooltip_addon logout button button-primary button-large modal-button " style="float: left;border: 2px solid black;border-left:none;width: 6%;box-shadow: none;text-decoration:none;background-color: #2271b1;margin-left: -5px;min-height: 50px;">
30
- <span class="dashicons dashicons-info mo2f_info_tab" style="color: white;font-size: 27px;margin-top: 14px;margin-left: -12px;"></span>
31
- <span class="mo2f_tooltiptext_addon mo2f_logout_and_configure_info" style="font-size: 20px;font-family: auto; text-align: justify;font-weight: lighter;background-color: #2EB150; font-size: 20px;">
32
- <ul style="list-style-type:square;margin: 10px 18px 10px 18px;"><li>This will logout you and will ask you to set your 2FA on next login.</li><li> New and existing users can set their 2FA on next login.</li></ul>
33
- </span>
34
- <span class="mo2f_tooltiptext_addon" style="color: #2EB150;background: none; margin-left: -200px; margin-top: -38px;">
35
- <span class="dashicons dashicons-arrow-down" style="font-size: 300%;"></span>
36
- </span>
37
- </div>
38
-
39
- </div>
40
- </div>
41
- </div>
42
- <form name="f" id="mo2f_skiploginform" method="post" action="">
43
- <input type="hidden" name="mo2f_skiplogin_nonce" value="<?php echo wp_create_nonce( 'miniorange-2-factor-skiplogin-failed-nonce' ); ?>"/>
44
- <input type="hidden" name="option" value="mo2f_skiplogin"/>
45
- </form>
46
- <form name="f" id="mo2f_userlogoutform" method="post" action="">
47
- <input type="hidden" name="mo2f_userlogout_nonce" value="<?php echo wp_create_nonce( 'miniorange-2-factor-userlogout-failed-nonce' ); ?>"/>
48
- <input type="hidden" name="option" value="mo2f_userlogout"/>
49
- </form>
50
-
51
- <script>
52
- function mo2f_userlogout() {
53
- jQuery("#mo2f_userlogoutform").submit();
54
- }
55
-
56
- function skipintro() {
57
- jQuery("#mo2f_skiploginform").submit();
58
- }
59
- </script>
60
-
61
- <style>
62
-
63
- .modalhover:hover{
64
- border:2px solid #2EB150;
65
- background: #2EB150 !important;
66
- color:white !important;
67
- }
68
- .checkmark-circle {
69
- width: 150px;
70
- height: 150px;
71
- position: relative;
72
- display: inline-block;
73
- vertical-align: top;
74
- }
75
- .checkmark-circle .background {
76
- width: 150px;
77
- height: 150px;
78
- border-radius: 50%;
79
- background: #2EB150;
80
- position: absolute;
81
- }
82
- .checkmark-circle .checkmark {
83
- border-radius: 5px;
84
- }
85
- .checkmark-circle .checkmark.draw:after {
86
- -webkit-animation-delay: 100ms;
87
- -moz-animation-delay: 100ms;
88
- animation-delay: 100ms;
89
- -webkit-animation-duration: 1s;
90
- -moz-animation-duration: 1s;
91
- animation-duration: 1s;
92
- -webkit-animation-timing-function: ease;
93
- -moz-animation-timing-function: ease;
94
- animation-timing-function: ease;
95
- -webkit-animation-name: checkmark;
96
- -moz-animation-name: checkmark;
97
- animation-name: checkmark;
98
- -webkit-transform: scaleX(-1) rotate(130deg);
99
- -moz-transform: scaleX(-1) rotate(130deg);
100
- -ms-transform: scaleX(-1) rotate(130deg);
101
- -o-transform: scaleX(-1) rotate(130deg);
102
- transform: scaleX(-1) rotate(130deg);
103
- -webkit-animation-fill-mode: forwards;
104
- -moz-animation-fill-mode: forwards;
105
- animation-fill-mode: forwards;
106
- }
107
- .checkmark-circle .checkmark:after {
108
- opacity: 1;
109
- height: 75px;
110
- width: 37.5px;
111
- -webkit-transform-origin: left top;
112
- -moz-transform-origin: left top;
113
- -ms-transform-origin: left top;
114
- -o-transform-origin: left top;
115
- transform-origin: left top;
116
- border-right: 15px solid white;
117
- border-top: 15px solid white;
118
- border-radius: 2.5px !important;
119
- content: '';
120
- left: 25px;
121
- top: 75px;
122
- position: absolute;
123
- }
124
-
125
- @-webkit-keyframes checkmark {
126
- 0% {
127
- height: 0;
128
- width: 0;
129
- opacity: 1;
130
- }
131
- 20% {
132
- height: 0;
133
- width: 37.5px;
134
- opacity: 1;
135
- }
136
- 40% {
137
- height: 75px;
138
- width: 37.5px;
139
- opacity: 1;
140
- }
141
- 100% {
142
- height: 75px;
143
- width: 37.5px;
144
- opacity: 1;
145
- }
146
- }
147
- @-moz-keyframes checkmark {
148
- 0% {
149
- height: 0;
150
- width: 0;
151
- opacity: 1;
152
- }
153
- 20% {
154
- height: 0;
155
- width: 37.5px;
156
- opacity: 1;
157
- }
158
- 40% {
159
- height: 75px;
160
- width: 37.5px;
161
- opacity: 1;
162
- }
163
- 100% {
164
- height: 75px;
165
- width: 37.5px;
166
- opacity: 1;
167
- }
168
- }
169
- @keyframes checkmark {
170
- 0% {
171
- height: 0;
172
- width: 0;
173
- opacity: 1;
174
- }
175
- 20% {
176
- height: 0;
177
- width: 37.5px;
178
- opacity: 1;
179
- }
180
- 40% {
181
- height: 75px;
182
- width: 37.5px;
183
- opacity: 1;
184
- }
185
- 100% {
186
- height: 75px;
187
- width: 37.5px;
188
- opacity: 1;
189
- }
190
- }
191
- body{
192
- background-color: #e6e6e6;
193
- width: 100%;
194
- height: 100%;
195
- }
196
- #success_tic .page-body{
197
- max-width:300px;
198
- background-color:#FFFFFF;
199
- margin:10% auto;
200
- }
201
- #success_tic .page-body .head{
202
- text-align:center;
203
- }
204
- /* #success_tic .tic{
205
- font-size:186px;
206
- } */
207
- .close{
208
- opacity: 1;
209
- position: absolute;
210
- right: 0px;
211
- font-size: 30px;
212
- padding: 3px 15px;
213
- margin-bottom: 10px;
214
- float: right;
215
- font-size: 21px;
216
- font-weight: 700;
217
- line-height: 1;
218
- color: #000;
219
- text-shadow: 0 1px 0 #fff;
220
- }
221
-
222
- </style>
1
+
2
+ <div id="mo2f_2fa_intro" class = "modal" style="display: block;">
3
+ <div id="mo2f_2fa_intro_modal" class="modal-content" style="width: 40%;overflow: hidden;padding:50px;" >
4
+
5
+ <div class="modal-header" style="border-bottom: none;">
6
+ <h2 class="modal-title" style="text-align: center; font-size: 20px; color: #2980b9">
7
+ <span id="closeintromodal" class="close modal-span-close" onclick="skipintro();">X</span>
8
+ </h2>
9
+ </div>
10
+
11
+ <div class="modal-body" style="height: auto;">
12
+ <center>
13
+ <div class="checkmark-circle" >
14
+ <div class="background"></div>
15
+ <div class="checkmark draw"></div>
16
+ </div>
17
+ <h1>Awesome!!</h1>
18
+ <h2 style="color: black;font-size: 20px;">You are ready to use Two Factor.</h2>
19
+ </center>
20
+ <div >
21
+ <h3 style="color: black;display:none;" ><span style="color:red;">Logout</span> : You can logout and get the same experience as your users. </h3>
22
+
23
+ </div>
24
+ </div>
25
+
26
+ <div class="modal-footer" style="border: 0px;">
27
+ <button type="button" class="button button-primary button-large modal-button readytogo mo2f_advance_setting" onclick="skipintro();">Advance Settings</button>
28
+ <button type="button" class="button button-primary button-large modal-button mo2fa_tour_button" title="Logout and check the user experience" onclick="mo2f_userlogout()">Logout and Configure</button>
29
+ <div class="mo2f_tooltip_addon logout button button-primary button-large modal-button " style="float: left;border: 2px solid black;border-left:none;width: 6%;box-shadow: none;text-decoration:none;background-color: #2271b1;margin-left: -5px;min-height: 50px;">
30
+ <span class="dashicons dashicons-info mo2f_info_tab" style="color: white;font-size: 27px;margin-top: 14px;margin-left: -12px;"></span>
31
+ <span class="mo2f_tooltiptext_addon mo2f_logout_and_configure_info" style="font-size: 20px;font-family: auto; text-align: justify;font-weight: lighter;background-color: #2EB150; font-size: 20px;">
32
+ <ul style="list-style-type:square;margin: 10px 18px 10px 18px;"><li>This will logout you and will ask you to set your 2FA on next login.</li><li> New and existing users can set their 2FA on next login.</li></ul>
33
+ </span>
34
+ <span class="mo2f_tooltiptext_addon" style="color: #2EB150;background: none; margin-left: -200px; margin-top: -38px;">
35
+ <span class="dashicons dashicons-arrow-down" style="font-size: 300%;"></span>
36
+ </span>
37
+ </div>
38
+
39
+ </div>
40
+ </div>
41
+ </div>
42
+ <form name="f" id="mo2f_skiploginform" method="post" action="">
43
+ <input type="hidden" name="mo2f_skiplogin_nonce" value="<?php echo wp_create_nonce( 'miniorange-2-factor-skiplogin-failed-nonce' ); ?>"/>
44
+ <input type="hidden" name="option" value="mo2f_skiplogin"/>
45
+ </form>
46
+ <form name="f" id="mo2f_userlogoutform" method="post" action="">
47
+ <input type="hidden" name="mo2f_userlogout_nonce" value="<?php echo wp_create_nonce( 'miniorange-2-factor-userlogout-failed-nonce' ); ?>"/>
48
+ <input type="hidden" name="option" value="mo2f_userlogout"/>
49
+ </form>
50
+
51
+ <script>
52
+ function mo2f_userlogout() {
53
+ jQuery("#mo2f_userlogoutform").submit();
54
+ }
55
+
56
+ function skipintro() {
57
+ jQuery("#mo2f_skiploginform").submit();
58
+ }
59
+ </script>
60
+
61
+ <style>
62
+
63
+ .modalhover:hover{
64
+ border:2px solid #2EB150;
65
+ background: #2EB150 !important;
66
+ color:white !important;
67
+ }
68
+ .checkmark-circle {
69
+ width: 150px;
70
+ height: 150px;
71
+ position: relative;
72
+ display: inline-block;
73
+ vertical-align: top;
74
+ }
75
+ .checkmark-circle .background {
76
+ width: 150px;
77
+ height: 150px;
78
+ border-radius: 50%;
79
+ background: #2EB150;
80
+ position: absolute;
81
+ }
82
+ .checkmark-circle .checkmark {
83
+ border-radius: 5px;
84
+ }
85
+ .checkmark-circle .checkmark.draw:after {
86
+ -webkit-animation-delay: 100ms;
87
+ -moz-animation-delay: 100ms;
88
+ animation-delay: 100ms;
89
+ -webkit-animation-duration: 1s;
90
+ -moz-animation-duration: 1s;
91
+ animation-duration: 1s;
92
+ -webkit-animation-timing-function: ease;
93
+ -moz-animation-timing-function: ease;
94
+ animation-timing-function: ease;
95
+ -webkit-animation-name: checkmark;
96
+ -moz-animation-name: checkmark;
97
+ animation-name: checkmark;
98
+ -webkit-transform: scaleX(-1) rotate(130deg);
99
+ -moz-transform: scaleX(-1) rotate(130deg);
100
+ -ms-transform: scaleX(-1) rotate(130deg);
101
+ -o-transform: scaleX(-1) rotate(130deg);
102
+ transform: scaleX(-1) rotate(130deg);
103
+ -webkit-animation-fill-mode: forwards;
104
+ -moz-animation-fill-mode: forwards;
105
+ animation-fill-mode: forwards;
106
+ }
107
+ .checkmark-circle .checkmark:after {
108
+ opacity: 1;
109
+ height: 75px;
110
+ width: 37.5px;
111
+ -webkit-transform-origin: left top;
112
+ -moz-transform-origin: left top;
113
+ -ms-transform-origin: left top;
114
+ -o-transform-origin: left top;
115
+ transform-origin: left top;
116
+ border-right: 15px solid white;
117
+ border-top: 15px solid white;
118
+ border-radius: 2.5px !important;
119
+ content: '';
120
+ left: 25px;
121
+ top: 75px;
122
+ position: absolute;
123
+ }
124
+
125
+ @-webkit-keyframes checkmark {
126
+ 0% {
127
+ height: 0;
128
+ width: 0;
129
+ opacity: 1;
130
+ }
131
+ 20% {
132
+ height: 0;
133
+ width: 37.5px;
134
+ opacity: 1;
135
+ }
136
+ 40% {
137
+ height: 75px;
138
+ width: 37.5px;
139
+ opacity: 1;
140
+ }
141
+ 100% {
142
+ height: 75px;
143
+ width: 37.5px;
144
+ opacity: 1;
145
+ }
146
+ }
147
+ @-moz-keyframes checkmark {
148
+ 0% {
149
+ height: 0;
150
+ width: 0;
151
+ opacity: 1;
152
+ }
153
+ 20% {
154
+ height: 0;
155
+ width: 37.5px;
156
+ opacity: 1;
157
+ }
158
+ 40% {
159
+ height: 75px;
160
+ width: 37.5px;
161
+ opacity: 1;
162
+ }
163
+ 100% {
164
+ height: 75px;
165
+ width: 37.5px;
166
+ opacity: 1;
167
+ }
168
+ }
169
+ @keyframes checkmark {
170
+ 0% {
171
+ height: 0;
172
+ width: 0;
173
+ opacity: 1;
174
+ }
175
+ 20% {
176
+ height: 0;
177
+ width: 37.5px;
178
+ opacity: 1;
179
+ }
180
+ 40% {
181
+ height: 75px;
182
+ width: 37.5px;
183
+ opacity: 1;
184
+ }
185
+ 100% {
186
+ height: 75px;
187
+ width: 37.5px;
188
+ opacity: 1;
189
+ }
190
+ }
191
+ body{
192
+ background-color: #e6e6e6;
193
+ width: 100%;
194
+ height: 100%;
195
+ }
196
+ #success_tic .page-body{
197
+ max-width:300px;
198
+ background-color:#FFFFFF;
199
+ margin:10% auto;
200
+ }
201
+ #success_tic .page-body .head{
202
+ text-align:center;
203
+ }
204
+ /* #success_tic .tic{
205
+ font-size:186px;
206
+ } */
207
+ .close{
208
+ opacity: 1;
209
+ position: absolute;
210
+ right: 0px;
211
+ font-size: 30px;
212
+ padding: 3px 15px;
213
+ margin-bottom: 10px;
214
+ float: right;
215
+ font-size: 21px;
216
+ font-weight: 700;
217
+ line-height: 1;
218
+ color: #000;
219
+ text-shadow: 0 1px 0 #fff;
220
+ }
221
+
222
+ </style>
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -1,1661 +1,1661 @@
1
- <?php
2
- function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_to = null ) {
3
- ?>
4
- <html>
5
- <head>
6
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
7
- <meta name="viewport" content="width=device-width, initial-scale=1">
8
- <?php
9
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
10
- ?>
11
- </head>
12
- <body>
13
- <div>
14
- <form id="morba_loginform" method="post">
15
- <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
17
- <?php
18
- if ( get_option( 'mo2f_remember_device' ) ) {
19
- ?>
20
- <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
- <?php
22
- echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
23
- echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
24
- echo '<script src="' . plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
25
- echo '<script src="' . plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
26
- echo '<script src="' . plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
27
- echo '<script src="' . plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
28
- echo '<script src="' . plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
29
- echo '<script src="' . plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
30
- echo '<script src="' . plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
31
- }
32
- ?>
33
- <input type="hidden" name="miniorange_attribute_collection_nonce"
34
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' ); ?>"/>
35
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
36
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
37
- </form>
38
- </div>
39
- </body>
40
- </html>
41
- <?php
42
- }
43
- function mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encrypt,$redirect_to)
44
- {
45
- ?>
46
- <html>
47
- <head>
48
- <meta charset="utf-8"/>
49
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
50
- <meta name="viewport" content="width=device-width, initial-scale=1">
51
- <?php
52
- mo2f_inline_css_and_js();
53
- ?>
54
- </head>
55
- <body>
56
- <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
57
- <div class="mo2f-modal-backdrop"></div>
58
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
59
- <div class="login mo_customer_validation-modal-content">
60
- <div class="mo2f_modal-header">
61
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
62
-
63
- <?php echo __('Select 2 Factor method for authentication', 'miniorange-2-factor-authentication'); ?></h3>
64
- </div>
65
- <div class="mo2f_modal-body">
66
- <?php
67
- foreach ($configure_array_method as $key => $value)
68
- {
69
- echo'<span >
70
- <label>
71
- <input type="radio" name="mo2f_selected_mfactor_method" class ="mo2f-styled-radio_conf" value="'.$value.'"/>';
72
- echo'<span class="mo2f-styled-radio-text_conf">';
73
- echo __($value, 'miniorange-2-factor-authentication');
74
- echo ' </span> </label>
75
- <br>
76
- <br>
77
- </span>';
78
-
79
- }
80
-
81
- ?>
82
-
83
- <?php mo2f_customize_logo() ?>
84
- </div>
85
- </div>
86
- </div>
87
- </div>
88
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
89
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
90
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
91
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
92
- </form>
93
- <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
94
- <input type="hidden" name="mo2f_selected_mfactor_method" />
95
- <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo wp_create_nonce('mo2f_miniorange-2factor-method-nonce'); ?>" />
96
- <input type="hidden" name="option" value="miniorange_mfactor_method" />
97
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
98
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
99
- </form>
100
-
101
- <script>
102
- function mologinback(){
103
- jQuery('#mo2f_backto_mo_loginform').submit();
104
- }
105
- jQuery('input:radio[name=mo2f_selected_mfactor_method]').click(function() {
106
- var selectedMethod = jQuery(this).val();
107
- document.getElementById("mo2f_select_mfa_methods_form").elements[0].value = selectedMethod;
108
- jQuery('#mo2f_select_mfa_methods_form').submit();
109
- });
110
-
111
- </script>
112
- </body>
113
- </html>
114
- <?php
115
- }
116
- function miniorange_get_user_role( $user ) {
117
- return $user->roles;
118
- }
119
-
120
- function redirect_user_to( $user, $redirect_to ) {
121
- $roles = $user->roles;
122
- $current_role = array_shift( $roles );
123
- $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
124
- if ( $current_role == 'administrator' ) {
125
- $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
126
- } else {
127
- $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
128
- }
129
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
130
- $redirect = array(
131
- 'redirect' => $redirectUrl,
132
- ) ;
133
-
134
- wp_send_json_success($redirect);
135
- }
136
- else
137
- wp_redirect( $redirectUrl );
138
- }
139
-
140
-
141
- // used in shortcode addon
142
-
143
- function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
144
- if ( empty( $current_roles ) ) {
145
- return 0;
146
- }
147
-
148
- foreach ( $current_roles as $value ) {
149
- if ( get_option( 'mo2fa_' . $value ) ) {
150
- return 1;
151
- }
152
- }
153
-
154
- return 0;
155
- }
156
-
157
- function mo2f_register_profile( $email, $deviceKey, $mo2f_rba_status ) {
158
-
159
- if ( isset( $deviceKey ) && $deviceKey == 'true' ) {
160
- if ( $mo2f_rba_status['status'] == 'WAIT_FOR_INPUT' && $mo2f_rba_status['decision_flag'] ) {
161
- $rba_profile = new Miniorange_Rba_Attributes();
162
- //register profile
163
- json_decode( $rba_profile->mo2f_register_rba_profile( $email, $mo2f_rba_status['sessionUuid'] ), true );
164
-
165
- return true;
166
- } else {
167
- return false;
168
- }
169
- }
170
-
171
- return false;
172
- }
173
-
174
- function mo2f_collect_attributes( $email, $attributes ) {
175
- $mo2f_rba_status = array();
176
- $mo2f_rba_status['decision_flag'] = false;
177
- $mo2f_rba_status['sessionUuid'] = '';
178
-
179
- if ( get_option( 'mo2f_remember_device' ) ) {
180
- $rba_attributes = new Miniorange_Rba_Attributes();
181
- //collect rba attributes
182
- $rba_response = json_decode( $rba_attributes->mo2f_collect_attributes( $email, $attributes ), true );
183
- if ( json_last_error() == JSON_ERROR_NONE ) {
184
- //attributes are collected successfully
185
- if ( $rba_response['status'] == 'SUCCESS' ) {
186
- $sessionUuid = $rba_response['sessionUuid'];
187
- // evaluate the rba risk
188
- $rba_risk_response = json_decode( $rba_attributes->mo2f_evaluate_risk( $email, $sessionUuid ), true );
189
-
190
- if ( json_last_error() == JSON_ERROR_NONE ) {
191
- if ( $rba_risk_response['status'] == 'SUCCESS' || $rba_risk_response['status'] == 'WAIT_FOR_INPUT' ) {
192
-
193
- $mo2f_rba_status['status'] = $rba_risk_response['status'];
194
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
195
- $mo2f_rba_status['decision_flag'] = true;
196
-
197
- } else {
198
- $mo2f_rba_status['status'] = $rba_risk_response['status'];
199
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
200
-
201
- }
202
- } else {
203
- $mo2f_rba_status['status'] = 'JSON_EVALUATE_ERROR';
204
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
205
-
206
- }
207
- } else {
208
- $mo2f_rba_status['status'] = 'ATTR_NOT_COLLECTED';
209
-
210
- }
211
- } else {
212
- $mo2f_rba_status['status'] = 'JSON_ATTR_NOT_COLLECTED';
213
-
214
- }
215
- } else {
216
- $mo2f_rba_status['status'] = 'RBA_NOT_ENABLED';
217
-
218
- }
219
-
220
- return $mo2f_rba_status;
221
- }
222
-
223
- function mo2f_get_user_2ndfactor( $user ) {
224
- global $Mo2fdbQueries;
225
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
226
- $enduser = new Two_Factor_Setup();
227
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $mo2f_user_email ), true );
228
- if ( json_last_error() == JSON_ERROR_NONE ) {
229
- if ( $userinfo['status'] == 'ERROR' ) {
230
- $mo2f_second_factor = 'NONE';
231
- } else if ( $userinfo['status'] == 'SUCCESS' ) {
232
- $mo2f_second_factor = $userinfo['authType'];
233
- } else if ( $userinfo['status'] == 'FAILED' ) {
234
- $mo2f_second_factor = 'USER_NOT_FOUND';
235
- } else {
236
- $mo2f_second_factor = 'NONE';
237
- }
238
- } else {
239
- $mo2f_second_factor = 'NONE';
240
- }
241
-
242
- return $mo2f_second_factor;
243
- }
244
-
245
- function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
246
- $mo2f_forgotphone_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
247
- $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
248
- $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
249
- ?>
250
- <html>
251
- <head>
252
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
253
- <meta name="viewport" content="width=device-width, initial-scale=1">
254
- <?php
255
- echo_js_css_files(); ?>
256
- </head>
257
- <body>
258
- <div class="mo2f_modal" tabindex="-1" role="dialog">
259
- <div class="mo2f-modal-backdrop"></div>
260
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
261
- <div class="login mo_customer_validation-modal-content">
262
- <div class="mo2f_modal-header">
263
- <h4 class="mo2f_modal-title">
264
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
265
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
266
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
267
- <?php echo mo2f_lt( 'How would you like to authenticate yourself?' ); ?>
268
- </h4>
269
- </div>
270
- <div class="mo2f_modal-body">
271
- <?php if ( $mo2f_forgotphone_enabled ) {
272
- if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
273
- <div id="otpMessage" class="mo2fa_display_message_frontend">
274
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
275
- </div>
276
- <?php } ?>
277
- <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
278
- <div class="mo2f_backup_options_div">
279
- <?php if ( $mo2f_email_as_backup_enabled ) { ?>
280
- <input type="radio" name="mo2f_selected_forgotphone_option"
281
- value="One Time Passcode over Email"
282
- checked="checked"/><?php echo mo2f_lt( 'Send a one time passcode to my registered email' ); ?>
283
- <br><br>
284
- <?php }
285
- if ( $mo2f_kba_as_backup_enabled ) { ?>
286
- <input type="radio" name="mo2f_selected_forgotphone_option"
287
- value="KBA"/><?php echo mo2f_lt( 'Answer your Security Questions (KBA)' ); ?>
288
- <?php } ?>
289
- <br><br>
290
- <input type="button" name="miniorange_validate_otp" value="<?php echo mo2f_lt( 'Continue' ); ?>" class="miniorange_validate_otp"
291
- onclick="mo2fselectforgotphoneoption();"/>
292
- </div>
293
- <?php mo2f_customize_logo();
294
- }
295
- ?>
296
- </div>
297
- </div>
298
- </div>
299
- </div>
300
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
301
- class="mo2f_display_none_forms">
302
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
303
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
304
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
305
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
306
- </form>
307
- <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
308
- <input type="hidden" name="mo2f_configured_2FA_method"/>
309
- <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
310
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' ); ?>"/>
311
- <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
312
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
313
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
314
- </form>
315
-
316
- <script>
317
- function mologinback() {
318
- jQuery('#mo2f_backto_mo_loginform').submit();
319
- }
320
-
321
- function mo2fselectforgotphoneoption() {
322
- var option = jQuery('input[name=mo2f_selected_forgotphone_option]:checked').val();
323
- document.getElementById("mo2f_challenge_forgotphone_form").elements[0].value = option;
324
- jQuery('#mo2f_challenge_forgotphone_form').submit();
325
- }
326
- </script>
327
- </body>
328
- </html>
329
- <?php }
330
-
331
- function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
332
- global $moWpnsUtility;
333
- $mo_wpns_config = new MoWpnsHandler();
334
- $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
335
- $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
336
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
337
- MO2f_Utility::mo2f_debug_file('Prompted KBA validation screen'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
338
- ?>
339
- <html>
340
- <head>
341
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
342
- <meta name="viewport" content="width=device-width, initial-scale=1">
343
- <?php
344
- echo_js_css_files(); ?>
345
- </head>
346
- <body>
347
- <div class="mo2f_modal" tabindex="-1" role="dialog">
348
- <div class="mo2f-modal-backdrop"></div>
349
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
350
- <div class="login mo_customer_validation-modal-content">
351
- <div class="mo2f_modal-header">
352
- <h4 class="mo2f_modal-title">
353
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
354
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
355
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
356
- <?php
357
- echo mo2f_lt( 'Validate Security Questions' ); ?>
358
- </h4>
359
- </div>
360
- <div class="mo2f_modal-body">
361
- <div id="kbaSection" class="kbaSectiondiv">
362
- <div id="otpMessage">
363
- <p style="font-size:13px;"
364
- class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? $login_message : __( 'Please answer the following questions:' ); ?></p>
365
- </div>
366
- <form name="f" id="mo2f_submitkba_loginform" method="post">
367
- <div id="mo2f_kba_content">
368
- <p style="font-size:15px;">
369
- <?php $kba_questions = $cookievalue;
370
- echo $kba_questions[0]['question']; ?><br>
371
- <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
372
- required="true" autofocus="true"
373
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
374
- title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
375
- autocomplete="off"><br>
376
- <?php echo $kba_questions[1]['question']; ?><br>
377
- <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
378
- required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
379
- title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
380
- autocomplete="off">
381
-
382
- </p>
383
- </div>
384
- <?php if ( $mo2f_login_option && $mo2f_remember_device_enabled ) {
385
- ?>
386
- <span class="mo2f_rememberdevice">
387
- <input type="checkbox" name="mo2f_trust_device" class="mo2f_trust_device"
388
- id="mo2f_trust_device"/><?php echo mo2f_lt( 'Remember this device.' ); ?>
389
- </span>
390
- <br>
391
- <br>
392
- <?php
393
- }
394
- ?>
395
- <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate"
396
- class="miniorange_kba_validate" style="float:left;"
397
- value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
398
- <input type="hidden" name="miniorange_kba_nonce"
399
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-kba-nonce' ); ?>"/>
400
- <input type="hidden" name="option"
401
- value="miniorange_kba_validate"/>
402
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
403
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
404
- </form>
405
- <br>
406
- </div><br>
407
- <?php
408
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
409
- <div>
410
- <a href="#mo2f_backup_generate">
411
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
412
- </a>
413
- </div>
414
- <?php }else{ ?>
415
- <div>
416
- <a href="#mo2f_backup_option">
417
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
418
- </a>
419
- </div>
420
- <?php }
421
- ?>
422
- <div style="padding:10px;">
423
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
424
- </div>
425
-
426
- <?php
427
- mo2f_customize_logo();
428
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
429
- ?>
430
-
431
- </div>
432
- </div>
433
- </div>
434
- </div>
435
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
436
- class="mo2f_display_none_forms">
437
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
438
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
439
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
440
- </form>
441
-
442
- <script>
443
- function mologinback() {
444
- jQuery('#mo2f_backto_mo_loginform').submit();
445
- }
446
- var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
447
- if(is_ajax){
448
- jQuery('#mo2f_answer_1').keypress(function (e) {
449
- if (e.which == 13) {//Enter key pressed
450
- e.preventDefault();
451
- mo2f_kba_ajax();
452
- }
453
- });
454
- jQuery('#mo2f_answer_2').keypress(function (e) {
455
- if (e.which == 13) {//Enter key pressed
456
- e.preventDefault();
457
- mo2f_kba_ajax();
458
- }
459
- });
460
- jQuery("#miniorange_kba_validate").click(function(e){
461
- e.preventDefault();
462
- mo2f_kba_ajax();
463
- });
464
-
465
- function mo2f_kba_ajax(){
466
- jQuery('#mo2f_answer_1').prop('disabled','true');
467
- jQuery('#mo2f_answer_2').prop('disabled','true');
468
- jQuery('#miniorange_kba_validate').prop('disabled','true');
469
- var data = {
470
- "action" : "mo2f_ajax",
471
- "mo2f_ajax_option" : "mo2f_ajax_kba",
472
- "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
473
- "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
474
- "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
475
- "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
476
- "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
477
- "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
478
- };
479
- jQuery.post(my_ajax_object.ajax_url, data, function(response) {
480
- if ( typeof response.data === "undefined") {
481
- jQuery("html").html(response);
482
- }
483
- else
484
- location.href = response.data.redirect;
485
- });
486
- }
487
- }
488
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
489
- jQuery('#mo2f_backup').submit();
490
- });
491
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
492
- jQuery('#mo2f_create_backup_codes').submit();
493
- });
494
- </script>
495
- </body>
496
-
497
- </html>
498
- <?php
499
- }
500
-
501
- function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
502
- ?>
503
- <html>
504
- <head> <meta charset="utf-8"/>
505
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
506
- <meta name="viewport" content="width=device-width, initial-scale=1">
507
- <?php
508
- echo_js_css_files(); ?>
509
- </head>
510
- <body>
511
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
512
- <div class="mo2f-modal-backdrop"></div>
513
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
514
- <div class="login mo_customer_validation-modal-content">
515
- <div class="mo2f_modal-header">
516
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
517
- <?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
518
- </h4>
519
- </div>
520
- <div class="mo2f_modal-body">
521
- <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
522
- <div id="otpMessage" >
523
-
524
- <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
525
- </div>
526
- <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
527
- <div id="mo2f_kba_content">
528
- <p style="font-size:15px;">
529
- <input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
530
- </p>
531
- </div>
532
- <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
533
- <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
534
- <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
535
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
536
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
537
- </form>
538
- </br>
539
- </div>
540
- <br /><br /><br />
541
- <?php mo2f_customize_logo() ?>
542
- </div>
543
- </div>
544
- </div>
545
- </div>
546
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
547
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
548
- </form>
549
- </body>
550
- <script>
551
- function mologinback(){
552
- jQuery('#mo2f_backto_mo_loginform').submit();
553
- }
554
- </script>
555
- </html>
556
- <?php
557
- }
558
-
559
- function mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id ){
560
-
561
- $mo_wpns_config = new MoWpnsHandler();
562
-
563
- global $Mo2fdbQueries,$txid,$moWpnsUtility;
564
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
565
- $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
566
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
567
- $mo2f_EV_txid = get_user_meta($user_id,'mo2f_EV_txid',true);
568
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
569
-
570
- $current_user = get_user_by('id',$user_id);
571
- MO2f_Utility::mo2f_debug_file('Waiting for duo push notification validation'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
572
- update_user_meta($user_id,'current_user_email',$current_user->user_email);
573
-
574
-
575
- ?>
576
-
577
- <html>
578
- <head>
579
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
580
- <meta name="viewport" content="width=device-width, initial-scale=1">
581
- <?php
582
- echo_js_css_files(); ?>
583
- </head>
584
- <body>
585
- <div class="mo2f_modal" tabindex="-1" role="dialog">
586
- <div class="mo2f-modal-backdrop"></div>
587
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
588
- <div class="login mo_customer_validation-modal-content">
589
- <div class="mo2f_modal-header">
590
- <h4 class="mo2f_modal-title">
591
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
592
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
593
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
594
- <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
595
- </div>
596
- <div class="mo2f_modal-body">
597
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
598
- <div id="otpMessage">
599
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
600
- </div>
601
- <?php } ?>
602
- <div id="pushSection">
603
-
604
- <div>
605
- <center>
606
- <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
607
- </center>
608
- </div>
609
- <div id="showPushImage">
610
- <center>
611
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
612
- </center>
613
- </div>
614
-
615
-
616
- <span style="padding-right:2%;">
617
- <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
618
- <center>
619
- <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
620
- <input type="button" name="miniorange_login_forgotphone"
621
- onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
622
- class="miniorange_login_forgotphone"
623
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
624
- <?php } ?>
625
- &emsp;&emsp;
626
-
627
- </center>
628
- <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
629
- <center>
630
- <a href="#mo2f_alternate_login_kba">
631
- <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive push nitification?' ); ?></p>
632
- </a>
633
- </center>
634
- <?php } ?>
635
- </span>
636
- <center>
637
- <?php
638
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
639
- <div>
640
- <a href="#mo2f_backup_generate">
641
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
642
- </a>
643
- </div>
644
- <?php }else{ ?>
645
- <div>
646
- <a href="#mo2f_backup_option">
647
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
648
- </a>
649
- </div>
650
- <?php }
651
- ?>
652
- <div style="padding:10px;">
653
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
654
- </div>
655
- </center>
656
- </div>
657
-
658
- <?php
659
- mo2f_customize_logo();
660
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
661
- ?>
662
- </div>
663
- </div>
664
- </div>
665
- </div>
666
- <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
667
- class="mo2f_display_none_forms">
668
- <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
669
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' ); ?>"/>
670
- <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
671
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
672
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
673
- <input type="hidden" name="currentMethod" value="emailVer"/>
674
-
675
- </form>
676
- <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
677
- <input type="hidden" name="miniorange_duo_push_validation_nonce"
678
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' ); ?>"/>
679
- <input type="hidden" name="option" value="miniorange_duo_push_validation">
680
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
681
- <input type="hidden" name="tx_type"/>
682
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
683
- <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
684
-
685
- </form>
686
-
687
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
688
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
689
- <input type="hidden" name="miniorange_forgotphone"
690
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
691
- <input type="hidden" name="option" value="miniorange_forgotphone">
692
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
693
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
694
- </form>
695
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
696
- <input type="hidden" name="miniorange_alternate_login_kba_nonce"
697
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
698
- <input type="hidden" name="option" value="miniorange_alternate_login_kba">
699
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
700
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
701
- </form>
702
-
703
- <script>
704
- var timeout;
705
-
706
- pollPushValidation();
707
- function pollPushValidation()
708
- {
709
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
710
- var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
711
- var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
712
- var data={
713
- 'action':'mo2f_duo_ajax_request',
714
- 'call_type':'check_duo_push_auth_status',
715
- 'session_id_encrypt': session_id_encrypt,
716
- 'nonce' : nonce,
717
-
718
-
719
- };
720
-
721
- jQuery.post(ajax_url, data, function(response){
722
-
723
-
724
- if (response == 'SUCCESS') {
725
- jQuery('#mo2f_duo_push_validation_form').submit();
726
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
727
- jQuery('#mo2f_backto_duo_mo_loginform').submit();
728
- } else {
729
- timeout = setTimeout(pollMobileValidation, 3000);
730
- }
731
-
732
- });
733
- }
734
-
735
-
736
-
737
-
738
-
739
-
740
- function mologinforgotphone() {
741
- jQuery('#mo2f_show_forgotphone_loginform').submit();
742
- }
743
-
744
- function mologinback() {
745
- jQuery('#mo2f_backto_duo_mo_loginform').submit();
746
- }
747
-
748
- jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
749
- jQuery('#mo2f_alternate_login_kbaform').submit();
750
- });
751
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
752
- jQuery('#mo2f_backup').submit();
753
- });
754
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
755
- jQuery('#mo2f_create_backup_codes').submit();
756
- });
757
-
758
- </script>
759
- </body>
760
- </html>
761
-
762
- <?php
763
- }
764
-
765
- function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
766
-
767
- $mo_wpns_config = new MoWpnsHandler();
768
- global $Mo2fdbQueries,$txid,$moWpnsUtility;
769
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
770
- $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
771
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
772
- $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
773
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
774
- MO2f_Utility::mo2f_debug_file('Waiting for push notification validation '.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
775
- ?>
776
- <html>
777
- <head>
778
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
779
- <meta name="viewport" content="width=device-width, initial-scale=1">
780
- <?php
781
- echo_js_css_files(); ?>
782
- </head>
783
- <body>
784
- <div class="mo2f_modal" tabindex="-1" role="dialog">
785
- <div class="mo2f-modal-backdrop"></div>
786
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
787
- <div class="login mo_customer_validation-modal-content">
788
- <div class="mo2f_modal-header">
789
- <h4 class="mo2f_modal-title">
790
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
791
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
792
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
793
- <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
794
- </div>
795
- <div class="mo2f_modal-body">
796
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
797
- <div id="otpMessage">
798
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
799
- </div>
800
- <?php } ?>
801
- <div id="pushSection">
802
-
803
- <div>
804
- <center>
805
- <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
806
- </center>
807
- </div>
808
- <div id="showPushImage">
809
- <center>
810
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
811
- </center>
812
- </div>
813
-
814
-
815
- <span style="padding-right:2%;">
816
- <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
817
- <center>
818
- <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
819
- <input type="button" name="miniorange_login_forgotphone"
820
- onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
821
- class="miniorange_login_forgotphone"
822
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
823
- <?php } ?>
824
- &emsp;&emsp;
825
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
826
- id="miniorange_login_offline" class="miniorange_login_offline"
827
- value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
828
- </center>
829
- <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
830
- <center>
831
- <a href="#mo2f_alternate_login_kba">
832
- <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive mail?' ); ?></p>
833
- </a>
834
- </center>
835
- <?php } ?>
836
- </span>
837
- <center>
838
- <?php
839
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
840
- <div>
841
- <a href="#mo2f_backup_generate">
842
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
843
- </a>
844
- </div>
845
- <?php }else{ ?>
846
- <div>
847
- <a href="#mo2f_backup_option">
848
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
849
- </a>
850
- </div>
851
- <?php }
852
- ?>
853
- <div style="padding:10px;">
854
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
855
- </div>
856
- </center>
857
- </div>
858
-
859
- <?php
860
- mo2f_customize_logo();
861
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
862
- ?>
863
- </div>
864
- </div>
865
- </div>
866
- </div>
867
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
868
- class="mo2f_display_none_forms">
869
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
870
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
871
- <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
872
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
873
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
874
- <input type="hidden" name="currentMethod" value="emailVer"/>
875
-
876
- </form>
877
- <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
878
- <input type="hidden" name="miniorange_mobile_validation_nonce"
879
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
880
- <input type="hidden" name="option" value="miniorange_mobile_validation">
881
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
882
- <input type="hidden" name="tx_type"/>
883
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
884
- <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
885
-
886
- </form>
887
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
888
- <input type="hidden" name="miniorange_softtoken"
889
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
890
- <input type="hidden" name="option" value="miniorange_softtoken">
891
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
892
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
893
- </form>
894
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
895
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
896
- <input type="hidden" name="miniorange_forgotphone"
897
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
898
- <input type="hidden" name="option" value="miniorange_forgotphone">
899
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
900
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
901
- </form>
902
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
903
- <input type="hidden" name="miniorange_alternate_login_kba_nonce"
904
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
905
- <input type="hidden" name="option" value="miniorange_alternate_login_kba">
906
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
907
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
908
- </form>
909
-
910
- <script>
911
- var timeout;
912
- var login_status = '<?php echo $login_status;?>';
913
- var calls = 0;
914
- var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
915
-
916
- if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
917
- {
918
- pollPushValidation();
919
- function pollPushValidation()
920
- { calls = calls + 1;
921
- var data = {'txid':'<?php echo $mo2f_EV_txid;?>'};
922
- jQuery.ajax({
923
- url: '<?php echo get_site_option("siteurl"); ?>'+"/wp-login.php",
924
- type: "POST",
925
- data: data,
926
- success: function (result) {
927
-
928
- var status = result;
929
- if (status == 1) {
930
- jQuery('input[name="tx_type"]').val("EV");
931
- jQuery('#mo2f_mobile_validation_form').submit();
932
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
933
- jQuery('#mo2f_backto_mo_loginform').submit();
934
- } else {
935
- if(calls<300)
936
- {
937
- timeout = setTimeout(pollPushValidation, 1000);
938
- }
939
- else
940
- {
941
- jQuery('#mo2f_backto_mo_loginform').submit();
942
- }
943
- }
944
- }
945
- });
946
- }
947
-
948
-
949
- }
950
- else
951
- {
952
- pollPushValidation();
953
- function pollPushValidation() {
954
- var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
955
- var jsonString = "{\"txId\":\"" + transId + "\"}";
956
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
957
-
958
- jQuery.ajax({
959
- url: postUrl,
960
- type: "POST",
961
- dataType: "json",
962
- data: jsonString,
963
- contentType: "application/json; charset=utf-8",
964
- success: function (result) {
965
- var status = JSON.parse(JSON.stringify(result)).status;
966
- if (status == 'SUCCESS') {
967
- jQuery('input[name="tx_type"]').val("PN");
968
- jQuery('#mo2f_mobile_validation_form').submit();
969
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
970
- jQuery('#mo2f_backto_mo_loginform').submit();
971
- } else {
972
- timeout = setTimeout(pollPushValidation, 3000);
973
- }
974
- }
975
- });
976
- }
977
- }
978
-
979
- function mologinoffline() {
980
- jQuery('#mo2f_show_softtoken_loginform').submit();
981
- }
982
-
983
- function mologinforgotphone() {
984
- jQuery('#mo2f_show_forgotphone_loginform').submit();
985
- }
986
-
987
- function mologinback() {
988
- jQuery('#mo2f_backto_mo_loginform').submit();
989
- }
990
-
991
- jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
992
- jQuery('#mo2f_alternate_login_kbaform').submit();
993
- });
994
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
995
- jQuery('#mo2f_backup').submit();
996
- });
997
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
998
- jQuery('#mo2f_create_backup_codes').submit();
999
- });
1000
-
1001
- </script>
1002
- </body>
1003
- </html>
1004
- <?php
1005
- }
1006
-
1007
- function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
1008
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1009
- $mo_wpns_config = new MoWpnsHandler();
1010
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1011
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1012
- ?>
1013
- <html>
1014
- <head>
1015
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1016
- <meta name="viewport" content="width=device-width, initial-scale=1">
1017
- <?php
1018
- echo_js_css_files(); ?>
1019
- </head>
1020
- <body>
1021
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1022
- <div class="mo2f-modal-backdrop"></div>
1023
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1024
- <div class="login mo_customer_validation-modal-content">
1025
- <div class="mo2f_modal-header">
1026
- <h4 class="mo2f_modal-title">
1027
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1028
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1029
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1030
- <?php echo mo2f_lt( 'Scan QR Code' ); ?></h4>
1031
- </div>
1032
- <div class="mo2f_modal-body center">
1033
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1034
- <div id="otpMessage">
1035
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1036
- </div>
1037
- <br>
1038
- <?php } ?>
1039
- <div id="scanQRSection">
1040
- <div style="margin-bottom:10%;">
1041
- <center>
1042
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Identify yourself by scanning the QR code with miniOrange Authenticator app.' ); ?></p>
1043
- </center>
1044
- </div>
1045
- <div id="showQrCode" style="margin-bottom:10%;">
1046
- <center><?php echo '<img src="data:image/jpg;base64,' . $qrCode . '" />'; ?></center>
1047
- </div>
1048
- <span style="padding-right:2%;">
1049
- <center>
1050
- <?php if ( ! $mo2f_is_new_customer ) { ?>
1051
- <?php if ( $mo2f_enable_forgotphone ) { ?>
1052
- <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1053
- id="miniorange_login_forgotphone" class="miniorange_login_forgotphone"
1054
- style="margin-right:5%;"
1055
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
1056
- <?php } ?>
1057
- &emsp;&emsp;
1058
- <?php } ?>
1059
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
1060
- id="miniorange_login_offline" class="miniorange_login_offline"
1061
- value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
1062
- </center>
1063
- </span>
1064
- <?php
1065
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1066
- <div>
1067
- <a href="#mo2f_backup_generate">
1068
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1069
- </a>
1070
- </div>
1071
- <?php }else{ ?>
1072
- <div>
1073
- <a href="#mo2f_backup_option">
1074
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1075
- </a>
1076
- </div>
1077
- <?php }
1078
- ?>
1079
- <div style="padding:10px;">
1080
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1081
- </div>
1082
- </div>
1083
- <?php
1084
- mo2f_customize_logo();
1085
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1086
- ?>
1087
- </div>
1088
- </div>
1089
- </div>
1090
- </div>
1091
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1092
- class="mo2f_display_none_forms">
1093
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1094
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1095
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1096
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1097
- </form>
1098
- <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1099
- <input type="hidden" name="miniorange_mobile_validation_nonce"
1100
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
1101
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1102
- <input type="hidden" name="option" value="miniorange_mobile_validation">
1103
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1104
- </form>
1105
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1106
- <input type="hidden" name="miniorange_softtoken"
1107
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
1108
- <input type="hidden" name="option" value="miniorange_softtoken">
1109
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1110
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1111
- </form>
1112
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1113
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1114
- <input type="hidden" name="miniorange_forgotphone"
1115
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1116
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1117
- <input type="hidden" name="option" value="miniorange_forgotphone">
1118
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1119
- </form>
1120
-
1121
- <script>
1122
- var timeout;
1123
- pollMobileValidation();
1124
-
1125
- function pollMobileValidation() {
1126
- var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1127
- var jsonString = "{\"txId\":\"" + transId + "\"}";
1128
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
1129
- jQuery.ajax({
1130
- url: postUrl,
1131
- type: "POST",
1132
- dataType: "json",
1133
- data: jsonString,
1134
- contentType: "application/json; charset=utf-8",
1135
- success: function (result) {
1136
- var status = JSON.parse(JSON.stringify(result)).status;
1137
- if (status == 'SUCCESS') {
1138
- var content = "<div id='success'><center><img src='" + "<?php echo plugins_url( 'includes/images/right.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1139
- jQuery("#showQrCode").empty();
1140
- jQuery("#showQrCode").append(content);
1141
- setTimeout(function () {
1142
- jQuery("#mo2f_mobile_validation_form").submit();
1143
- }, 100);
1144
- } else if (status == 'ERROR' || status == 'FAILED') {
1145
- var content = "<div id='error'><center><img src='" + "<?php echo plugins_url( 'includes/images/wrong.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1146
- jQuery("#showQrCode").empty();
1147
- jQuery("#showQrCode").append(content);
1148
- setTimeout(function () {
1149
- jQuery('#mo2f_backto_mo_loginform').submit();
1150
- }, 1000);
1151
- } else {
1152
- timeout = setTimeout(pollMobileValidation, 3000);
1153
- }
1154
- }
1155
- });
1156
- }
1157
-
1158
- function mologinoffline() {
1159
- jQuery('#mo2f_show_softtoken_loginform').submit();
1160
- }
1161
-
1162
- function mologinforgotphone() {
1163
- jQuery('#mo2f_show_forgotphone_loginform').submit();
1164
- }
1165
-
1166
- function mologinback() {
1167
- jQuery('#mo2f_backto_mo_loginform').submit();
1168
- }
1169
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
1170
- jQuery('#mo2f_backup').submit();
1171
- });
1172
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1173
- jQuery('#mo2f_create_backup_codes').submit();
1174
- });
1175
-
1176
- </script>
1177
- </body>
1178
- </html>
1179
- <?php
1180
- }
1181
-
1182
- function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ,$mo2fa_transaction_id = null ) {
1183
- global $Mo2fdbQueries,$moWpnsUtility;
1184
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1185
- $mo_wpns_config = new MoWpnsHandler();
1186
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1187
- $attempts = get_option('mo2f_attempts_before_redirect', 3);
1188
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1189
- $mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
1190
-
1191
- MO2f_Utility::mo2f_debug_file('Prompted 2fa validation screen '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1192
- ?>
1193
- <html>
1194
- <head>
1195
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1196
- <meta name="viewport" content="width=device-width, initial-scale=1">
1197
- <?php
1198
- echo_js_css_files();
1199
- ?>
1200
- </head>
1201
- <body>
1202
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1203
- <div class="mo2f-modal-backdrop"></div>
1204
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1205
- <div class="login mo_customer_validation-modal-content">
1206
- <div class="mo2f_modal-header">
1207
- <h4 class="mo2f_modal-title">
1208
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1209
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1210
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1211
- <?php echo mo2f_lt( 'Validate OTP' ); ?>
1212
- </h4>
1213
- </div>
1214
- <div class="mo2f_modal-body center">
1215
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1216
- <div id="otpMessage">
1217
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1218
- </div>
1219
- <?php } ?><br><?php
1220
- ?>
1221
- <span><b>Attempts left</b>:</span> <?php echo $attempts;?><br>
1222
- <?php if($attempts==1){?>
1223
- <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1224
- <?php }?>
1225
- <br>
1226
- <div id="showOTP">
1227
- <div class="mo2f-login-container">
1228
- <form name="f" id="mo2f_submitotp_loginform" method="post">
1229
- <center>
1230
- <input type="text" name="mo2fa_softtoken" style="height:28px !important;"
1231
- placeholder="<?php echo mo2f_lt( 'Enter code' ); ?>"
1232
- id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true"
1233
- pattern="[0-9]{4,8}"
1234
- title="<?php echo mo2f_lt( 'Only digits within range 4-8 are allowed.' ); ?>"/>
1235
- </center>
1236
- <br>
1237
- <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
1238
- class="miniorange_otp_token_submit"
1239
- value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
1240
- <?php
1241
-
1242
- if($show_back_button == 1)
1243
- {
1244
- ?>
1245
- <input type="button" name="miniorange_otp_token_back" id="miniorange_otp_token_back"
1246
- class="miniorange_otp_token_submit"
1247
- value="<?php echo mo2f_lt( 'Back' ); ?>"/>
1248
- <?php
1249
- }
1250
- ?>
1251
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1252
- <input type="hidden" name="miniorange_soft_token_nonce"
1253
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
1254
- <input type="hidden" name="option" value="miniorange_soft_token">
1255
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1256
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1257
- <?php if($mo2fa_transaction_id!=null){ ?>
1258
- <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1259
- <?php }?>
1260
- </form>
1261
- <?php
1262
- $Kbaset = get_user_meta( $user_id ,'Security Questions' );
1263
- if ( ! $mo2f_is_new_customer ) { ?>
1264
- <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
1265
- <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1266
- id="miniorange_login_forgotphone"
1267
- class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
1268
- <?php } ?>
1269
- <?php }
1270
- if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1271
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1272
- <div>
1273
- <a href="#mo2f_backup_generate">
1274
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1275
- </a>
1276
- </div>
1277
- <?php }else{ ?>
1278
- <div>
1279
- <a href="#mo2f_backup_option">
1280
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1281
- </a>
1282
- </div>
1283
- <?php }
1284
- ?>
1285
-
1286
- <div style="padding:10px;">
1287
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1288
- </div>
1289
- <?php } ?>
1290
- </div>
1291
- </div>
1292
- </center>
1293
- <?php
1294
- mo2f_customize_logo();
1295
- if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1296
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1297
- }
1298
- ?>
1299
- </div>
1300
- </div>
1301
- </div>
1302
- </div>
1303
-
1304
- <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo wp_login_url(); ?>"
1305
- class="mo2f_display_none_forms">
1306
- <input type="hidden" name="miniorange_back_inline_reg_nonce"
1307
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
1308
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1309
- <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1310
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1311
-
1312
- </form>
1313
-
1314
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1315
- class="mo2f_display_none_forms">
1316
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1317
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1318
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1319
- </form>
1320
-
1321
- <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1322
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1323
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1324
- <input type="hidden" name="miniorange_forgotphone"
1325
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1326
- <input type="hidden" name="option" value="miniorange_forgotphone">
1327
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1328
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1329
- </form>
1330
-
1331
- <?php } ?>
1332
-
1333
- <script>
1334
- jQuery('#miniorange_otp_token_back').click(function(){
1335
- jQuery('#mo2f_backto_inline_registration').submit();
1336
- });
1337
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
1338
- jQuery('#mo2f_backup').submit();
1339
- });
1340
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1341
- jQuery('#mo2f_create_backup_codes').submit();
1342
- });
1343
-
1344
- function mologinback() {
1345
- jQuery('#mo2f_backto_mo_loginform').submit();
1346
- }
1347
-
1348
- function mologinforgotphone() {
1349
- jQuery('#mo2f_show_forgotphone_loginform').submit();
1350
- }
1351
- var is_ajax = '<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>';
1352
- if(is_ajax){
1353
- jQuery('#mo2fa_softtoken').keypress(function (e) {
1354
- if (e.which == 13) {//Enter key pressed
1355
- e.preventDefault();
1356
- mo2f_otp_ajax();
1357
- }
1358
- });
1359
- jQuery("#miniorange_otp_token_submit").click(function(e){
1360
- e.preventDefault();
1361
- mo2f_otp_ajax();
1362
- });
1363
-
1364
- function mo2f_otp_ajax(){
1365
- jQuery('#mo2fa_softtoken').prop('disabled','true');
1366
- jQuery('#miniorange_otp_token_submit').prop('disabled','true');
1367
- var data = {
1368
- "action" : "mo2f_ajax",
1369
- "mo2f_ajax_option" : "mo2f_ajax_otp",
1370
- "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
1371
- "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
1372
- "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
1373
- "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
1374
- "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
1375
- };
1376
- jQuery.post(my_ajax_object.ajax_url, data, function(response) {
1377
- if(typeof response.data === "undefined")
1378
- jQuery("html").html(response);
1379
- else if(response.data.reload)
1380
- location.reload( true );
1381
- else
1382
- location.href = response.data.redirect;
1383
- });
1384
- }
1385
- }
1386
- </script>
1387
- </body>
1388
- </html>
1389
- <?php
1390
- }
1391
-
1392
-
1393
- function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1394
- ?>
1395
- <html>
1396
- <head>
1397
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1398
- <meta name="viewport" content="width=device-width, initial-scale=1">
1399
- <?php
1400
- echo_js_css_files();
1401
- ?>
1402
- </head>
1403
- <body>
1404
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1405
- <div class="mo2f-modal-backdrop"></div>
1406
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1407
- <div class="login mo_customer_validation-modal-content">
1408
- <div class="mo2f_modal-header">
1409
- <h4 class="mo2f_modal-title">
1410
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1411
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1412
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1413
-
1414
- <?php echo mo2f_lt( 'Remember Device' ); ?>
1415
- </h4>
1416
- </div>
1417
- <div class="mo2f_modal-body center">
1418
- <div id="mo2f_device_content">
1419
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Do you want to remember this device?' ); ?></p>
1420
- <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();"
1421
- id="miniorange_trust_device_yes" class="mo_green" style="margin-right:5%;"
1422
- value="<?php echo mo2f_lt( 'Yes' ); ?>"/>
1423
- <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();"
1424
- id="miniorange_trust_device_no" class="mo_red"
1425
- value="<?php echo mo2f_lt( 'No' ); ?>"/>
1426
- </div>
1427
- <div id="showLoadingBar" hidden>
1428
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1429
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
1430
- </div>
1431
- <br><br>
1432
- <span>
1433
- <?php echo mo2f_lt( 'Click on ' ); ?>
1434
- <i><b><?php echo mo2f_lt( 'Yes' ); ?></b></i><?php echo mo2f_lt( 'if this is your personal device.' ); ?>
1435
- <br>
1436
- <?php echo mo2f_lt( 'Click on ' ); ?>
1437
- <i><b><?php echo mo2f_lt( 'No ' ); ?></b></i> <?php echo mo2f_lt( 'if this is a public device.' ); ?>
1438
- </span><br><br>
1439
- <?php mo2f_customize_logo() ?>
1440
- </div>
1441
- </div>
1442
- </div>
1443
- </div>
1444
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1445
- class="mo2f_display_none_forms">
1446
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1447
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1448
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1449
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1450
- </form>
1451
- <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1452
- <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1453
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' ); ?>"/>
1454
- <input type="hidden" name="option" value="miniorange_rba_validate">
1455
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1456
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1457
- </form>
1458
- <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1459
- <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1460
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' ); ?>"/>
1461
- <input type="hidden" name="option" value="miniorange_rba_cancle">
1462
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1463
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1464
- </form>
1465
- <script>
1466
- function mologinback() {
1467
- jQuery('#mo2f_backto_mo_loginform').submit();
1468
- }
1469
-
1470
- function mo_check_device_confirm() {
1471
- jQuery('#mo2f_device_content').css("display", "none");
1472
- jQuery('#showLoadingBar').css("display", "block");
1473
- jQuery('#mo2f_trust_device_confirm_form').submit();
1474
- }
1475
-
1476
- function mo_check_device_cancel() {
1477
- jQuery('#mo2f_device_content').css("display", "none");
1478
- jQuery('#showLoadingBar').css("display", "block");
1479
- jQuery('#mo2f_trust_device_cancel_form').submit();
1480
- }
1481
- </script>
1482
- </body>
1483
- </html>
1484
- <?php }
1485
-
1486
- function mo2f_customize_logo() { ?>
1487
- <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1488
- alt="logo"
1489
- src="<?php echo plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__))); ?>"/></a></div>
1490
-
1491
- <?php }
1492
-
1493
- function echo_js_css_files() {
1494
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1495
- echo '<script src="' . plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__)) ) . '" ></script>';
1496
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
1497
- }
1498
-
1499
- function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1500
- global $Mo2fdbQueries;
1501
- if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
1502
- $encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
1503
- $key = get_option( 'mo2f_encryption_key' );
1504
- $codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
1505
- $codes = explode(",", $codes_string);
1506
- delete_user_meta($id, 'chqwetcsdvnvd');
1507
- $result = true;
1508
- }else{
1509
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1510
- if(empty($mo2f_user_email)){
1511
- $currentuser = get_user_by( 'id', $id );
1512
- $mo2f_user_email = $currentuser->user_email;
1513
- }
1514
- $generate_backup_code = new Customer_Cloud_Setup();
1515
- $codes = $generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
1516
-
1517
- if($codes != 'DBConnectionIssue' && $codes != 'UnableToFetchData' && $codes != 'UserLimitReached' && $codes != 'ERROR' && $codes != 'LimitReached' && $codes != 'AllUsed' && $codes != 'invalid_request' ){
1518
- $codes = explode(' ', $codes);
1519
- $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1520
- update_user_meta($id, 'mo_backup_code_generated', 1);
1521
- $code_generated = 'code_generation_successful';
1522
- }else{
1523
- $code_generated = 'code_generation_failed';
1524
- update_user_meta($id, 'error_during_code_generation',$codes);
1525
- }
1526
-
1527
-
1528
- }
1529
- update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1530
- ?>
1531
- <html>
1532
- <head> <meta charset="utf-8"/>
1533
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1534
- <meta name="viewport" content="width=device-width, initial-scale=1">
1535
- <?php
1536
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1537
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) . '" ></script>';
1538
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
1539
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))) . '" />';
1540
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))) . '" />';
1541
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))) . '" />';
1542
- ?>
1543
- <style>
1544
- .mo2f_kba_ques, .mo2f_table_textbox{
1545
- background: whitesmoke none repeat scroll 0% 0%;
1546
- }
1547
- </style>
1548
- </head>
1549
- <body>
1550
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1551
- <div class="mo2f-modal-backdrop"></div>
1552
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1553
- <div class="login mo_customer_validation-modal-content">
1554
- <div class="mo2f_modal-header">
1555
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1556
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1557
- </div>
1558
- <?php if($code_generated == 'code_generation_successful') { ?>
1559
- <div class="mo2f_modal-body center">
1560
-
1561
-
1562
- <h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
1563
-
1564
- <h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
1565
- <br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
1566
-
1567
- <h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
1568
- <br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
1569
- <?php ?>
1570
- <div>
1571
- <div style="display: inline-flex;width: 350px; ">
1572
- <div id="clipboard" style="border: solid;width: 55%;float: left;">
1573
- <?php
1574
- for ($x = 0; $x < sizeof($codes); $x++) {
1575
- $str = $codes[$x];
1576
- echo("<br>".$str." <br>");
1577
- }
1578
-
1579
- $str1="";
1580
- for ($x = 0; $x < sizeof($codes); $x++) {
1581
- $str = $codes[$x];
1582
- $str1.=$str;
1583
- if($x != 4){
1584
- $str1.=',';
1585
- }
1586
- }
1587
- ?>
1588
- </div>
1589
- <div style="width: 50%;float: right;">
1590
- <form name="f" method="post" id="mo2f_users_backup1" action="">
1591
- <input type="hidden" name="option" value="mo2f_users_backup1" />
1592
- <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1593
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1594
- <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1595
-
1596
- <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1597
- </form>
1598
- </div>
1599
-
1600
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1601
- <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1602
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1603
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1604
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1605
- <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1606
- </form>
1607
- </div>
1608
- </div>
1609
-
1610
- <?php
1611
- mo2f_customize_logo() ?>
1612
- </div>
1613
- <?php } else { ?>
1614
- <div style="text-align:center;">
1615
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1616
- <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1617
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1618
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1619
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1620
- <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1621
- </form>
1622
- </div>
1623
- <?php } ?>
1624
- </div>
1625
- </div>
1626
- </div>
1627
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1628
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1629
- </form>
1630
- </body>
1631
- <script>
1632
- function mologinback(){
1633
- jQuery('#mo2f_backto_mo_loginform').submit();
1634
- }
1635
- </script>
1636
- </html>
1637
- <?php
1638
-
1639
-
1640
- }
1641
-
1642
- function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1643
- ?>
1644
- <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1645
- <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1646
- <input type="hidden" name="option" value="miniorange_backup_nonce">
1647
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1648
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1649
- </form>
1650
- <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1651
- <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1652
- <input type="hidden" name="option" value="miniorange_create_backup_codes">
1653
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1654
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1655
- <input type="hidden" name="login_status" value="<?php echo $login_status; ?>" />
1656
- <input type="hidden" name="login_message" value="<?php echo $login_message; ?>" />
1657
- </form>
1658
- <?php
1659
- }
1660
-
1661
  ?>
1
+ <?php
2
+ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_to = null ) {
3
+ ?>
4
+ <html>
5
+ <head>
6
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
7
+ <meta name="viewport" content="width=device-width, initial-scale=1">
8
+ <?php
9
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
10
+ ?>
11
+ </head>
12
+ <body>
13
+ <div>
14
+ <form id="morba_loginform" method="post">
15
+ <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
17
+ <?php
18
+ if ( get_option( 'mo2f_remember_device' ) ) {
19
+ ?>
20
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
+ <?php
22
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
23
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
24
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
25
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
26
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
27
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
28
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
29
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
30
+ echo '<script src="' . plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ) . '" ></script>';
31
+ }
32
+ ?>
33
+ <input type="hidden" name="miniorange_attribute_collection_nonce"
34
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' ); ?>"/>
35
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
36
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
37
+ </form>
38
+ </div>
39
+ </body>
40
+ </html>
41
+ <?php
42
+ }
43
+ function mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encrypt,$redirect_to)
44
+ {
45
+ ?>
46
+ <html>
47
+ <head>
48
+ <meta charset="utf-8"/>
49
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
50
+ <meta name="viewport" content="width=device-width, initial-scale=1">
51
+ <?php
52
+ mo2f_inline_css_and_js();
53
+ ?>
54
+ </head>
55
+ <body>
56
+ <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
57
+ <div class="mo2f-modal-backdrop"></div>
58
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
59
+ <div class="login mo_customer_validation-modal-content">
60
+ <div class="mo2f_modal-header">
61
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
62
+
63
+ <?php echo __('Select 2 Factor method for authentication', 'miniorange-2-factor-authentication'); ?></h3>
64
+ </div>
65
+ <div class="mo2f_modal-body">
66
+ <?php
67
+ foreach ($configure_array_method as $key => $value)
68
+ {
69
+ echo'<span >
70
+ <label>
71
+ <input type="radio" name="mo2f_selected_mfactor_method" class ="mo2f-styled-radio_conf" value="'.$value.'"/>';
72
+ echo'<span class="mo2f-styled-radio-text_conf">';
73
+ echo __($value, 'miniorange-2-factor-authentication');
74
+ echo ' </span> </label>
75
+ <br>
76
+ <br>
77
+ </span>';
78
+
79
+ }
80
+
81
+ ?>
82
+
83
+ <?php mo2f_customize_logo() ?>
84
+ </div>
85
+ </div>
86
+ </div>
87
+ </div>
88
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
89
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
90
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
91
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
92
+ </form>
93
+ <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
94
+ <input type="hidden" name="mo2f_selected_mfactor_method" />
95
+ <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo wp_create_nonce('mo2f_miniorange-2factor-method-nonce'); ?>" />
96
+ <input type="hidden" name="option" value="miniorange_mfactor_method" />
97
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
98
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
99
+ </form>
100
+
101
+ <script>
102
+ function mologinback(){
103
+ jQuery('#mo2f_backto_mo_loginform').submit();
104
+ }
105
+ jQuery('input:radio[name=mo2f_selected_mfactor_method]').click(function() {
106
+ var selectedMethod = jQuery(this).val();
107
+ document.getElementById("mo2f_select_mfa_methods_form").elements[0].value = selectedMethod;
108
+ jQuery('#mo2f_select_mfa_methods_form').submit();
109
+ });
110
+
111
+ </script>
112
+ </body>
113
+ </html>
114
+ <?php
115
+ }
116
+ function miniorange_get_user_role( $user ) {
117
+ return $user->roles;
118
+ }
119
+
120
+ function redirect_user_to( $user, $redirect_to ) {
121
+ $roles = $user->roles;
122
+ $current_role = array_shift( $roles );
123
+ $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
124
+ if ( $current_role == 'administrator' ) {
125
+ $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
126
+ } else {
127
+ $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
128
+ }
129
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
130
+ $redirect = array(
131
+ 'redirect' => $redirectUrl,
132
+ ) ;
133
+
134
+ wp_send_json_success($redirect);
135
+ }
136
+ else
137
+ wp_redirect( $redirectUrl );
138
+ }
139
+
140
+
141
+ // used in shortcode addon
142
+
143
+ function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
144
+ if ( empty( $current_roles ) ) {
145
+ return 0;
146
+ }
147
+
148
+ foreach ( $current_roles as $value ) {
149
+ if ( get_option( 'mo2fa_' . $value ) ) {
150
+ return 1;
151
+ }
152
+ }
153
+
154
+ return 0;
155
+ }
156
+
157
+ function mo2f_register_profile( $email, $deviceKey, $mo2f_rba_status ) {
158
+
159
+ if ( isset( $deviceKey ) && $deviceKey == 'true' ) {
160
+ if ( $mo2f_rba_status['status'] == 'WAIT_FOR_INPUT' && $mo2f_rba_status['decision_flag'] ) {
161
+ $rba_profile = new Miniorange_Rba_Attributes();
162
+ //register profile
163
+ json_decode( $rba_profile->mo2f_register_rba_profile( $email, $mo2f_rba_status['sessionUuid'] ), true );
164
+
165
+ return true;
166
+ } else {
167
+ return false;
168
+ }
169
+ }
170
+
171
+ return false;
172
+ }
173
+
174
+ function mo2f_collect_attributes( $email, $attributes ) {
175
+ $mo2f_rba_status = array();
176
+ $mo2f_rba_status['decision_flag'] = false;
177
+ $mo2f_rba_status['sessionUuid'] = '';
178
+
179
+ if ( get_option( 'mo2f_remember_device' ) ) {
180
+ $rba_attributes = new Miniorange_Rba_Attributes();
181
+ //collect rba attributes
182
+ $rba_response = json_decode( $rba_attributes->mo2f_collect_attributes( $email, $attributes ), true );
183
+ if ( json_last_error() == JSON_ERROR_NONE ) {
184
+ //attributes are collected successfully
185
+ if ( $rba_response['status'] == 'SUCCESS' ) {
186
+ $sessionUuid = $rba_response['sessionUuid'];
187
+ // evaluate the rba risk
188
+ $rba_risk_response = json_decode( $rba_attributes->mo2f_evaluate_risk( $email, $sessionUuid ), true );
189
+
190
+ if ( json_last_error() == JSON_ERROR_NONE ) {
191
+ if ( $rba_risk_response['status'] == 'SUCCESS' || $rba_risk_response['status'] == 'WAIT_FOR_INPUT' ) {
192
+
193
+ $mo2f_rba_status['status'] = $rba_risk_response['status'];
194
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
195
+ $mo2f_rba_status['decision_flag'] = true;
196
+
197
+ } else {
198
+ $mo2f_rba_status['status'] = $rba_risk_response['status'];
199
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
200
+
201
+ }
202
+ } else {
203
+ $mo2f_rba_status['status'] = 'JSON_EVALUATE_ERROR';
204
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
205
+
206
+ }
207
+ } else {
208
+ $mo2f_rba_status['status'] = 'ATTR_NOT_COLLECTED';
209
+
210
+ }
211
+ } else {
212
+ $mo2f_rba_status['status'] = 'JSON_ATTR_NOT_COLLECTED';
213
+
214
+ }
215
+ } else {
216
+ $mo2f_rba_status['status'] = 'RBA_NOT_ENABLED';
217
+
218
+ }
219
+
220
+ return $mo2f_rba_status;
221
+ }
222
+
223
+ function mo2f_get_user_2ndfactor( $user ) {
224
+ global $Mo2fdbQueries;
225
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
226
+ $enduser = new Two_Factor_Setup();
227
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $mo2f_user_email ), true );
228
+ if ( json_last_error() == JSON_ERROR_NONE ) {
229
+ if ( $userinfo['status'] == 'ERROR' ) {
230
+ $mo2f_second_factor = 'NONE';
231
+ } else if ( $userinfo['status'] == 'SUCCESS' ) {
232
+ $mo2f_second_factor = $userinfo['authType'];
233
+ } else if ( $userinfo['status'] == 'FAILED' ) {
234
+ $mo2f_second_factor = 'USER_NOT_FOUND';
235
+ } else {
236
+ $mo2f_second_factor = 'NONE';
237
+ }
238
+ } else {
239
+ $mo2f_second_factor = 'NONE';
240
+ }
241
+
242
+ return $mo2f_second_factor;
243
+ }
244
+
245
+ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
246
+ $mo2f_forgotphone_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
247
+ $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
248
+ $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
249
+ ?>
250
+ <html>
251
+ <head>
252
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
253
+ <meta name="viewport" content="width=device-width, initial-scale=1">
254
+ <?php
255
+ echo_js_css_files(); ?>
256
+ </head>
257
+ <body>
258
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
259
+ <div class="mo2f-modal-backdrop"></div>
260
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
261
+ <div class="login mo_customer_validation-modal-content">
262
+ <div class="mo2f_modal-header">
263
+ <h4 class="mo2f_modal-title">
264
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
265
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
266
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
267
+ <?php echo mo2f_lt( 'How would you like to authenticate yourself?' ); ?>
268
+ </h4>
269
+ </div>
270
+ <div class="mo2f_modal-body">
271
+ <?php if ( $mo2f_forgotphone_enabled ) {
272
+ if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
273
+ <div id="otpMessage" class="mo2fa_display_message_frontend">
274
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
275
+ </div>
276
+ <?php } ?>
277
+ <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
278
+ <div class="mo2f_backup_options_div">
279
+ <?php if ( $mo2f_email_as_backup_enabled ) { ?>
280
+ <input type="radio" name="mo2f_selected_forgotphone_option"
281
+ value="One Time Passcode over Email"
282
+ checked="checked"/><?php echo mo2f_lt( 'Send a one time passcode to my registered email' ); ?>
283
+ <br><br>
284
+ <?php }
285
+ if ( $mo2f_kba_as_backup_enabled ) { ?>
286
+ <input type="radio" name="mo2f_selected_forgotphone_option"
287
+ value="KBA"/><?php echo mo2f_lt( 'Answer your Security Questions (KBA)' ); ?>
288
+ <?php } ?>
289
+ <br><br>
290
+ <input type="button" name="miniorange_validate_otp" value="<?php echo mo2f_lt( 'Continue' ); ?>" class="miniorange_validate_otp"
291
+ onclick="mo2fselectforgotphoneoption();"/>
292
+ </div>
293
+ <?php mo2f_customize_logo();
294
+ }
295
+ ?>
296
+ </div>
297
+ </div>
298
+ </div>
299
+ </div>
300
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
301
+ class="mo2f_display_none_forms">
302
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
303
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
304
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
305
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
306
+ </form>
307
+ <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
308
+ <input type="hidden" name="mo2f_configured_2FA_method"/>
309
+ <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
310
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' ); ?>"/>
311
+ <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
312
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
313
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
314
+ </form>
315
+
316
+ <script>
317
+ function mologinback() {
318
+ jQuery('#mo2f_backto_mo_loginform').submit();
319
+ }
320
+
321
+ function mo2fselectforgotphoneoption() {
322
+ var option = jQuery('input[name=mo2f_selected_forgotphone_option]:checked').val();
323
+ document.getElementById("mo2f_challenge_forgotphone_form").elements[0].value = option;
324
+ jQuery('#mo2f_challenge_forgotphone_form').submit();
325
+ }
326
+ </script>
327
+ </body>
328
+ </html>
329
+ <?php }
330
+
331
+ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
332
+ global $moWpnsUtility;
333
+ $mo_wpns_config = new MoWpnsHandler();
334
+ $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
335
+ $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
336
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
337
+ MO2f_Utility::mo2f_debug_file('Prompted KBA validation screen'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
338
+ ?>
339
+ <html>
340
+ <head>
341
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
342
+ <meta name="viewport" content="width=device-width, initial-scale=1">
343
+ <?php
344
+ echo_js_css_files(); ?>
345
+ </head>
346
+ <body>
347
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
348
+ <div class="mo2f-modal-backdrop"></div>
349
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
350
+ <div class="login mo_customer_validation-modal-content">
351
+ <div class="mo2f_modal-header">
352
+ <h4 class="mo2f_modal-title">
353
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
354
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
355
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
356
+ <?php
357
+ echo mo2f_lt( 'Validate Security Questions' ); ?>
358
+ </h4>
359
+ </div>
360
+ <div class="mo2f_modal-body">
361
+ <div id="kbaSection" class="kbaSectiondiv">
362
+ <div id="otpMessage">
363
+ <p style="font-size:13px;"
364
+ class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? $login_message : __( 'Please answer the following questions:' ); ?></p>
365
+ </div>
366
+ <form name="f" id="mo2f_submitkba_loginform" method="post">
367
+ <div id="mo2f_kba_content">
368
+ <p style="font-size:15px;">
369
+ <?php $kba_questions = $cookievalue;
370
+ echo $kba_questions[0]['question']; ?><br>
371
+ <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
372
+ required="true" autofocus="true"
373
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
374
+ title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
375
+ autocomplete="off"><br>
376
+ <?php echo $kba_questions[1]['question']; ?><br>
377
+ <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
378
+ required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
379
+ title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
380
+ autocomplete="off">
381
+
382
+ </p>
383
+ </div>
384
+ <?php if ( $mo2f_login_option && $mo2f_remember_device_enabled ) {
385
+ ?>
386
+ <span class="mo2f_rememberdevice">
387
+ <input type="checkbox" name="mo2f_trust_device" class="mo2f_trust_device"
388
+ id="mo2f_trust_device"/><?php echo mo2f_lt( 'Remember this device.' ); ?>
389
+ </span>
390
+ <br>
391
+ <br>
392
+ <?php
393
+ }
394
+ ?>
395
+ <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate"
396
+ class="miniorange_kba_validate" style="float:left;"
397
+ value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
398
+ <input type="hidden" name="miniorange_kba_nonce"
399
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-kba-nonce' ); ?>"/>
400
+ <input type="hidden" name="option"
401
+ value="miniorange_kba_validate"/>
402
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
403
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
404
+ </form>
405
+ <br>
406
+ </div><br>
407
+ <?php
408
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
409
+ <div>
410
+ <a href="#mo2f_backup_generate">
411
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
412
+ </a>
413
+ </div>
414
+ <?php }else{ ?>
415
+ <div>
416
+ <a href="#mo2f_backup_option">
417
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
418
+ </a>
419
+ </div>
420
+ <?php }
421
+ ?>
422
+ <div style="padding:10px;">
423
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
424
+ </div>
425
+
426
+ <?php
427
+ mo2f_customize_logo();
428
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
429
+ ?>
430
+
431
+ </div>
432
+ </div>
433
+ </div>
434
+ </div>
435
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
436
+ class="mo2f_display_none_forms">
437
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
438
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
439
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
440
+ </form>
441
+
442
+ <script>
443
+ function mologinback() {
444
+ jQuery('#mo2f_backto_mo_loginform').submit();
445
+ }
446
+ var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
447
+ if(is_ajax){
448
+ jQuery('#mo2f_answer_1').keypress(function (e) {
449
+ if (e.which == 13) {//Enter key pressed
450
+ e.preventDefault();
451
+ mo2f_kba_ajax();
452
+ }
453
+ });
454
+ jQuery('#mo2f_answer_2').keypress(function (e) {
455
+ if (e.which == 13) {//Enter key pressed
456
+ e.preventDefault();
457
+ mo2f_kba_ajax();
458
+ }
459
+ });
460
+ jQuery("#miniorange_kba_validate").click(function(e){
461
+ e.preventDefault();
462
+ mo2f_kba_ajax();
463
+ });
464
+
465
+ function mo2f_kba_ajax(){
466
+ jQuery('#mo2f_answer_1').prop('disabled','true');
467
+ jQuery('#mo2f_answer_2').prop('disabled','true');
468
+ jQuery('#miniorange_kba_validate').prop('disabled','true');
469
+ var data = {
470
+ "action" : "mo2f_ajax",
471
+ "mo2f_ajax_option" : "mo2f_ajax_kba",
472
+ "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
473
+ "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
474
+ "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
475
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
476
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
477
+ "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
478
+ };
479
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
480
+ if ( typeof response.data === "undefined") {
481
+ jQuery("html").html(response);
482
+ }
483
+ else
484
+ location.href = response.data.redirect;
485
+ });
486
+ }
487
+ }
488
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
489
+ jQuery('#mo2f_backup').submit();
490
+ });
491
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
492
+ jQuery('#mo2f_create_backup_codes').submit();
493
+ });
494
+ </script>
495
+ </body>
496
+
497
+ </html>
498
+ <?php
499
+ }
500
+
501
+ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
502
+ ?>
503
+ <html>
504
+ <head> <meta charset="utf-8"/>
505
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
506
+ <meta name="viewport" content="width=device-width, initial-scale=1">
507
+ <?php
508
+ echo_js_css_files(); ?>
509
+ </head>
510
+ <body>
511
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
512
+ <div class="mo2f-modal-backdrop"></div>
513
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
514
+ <div class="login mo_customer_validation-modal-content">
515
+ <div class="mo2f_modal-header">
516
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
517
+ <?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
518
+ </h4>
519
+ </div>
520
+ <div class="mo2f_modal-body">
521
+ <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
522
+ <div id="otpMessage" >
523
+
524
+ <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
525
+ </div>
526
+ <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
527
+ <div id="mo2f_kba_content">
528
+ <p style="font-size:15px;">
529
+ <input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
530
+ </p>
531
+ </div>
532
+ <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
533
+ <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
534
+ <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
535
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
536
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
537
+ </form>
538
+ </br>
539
+ </div>
540
+ <br /><br /><br />
541
+ <?php mo2f_customize_logo() ?>
542
+ </div>
543
+ </div>
544
+ </div>
545
+ </div>
546
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
547
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
548
+ </form>
549
+ </body>
550
+ <script>
551
+ function mologinback(){
552
+ jQuery('#mo2f_backto_mo_loginform').submit();
553
+ }
554
+ </script>
555
+ </html>
556
+ <?php
557
+ }
558
+
559
+ function mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id ){
560
+
561
+ $mo_wpns_config = new MoWpnsHandler();
562
+
563
+ global $Mo2fdbQueries,$txid,$moWpnsUtility;
564
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
565
+ $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
566
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
567
+ $mo2f_EV_txid = get_user_meta($user_id,'mo2f_EV_txid',true);
568
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
569
+
570
+ $current_user = get_user_by('id',$user_id);
571
+ MO2f_Utility::mo2f_debug_file('Waiting for duo push notification validation'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
572
+ update_user_meta($user_id,'current_user_email',$current_user->user_email);
573
+
574
+
575
+ ?>
576
+
577
+ <html>
578
+ <head>
579
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
580
+ <meta name="viewport" content="width=device-width, initial-scale=1">
581
+ <?php
582
+ echo_js_css_files(); ?>
583
+ </head>
584
+ <body>
585
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
586
+ <div class="mo2f-modal-backdrop"></div>
587
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
588
+ <div class="login mo_customer_validation-modal-content">
589
+ <div class="mo2f_modal-header">
590
+ <h4 class="mo2f_modal-title">
591
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
592
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
593
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
594
+ <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
595
+ </div>
596
+ <div class="mo2f_modal-body">
597
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
598
+ <div id="otpMessage">
599
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
600
+ </div>
601
+ <?php } ?>
602
+ <div id="pushSection">
603
+
604
+ <div>
605
+ <center>
606
+ <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
607
+ </center>
608
+ </div>
609
+ <div id="showPushImage">
610
+ <center>
611
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
612
+ </center>
613
+ </div>
614
+
615
+
616
+ <span style="padding-right:2%;">
617
+ <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
618
+ <center>
619
+ <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
620
+ <input type="button" name="miniorange_login_forgotphone"
621
+ onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
622
+ class="miniorange_login_forgotphone"
623
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
624
+ <?php } ?>
625
+ &emsp;&emsp;
626
+
627
+ </center>
628
+ <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
629
+ <center>
630
+ <a href="#mo2f_alternate_login_kba">
631
+ <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive push nitification?' ); ?></p>
632
+ </a>
633
+ </center>
634
+ <?php } ?>
635
+ </span>
636
+ <center>
637
+ <?php
638
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
639
+ <div>
640
+ <a href="#mo2f_backup_generate">
641
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
642
+ </a>
643
+ </div>
644
+ <?php }else{ ?>
645
+ <div>
646
+ <a href="#mo2f_backup_option">
647
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
648
+ </a>
649
+ </div>
650
+ <?php }
651
+ ?>
652
+ <div style="padding:10px;">
653
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
654
+ </div>
655
+ </center>
656
+ </div>
657
+
658
+ <?php
659
+ mo2f_customize_logo();
660
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
661
+ ?>
662
+ </div>
663
+ </div>
664
+ </div>
665
+ </div>
666
+ <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
667
+ class="mo2f_display_none_forms">
668
+ <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
669
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' ); ?>"/>
670
+ <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
671
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
672
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
673
+ <input type="hidden" name="currentMethod" value="emailVer"/>
674
+
675
+ </form>
676
+ <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
677
+ <input type="hidden" name="miniorange_duo_push_validation_nonce"
678
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' ); ?>"/>
679
+ <input type="hidden" name="option" value="miniorange_duo_push_validation">
680
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
681
+ <input type="hidden" name="tx_type"/>
682
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
683
+ <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
684
+
685
+ </form>
686
+
687
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
688
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
689
+ <input type="hidden" name="miniorange_forgotphone"
690
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
691
+ <input type="hidden" name="option" value="miniorange_forgotphone">
692
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
693
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
694
+ </form>
695
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
696
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce"
697
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
698
+ <input type="hidden" name="option" value="miniorange_alternate_login_kba">
699
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
700
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
701
+ </form>
702
+
703
+ <script>
704
+ var timeout;
705
+
706
+ pollPushValidation();
707
+ function pollPushValidation()
708
+ {
709
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
710
+ var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
711
+ var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
712
+ var data={
713
+ 'action':'mo2f_duo_ajax_request',
714
+ 'call_type':'check_duo_push_auth_status',
715
+ 'session_id_encrypt': session_id_encrypt,
716
+ 'nonce' : nonce,
717
+
718
+
719
+ };
720
+
721
+ jQuery.post(ajax_url, data, function(response){
722
+
723
+
724
+ if (response == 'SUCCESS') {
725
+ jQuery('#mo2f_duo_push_validation_form').submit();
726
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
727
+ jQuery('#mo2f_backto_duo_mo_loginform').submit();
728
+ } else {
729
+ timeout = setTimeout(pollMobileValidation, 3000);
730
+ }
731
+
732
+ });
733
+ }
734
+
735
+
736
+
737
+
738
+
739
+
740
+ function mologinforgotphone() {
741
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
742
+ }
743
+
744
+ function mologinback() {
745
+ jQuery('#mo2f_backto_duo_mo_loginform').submit();
746
+ }
747
+
748
+ jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
749
+ jQuery('#mo2f_alternate_login_kbaform').submit();
750
+ });
751
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
752
+ jQuery('#mo2f_backup').submit();
753
+ });
754
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
755
+ jQuery('#mo2f_create_backup_codes').submit();
756
+ });
757
+
758
+ </script>
759
+ </body>
760
+ </html>
761
+
762
+ <?php
763
+ }
764
+
765
+ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
766
+
767
+ $mo_wpns_config = new MoWpnsHandler();
768
+ global $Mo2fdbQueries,$txid,$moWpnsUtility;
769
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
770
+ $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
771
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
772
+ $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
773
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
774
+ MO2f_Utility::mo2f_debug_file('Waiting for push notification validation '.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
775
+ ?>
776
+ <html>
777
+ <head>
778
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
779
+ <meta name="viewport" content="width=device-width, initial-scale=1">
780
+ <?php
781
+ echo_js_css_files(); ?>
782
+ </head>
783
+ <body>
784
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
785
+ <div class="mo2f-modal-backdrop"></div>
786
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
787
+ <div class="login mo_customer_validation-modal-content">
788
+ <div class="mo2f_modal-header">
789
+ <h4 class="mo2f_modal-title">
790
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
791
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
792
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
793
+ <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
794
+ </div>
795
+ <div class="mo2f_modal-body">
796
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
797
+ <div id="otpMessage">
798
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
799
+ </div>
800
+ <?php } ?>
801
+ <div id="pushSection">
802
+
803
+ <div>
804
+ <center>
805
+ <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
806
+ </center>
807
+ </div>
808
+ <div id="showPushImage">
809
+ <center>
810
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
811
+ </center>
812
+ </div>
813
+
814
+
815
+ <span style="padding-right:2%;">
816
+ <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
817
+ <center>
818
+ <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
819
+ <input type="button" name="miniorange_login_forgotphone"
820
+ onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
821
+ class="miniorange_login_forgotphone"
822
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
823
+ <?php } ?>
824
+ &emsp;&emsp;
825
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
826
+ id="miniorange_login_offline" class="miniorange_login_offline"
827
+ value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
828
+ </center>
829
+ <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
830
+ <center>
831
+ <a href="#mo2f_alternate_login_kba">
832
+ <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive mail?' ); ?></p>
833
+ </a>
834
+ </center>
835
+ <?php } ?>
836
+ </span>
837
+ <center>
838
+ <?php
839
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
840
+ <div>
841
+ <a href="#mo2f_backup_generate">
842
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
843
+ </a>
844
+ </div>
845
+ <?php }else{ ?>
846
+ <div>
847
+ <a href="#mo2f_backup_option">
848
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
849
+ </a>
850
+ </div>
851
+ <?php }
852
+ ?>
853
+ <div style="padding:10px;">
854
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
855
+ </div>
856
+ </center>
857
+ </div>
858
+
859
+ <?php
860
+ mo2f_customize_logo();
861
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
862
+ ?>
863
+ </div>
864
+ </div>
865
+ </div>
866
+ </div>
867
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
868
+ class="mo2f_display_none_forms">
869
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
870
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
871
+ <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
872
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
873
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
874
+ <input type="hidden" name="currentMethod" value="emailVer"/>
875
+
876
+ </form>
877
+ <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
878
+ <input type="hidden" name="miniorange_mobile_validation_nonce"
879
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
880
+ <input type="hidden" name="option" value="miniorange_mobile_validation">
881
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
882
+ <input type="hidden" name="tx_type"/>
883
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
884
+ <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
885
+
886
+ </form>
887
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
888
+ <input type="hidden" name="miniorange_softtoken"
889
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
890
+ <input type="hidden" name="option" value="miniorange_softtoken">
891
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
892
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
893
+ </form>
894
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
895
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
896
+ <input type="hidden" name="miniorange_forgotphone"
897
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
898
+ <input type="hidden" name="option" value="miniorange_forgotphone">
899
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
900
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
901
+ </form>
902
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
903
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce"
904
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
905
+ <input type="hidden" name="option" value="miniorange_alternate_login_kba">
906
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
907
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
908
+ </form>
909
+
910
+ <script>
911
+ var timeout;
912
+ var login_status = '<?php echo $login_status;?>';
913
+ var calls = 0;
914
+ var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
915
+
916
+ if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
917
+ {
918
+ pollPushValidation();
919
+ function pollPushValidation()
920
+ { calls = calls + 1;
921
+ var data = {'txid':'<?php echo $mo2f_EV_txid;?>'};
922
+ jQuery.ajax({
923
+ url: '<?php echo get_site_option("siteurl"); ?>'+"/wp-login.php",
924
+ type: "POST",
925
+ data: data,
926
+ success: function (result) {
927
+
928
+ var status = result;
929
+ if (status == 1) {
930
+ jQuery('input[name="tx_type"]').val("EV");
931
+ jQuery('#mo2f_mobile_validation_form').submit();
932
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
933
+ jQuery('#mo2f_backto_mo_loginform').submit();
934
+ } else {
935
+ if(calls<300)
936
+ {
937
+ timeout = setTimeout(pollPushValidation, 1000);
938
+ }
939
+ else
940
+ {
941
+ jQuery('#mo2f_backto_mo_loginform').submit();
942
+ }
943
+ }
944
+ }
945
+ });
946
+ }
947
+
948
+
949
+ }
950
+ else
951
+ {
952
+ pollPushValidation();
953
+ function pollPushValidation() {
954
+ var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
955
+ var jsonString = "{\"txId\":\"" + transId + "\"}";
956
+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
957
+
958
+ jQuery.ajax({
959
+ url: postUrl,
960
+ type: "POST",
961
+ dataType: "json",
962
+ data: jsonString,
963
+ contentType: "application/json; charset=utf-8",
964
+ success: function (result) {
965
+ var status = JSON.parse(JSON.stringify(result)).status;
966
+ if (status == 'SUCCESS') {
967
+ jQuery('input[name="tx_type"]').val("PN");
968
+ jQuery('#mo2f_mobile_validation_form').submit();
969
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
970
+ jQuery('#mo2f_backto_mo_loginform').submit();
971
+ } else {
972
+ timeout = setTimeout(pollPushValidation, 3000);
973
+ }
974
+ }
975
+ });
976
+ }
977
+ }
978
+
979
+ function mologinoffline() {
980
+ jQuery('#mo2f_show_softtoken_loginform').submit();
981
+ }
982
+
983
+ function mologinforgotphone() {
984
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
985
+ }
986
+
987
+ function mologinback() {
988
+ jQuery('#mo2f_backto_mo_loginform').submit();
989
+ }
990
+
991
+ jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
992
+ jQuery('#mo2f_alternate_login_kbaform').submit();
993
+ });
994
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
995
+ jQuery('#mo2f_backup').submit();
996
+ });
997
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
998
+ jQuery('#mo2f_create_backup_codes').submit();
999
+ });
1000
+
1001
+ </script>
1002
+ </body>
1003
+ </html>
1004
+ <?php
1005
+ }
1006
+
1007
+ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
1008
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1009
+ $mo_wpns_config = new MoWpnsHandler();
1010
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1011
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1012
+ ?>
1013
+ <html>
1014
+ <head>
1015
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1016
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1017
+ <?php
1018
+ echo_js_css_files(); ?>
1019
+ </head>
1020
+ <body>
1021
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1022
+ <div class="mo2f-modal-backdrop"></div>
1023
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1024
+ <div class="login mo_customer_validation-modal-content">
1025
+ <div class="mo2f_modal-header">
1026
+ <h4 class="mo2f_modal-title">
1027
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1028
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1029
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1030
+ <?php echo mo2f_lt( 'Scan QR Code' ); ?></h4>
1031
+ </div>
1032
+ <div class="mo2f_modal-body center">
1033
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1034
+ <div id="otpMessage">
1035
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1036
+ </div>
1037
+ <br>
1038
+ <?php } ?>
1039
+ <div id="scanQRSection">
1040
+ <div style="margin-bottom:10%;">
1041
+ <center>
1042
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Identify yourself by scanning the QR code with miniOrange Authenticator app.' ); ?></p>
1043
+ </center>
1044
+ </div>
1045
+ <div id="showQrCode" style="margin-bottom:10%;">
1046
+ <center><?php echo '<img src="data:image/jpg;base64,' . $qrCode . '" />'; ?></center>
1047
+ </div>
1048
+ <span style="padding-right:2%;">
1049
+ <center>
1050
+ <?php if ( ! $mo2f_is_new_customer ) { ?>
1051
+ <?php if ( $mo2f_enable_forgotphone ) { ?>
1052
+ <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1053
+ id="miniorange_login_forgotphone" class="miniorange_login_forgotphone"
1054
+ style="margin-right:5%;"
1055
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
1056
+ <?php } ?>
1057
+ &emsp;&emsp;
1058
+ <?php } ?>
1059
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
1060
+ id="miniorange_login_offline" class="miniorange_login_offline"
1061
+ value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
1062
+ </center>
1063
+ </span>
1064
+ <?php
1065
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1066
+ <div>
1067
+ <a href="#mo2f_backup_generate">
1068
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1069
+ </a>
1070
+ </div>
1071
+ <?php }else{ ?>
1072
+ <div>
1073
+ <a href="#mo2f_backup_option">
1074
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1075
+ </a>
1076
+ </div>
1077
+ <?php }
1078
+ ?>
1079
+ <div style="padding:10px;">
1080
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1081
+ </div>
1082
+ </div>
1083
+ <?php
1084
+ mo2f_customize_logo();
1085
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1086
+ ?>
1087
+ </div>
1088
+ </div>
1089
+ </div>
1090
+ </div>
1091
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1092
+ class="mo2f_display_none_forms">
1093
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1094
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1095
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1096
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1097
+ </form>
1098
+ <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1099
+ <input type="hidden" name="miniorange_mobile_validation_nonce"
1100
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
1101
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1102
+ <input type="hidden" name="option" value="miniorange_mobile_validation">
1103
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1104
+ </form>
1105
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1106
+ <input type="hidden" name="miniorange_softtoken"
1107
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
1108
+ <input type="hidden" name="option" value="miniorange_softtoken">
1109
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1110
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1111
+ </form>
1112
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1113
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1114
+ <input type="hidden" name="miniorange_forgotphone"
1115
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1116
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1117
+ <input type="hidden" name="option" value="miniorange_forgotphone">
1118
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1119
+ </form>
1120
+
1121
+ <script>
1122
+ var timeout;
1123
+ pollMobileValidation();
1124
+
1125
+ function pollMobileValidation() {
1126
+ var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1127
+ var jsonString = "{\"txId\":\"" + transId + "\"}";
1128
+ var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
1129
+ jQuery.ajax({
1130
+ url: postUrl,
1131
+ type: "POST",
1132
+ dataType: "json",
1133
+ data: jsonString,
1134
+ contentType: "application/json; charset=utf-8",
1135
+ success: function (result) {
1136
+ var status = JSON.parse(JSON.stringify(result)).status;
1137
+ if (status == 'SUCCESS') {
1138
+ var content = "<div id='success'><center><img src='" + "<?php echo plugins_url( 'includes/images/right.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1139
+ jQuery("#showQrCode").empty();
1140
+ jQuery("#showQrCode").append(content);
1141
+ setTimeout(function () {
1142
+ jQuery("#mo2f_mobile_validation_form").submit();
1143
+ }, 100);
1144
+ } else if (status == 'ERROR' || status == 'FAILED') {
1145
+ var content = "<div id='error'><center><img src='" + "<?php echo plugins_url( 'includes/images/wrong.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1146
+ jQuery("#showQrCode").empty();
1147
+ jQuery("#showQrCode").append(content);
1148
+ setTimeout(function () {
1149
+ jQuery('#mo2f_backto_mo_loginform').submit();
1150
+ }, 1000);
1151
+ } else {
1152
+ timeout = setTimeout(pollMobileValidation, 3000);
1153
+ }
1154
+ }
1155
+ });
1156
+ }
1157
+
1158
+ function mologinoffline() {
1159
+ jQuery('#mo2f_show_softtoken_loginform').submit();
1160
+ }
1161
+
1162
+ function mologinforgotphone() {
1163
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
1164
+ }
1165
+
1166
+ function mologinback() {
1167
+ jQuery('#mo2f_backto_mo_loginform').submit();
1168
+ }
1169
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1170
+ jQuery('#mo2f_backup').submit();
1171
+ });
1172
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1173
+ jQuery('#mo2f_create_backup_codes').submit();
1174
+ });
1175
+
1176
+ </script>
1177
+ </body>
1178
+ </html>
1179
+ <?php
1180
+ }
1181
+
1182
+ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ,$mo2fa_transaction_id = null ) {
1183
+ global $Mo2fdbQueries,$moWpnsUtility;
1184
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1185
+ $mo_wpns_config = new MoWpnsHandler();
1186
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1187
+ $attempts = get_option('mo2f_attempts_before_redirect', 3);
1188
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1189
+ $mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
1190
+
1191
+ MO2f_Utility::mo2f_debug_file('Prompted 2fa validation screen '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1192
+ ?>
1193
+ <html>
1194
+ <head>
1195
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1196
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1197
+ <?php
1198
+ echo_js_css_files();
1199
+ ?>
1200
+ </head>
1201
+ <body>
1202
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1203
+ <div class="mo2f-modal-backdrop"></div>
1204
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1205
+ <div class="login mo_customer_validation-modal-content">
1206
+ <div class="mo2f_modal-header">
1207
+ <h4 class="mo2f_modal-title">
1208
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1209
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1210
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1211
+ <?php echo mo2f_lt( 'Validate OTP' ); ?>
1212
+ </h4>
1213
+ </div>
1214
+ <div class="mo2f_modal-body center">
1215
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1216
+ <div id="otpMessage">
1217
+ <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1218
+ </div>
1219
+ <?php } ?><br><?php
1220
+ ?>
1221
+ <span><b>Attempts left</b>:</span> <?php echo $attempts;?><br>
1222
+ <?php if($attempts==1){?>
1223
+ <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1224
+ <?php }?>
1225
+ <br>
1226
+ <div id="showOTP">
1227
+ <div class="mo2f-login-container">
1228
+ <form name="f" id="mo2f_submitotp_loginform" method="post">
1229
+ <center>
1230
+ <input type="text" name="mo2fa_softtoken" style="height:28px !important;"
1231
+ placeholder="<?php echo mo2f_lt( 'Enter code' ); ?>"
1232
+ id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true"
1233
+ pattern="[0-9]{4,8}"
1234
+ title="<?php echo mo2f_lt( 'Only digits within range 4-8 are allowed.' ); ?>"/>
1235
+ </center>
1236
+ <br>
1237
+ <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
1238
+ class="miniorange_otp_token_submit"
1239
+ value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
1240
+ <?php
1241
+
1242
+ if($show_back_button == 1)
1243
+ {
1244
+ ?>
1245
+ <input type="button" name="miniorange_otp_token_back" id="miniorange_otp_token_back"
1246
+ class="miniorange_otp_token_submit"
1247
+ value="<?php echo mo2f_lt( 'Back' ); ?>"/>
1248
+ <?php
1249
+ }
1250
+ ?>
1251
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1252
+ <input type="hidden" name="miniorange_soft_token_nonce"
1253
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
1254
+ <input type="hidden" name="option" value="miniorange_soft_token">
1255
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1256
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1257
+ <?php if($mo2fa_transaction_id!=null){ ?>
1258
+ <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1259
+ <?php }?>
1260
+ </form>
1261
+ <?php
1262
+ $Kbaset = get_user_meta( $user_id ,'Security Questions' );
1263
+ if ( ! $mo2f_is_new_customer ) { ?>
1264
+ <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
1265
+ <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1266
+ id="miniorange_login_forgotphone"
1267
+ class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
1268
+ <?php } ?>
1269
+ <?php }
1270
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1271
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1272
+ <div>
1273
+ <a href="#mo2f_backup_generate">
1274
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1275
+ </a>
1276
+ </div>
1277
+ <?php }else{ ?>
1278
+ <div>
1279
+ <a href="#mo2f_backup_option">
1280
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1281
+ </a>
1282
+ </div>
1283
+ <?php }
1284
+ ?>
1285
+
1286
+ <div style="padding:10px;">
1287
+ <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1288
+ </div>
1289
+ <?php } ?>
1290
+ </div>
1291
+ </div>
1292
+ </center>
1293
+ <?php
1294
+ mo2f_customize_logo();
1295
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1296
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1297
+ }
1298
+ ?>
1299
+ </div>
1300
+ </div>
1301
+ </div>
1302
+ </div>
1303
+
1304
+ <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo wp_login_url(); ?>"
1305
+ class="mo2f_display_none_forms">
1306
+ <input type="hidden" name="miniorange_back_inline_reg_nonce"
1307
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
1308
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1309
+ <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1310
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1311
+
1312
+ </form>
1313
+
1314
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1315
+ class="mo2f_display_none_forms">
1316
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1317
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1318
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1319
+ </form>
1320
+
1321
+ <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1322
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1323
+ <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1324
+ <input type="hidden" name="miniorange_forgotphone"
1325
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1326
+ <input type="hidden" name="option" value="miniorange_forgotphone">
1327
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1328
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1329
+ </form>
1330
+
1331
+ <?php } ?>
1332
+
1333
+ <script>
1334
+ jQuery('#miniorange_otp_token_back').click(function(){
1335
+ jQuery('#mo2f_backto_inline_registration').submit();
1336
+ });
1337
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1338
+ jQuery('#mo2f_backup').submit();
1339
+ });
1340
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1341
+ jQuery('#mo2f_create_backup_codes').submit();
1342
+ });
1343
+
1344
+ function mologinback() {
1345
+ jQuery('#mo2f_backto_mo_loginform').submit();
1346
+ }
1347
+
1348
+ function mologinforgotphone() {
1349
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
1350
+ }
1351
+ var is_ajax = '<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>';
1352
+ if(is_ajax){
1353
+ jQuery('#mo2fa_softtoken').keypress(function (e) {
1354
+ if (e.which == 13) {//Enter key pressed
1355
+ e.preventDefault();
1356
+ mo2f_otp_ajax();
1357
+ }
1358
+ });
1359
+ jQuery("#miniorange_otp_token_submit").click(function(e){
1360
+ e.preventDefault();
1361
+ mo2f_otp_ajax();
1362
+ });
1363
+
1364
+ function mo2f_otp_ajax(){
1365
+ jQuery('#mo2fa_softtoken').prop('disabled','true');
1366
+ jQuery('#miniorange_otp_token_submit').prop('disabled','true');
1367
+ var data = {
1368
+ "action" : "mo2f_ajax",
1369
+ "mo2f_ajax_option" : "mo2f_ajax_otp",
1370
+ "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
1371
+ "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
1372
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
1373
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
1374
+ "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
1375
+ };
1376
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
1377
+ if(typeof response.data === "undefined")
1378
+ jQuery("html").html(response);
1379
+ else if(response.data.reload)
1380
+ location.reload( true );
1381
+ else
1382
+ location.href = response.data.redirect;
1383
+ });
1384
+ }
1385
+ }
1386
+ </script>
1387
+ </body>
1388
+ </html>
1389
+ <?php
1390
+ }
1391
+
1392
+
1393
+ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1394
+ ?>
1395
+ <html>
1396
+ <head>
1397
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1398
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1399
+ <?php
1400
+ echo_js_css_files();
1401
+ ?>
1402
+ </head>
1403
+ <body>
1404
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1405
+ <div class="mo2f-modal-backdrop"></div>
1406
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1407
+ <div class="login mo_customer_validation-modal-content">
1408
+ <div class="mo2f_modal-header">
1409
+ <h4 class="mo2f_modal-title">
1410
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1411
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1412
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1413
+
1414
+ <?php echo mo2f_lt( 'Remember Device' ); ?>
1415
+ </h4>
1416
+ </div>
1417
+ <div class="mo2f_modal-body center">
1418
+ <div id="mo2f_device_content">
1419
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Do you want to remember this device?' ); ?></p>
1420
+ <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();"
1421
+ id="miniorange_trust_device_yes" class="mo_green" style="margin-right:5%;"
1422
+ value="<?php echo mo2f_lt( 'Yes' ); ?>"/>
1423
+ <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();"
1424
+ id="miniorange_trust_device_no" class="mo_red"
1425
+ value="<?php echo mo2f_lt( 'No' ); ?>"/>
1426
+ </div>
1427
+ <div id="showLoadingBar" hidden>
1428
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1429
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
1430
+ </div>
1431
+ <br><br>
1432
+ <span>
1433
+ <?php echo mo2f_lt( 'Click on ' ); ?>
1434
+ <i><b><?php echo mo2f_lt( 'Yes' ); ?></b></i><?php echo mo2f_lt( 'if this is your personal device.' ); ?>
1435
+ <br>
1436
+ <?php echo mo2f_lt( 'Click on ' ); ?>
1437
+ <i><b><?php echo mo2f_lt( 'No ' ); ?></b></i> <?php echo mo2f_lt( 'if this is a public device.' ); ?>
1438
+ </span><br><br>
1439
+ <?php mo2f_customize_logo() ?>
1440
+ </div>
1441
+ </div>
1442
+ </div>
1443
+ </div>
1444
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1445
+ class="mo2f_display_none_forms">
1446
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1447
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1448
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1449
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1450
+ </form>
1451
+ <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1452
+ <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1453
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' ); ?>"/>
1454
+ <input type="hidden" name="option" value="miniorange_rba_validate">
1455
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1456
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1457
+ </form>
1458
+ <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1459
+ <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1460
+ value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' ); ?>"/>
1461
+ <input type="hidden" name="option" value="miniorange_rba_cancle">
1462
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1463
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1464
+ </form>
1465
+ <script>
1466
+ function mologinback() {
1467
+ jQuery('#mo2f_backto_mo_loginform').submit();
1468
+ }
1469
+
1470
+ function mo_check_device_confirm() {
1471
+ jQuery('#mo2f_device_content').css("display", "none");
1472
+ jQuery('#showLoadingBar').css("display", "block");
1473
+ jQuery('#mo2f_trust_device_confirm_form').submit();
1474
+ }
1475
+
1476
+ function mo_check_device_cancel() {
1477
+ jQuery('#mo2f_device_content').css("display", "none");
1478
+ jQuery('#showLoadingBar').css("display", "block");
1479
+ jQuery('#mo2f_trust_device_cancel_form').submit();
1480
+ }
1481
+ </script>
1482
+ </body>
1483
+ </html>
1484
+ <?php }
1485
+
1486
+ function mo2f_customize_logo() { ?>
1487
+ <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1488
+ alt="logo"
1489
+ src="<?php echo plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__))); ?>"/></a></div>
1490
+
1491
+ <?php }
1492
+
1493
+ function echo_js_css_files() {
1494
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1495
+ echo '<script src="' . plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__)) ) . '" ></script>';
1496
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url( 'includes/css/twofa_style_settings.css?version=5.1.21', dirname(dirname(__FILE__))) . '" />';
1497
+ }
1498
+
1499
+ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1500
+ global $Mo2fdbQueries;
1501
+ if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
1502
+ $encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
1503
+ $key = get_option( 'mo2f_encryption_key' );
1504
+ $codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
1505
+ $codes = explode(",", $codes_string);
1506
+ delete_user_meta($id, 'chqwetcsdvnvd');
1507
+ $result = true;
1508
+ }else{
1509
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1510
+ if(empty($mo2f_user_email)){
1511
+ $currentuser = get_user_by( 'id', $id );
1512
+ $mo2f_user_email = $currentuser->user_email;
1513
+ }
1514
+ $generate_backup_code = new Customer_Cloud_Setup();
1515
+ $codes = $generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
1516
+
1517
+ if($codes != 'DBConnectionIssue' && $codes != 'UnableToFetchData' && $codes != 'UserLimitReached' && $codes != 'ERROR' && $codes != 'LimitReached' && $codes != 'AllUsed' && $codes != 'invalid_request' ){
1518
+ $codes = explode(' ', $codes);
1519
+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1520
+ update_user_meta($id, 'mo_backup_code_generated', 1);
1521
+ $code_generated = 'code_generation_successful';
1522
+ }else{
1523
+ $code_generated = 'code_generation_failed';
1524
+ update_user_meta($id, 'error_during_code_generation',$codes);
1525
+ }
1526
+
1527
+
1528
+ }
1529
+ update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1530
+ ?>
1531
+ <html>
1532
+ <head> <meta charset="utf-8"/>
1533
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1534
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1535
+ <?php
1536
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
1537
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) . '" ></script>';
1538
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
1539
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))) . '" />';
1540
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))) . '" />';
1541
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))) . '" />';
1542
+ ?>
1543
+ <style>
1544
+ .mo2f_kba_ques, .mo2f_table_textbox{
1545
+ background: whitesmoke none repeat scroll 0% 0%;
1546
+ }
1547
+ </style>
1548
+ </head>
1549
+ <body>
1550
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1551
+ <div class="mo2f-modal-backdrop"></div>
1552
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1553
+ <div class="login mo_customer_validation-modal-content">
1554
+ <div class="mo2f_modal-header">
1555
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1556
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1557
+ </div>
1558
+ <?php if($code_generated == 'code_generation_successful') { ?>
1559
+ <div class="mo2f_modal-body center">
1560
+
1561
+
1562
+ <h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
1563
+
1564
+ <h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
1565
+ <br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
1566
+
1567
+ <h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
1568
+ <br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
1569
+ <?php ?>
1570
+ <div>
1571
+ <div style="display: inline-flex;width: 350px; ">
1572
+ <div id="clipboard" style="border: solid;width: 55%;float: left;">
1573
+ <?php
1574
+ for ($x = 0; $x < sizeof($codes); $x++) {
1575
+ $str = $codes[$x];
1576
+ echo("<br>".$str." <br>");
1577
+ }
1578
+
1579
+ $str1="";
1580
+ for ($x = 0; $x < sizeof($codes); $x++) {
1581
+ $str = $codes[$x];
1582
+ $str1.=$str;
1583
+ if($x != 4){
1584
+ $str1.=',';
1585
+ }
1586
+ }
1587
+ ?>
1588
+ </div>
1589
+ <div style="width: 50%;float: right;">
1590
+ <form name="f" method="post" id="mo2f_users_backup1" action="">
1591
+ <input type="hidden" name="option" value="mo2f_users_backup1" />
1592
+ <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1593
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1594
+ <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1595
+
1596
+ <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1597
+ </form>
1598
+ </div>
1599
+
1600
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1601
+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1602
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1603
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1604
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1605
+ <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1606
+ </form>
1607
+ </div>
1608
+ </div>
1609
+
1610
+ <?php
1611
+ mo2f_customize_logo() ?>
1612
+ </div>
1613
+ <?php } else { ?>
1614
+ <div style="text-align:center;">
1615
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1616
+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1617
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1618
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1619
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1620
+ <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1621
+ </form>
1622
+ </div>
1623
+ <?php } ?>
1624
+ </div>
1625
+ </div>
1626
+ </div>
1627
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1628
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1629
+ </form>
1630
+ </body>
1631
+ <script>
1632
+ function mologinback(){
1633
+ jQuery('#mo2f_backto_mo_loginform').submit();
1634
+ }
1635
+ </script>
1636
+ </html>
1637
+ <?php
1638
+
1639
+
1640
+ }
1641
+
1642
+ function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1643
+ ?>
1644
+ <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1645
+ <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1646
+ <input type="hidden" name="option" value="miniorange_backup_nonce">
1647
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1648
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1649
+ </form>
1650
+ <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1651
+ <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1652
+ <input type="hidden" name="option" value="miniorange_create_backup_codes">
1653
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1654
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1655
+ <input type="hidden" name="login_status" value="<?php echo $login_status; ?>" />
1656
+ <input type="hidden" name="login_message" value="<?php echo $login_message; ?>" />
1657
+ </form>
1658
+ <?php
1659
+ }
1660
+
1661
  ?>
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -1,1538 +1,1538 @@
1
- <?php
2
- function fetch_methods($current_user = null){
3
- $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
4
- if(!is_null($current_user) && ($current_user->roles[0] != 'administrator') && !mo2f_is_customer_registered()){
5
- $methods = array("GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
6
- }
7
- if(get_site_option('duo_credentials_save_successfully'))
8
- array_push($methods,"DUO");
9
- return $methods;
10
- }
11
-
12
- function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
13
-
14
- global $Mo2fdbQueries;
15
- $current_user = get_userdata($current_user_id);
16
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
17
-
18
- if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
19
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
20
- prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
21
- else
22
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
23
- }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
24
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
25
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
26
- else
27
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
28
- }else if($current_selected_method == 'OTP Over Telegram' or $current_selected_method == 'OTP OVER TELEGRAM')
29
- {
30
- $current_selected_method = 'OTP Over Telegram';
31
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
32
- }
33
- else if($current_selected_method == 'Duo Authenticator'){
34
- prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
35
- }
36
- else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
37
- prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
38
- }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
39
- prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
40
- }else if($current_selected_method == 'KBA' ){
41
- prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
42
- }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
43
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
44
- if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
45
- if(!MO2F_IS_ONPREM)
46
- {
47
- $current_user = get_userdata($current_user_id);
48
- $email = $current_user->user_email;
49
- $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
50
- if(isset($tempEmail) and $tempEmail != '')
51
- $email = $tempEmail;
52
- create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
53
- }
54
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
55
- $pass2fa= new Miniorange_Password_2Factor_Login();
56
- $pass2fa->mo2fa_pass2login($redirect_to, $session_id);
57
- }
58
- prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
59
- }else{
60
- $current_user = get_userdata($current_user_id);
61
- if(isset($current_user->roles[0]))
62
- $current_user_role=$current_user->roles[0];
63
- $opt=fetch_methods($current_user);
64
- ?>
65
- <html>
66
- <head>
67
- <meta charset="utf-8"/>
68
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
69
- <meta name="viewport" content="width=device-width, initial-scale=1">
70
- <?php
71
- mo2f_inline_css_and_js();
72
- ?>
73
- </head>
74
- <body>
75
- <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
76
- <div class="mo2f-modal-backdrop"></div>
77
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
78
- <div class="login mo_customer_validation-modal-content">
79
- <div class="mo2f_modal-header">
80
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
81
-
82
- <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
83
- </div>
84
- <div class="mo2f_modal-body">
85
- <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
86
- if(isset($login_message) && !empty($login_message)) {
87
- echo '<br><br>';
88
-
89
- ?>
90
-
91
- <div id="otpMessage">
92
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
93
- </div>
94
- <?php }else
95
- echo '<br>';
96
- ?>
97
-
98
- <br>
99
- <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
100
- <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
101
- <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
102
- <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
103
- (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
104
- </label>
105
- <br>
106
- </span>
107
- <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
108
- <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
109
- <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
110
- <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
111
- </label>
112
- <br>
113
- </span>
114
- <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
115
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
116
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
117
- <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
118
- </label>
119
- <br>
120
- </span>
121
- <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
122
- <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
123
- <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
124
- <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
125
- </label>
126
- <br>
127
- </span>
128
- <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
129
- <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
130
- <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
131
- <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
132
- </label>
133
- <br>
134
- </span>
135
- <span class="<?php if( !(in_array("OTP OVER TELEGRAM", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
136
- <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
137
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER TELEGRAM" />
138
- <?php echo __('OTP Over TELEGRAM', 'miniorange-2-factor-authentication'); ?>
139
- </label>
140
- <br>
141
- </span>
142
- <span class="<?php if( !(in_array("OTP OVER WHATSAPP", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
143
- <label title="<?php echo __('You will get an OTP on your WHATSAPP app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
144
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER WHATSAPP" />
145
- <?php echo __('OTP Over WHATSAPP', 'miniorange-2-factor-authentication'); ?>
146
- </label>
147
- <br>
148
- </span>
149
- <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
150
- <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
151
- <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
152
- <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
153
- </label>
154
- <br>
155
- </span>
156
- <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
157
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
158
- <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
159
- <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
160
- </label>
161
- <br>
162
- </span>
163
- <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
164
- <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
165
- <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
166
- <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
167
- </label>
168
- <br>
169
- </span>
170
- <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
171
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
172
- <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
173
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
174
- </label>
175
- <br>
176
- </span>
177
- <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
178
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
179
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
180
- <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
181
- </label>
182
- <br>
183
- </span>
184
- <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
185
- <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
186
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
187
- <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
188
- </label>
189
- <br>
190
- </span>
191
- <span class="<?php if( !(in_array("DUO", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
192
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
193
- <input type="radio" name="mo2f_selected_2factor_method" value=" DUO PUSH NOTIFICATIONS" />
194
- <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
195
- </label>
196
- <br>
197
- </span>
198
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
199
- <br />
200
- <?php mo2f_customize_logo() ?>
201
- </div>
202
- </div>
203
- </div>
204
- </div>
205
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
206
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
207
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
208
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
209
- </form>
210
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
- <input type="hidden" name="mo2f_selected_2factor_method" />
212
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
213
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
215
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
216
- </form>
217
-
218
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
- <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
- <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
221
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
222
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
223
- </form>
224
-
225
- <script>
226
- function mologinback(){
227
- jQuery('#mo2f_backto_mo_loginform').submit();
228
- }
229
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
230
- var selectedMethod = jQuery(this).val();
231
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
232
- jQuery('#mo2f_select_2fa_methods_form').submit();
233
- });
234
- jQuery('a[href="#skiptwofactor"]').click(function(e) {
235
-
236
- jQuery('#mo2f_skip_loginform').submit();
237
- });
238
- </script>
239
- </body>
240
- </html>
241
- <?php
242
- }
243
- }
244
-
245
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
246
- {
247
-
248
- global $Mo2fdbQueries;
249
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
250
- if(isset($mo2f_user_email) and $mo2f_user_email != '')
251
- $email = $mo2f_user_email;
252
-
253
- $current_user = get_userdata($current_user_id);
254
- if($current_user_id == get_option('mo2f_miniorange_admin'))
255
- $email = get_option('mo2f_email');
256
-
257
- $enduser = new Two_Factor_Setup();
258
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
259
-
260
- if(json_last_error() == JSON_ERROR_NONE){
261
-
262
- if($check_user['status'] == 'ERROR'){
263
- return Mo2fConstants:: langTranslate( $check_user['message']);
264
-
265
- }
266
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
267
-
268
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
269
- 'user_registration_with_miniorange' =>'SUCCESS',
270
- 'mo2f_user_email' =>$email,
271
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
272
- ) );
273
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
274
-
275
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
276
- }
277
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
278
-
279
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
280
- if(json_last_error() == JSON_ERROR_NONE) {
281
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
282
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
283
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
284
- 'user_registration_with_miniorange' =>'SUCCESS',
285
- 'mo2f_user_email' =>$email,
286
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
287
- ) );
288
-
289
- $mo2fa_login_message = '';
290
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
291
- }
292
- }
293
-
294
-
295
- }
296
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
297
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
298
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
299
- mo2f_inline_email_form($email,$current_user_id);
300
- exit;
301
- }
302
-
303
- }
304
-
305
- }
306
-
307
- function mo2f_inline_email_form($email,$current_user_id)
308
- {
309
- ?>
310
- <html>
311
- <head>
312
- <meta charset="utf-8"/>
313
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
314
- <meta name="viewport" content="width=device-width, initial-scale=1">
315
- <?php
316
- mo2f_inline_css_and_js();
317
- ?>
318
- </head>
319
- <body>
320
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
321
- <div class="mo2f-modal-backdrop"></div>
322
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
323
- <div class="login mo_customer_validation-modal-content">
324
- <div class="mo2f_modal-header">
325
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
326
- <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
327
- </div>
328
- <div class="mo2f_modal-body">
329
- <form action="" method="post" name="f">
330
- <p>The Email assoicated with your account is already registered in miniOrange. Please use a different email address or contact miniOrange.
331
- </p><br>
332
- <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
333
- <br>
334
- <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
- <br>
336
- <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
337
- <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
- <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
340
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
341
- </form>
342
- <br>
343
- <?php mo2f_customize_logo() ?>
344
- </div>
345
- </div>
346
- </div>
347
- </div>
348
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
350
- </form>
351
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
- <input type="hidden" name="mo2f_selected_2factor_method" />
353
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
354
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
356
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
357
- </form>
358
- <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
- <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
361
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
362
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
363
- </form>
364
- <?php } ?>
365
-
366
- <script type="text/javascript">
367
- jQuery('#save_entered_email_inlinecloud1').click(function(){
368
- var email = jQuery('#emailInlineCloud').val();
369
- var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
370
- var data = {
371
- 'action' : 'mo_two_factor_ajax',
372
- 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
373
- 'email' : email,
374
- 'nonce' : nonce
375
-
376
- };
377
-
378
- var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
379
-
380
-
381
- jQuery.post(ajaxurl, data, function(response) {
382
-
383
- if(response == 'alreadyExist')
384
- {
385
- jQuery('#emailalredyused').show();
386
- }
387
- else if(response =='USERCANBECREATED')
388
- {
389
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
390
- jQuery('#mo2f_select_2fa_methods_form').submit();
391
- }
392
- });
393
-
394
- });
395
-
396
-
397
- </script>
398
- </body>
399
-
400
- <?php
401
- }
402
- function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
403
-
404
- global $Mo2fdbQueries;
405
- if(isset($qrCode)){
406
- $qrCodedata = $qrCode['mo2f-login-qrCode'];
407
- $showqrCode = $qrCode['mo2f_show_qr_code'];
408
- }
409
- $current_user = get_userdata($current_user_id);
410
- $email = $current_user->user_email;
411
-
412
- $opt=fetch_methods($current_user);
413
-
414
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
415
- ?>
416
- <html>
417
- <head> <meta charset="utf-8"/>
418
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
419
- <meta name="viewport" content="width=device-width, initial-scale=1">
420
- <?php
421
- mo2f_inline_css_and_js();
422
- ?>
423
- </head>
424
- <body>
425
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
426
- <div class="mo2f-modal-backdrop"></div>
427
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
428
- <div class="login mo_customer_validation-modal-content">
429
- <div class="mo2f_modal-header">
430
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
431
- <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
432
- </div>
433
- <div class="mo2f_modal-body">
434
- <?php if(isset($login_message) && !empty($login_message)) { ?>
435
-
436
- <div id="otpMessage">
437
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
438
- </div>
439
- <?php } ?>
440
- <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
441
- <div class="mo_margin_left">
442
- <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
443
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
444
- <center>
445
- <?php if (sizeof($opt) > 1) { ?>
446
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
447
- <?php } ?>
448
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
449
- </center>
450
- </div>
451
- <?php
452
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
453
- initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
454
- <?php } ?>
455
-
456
- <?php mo2f_customize_logo() ?>
457
- </div>
458
- <br>
459
- <br>
460
- </div>
461
- </div>
462
- </div>
463
- </div>
464
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
466
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
467
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
468
- </form>
469
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
472
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
473
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
474
- </form>
475
- <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
- <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
478
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
479
- <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
480
- </form>
481
- <?php if (sizeof($opt) > 1) { ?>
482
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
- <input type="hidden" name="option" value="miniorange_back_inline"/>
484
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
485
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
486
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
487
- </form>
488
- <?php } ?>
489
- <script>
490
- function mologinback(){
491
- jQuery('#mo2f_backto_mo_loginform').submit();
492
- }
493
- function moconfigureapp(){
494
- jQuery('#mo2f_inline_configureapp_form').submit();
495
- }
496
- jQuery('#mo2f_inline_back_btn').click(function() {
497
- jQuery('#mo2f_goto_two_factor_form').submit();
498
- });
499
- <?php
500
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
501
- ?>
502
- <?php } ?>
503
- </script>
504
- </body>
505
- </html>
506
- <?php
507
- }
508
- function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
509
- global $Mo2fdbQueries;
510
- $current_user = get_userdata($current_user_id);
511
- $email = $current_user->user_email;
512
- $opt=fetch_methods($current_user);
513
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
514
-
515
- ?>
516
- <html>
517
- <head> <meta charset="utf-8"/>
518
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
519
- <meta name="viewport" content="width=device-width, initial-scale=1">
520
- <?php
521
- mo2f_inline_css_and_js();
522
- ?>
523
- </head>
524
- <body>
525
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
526
- <div class="mo2f-modal-backdrop"></div>
527
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
528
- <div class="login mo_customer_validation-modal-content">
529
- <div class="mo2f_modal-header">
530
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
531
- <?php echo __('Setup Duo', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
532
- </div>
533
- <div class="mo2f_modal-body">
534
- <?php if(isset($login_message) && !empty($login_message)) { ?>
535
-
536
- <div id="otpMessage">
537
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
538
- </div>
539
- <?php } ?>
540
- <div style="margin-right:7px;"><?php mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registration_status);
541
-
542
- ?></div>
543
- <div class="mo_margin_left">
544
- <h3><?php echo __('Step-2 : Setup Duo Push Notification', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
545
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to setup duo push notification.', 'miniorange-2-factor-authentication'); ?></h4>
546
- <center>
547
- <?php if (sizeof($opt) > 1) { ?>
548
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
549
- <?php } ?>
550
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
551
- </center>
552
- </div>
553
- <?php
554
-
555
- if(isset($_POST['option']) && $_POST['option'] =='miniorange_inline_duo_auth_mobile_complete'){
556
- go_for_user_enroll_on_duo($current_user,$session_id);
557
- ?>
558
- <?php }else if(isset($_POST['option']) && $_POST['option'] == 'duo_mobile_send_push_notification_for_inline_form') {
559
-
560
- initialize_inline_duo_auth_registration($current_user,$session_id);
561
- ?>
562
-
563
- <?php }?>
564
-
565
- <?php mo2f_customize_logo() ?>
566
- </div>
567
- <br>
568
- <br>
569
- </div>
570
- </div>
571
- </div>
572
- </div>
573
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
574
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
575
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
576
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
577
- </form>
578
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
581
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
582
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
583
- </form>
584
- <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
- <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
587
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
588
- <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce'); ?>" />
589
- </form>
590
- <?php if (sizeof($opt) > 1) { ?>
591
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
- <input type="hidden" name="option" value="miniorange_back_inline"/>
593
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
594
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
595
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
596
- </form>
597
- <?php } ?>
598
- <script>
599
- function mologinback(){
600
- jQuery('#mo2f_backto_mo_loginform').submit();
601
- }
602
- function moconfigureapp(){
603
- jQuery('#mo2f_inline_duo_auth_register_form').submit();
604
- }
605
- jQuery('#mo2f_inline_back_btn').click(function() {
606
- jQuery('#mo2f_goto_two_factor_form').submit();
607
- });
608
- <?php
609
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
610
- ?>
611
- <?php } ?>
612
- </script>
613
- </body>
614
- </html>
615
- <?php
616
- }
617
-
618
- function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
619
- $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
620
- $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
621
- global $Mo2fdbQueries;
622
- if(empty($data)){
623
- $user = get_user_by('ID',$current_user_id);
624
- if(!MO2F_IS_ONPREM){
625
- if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
626
- Miniorange_Authentication::mo2f_get_GA_parameters($user);
627
- }
628
- $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
629
- $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
630
- $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
631
- MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $mo2f_google_auth['ga_secret']);
632
- MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
633
- }else{
634
- include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR . 'handler'.DIRECTORY_SEPARATOR . 'twofa'. DIRECTORY_SEPARATOR . 'gaonprem.php';
635
- $gauth_obj = new Google_auth_onpremise();
636
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user->ID);
637
- $onpremise_secret = $gauth_obj->createSecret();
638
- $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
639
- $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
640
- $data = $url;
641
- MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $onpremise_secret);
642
- MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $url);
643
-
644
- }
645
- }
646
- ?>
647
- <html>
648
- <head> <meta charset="utf-8"/>
649
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
650
- <meta name="viewport" content="width=device-width, initial-scale=1">
651
- <?php
652
- mo2f_inline_css_and_js();
653
- ?>
654
- </head>
655
- <style>
656
- * {
657
- box-sizing: border-box;
658
- }
659
- [class*="mcol-"] {
660
- float: left;
661
- padding: 15px;
662
- }
663
- /* For desktop: */
664
- .mcol-1 {width: 50%;}
665
- .mcol-2 {width: 50%;}
666
- @media only screen and (max-width: 768px) {
667
- /* For mobile phones: */
668
- [class*="mcol-"] {
669
- width: 100%;
670
- }
671
- }
672
- </style>
673
- <body>
674
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
675
- <div class="mo2f-modal-backdrop"></div>
676
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
677
- <div class="login mo_customer_validation-modal-content">
678
- <div class="mo2f_modal-header">
679
- <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
680
- <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
681
- </div>
682
- <div class="mo2f_modal-body">
683
- <?php
684
-
685
- $current_user = get_userdata($current_user_id);
686
- $opt=fetch_methods($current_user);
687
- ?>
688
- <?php if(isset($login_message) && !empty($login_message)) { ?>
689
- <div id="otpMessage"
690
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
691
- >
692
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
693
- </div>
694
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
695
- <?php } ?>
696
- <div class="mcol-1">
697
- <div id="mo2f_choose_app_tour">
698
- <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
699
-
700
- <select id="authenticator_type">
701
- <option value="google_authenticator">Google Authenticator</option>
702
- <option value="msft_authenticator">Microsoft Authenticator</option>
703
- <option value="authy_authenticator">Authy Authenticator</option>
704
- <option value="last_pass_auth">LastPass Authenticator</option>
705
- <option value="free_otp_auth">FreeOTP Authenticator</option>
706
- <option value="duo_auth">Duo Mobile Authenticator</option>
707
- </select>
708
- <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
709
- <span id="links_to_apps">
710
- <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
711
- <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
712
-
713
- </span>
714
- </div>
715
- </div>
716
- <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
717
- <ol>
718
- <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
719
- <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
720
- <br>
721
- <?php if(MO2F_IS_ONPREM){ ?>
722
- <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
723
- <?php
724
-
725
- } else{ ?>
726
- <div style="margin-left: 14%;">
727
- <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
728
- <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
729
- </div>
730
- </div>
731
- <?php }
732
- ?>
733
- <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
734
-
735
- </ol>
736
- <div id="mo2f_scanbarcode_a" hidden>
737
- <ol >
738
- <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
739
- <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
740
- <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
741
- <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
742
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
743
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
744
- <?php echo $ga_secret; ?>
745
- </div>
746
- <div style="font-size: 80%;color: #666666;">
747
- <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
748
- </div>
749
- </div>
750
- <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
751
- <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
752
- </ol>
753
- </div>
754
- </div>
755
- <div class="mcol-2">
756
- <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
757
- <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
758
- <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
759
- <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
760
- <br />
761
- <input type="hidden" name="option" value="miniorange_inline_ga_validate">
762
- <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
763
- <div class="center">
764
- <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
765
- </div>
766
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
767
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
768
- <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
769
- </form>
770
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
771
- <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
772
- <input type="hidden" name="option" value="miniorange_back_inline"/>
773
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
774
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
775
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
776
- </form>
777
- </div>
778
- <br>
779
- <br>
780
- <?php mo2f_customize_logo() ?>
781
- </div>
782
- </div>
783
- </div>
784
- </div>
785
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
786
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
787
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
788
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
789
- </form>
790
- <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
791
- <input type="hidden" name="google_phone_type" />
792
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
793
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
794
- <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
795
- </form>
796
-
797
- <script>
798
- jQuery('#authenticator_type').change(function(){
799
- var auth_type = jQuery(this).val();
800
- if(auth_type == 'google_authenticator'){
801
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
802
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
803
- '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
804
- jQuery('#mo2f_change_app_name').show();
805
- jQuery('#links_to_apps').show();
806
- }else if(auth_type == 'msft_authenticator'){
807
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
808
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
809
- '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
810
- jQuery('#links_to_apps').show();
811
- }else if(auth_type == 'free_otp_auth'){
812
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
813
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
814
- '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
815
- jQuery('#links_to_apps').show();
816
- }else if(auth_type == 'duo_auth'){
817
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
818
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
819
- '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
820
- jQuery('#links_to_apps').show();
821
- }else if(auth_type == 'authy_authenticator'){
822
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
823
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
824
- '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
825
- jQuery('#links_to_apps').show();
826
- }else{
827
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
828
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
829
- '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
830
- jQuery('#mo2f_change_app_name').show();
831
- jQuery('#links_to_apps').show();
832
- }
833
- });
834
- function mologinback(){
835
- jQuery('#mo2f_backto_mo_loginform').submit();
836
- }
837
- jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
838
- var selectedPhone = jQuery(this).val();
839
- document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
840
- jQuery('#mo2f_inline_app_type_ga_form').submit();
841
- });
842
- jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
843
- jQuery("#mo2f_scanbarcode_a").toggle();
844
- });
845
- jQuery(document).ready(function() {
846
- jQuery('.mo2f_gauth').qrcode({
847
- 'render': 'image',
848
- size: 175,
849
- 'text': jQuery('.mo2f_gauth').data('qrcode')
850
- });
851
- });
852
- </script>
853
- </body>
854
- <?php
855
- echo '<head>';
856
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
857
- echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
858
- echo '</head>';
859
- }
860
-
861
- function mo2f_inline_css_and_js(){
862
- echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
863
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))). '" ></script>';
864
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
865
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))). '" />';
866
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
867
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))) . '" />';
868
- }
869
-
870
-
871
- function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
872
- $data = $qrCode;
873
-
874
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_transactionId' );
875
-
876
- $url = MO_HOST_NAME;
877
- $opt=fetch_methods($current_user);
878
- ?>
879
- <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
880
- <div class="red" style="color:#E74C3C;">
881
- <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
882
- <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
883
- <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
884
- <ol>
885
- <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
886
- <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
887
- <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
888
- </ol>
889
- </div>
890
- <table class="mo2f_settings_table">
891
- <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
892
- <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
893
- </div>
894
- </table>
895
- <center>
896
- <?php
897
- if (sizeof($opt) > 1) { ?>
898
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
899
- <?php }
900
- ?>
901
- </center>
902
- <script>
903
- jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
904
- jQuery('#mo2f_inline_configureapp_form').submit();
905
- });
906
- jQuery("#mo2f_configurePhone").empty();
907
- jQuery("#mo2f_app_div").hide();
908
- var timeout;
909
- pollInlineMobileRegistration();
910
- function pollInlineMobileRegistration()
911
- {
912
- var transId = "<?php echo $mo2f_login_transaction_id; ?>";
913
- var jsonString = "{\"txId\":\""+ transId + "\"}";
914
- var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
915
- jQuery.ajax({
916
- url: postUrl,
917
- type : "POST",
918
- dataType : "json",
919
- data : jsonString,
920
- contentType : "application/json; charset=utf-8",
921
- success : function(result) {
922
- var status = JSON.parse(JSON.stringify(result)).status;
923
- if (status == 'SUCCESS') {
924
- var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
925
- jQuery("#displayInlineQrCode").empty();
926
- jQuery("#displayInlineQrCode").append(content);
927
- setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
928
- } else if (status == 'ERROR' || status == 'FAILED') {
929
- var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
930
- jQuery("#displayInlineQrCode").empty();
931
- jQuery("#displayInlineQrCode").append(content);
932
- jQuery("#messages").empty();
933
- jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
934
- } else {
935
- timeout = setTimeout(pollInlineMobileRegistration, 3000);
936
- }
937
- }
938
- });
939
- }
940
- </script>
941
- <?php
942
- }
943
-
944
- function initialize_inline_duo_auth_registration($current_user,$session_id_encrypt){
945
-
946
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
947
- update_user_meta($user_id,'current_user_email',$current_user->user_email);
948
-
949
-
950
- $opt=fetch_methods($current_user);
951
- ?>
952
- <h3><?php echo mo2f_lt( 'Test Duo Authenticator' ); ?></h3>
953
- <hr>
954
- <div>
955
- <br>
956
- <br>
957
- <center>
958
- <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
959
- <br>
960
- <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
961
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
962
- </center>
963
-
964
- <input type="button" name="back" id="go_back" class="button button-primary button-large"
965
- value="<?php echo mo2f_lt( 'Back' ); ?>"
966
- style="margin-top:100px;margin-left:10px;"/>
967
- </div>
968
-
969
- <form name="f" method="post" action="" id="mo2f_go_back_form">
970
- <input type="hidden" name="option" value="mo2f_go_back"/>
971
- <input type="hidden" name="mo2f_go_back_nonce"
972
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
973
- </form>
974
- <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
975
- <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
976
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
977
- <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
978
- value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-success-nonce" ) ?>"/>
979
- </form>
980
- <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
981
- <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
982
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
983
- <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
984
- value="<?php echo wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" ) ?>"/>
985
- </form>
986
-
987
- <script>
988
- jQuery('#go_back').click(function () {
989
- jQuery('#mo2f_go_back_form').submit();
990
- });
991
- jQuery("#mo2f_configurePhone").empty();
992
- jQuery("#mo2f_app_div").hide();
993
- var timeout;
994
-
995
-
996
-
997
- pollMobileValidation();
998
- function pollMobileValidation() {
999
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1000
- var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
1001
- var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
1002
-
1003
- var data={
1004
- 'action':'mo2f_duo_ajax_request',
1005
- 'call_type':'check_duo_push_auth_status',
1006
- 'session_id_encrypt': session_id_encrypt,
1007
- 'nonce': nonce,
1008
-
1009
- };
1010
-
1011
- jQuery.post(ajax_url, data, function(response){
1012
-
1013
- if (response == 'SUCCESS') {
1014
- jQuery('#mo2f_inline_duo_authenticator_success_form').submit();
1015
- } else if (response == 'ERROR' || response == 'FAILED' || response == 'DENIED') {
1016
-
1017
- jQuery('#mo2f_duo_authenticator_error_form').submit();
1018
- } else {
1019
- timeout = setTimeout(pollMobileValidation, 3000);
1020
- }
1021
-
1022
- });
1023
-
1024
- }
1025
-
1026
- </script>
1027
-
1028
- <?php
1029
- }
1030
- function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1031
- $current_user = get_userdata($current_user_id);
1032
- $opt=fetch_methods($current_user);
1033
-
1034
- ?>
1035
- <html>
1036
- <head> <meta charset="utf-8"/>
1037
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1038
- <meta name="viewport" content="width=device-width, initial-scale=1">
1039
- <?php
1040
- mo2f_inline_css_and_js();
1041
- ?>
1042
- <style>
1043
- .mo2f_kba_ques, .mo2f_table_textbox{
1044
- background: whitesmoke none repeat scroll 0% 0%;
1045
- }
1046
- </style>
1047
- </head>
1048
- <body>
1049
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1050
- <div class="mo2f-modal-backdrop"></div>
1051
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1052
- <div class="login mo_customer_validation-modal-content">
1053
- <div class="mo2f_modal-header">
1054
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1055
- <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
1056
- </div>
1057
- <div class="mo2f_modal-body">
1058
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1059
- <div id="otpMessage">
1060
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
1061
- </div>
1062
- <?php } ?>
1063
- <form name="f" method="post" action="" >
1064
- <?php mo2f_configure_kba_questions(); ?>
1065
- <br />
1066
- <div class ="row">
1067
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1068
- <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1069
- <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
1070
-
1071
- </div>
1072
- </div>
1073
- <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1074
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1075
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1076
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1077
- </form>
1078
- <?php if (sizeof($opt) > 1) { ?>
1079
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
1080
- <div class ="row">
1081
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1082
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1083
- </div>
1084
- </div>
1085
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1086
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1087
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1088
- </form>
1089
- <?php } ?>
1090
-
1091
- <?php mo2f_customize_logo() ?>
1092
- </div>
1093
- </div>
1094
- </div>
1095
- </div>
1096
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1097
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1098
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1099
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1100
- </form>
1101
-
1102
- <script>
1103
- function mologinback(){
1104
- jQuery('#mo2f_backto_mo_loginform').submit();
1105
- }
1106
-
1107
- function mobackinline(){
1108
- jQuery('#mo2f_goto_two_factor_form').submit();
1109
- }
1110
- </script>
1111
- </body>
1112
- </html>
1113
- <?php
1114
- }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1115
- $current_user = get_userdata($current_user_id);
1116
- $opt=fetch_methods($current_user);
1117
- ?>
1118
- <html>
1119
- <head> <meta charset="utf-8"/>
1120
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1121
- <meta name="viewport" content="width=device-width, initial-scale=1">
1122
- <?php
1123
- mo2f_inline_css_and_js();
1124
- ?>
1125
- <style>
1126
- .mo2f_kba_ques, .mo2f_table_textbox{
1127
- background: whitesmoke none repeat scroll 0% 0%;
1128
- }
1129
- </style>
1130
- </head>
1131
- <body>
1132
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1133
- <div class="mo2f-modal-backdrop"></div>
1134
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1135
- <div class="login mo_customer_validation-modal-content">
1136
- <div class="mo2f_modal-header">
1137
- <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1138
- <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
1139
- </div>
1140
- <div class="mo2f_modal-body">
1141
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1142
- <div id="otpMessage">
1143
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1144
- </div>
1145
- <?php } ?>
1146
- <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1147
- <input type="hidden" name="option" value="miniorange_inline_register" />
1148
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1149
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1150
- <p>This method requires you to have an account with miniOrange.</p>
1151
- <table class="mo_wpns_settings_table">
1152
- <tr>
1153
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1154
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
1155
- required placeholder="person@example.com"/></td>
1156
- </tr>
1157
- <tr>
1158
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1159
- <td><input class="mo_wpns_table_textbox" required type="password"
1160
- name="password" placeholder="Choose your password (Min. length 6)" /></td>
1161
- </tr>
1162
- <tr>
1163
- <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1164
- <td><input class="mo_wpns_table_textbox" required type="password"
1165
- name="confirmPassword" placeholder="Confirm your password" /></td>
1166
- </tr>
1167
- <tr>
1168
- <td>&nbsp;</td>
1169
- <td><br><input type="submit" name="submit" value="Create Account"
1170
- class="miniorange_button" />
1171
- <a href="#mo2f_account_exist">Already have an account?</a>
1172
- </tr>
1173
- </table>
1174
- </form>
1175
- <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1176
- <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1177
- <input type="hidden" name="option" value="miniorange_inline_login"/>
1178
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1179
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1180
- <table class="mo_wpns_settings_table">
1181
- <tr>
1182
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1183
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
1184
- required placeholder="person@example.com"
1185
- /></td>
1186
- </tr>
1187
- <tr>
1188
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1189
- <td><input class="mo_wpns_table_textbox" required type="password"
1190
- name="password" placeholder="Enter your miniOrange password" /></td>
1191
- </tr>
1192
- <tr>
1193
- <td>&nbsp;</td>
1194
- <td><input type="submit" class="miniorange_button" />
1195
- <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
1196
- </tr>
1197
- </table>
1198
- </form>
1199
- <br>
1200
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
1201
- <?php mo2f_customize_logo() ?>
1202
- </div>
1203
- </div>
1204
- </div>
1205
- </div>
1206
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1207
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1208
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1209
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1210
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1211
- </form>
1212
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1213
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1214
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1215
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1216
- </form>
1217
-
1218
- <script>
1219
- jQuery('#mo2f_inline_back_btn').click(function() {
1220
- jQuery('#mo2f_goto_two_factor_form').submit();
1221
- });
1222
- jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1223
- jQuery('#mo2f_inline_login_form').show();
1224
- jQuery('#mo2f_inline_register_form').hide();
1225
- });
1226
- jQuery('#cancel_link').click(function(){
1227
- jQuery('#mo2f_inline_register_form').show();
1228
- jQuery('#mo2f_inline_login_form').hide();
1229
- });
1230
- function mologinback(){
1231
- jQuery('#mo2f_backto_mo_loginform').submit();
1232
- }
1233
- </script>
1234
- </body>
1235
- </html>
1236
- <?php
1237
- }
1238
- function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
1239
- global $Mo2fdbQueries;
1240
- ?>
1241
- <html>
1242
- <head> <meta charset="utf-8"/>
1243
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1244
- <meta name="viewport" content="width=device-width, initial-scale=1">
1245
- <?php
1246
- mo2f_inline_css_and_js();
1247
- ?>
1248
- <style>
1249
- .mo2f_kba_ques, .mo2f_table_textbox{
1250
- background: whitesmoke none repeat scroll 0% 0%;
1251
- }
1252
- </style>
1253
- </head>
1254
- <body>
1255
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1256
- <div class="mo2f-modal-backdrop"></div>
1257
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1258
- <div class="login mo_customer_validation-modal-content">
1259
- <div class="mo2f_modal-header">
1260
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1261
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1262
- </div>
1263
- <div class="mo2f_modal-body center">
1264
- <?php
1265
- global $Mo2fdbQueries;
1266
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1267
- if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1268
- $mo2f_second_factor = 'Email Verification';
1269
- }else if($mo2f_second_factor == 'SMS'){
1270
- $mo2f_second_factor = 'OTP over SMS';
1271
- }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1272
- $mo2f_second_factor = 'OTP_OVER_EMAIL';
1273
- }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1274
- $mo2f_second_factor = 'Phone Call Verification';
1275
- }else if($mo2f_second_factor == 'SOFT TOKEN'){
1276
- $mo2f_second_factor = 'Soft Token';
1277
- }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1278
- $mo2f_second_factor = 'QR Code Authentication';
1279
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1280
- $mo2f_second_factor = 'Push Notification';
1281
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1282
- if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1283
- $mo2f_second_factor = 'Google Authenticator';
1284
- }else{
1285
- $mo2f_second_factor = 'Authy 2-Factor Authentication';
1286
- }
1287
- }else if($mo2f_second_factor == 'KBA'){
1288
- $mo2f_second_factor = 'Security Questions (KBA)';
1289
- }
1290
- $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1291
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1292
-
1293
- if(get_site_option( 'mo2f_disable_kba' )!=1){
1294
- if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1295
- ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1296
- <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1297
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1298
- <div id="otpMessage">
1299
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1300
- </div>
1301
- <?php } ?>
1302
- <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1303
- <form name="f" method="post" action="" >
1304
- <?php mo2f_configure_kba_questions(); ?>
1305
- <br>
1306
- <center>
1307
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1308
- </center>
1309
- <input type="hidden" name="mo2f_inline_kba_option" />
1310
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1311
- <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
1312
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1313
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1314
- </form>
1315
- </div>
1316
- <?php }
1317
- }else{
1318
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1319
- $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1320
- $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1321
- }
1322
- if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1323
- if(get_site_option('mo2f_remember_device')!=1)
1324
- {
1325
- $pass2fa= new Miniorange_Password_2Factor_Login();
1326
- $pass2fa->mo2fa_pass2login(site_url(), $session_id);
1327
- ?>
1328
- <center>
1329
- <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1330
- <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1331
- </p>
1332
- </center>
1333
- <br>
1334
- <center>
1335
- <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1336
- <br>
1337
- </center>
1338
- <?php
1339
- }else{
1340
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
1341
- $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1342
- mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1343
- }
1344
- }
1345
- mo2f_customize_logo() ?>
1346
- </div>
1347
- </div>
1348
- </div>
1349
- </div>
1350
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1351
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1352
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1353
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1354
- </form>
1355
-
1356
- <script>
1357
- function mologinback(){
1358
- jQuery('#mo2f_backto_mo_loginform').submit();
1359
- }
1360
- </script>
1361
- </body>
1362
- </html>
1363
- <?php
1364
- }
1365
-
1366
- function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
1367
- $current_user = get_userdata($current_user_id);
1368
- $opt=fetch_methods($current_user);
1369
- global $Mo2fdbQueries;
1370
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1371
- $current_user = get_userdata($current_user_id);
1372
- $email = $current_user->user_email;
1373
- ?>
1374
- <html>
1375
- <head> <meta charset="utf-8"/>
1376
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1377
- <meta name="viewport" content="width=device-width, initial-scale=1">
1378
- <?php
1379
- mo2f_inline_css_and_js();
1380
-
1381
- echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))) . '" ></script>';
1382
- echo '<script src="' . plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))). '" ></script>';
1383
- echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
1384
- ?>
1385
- </head>
1386
- <body>
1387
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1388
- <div class="mo2f-modal-backdrop"></div>
1389
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1390
- <div class="login mo_customer_validation-modal-content">
1391
- <div class="mo2f_modal-header">
1392
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1393
- <?php
1394
- if($current_selected_method == 'SMS AND EMAIL'){?>
1395
- <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1396
- <?php }
1397
- else if($current_selected_method == 'OTP Over Telegram')
1398
- {
1399
- echo __('Verify Your Telegram Details', 'miniorange-2-factor-authentication');
1400
- }
1401
- else if($current_selected_method == 'OTP OVER EMAIL'){
1402
- ?>
1403
- <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1404
- <?php }
1405
- else{
1406
- ?>
1407
- <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1408
- <?php } ?>
1409
- </div>
1410
- <div class="mo2f_modal-body">
1411
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1412
- <div id="otpMessage"
1413
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1414
- >
1415
- <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
1416
- </div>
1417
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
1418
- <?php } ?>
1419
- <div class="mo2f_row">
1420
- <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1421
- <p>
1422
- <?php
1423
- if($current_selected_method == 'SMS AND EMAIL'){?>
1424
- <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1425
- <?php
1426
- }else if($current_selected_method == 'OTP OVER EMAIL'){
1427
- //no message
1428
- }else if($current_selected_method == 'OTP Over Telegram')
1429
- {
1430
- echo __('1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message', 'miniorange-2-factor-authentication');
1431
- echo "<br><br><br>";
1432
- echo __('2. Enter the recieved Chat ID here below::', 'miniorange-2-factor-authentication');
1433
- $chat_id = get_user_meta($current_user_id,'mo2f_chat_id',true);
1434
-
1435
- if($chat_id == '')
1436
- $chat_id = get_user_meta($current_user_id,'mo2f_temp_chatID',true);
1437
-
1438
- ?>
1439
- <input type="text" name="verify_chatID" id="chatID"
1440
- value="<?php echo $chat_id; ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter chat ID without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1441
-
1442
- <?php
1443
- echo "<br>";
1444
-
1445
- }
1446
- else{
1447
- ?>
1448
- <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1449
- <?php }
1450
- if(!($current_selected_method == 'OTP OVER EMAIL') and $current_selected_method !='OTP Over Telegram'and $current_selected_method !='OTP Over Whatsapp'){
1451
- ?>
1452
- <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1453
- value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1454
- <?php } ?>
1455
- <?php
1456
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1457
- if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1458
- <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1459
- value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1460
- <?php } ?>
1461
- <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1462
- <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1463
- <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1464
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1465
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1466
- </form>
1467
- </div>
1468
- <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1469
- <p>
1470
- <?php
1471
- if($current_selected_method == 'SMS AND EMAIL'){?>
1472
- <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1473
- <?php }
1474
- else{
1475
- ?>
1476
- <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1477
- <?php } ?>
1478
- <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1479
- <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1480
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1481
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1482
- <?php } else if($current_selected_method != 'OTP Over Telegram'){
1483
- ?>
1484
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1485
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1486
- <?php } ?>
1487
- <br /><br />
1488
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1489
- <?php if (sizeof($opt) > 1) { ?>
1490
-
1491
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1492
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1493
- <?php } ?>
1494
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1495
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1496
- <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1497
- <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1498
- </form>
1499
- <?php mo2f_customize_logo() ?>
1500
- </div>
1501
- </div>
1502
- </div>
1503
- </div>
1504
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1505
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1506
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1507
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1508
- </form>
1509
- <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1510
- <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1511
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1512
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1513
- </form>
1514
- <?php if (sizeof($opt) > 1) { ?>
1515
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1516
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1517
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1518
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1519
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1520
- </form>
1521
- <?php } ?>
1522
- <script>
1523
- jQuery("#phone").intlTelInput();
1524
- function mologinback(){
1525
- jQuery('#mo2f_backto_mo_loginform').submit();
1526
- }
1527
- jQuery('#mo2f_inline_back_btn').click(function() {
1528
- jQuery('#mo2f_goto_two_factor_form').submit();
1529
- });
1530
- jQuery('a[href="#resendsmslink"]').click(function(e) {
1531
- jQuery('#mo2fa_inline_resend_otp_form').submit();
1532
- });
1533
- </script>
1534
- </body>
1535
-
1536
- </html>
1537
- <?php
1538
  }
1
+ <?php
2
+ function fetch_methods($current_user = null){
3
+ $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
4
+ if(!is_null($current_user) && ($current_user->roles[0] != 'administrator') && !mo2f_is_customer_registered()){
5
+ $methods = array("GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
6
+ }
7
+ if(get_site_option('duo_credentials_save_successfully'))
8
+ array_push($methods,"DUO");
9
+ return $methods;
10
+ }
11
+
12
+ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
13
+
14
+ global $Mo2fdbQueries;
15
+ $current_user = get_userdata($current_user_id);
16
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
17
+
18
+ if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
19
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
20
+ prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
21
+ else
22
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
23
+ }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
24
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
25
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
26
+ else
27
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
28
+ }else if($current_selected_method == 'OTP Over Telegram' or $current_selected_method == 'OTP OVER TELEGRAM')
29
+ {
30
+ $current_selected_method = 'OTP Over Telegram';
31
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
32
+ }
33
+ else if($current_selected_method == 'Duo Authenticator'){
34
+ prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
35
+ }
36
+ else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
37
+ prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
38
+ }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
39
+ prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
40
+ }else if($current_selected_method == 'KBA' ){
41
+ prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
42
+ }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
43
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
44
+ if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
45
+ if(!MO2F_IS_ONPREM)
46
+ {
47
+ $current_user = get_userdata($current_user_id);
48
+ $email = $current_user->user_email;
49
+ $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
50
+ if(isset($tempEmail) and $tempEmail != '')
51
+ $email = $tempEmail;
52
+ create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
53
+ }
54
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
55
+ $pass2fa= new Miniorange_Password_2Factor_Login();
56
+ $pass2fa->mo2fa_pass2login($redirect_to, $session_id);
57
+ }
58
+ prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
59
+ }else{
60
+ $current_user = get_userdata($current_user_id);
61
+ if(isset($current_user->roles[0]))
62
+ $current_user_role=$current_user->roles[0];
63
+ $opt=fetch_methods($current_user);
64
+ ?>
65
+ <html>
66
+ <head>
67
+ <meta charset="utf-8"/>
68
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
69
+ <meta name="viewport" content="width=device-width, initial-scale=1">
70
+ <?php
71
+ mo2f_inline_css_and_js();
72
+ ?>
73
+ </head>
74
+ <body>
75
+ <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
76
+ <div class="mo2f-modal-backdrop"></div>
77
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
78
+ <div class="login mo_customer_validation-modal-content">
79
+ <div class="mo2f_modal-header">
80
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
81
+
82
+ <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
83
+ </div>
84
+ <div class="mo2f_modal-body">
85
+ <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
86
+ if(isset($login_message) && !empty($login_message)) {
87
+ echo '<br><br>';
88
+
89
+ ?>
90
+
91
+ <div id="otpMessage">
92
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
93
+ </div>
94
+ <?php }else
95
+ echo '<br>';
96
+ ?>
97
+
98
+ <br>
99
+ <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
100
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
101
+ <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
102
+ <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
103
+ (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
104
+ </label>
105
+ <br>
106
+ </span>
107
+ <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
108
+ <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
109
+ <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
110
+ <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
111
+ </label>
112
+ <br>
113
+ </span>
114
+ <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
115
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
116
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
117
+ <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
118
+ </label>
119
+ <br>
120
+ </span>
121
+ <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
122
+ <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
123
+ <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
124
+ <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
125
+ </label>
126
+ <br>
127
+ </span>
128
+ <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
129
+ <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
130
+ <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
131
+ <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
132
+ </label>
133
+ <br>
134
+ </span>
135
+ <span class="<?php if( !(in_array("OTP OVER TELEGRAM", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
136
+ <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
137
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER TELEGRAM" />
138
+ <?php echo __('OTP Over TELEGRAM', 'miniorange-2-factor-authentication'); ?>
139
+ </label>
140
+ <br>
141
+ </span>
142
+ <span class="<?php if( !(in_array("OTP OVER WHATSAPP", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
143
+ <label title="<?php echo __('You will get an OTP on your WHATSAPP app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
144
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER WHATSAPP" />
145
+ <?php echo __('OTP Over WHATSAPP', 'miniorange-2-factor-authentication'); ?>
146
+ </label>
147
+ <br>
148
+ </span>
149
+ <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
150
+ <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
151
+ <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
152
+ <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
153
+ </label>
154
+ <br>
155
+ </span>
156
+ <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
157
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
158
+ <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
159
+ <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
160
+ </label>
161
+ <br>
162
+ </span>
163
+ <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
164
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
165
+ <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
166
+ <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
167
+ </label>
168
+ <br>
169
+ </span>
170
+ <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
171
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
172
+ <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
173
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
174
+ </label>
175
+ <br>
176
+ </span>
177
+ <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
178
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
179
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
180
+ <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
181
+ </label>
182
+ <br>
183
+ </span>
184
+ <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
185
+ <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
186
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
187
+ <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
188
+ </label>
189
+ <br>
190
+ </span>
191
+ <span class="<?php if( !(in_array("DUO", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
192
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
193
+ <input type="radio" name="mo2f_selected_2factor_method" value=" DUO PUSH NOTIFICATIONS" />
194
+ <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
195
+ </label>
196
+ <br>
197
+ </span>
198
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
199
+ <br />
200
+ <?php mo2f_customize_logo() ?>
201
+ </div>
202
+ </div>
203
+ </div>
204
+ </div>
205
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
206
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
207
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
208
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
209
+ </form>
210
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
+ <input type="hidden" name="mo2f_selected_2factor_method" />
212
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
213
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
215
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
216
+ </form>
217
+
218
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
+ <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
+ <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
221
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
222
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
223
+ </form>
224
+
225
+ <script>
226
+ function mologinback(){
227
+ jQuery('#mo2f_backto_mo_loginform').submit();
228
+ }
229
+ jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
230
+ var selectedMethod = jQuery(this).val();
231
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
232
+ jQuery('#mo2f_select_2fa_methods_form').submit();
233
+ });
234
+ jQuery('a[href="#skiptwofactor"]').click(function(e) {
235
+
236
+ jQuery('#mo2f_skip_loginform').submit();
237
+ });
238
+ </script>
239
+ </body>
240
+ </html>
241
+ <?php
242
+ }
243
+ }
244
+
245
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
246
+ {
247
+
248
+ global $Mo2fdbQueries;
249
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
250
+ if(isset($mo2f_user_email) and $mo2f_user_email != '')
251
+ $email = $mo2f_user_email;
252
+
253
+ $current_user = get_userdata($current_user_id);
254
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
255
+ $email = get_option('mo2f_email');
256
+
257
+ $enduser = new Two_Factor_Setup();
258
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
259
+
260
+ if(json_last_error() == JSON_ERROR_NONE){
261
+
262
+ if($check_user['status'] == 'ERROR'){
263
+ return Mo2fConstants:: langTranslate( $check_user['message']);
264
+
265
+ }
266
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
267
+
268
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
269
+ 'user_registration_with_miniorange' =>'SUCCESS',
270
+ 'mo2f_user_email' =>$email,
271
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
272
+ ) );
273
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
274
+
275
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
276
+ }
277
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
278
+
279
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
280
+ if(json_last_error() == JSON_ERROR_NONE) {
281
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
282
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
283
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
284
+ 'user_registration_with_miniorange' =>'SUCCESS',
285
+ 'mo2f_user_email' =>$email,
286
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
287
+ ) );
288
+
289
+ $mo2fa_login_message = '';
290
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
291
+ }
292
+ }
293
+
294
+
295
+ }
296
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
297
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
298
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
299
+ mo2f_inline_email_form($email,$current_user_id);
300
+ exit;
301
+ }
302
+
303
+ }
304
+
305
+ }
306
+
307
+ function mo2f_inline_email_form($email,$current_user_id)
308
+ {
309
+ ?>
310
+ <html>
311
+ <head>
312
+ <meta charset="utf-8"/>
313
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
314
+ <meta name="viewport" content="width=device-width, initial-scale=1">
315
+ <?php
316
+ mo2f_inline_css_and_js();
317
+ ?>
318
+ </head>
319
+ <body>
320
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
321
+ <div class="mo2f-modal-backdrop"></div>
322
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
323
+ <div class="login mo_customer_validation-modal-content">
324
+ <div class="mo2f_modal-header">
325
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
326
+ <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
327
+ </div>
328
+ <div class="mo2f_modal-body">
329
+ <form action="" method="post" name="f">
330
+ <p>The Email assoicated with your account is already registered in miniOrange. Please use a different email address or contact miniOrange.
331
+ </p><br>
332
+ <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
333
+ <br>
334
+ <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
+ <br>
336
+ <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
337
+ <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
+ <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
340
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
341
+ </form>
342
+ <br>
343
+ <?php mo2f_customize_logo() ?>
344
+ </div>
345
+ </div>
346
+ </div>
347
+ </div>
348
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
350
+ </form>
351
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
+ <input type="hidden" name="mo2f_selected_2factor_method" />
353
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
354
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
356
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
357
+ </form>
358
+ <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
+ <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
361
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
362
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
363
+ </form>
364
+ <?php } ?>
365
+
366
+ <script type="text/javascript">
367
+ jQuery('#save_entered_email_inlinecloud1').click(function(){
368
+ var email = jQuery('#emailInlineCloud').val();
369
+ var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
370
+ var data = {
371
+ 'action' : 'mo_two_factor_ajax',
372
+ 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
373
+ 'email' : email,
374
+ 'nonce' : nonce
375
+
376
+ };
377
+
378
+ var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
379
+
380
+
381
+ jQuery.post(ajaxurl, data, function(response) {
382
+
383
+ if(response == 'alreadyExist')
384
+ {
385
+ jQuery('#emailalredyused').show();
386
+ }
387
+ else if(response =='USERCANBECREATED')
388
+ {
389
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
390
+ jQuery('#mo2f_select_2fa_methods_form').submit();
391
+ }
392
+ });
393
+
394
+ });
395
+
396
+
397
+ </script>
398
+ </body>
399
+
400
+ <?php
401
+ }
402
+ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
403
+
404
+ global $Mo2fdbQueries;
405
+ if(isset($qrCode)){
406
+ $qrCodedata = $qrCode['mo2f-login-qrCode'];
407
+ $showqrCode = $qrCode['mo2f_show_qr_code'];
408
+ }
409
+ $current_user = get_userdata($current_user_id);
410
+ $email = $current_user->user_email;
411
+
412
+ $opt=fetch_methods($current_user);
413
+
414
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
415
+ ?>
416
+ <html>
417
+ <head> <meta charset="utf-8"/>
418
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
419
+ <meta name="viewport" content="width=device-width, initial-scale=1">
420
+ <?php
421
+ mo2f_inline_css_and_js();
422
+ ?>
423
+ </head>
424
+ <body>
425
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
426
+ <div class="mo2f-modal-backdrop"></div>
427
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
428
+ <div class="login mo_customer_validation-modal-content">
429
+ <div class="mo2f_modal-header">
430
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
431
+ <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
432
+ </div>
433
+ <div class="mo2f_modal-body">
434
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
435
+
436
+ <div id="otpMessage">
437
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
438
+ </div>
439
+ <?php } ?>
440
+ <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
441
+ <div class="mo_margin_left">
442
+ <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
443
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
444
+ <center>
445
+ <?php if (sizeof($opt) > 1) { ?>
446
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
447
+ <?php } ?>
448
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
449
+ </center>
450
+ </div>
451
+ <?php
452
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
453
+ initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
454
+ <?php } ?>
455
+
456
+ <?php mo2f_customize_logo() ?>
457
+ </div>
458
+ <br>
459
+ <br>
460
+ </div>
461
+ </div>
462
+ </div>
463
+ </div>
464
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
466
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
467
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
468
+ </form>
469
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
472
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
473
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
474
+ </form>
475
+ <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
+ <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
478
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
479
+ <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
480
+ </form>
481
+ <?php if (sizeof($opt) > 1) { ?>
482
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
484
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
485
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
486
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
487
+ </form>
488
+ <?php } ?>
489
+ <script>
490
+ function mologinback(){
491
+ jQuery('#mo2f_backto_mo_loginform').submit();
492
+ }
493
+ function moconfigureapp(){
494
+ jQuery('#mo2f_inline_configureapp_form').submit();
495
+ }
496
+ jQuery('#mo2f_inline_back_btn').click(function() {
497
+ jQuery('#mo2f_goto_two_factor_form').submit();
498
+ });
499
+ <?php
500
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
501
+ ?>
502
+ <?php } ?>
503
+ </script>
504
+ </body>
505
+ </html>
506
+ <?php
507
+ }
508
+ function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
509
+ global $Mo2fdbQueries;
510
+ $current_user = get_userdata($current_user_id);
511
+ $email = $current_user->user_email;
512
+ $opt=fetch_methods($current_user);
513
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
514
+
515
+ ?>
516
+ <html>
517
+ <head> <meta charset="utf-8"/>
518
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
519
+ <meta name="viewport" content="width=device-width, initial-scale=1">
520
+ <?php
521
+ mo2f_inline_css_and_js();
522
+ ?>
523
+ </head>
524
+ <body>
525
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
526
+ <div class="mo2f-modal-backdrop"></div>
527
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
528
+ <div class="login mo_customer_validation-modal-content">
529
+ <div class="mo2f_modal-header">
530
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
531
+ <?php echo __('Setup Duo', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
532
+ </div>
533
+ <div class="mo2f_modal-body">
534
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
535
+
536
+ <div id="otpMessage">
537
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
538
+ </div>
539
+ <?php } ?>
540
+ <div style="margin-right:7px;"><?php mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registration_status);
541
+
542
+ ?></div>
543
+ <div class="mo_margin_left">
544
+ <h3><?php echo __('Step-2 : Setup Duo Push Notification', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
545
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to setup duo push notification.', 'miniorange-2-factor-authentication'); ?></h4>
546
+ <center>
547
+ <?php if (sizeof($opt) > 1) { ?>
548
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
549
+ <?php } ?>
550
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
551
+ </center>
552
+ </div>
553
+ <?php
554
+
555
+ if(isset($_POST['option']) && $_POST['option'] =='miniorange_inline_duo_auth_mobile_complete'){
556
+ go_for_user_enroll_on_duo($current_user,$session_id);
557
+ ?>
558
+ <?php }else if(isset($_POST['option']) && $_POST['option'] == 'duo_mobile_send_push_notification_for_inline_form') {
559
+
560
+ initialize_inline_duo_auth_registration($current_user,$session_id);
561
+ ?>
562
+
563
+ <?php }?>
564
+
565
+ <?php mo2f_customize_logo() ?>
566
+ </div>
567
+ <br>
568
+ <br>
569
+ </div>
570
+ </div>
571
+ </div>
572
+ </div>
573
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
574
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
575
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
576
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
577
+ </form>
578
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
581
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
582
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
583
+ </form>
584
+ <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
+ <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
587
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
588
+ <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce'); ?>" />
589
+ </form>
590
+ <?php if (sizeof($opt) > 1) { ?>
591
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
593
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
594
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
595
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
596
+ </form>
597
+ <?php } ?>
598
+ <script>
599
+ function mologinback(){
600
+ jQuery('#mo2f_backto_mo_loginform').submit();
601
+ }
602
+ function moconfigureapp(){
603
+ jQuery('#mo2f_inline_duo_auth_register_form').submit();
604
+ }
605
+ jQuery('#mo2f_inline_back_btn').click(function() {
606
+ jQuery('#mo2f_goto_two_factor_form').submit();
607
+ });
608
+ <?php
609
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
610
+ ?>
611
+ <?php } ?>
612
+ </script>
613
+ </body>
614
+ </html>
615
+ <?php
616
+ }
617
+
618
+ function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
619
+ $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
620
+ $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
621
+ global $Mo2fdbQueries;
622
+ if(empty($data)){
623
+ $user = get_user_by('ID',$current_user_id);
624
+ if(!MO2F_IS_ONPREM){
625
+ if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
626
+ Miniorange_Authentication::mo2f_get_GA_parameters($user);
627
+ }
628
+ $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
629
+ $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
630
+ $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
631
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $mo2f_google_auth['ga_secret']);
632
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
633
+ }else{
634
+ include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR . 'handler'.DIRECTORY_SEPARATOR . 'twofa'. DIRECTORY_SEPARATOR . 'gaonprem.php';
635
+ $gauth_obj = new Google_auth_onpremise();
636
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user->ID);
637
+ $onpremise_secret = $gauth_obj->createSecret();
638
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
639
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
640
+ $data = $url;
641
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $onpremise_secret);
642
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $url);
643
+
644
+ }
645
+ }
646
+ ?>
647
+ <html>
648
+ <head> <meta charset="utf-8"/>
649
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
650
+ <meta name="viewport" content="width=device-width, initial-scale=1">
651
+ <?php
652
+ mo2f_inline_css_and_js();
653
+ ?>
654
+ </head>
655
+ <style>
656
+ * {
657
+ box-sizing: border-box;
658
+ }
659
+ [class*="mcol-"] {
660
+ float: left;
661
+ padding: 15px;
662
+ }
663
+ /* For desktop: */
664
+ .mcol-1 {width: 50%;}
665
+ .mcol-2 {width: 50%;}
666
+ @media only screen and (max-width: 768px) {
667
+ /* For mobile phones: */
668
+ [class*="mcol-"] {
669
+ width: 100%;
670
+ }
671
+ }
672
+ </style>
673
+ <body>
674
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
675
+ <div class="mo2f-modal-backdrop"></div>
676
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
677
+ <div class="login mo_customer_validation-modal-content">
678
+ <div class="mo2f_modal-header">
679
+ <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
680
+ <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
681
+ </div>
682
+ <div class="mo2f_modal-body">
683
+ <?php
684
+
685
+ $current_user = get_userdata($current_user_id);
686
+ $opt=fetch_methods($current_user);
687
+ ?>
688
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
689
+ <div id="otpMessage"
690
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
691
+ >
692
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
693
+ </div>
694
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
695
+ <?php } ?>
696
+ <div class="mcol-1">
697
+ <div id="mo2f_choose_app_tour">
698
+ <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
699
+
700
+ <select id="authenticator_type">
701
+ <option value="google_authenticator">Google Authenticator</option>
702
+ <option value="msft_authenticator">Microsoft Authenticator</option>
703
+ <option value="authy_authenticator">Authy Authenticator</option>
704
+ <option value="last_pass_auth">LastPass Authenticator</option>
705
+ <option value="free_otp_auth">FreeOTP Authenticator</option>
706
+ <option value="duo_auth">Duo Mobile Authenticator</option>
707
+ </select>
708
+ <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
709
+ <span id="links_to_apps">
710
+ <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
711
+ <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
712
+
713
+ </span>
714
+ </div>
715
+ </div>
716
+ <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
717
+ <ol>
718
+ <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
719
+ <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
720
+ <br>
721
+ <?php if(MO2F_IS_ONPREM){ ?>
722
+ <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
723
+ <?php
724
+
725
+ } else{ ?>
726
+ <div style="margin-left: 14%;">
727
+ <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
728
+ <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
729
+ </div>
730
+ </div>
731
+ <?php }
732
+ ?>
733
+ <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
734
+
735
+ </ol>
736
+ <div id="mo2f_scanbarcode_a" hidden>
737
+ <ol >
738
+ <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
739
+ <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
740
+ <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
741
+ <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
742
+ <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
743
+ <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
744
+ <?php echo $ga_secret; ?>
745
+ </div>
746
+ <div style="font-size: 80%;color: #666666;">
747
+ <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
748
+ </div>
749
+ </div>
750
+ <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
751
+ <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
752
+ </ol>
753
+ </div>
754
+ </div>
755
+ <div class="mcol-2">
756
+ <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
757
+ <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
758
+ <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
759
+ <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
760
+ <br />
761
+ <input type="hidden" name="option" value="miniorange_inline_ga_validate">
762
+ <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
763
+ <div class="center">
764
+ <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
765
+ </div>
766
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
767
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
768
+ <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
769
+ </form>
770
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
771
+ <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
772
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
773
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
774
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
775
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
776
+ </form>
777
+ </div>
778
+ <br>
779
+ <br>
780
+ <?php mo2f_customize_logo() ?>
781
+ </div>
782
+ </div>
783
+ </div>
784
+ </div>
785
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
786
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
787
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
788
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
789
+ </form>
790
+ <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
791
+ <input type="hidden" name="google_phone_type" />
792
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
793
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
794
+ <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
795
+ </form>
796
+
797
+ <script>
798
+ jQuery('#authenticator_type').change(function(){
799
+ var auth_type = jQuery(this).val();
800
+ if(auth_type == 'google_authenticator'){
801
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
802
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
803
+ '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
804
+ jQuery('#mo2f_change_app_name').show();
805
+ jQuery('#links_to_apps').show();
806
+ }else if(auth_type == 'msft_authenticator'){
807
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
808
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
809
+ '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
810
+ jQuery('#links_to_apps').show();
811
+ }else if(auth_type == 'free_otp_auth'){
812
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
813
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
814
+ '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
815
+ jQuery('#links_to_apps').show();
816
+ }else if(auth_type == 'duo_auth'){
817
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
818
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
819
+ '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
820
+ jQuery('#links_to_apps').show();
821
+ }else if(auth_type == 'authy_authenticator'){
822
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
823
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
824
+ '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
825
+ jQuery('#links_to_apps').show();
826
+ }else{
827
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
828
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
829
+ '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
830
+ jQuery('#mo2f_change_app_name').show();
831
+ jQuery('#links_to_apps').show();
832
+ }
833
+ });
834
+ function mologinback(){
835
+ jQuery('#mo2f_backto_mo_loginform').submit();
836
+ }
837
+ jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
838
+ var selectedPhone = jQuery(this).val();
839
+ document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
840
+ jQuery('#mo2f_inline_app_type_ga_form').submit();
841
+ });
842
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
843
+ jQuery("#mo2f_scanbarcode_a").toggle();
844
+ });
845
+ jQuery(document).ready(function() {
846
+ jQuery('.mo2f_gauth').qrcode({
847
+ 'render': 'image',
848
+ size: 175,
849
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
850
+ });
851
+ });
852
+ </script>
853
+ </body>
854
+ <?php
855
+ echo '<head>';
856
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))).'"></script>';
857
+ echo '<script type="text/javascript" src="'.plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))).'"></script>';
858
+ echo '</head>';
859
+ }
860
+
861
+ function mo2f_inline_css_and_js(){
862
+ echo '<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>';
863
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))). '" ></script>';
864
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))) . '" />';
865
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))). '" />';
866
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))). '" />';
867
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))) . '" />';
868
+ }
869
+
870
+
871
+ function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
872
+ $data = $qrCode;
873
+
874
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_transactionId' );
875
+
876
+ $url = MO_HOST_NAME;
877
+ $opt=fetch_methods($current_user);
878
+ ?>
879
+ <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
880
+ <div class="red" style="color:#E74C3C;">
881
+ <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
882
+ <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
883
+ <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
884
+ <ol>
885
+ <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
886
+ <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
887
+ <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
888
+ </ol>
889
+ </div>
890
+ <table class="mo2f_settings_table">
891
+ <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
892
+ <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
893
+ </div>
894
+ </table>
895
+ <center>
896
+ <?php
897
+ if (sizeof($opt) > 1) { ?>
898
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
899
+ <?php }
900
+ ?>
901
+ </center>
902
+ <script>
903
+ jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
904
+ jQuery('#mo2f_inline_configureapp_form').submit();
905
+ });
906
+ jQuery("#mo2f_configurePhone").empty();
907
+ jQuery("#mo2f_app_div").hide();
908
+ var timeout;
909
+ pollInlineMobileRegistration();
910
+ function pollInlineMobileRegistration()
911
+ {
912
+ var transId = "<?php echo $mo2f_login_transaction_id; ?>";
913
+ var jsonString = "{\"txId\":\""+ transId + "\"}";
914
+ var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
915
+ jQuery.ajax({
916
+ url: postUrl,
917
+ type : "POST",
918
+ dataType : "json",
919
+ data : jsonString,
920
+ contentType : "application/json; charset=utf-8",
921
+ success : function(result) {
922
+ var status = JSON.parse(JSON.stringify(result)).status;
923
+ if (status == 'SUCCESS') {
924
+ var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
925
+ jQuery("#displayInlineQrCode").empty();
926
+ jQuery("#displayInlineQrCode").append(content);
927
+ setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
928
+ } else if (status == 'ERROR' || status == 'FAILED') {
929
+ var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
930
+ jQuery("#displayInlineQrCode").empty();
931
+ jQuery("#displayInlineQrCode").append(content);
932
+ jQuery("#messages").empty();
933
+ jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
934
+ } else {
935
+ timeout = setTimeout(pollInlineMobileRegistration, 3000);
936
+ }
937
+ }
938
+ });
939
+ }
940
+ </script>
941
+ <?php
942
+ }
943
+
944
+ function initialize_inline_duo_auth_registration($current_user,$session_id_encrypt){
945
+
946
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
947
+ update_user_meta($user_id,'current_user_email',$current_user->user_email);
948
+
949
+
950
+ $opt=fetch_methods($current_user);
951
+ ?>
952
+ <h3><?php echo mo2f_lt( 'Test Duo Authenticator' ); ?></h3>
953
+ <hr>
954
+ <div>
955
+ <br>
956
+ <br>
957
+ <center>
958
+ <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
959
+ <br>
960
+ <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
961
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
962
+ </center>
963
+
964
+ <input type="button" name="back" id="go_back" class="button button-primary button-large"
965
+ value="<?php echo mo2f_lt( 'Back' ); ?>"
966
+ style="margin-top:100px;margin-left:10px;"/>
967
+ </div>
968
+
969
+ <form name="f" method="post" action="" id="mo2f_go_back_form">
970
+ <input type="hidden" name="option" value="mo2f_go_back"/>
971
+ <input type="hidden" name="mo2f_go_back_nonce"
972
+ value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
973
+ </form>
974
+ <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
975
+ <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
976
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
977
+ <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
978
+ value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-success-nonce" ) ?>"/>
979
+ </form>
980
+ <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
981
+ <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
982
+ <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
983
+ <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
984
+ value="<?php echo wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" ) ?>"/>
985
+ </form>
986
+
987
+ <script>
988
+ jQuery('#go_back').click(function () {
989
+ jQuery('#mo2f_go_back_form').submit();
990
+ });
991
+ jQuery("#mo2f_configurePhone").empty();
992
+ jQuery("#mo2f_app_div").hide();
993
+ var timeout;
994
+
995
+
996
+
997
+ pollMobileValidation();
998
+ function pollMobileValidation() {
999
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1000
+ var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
1001
+ var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
1002
+
1003
+ var data={
1004
+ 'action':'mo2f_duo_ajax_request',
1005
+ 'call_type':'check_duo_push_auth_status',
1006
+ 'session_id_encrypt': session_id_encrypt,
1007
+ 'nonce': nonce,
1008
+
1009
+ };
1010
+
1011
+ jQuery.post(ajax_url, data, function(response){
1012
+
1013
+ if (response == 'SUCCESS') {
1014
+ jQuery('#mo2f_inline_duo_authenticator_success_form').submit();
1015
+ } else if (response == 'ERROR' || response == 'FAILED' || response == 'DENIED') {
1016
+
1017
+ jQuery('#mo2f_duo_authenticator_error_form').submit();
1018
+ } else {
1019
+ timeout = setTimeout(pollMobileValidation, 3000);
1020
+ }
1021
+
1022
+ });
1023
+
1024
+ }
1025
+
1026
+ </script>
1027
+
1028
+ <?php
1029
+ }
1030
+ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1031
+ $current_user = get_userdata($current_user_id);
1032
+ $opt=fetch_methods($current_user);
1033
+
1034
+ ?>
1035
+ <html>
1036
+ <head> <meta charset="utf-8"/>
1037
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1038
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1039
+ <?php
1040
+ mo2f_inline_css_and_js();
1041
+ ?>
1042
+ <style>
1043
+ .mo2f_kba_ques, .mo2f_table_textbox{
1044
+ background: whitesmoke none repeat scroll 0% 0%;
1045
+ }
1046
+ </style>
1047
+ </head>
1048
+ <body>
1049
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1050
+ <div class="mo2f-modal-backdrop"></div>
1051
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1052
+ <div class="login mo_customer_validation-modal-content">
1053
+ <div class="mo2f_modal-header">
1054
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1055
+ <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
1056
+ </div>
1057
+ <div class="mo2f_modal-body">
1058
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1059
+ <div id="otpMessage">
1060
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
1061
+ </div>
1062
+ <?php } ?>
1063
+ <form name="f" method="post" action="" >
1064
+ <?php mo2f_configure_kba_questions(); ?>
1065
+ <br />
1066
+ <div class ="row">
1067
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1068
+ <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1069
+ <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
1070
+
1071
+ </div>
1072
+ </div>
1073
+ <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1074
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1075
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1076
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1077
+ </form>
1078
+ <?php if (sizeof($opt) > 1) { ?>
1079
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
1080
+ <div class ="row">
1081
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1082
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1083
+ </div>
1084
+ </div>
1085
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1086
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1087
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1088
+ </form>
1089
+ <?php } ?>
1090
+
1091
+ <?php mo2f_customize_logo() ?>
1092
+ </div>
1093
+ </div>
1094
+ </div>
1095
+ </div>
1096
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1097
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1098
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1099
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1100
+ </form>
1101
+
1102
+ <script>
1103
+ function mologinback(){
1104
+ jQuery('#mo2f_backto_mo_loginform').submit();
1105
+ }
1106
+
1107
+ function mobackinline(){
1108
+ jQuery('#mo2f_goto_two_factor_form').submit();
1109
+ }
1110
+ </script>
1111
+ </body>
1112
+ </html>
1113
+ <?php
1114
+ }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1115
+ $current_user = get_userdata($current_user_id);
1116
+ $opt=fetch_methods($current_user);
1117
+ ?>
1118
+ <html>
1119
+ <head> <meta charset="utf-8"/>
1120
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1121
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1122
+ <?php
1123
+ mo2f_inline_css_and_js();
1124
+ ?>
1125
+ <style>
1126
+ .mo2f_kba_ques, .mo2f_table_textbox{
1127
+ background: whitesmoke none repeat scroll 0% 0%;
1128
+ }
1129
+ </style>
1130
+ </head>
1131
+ <body>
1132
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1133
+ <div class="mo2f-modal-backdrop"></div>
1134
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1135
+ <div class="login mo_customer_validation-modal-content">
1136
+ <div class="mo2f_modal-header">
1137
+ <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1138
+ <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
1139
+ </div>
1140
+ <div class="mo2f_modal-body">
1141
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1142
+ <div id="otpMessage">
1143
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1144
+ </div>
1145
+ <?php } ?>
1146
+ <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1147
+ <input type="hidden" name="option" value="miniorange_inline_register" />
1148
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1149
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1150
+ <p>This method requires you to have an account with miniOrange.</p>
1151
+ <table class="mo_wpns_settings_table">
1152
+ <tr>
1153
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1154
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
1155
+ required placeholder="person@example.com"/></td>
1156
+ </tr>
1157
+ <tr>
1158
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1159
+ <td><input class="mo_wpns_table_textbox" required type="password"
1160
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
1161
+ </tr>
1162
+ <tr>
1163
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1164
+ <td><input class="mo_wpns_table_textbox" required type="password"
1165
+ name="confirmPassword" placeholder="Confirm your password" /></td>
1166
+ </tr>
1167
+ <tr>
1168
+ <td>&nbsp;</td>
1169
+ <td><br><input type="submit" name="submit" value="Create Account"
1170
+ class="miniorange_button" />
1171
+ <a href="#mo2f_account_exist">Already have an account?</a>
1172
+ </tr>
1173
+ </table>
1174
+ </form>
1175
+ <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1176
+ <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1177
+ <input type="hidden" name="option" value="miniorange_inline_login"/>
1178
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1179
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1180
+ <table class="mo_wpns_settings_table">
1181
+ <tr>
1182
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1183
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
1184
+ required placeholder="person@example.com"
1185
+ /></td>
1186
+ </tr>
1187
+ <tr>
1188
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1189
+ <td><input class="mo_wpns_table_textbox" required type="password"
1190
+ name="password" placeholder="Enter your miniOrange password" /></td>
1191
+ </tr>
1192
+ <tr>
1193
+ <td>&nbsp;</td>
1194
+ <td><input type="submit" class="miniorange_button" />
1195
+ <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
1196
+ </tr>
1197
+ </table>
1198
+ </form>
1199
+ <br>
1200
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
1201
+ <?php mo2f_customize_logo() ?>
1202
+ </div>
1203
+ </div>
1204
+ </div>
1205
+ </div>
1206
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1207
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1208
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1209
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1210
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1211
+ </form>
1212
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1213
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1214
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1215
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1216
+ </form>
1217
+
1218
+ <script>
1219
+ jQuery('#mo2f_inline_back_btn').click(function() {
1220
+ jQuery('#mo2f_goto_two_factor_form').submit();
1221
+ });
1222
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1223
+ jQuery('#mo2f_inline_login_form').show();
1224
+ jQuery('#mo2f_inline_register_form').hide();
1225
+ });
1226
+ jQuery('#cancel_link').click(function(){
1227
+ jQuery('#mo2f_inline_register_form').show();
1228
+ jQuery('#mo2f_inline_login_form').hide();
1229
+ });
1230
+ function mologinback(){
1231
+ jQuery('#mo2f_backto_mo_loginform').submit();
1232
+ }
1233
+ </script>
1234
+ </body>
1235
+ </html>
1236
+ <?php
1237
+ }
1238
+ function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
1239
+ global $Mo2fdbQueries;
1240
+ ?>
1241
+ <html>
1242
+ <head> <meta charset="utf-8"/>
1243
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1244
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1245
+ <?php
1246
+ mo2f_inline_css_and_js();
1247
+ ?>
1248
+ <style>
1249
+ .mo2f_kba_ques, .mo2f_table_textbox{
1250
+ background: whitesmoke none repeat scroll 0% 0%;
1251
+ }
1252
+ </style>
1253
+ </head>
1254
+ <body>
1255
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1256
+ <div class="mo2f-modal-backdrop"></div>
1257
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1258
+ <div class="login mo_customer_validation-modal-content">
1259
+ <div class="mo2f_modal-header">
1260
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1261
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1262
+ </div>
1263
+ <div class="mo2f_modal-body center">
1264
+ <?php
1265
+ global $Mo2fdbQueries;
1266
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1267
+ if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1268
+ $mo2f_second_factor = 'Email Verification';
1269
+ }else if($mo2f_second_factor == 'SMS'){
1270
+ $mo2f_second_factor = 'OTP over SMS';
1271
+ }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1272
+ $mo2f_second_factor = 'OTP_OVER_EMAIL';
1273
+ }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1274
+ $mo2f_second_factor = 'Phone Call Verification';
1275
+ }else if($mo2f_second_factor == 'SOFT TOKEN'){
1276
+ $mo2f_second_factor = 'Soft Token';
1277
+ }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1278
+ $mo2f_second_factor = 'QR Code Authentication';
1279
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1280
+ $mo2f_second_factor = 'Push Notification';
1281
+ }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1282
+ if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1283
+ $mo2f_second_factor = 'Google Authenticator';
1284
+ }else{
1285
+ $mo2f_second_factor = 'Authy 2-Factor Authentication';
1286
+ }
1287
+ }else if($mo2f_second_factor == 'KBA'){
1288
+ $mo2f_second_factor = 'Security Questions (KBA)';
1289
+ }
1290
+ $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1291
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1292
+
1293
+ if(get_site_option( 'mo2f_disable_kba' )!=1){
1294
+ if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1295
+ ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1296
+ <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1297
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1298
+ <div id="otpMessage">
1299
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1300
+ </div>
1301
+ <?php } ?>
1302
+ <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1303
+ <form name="f" method="post" action="" >
1304
+ <?php mo2f_configure_kba_questions(); ?>
1305
+ <br>
1306
+ <center>
1307
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1308
+ </center>
1309
+ <input type="hidden" name="mo2f_inline_kba_option" />
1310
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1311
+ <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
1312
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1313
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1314
+ </form>
1315
+ </div>
1316
+ <?php }
1317
+ }else{
1318
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1319
+ $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1320
+ $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1321
+ }
1322
+ if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1323
+ if(get_site_option('mo2f_remember_device')!=1)
1324
+ {
1325
+ $pass2fa= new Miniorange_Password_2Factor_Login();
1326
+ $pass2fa->mo2fa_pass2login(site_url(), $session_id);
1327
+ ?>
1328
+ <center>
1329
+ <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1330
+ <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1331
+ </p>
1332
+ </center>
1333
+ <br>
1334
+ <center>
1335
+ <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1336
+ <br>
1337
+ </center>
1338
+ <?php
1339
+ }else{
1340
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
1341
+ $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1342
+ mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1343
+ }
1344
+ }
1345
+ mo2f_customize_logo() ?>
1346
+ </div>
1347
+ </div>
1348
+ </div>
1349
+ </div>
1350
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1351
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1352
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1353
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1354
+ </form>
1355
+
1356
+ <script>
1357
+ function mologinback(){
1358
+ jQuery('#mo2f_backto_mo_loginform').submit();
1359
+ }
1360
+ </script>
1361
+ </body>
1362
+ </html>
1363
+ <?php
1364
+ }
1365
+
1366
+ function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
1367
+ $current_user = get_userdata($current_user_id);
1368
+ $opt=fetch_methods($current_user);
1369
+ global $Mo2fdbQueries;
1370
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1371
+ $current_user = get_userdata($current_user_id);
1372
+ $email = $current_user->user_email;
1373
+ ?>
1374
+ <html>
1375
+ <head> <meta charset="utf-8"/>
1376
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1377
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1378
+ <?php
1379
+ mo2f_inline_css_and_js();
1380
+
1381
+ echo '<script src="' . plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))) . '" ></script>';
1382
+ echo '<script src="' . plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))). '" ></script>';
1383
+ echo '<link rel="stylesheet" type="text/css" href="' . plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))). '" />';
1384
+ ?>
1385
+ </head>
1386
+ <body>
1387
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1388
+ <div class="mo2f-modal-backdrop"></div>
1389
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1390
+ <div class="login mo_customer_validation-modal-content">
1391
+ <div class="mo2f_modal-header">
1392
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1393
+ <?php
1394
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1395
+ <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1396
+ <?php }
1397
+ else if($current_selected_method == 'OTP Over Telegram')
1398
+ {
1399
+ echo __('Verify Your Telegram Details', 'miniorange-2-factor-authentication');
1400
+ }
1401
+ else if($current_selected_method == 'OTP OVER EMAIL'){
1402
+ ?>
1403
+ <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1404
+ <?php }
1405
+ else{
1406
+ ?>
1407
+ <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1408
+ <?php } ?>
1409
+ </div>
1410
+ <div class="mo2f_modal-body">
1411
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1412
+ <div id="otpMessage"
1413
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1414
+ >
1415
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
1416
+ </div>
1417
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
1418
+ <?php } ?>
1419
+ <div class="mo2f_row">
1420
+ <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1421
+ <p>
1422
+ <?php
1423
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1424
+ <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1425
+ <?php
1426
+ }else if($current_selected_method == 'OTP OVER EMAIL'){
1427
+ //no message
1428
+ }else if($current_selected_method == 'OTP Over Telegram')
1429
+ {
1430
+ echo __('1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message', 'miniorange-2-factor-authentication');
1431
+ echo "<br><br><br>";
1432
+ echo __('2. Enter the recieved Chat ID here below::', 'miniorange-2-factor-authentication');
1433
+ $chat_id = get_user_meta($current_user_id,'mo2f_chat_id',true);
1434
+
1435
+ if($chat_id == '')
1436
+ $chat_id = get_user_meta($current_user_id,'mo2f_temp_chatID',true);
1437
+
1438
+ ?>
1439
+ <input type="text" name="verify_chatID" id="chatID"
1440
+ value="<?php echo $chat_id; ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter chat ID without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1441
+
1442
+ <?php
1443
+ echo "<br>";
1444
+
1445
+ }
1446
+ else{
1447
+ ?>
1448
+ <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1449
+ <?php }
1450
+ if(!($current_selected_method == 'OTP OVER EMAIL') and $current_selected_method !='OTP Over Telegram'and $current_selected_method !='OTP Over Whatsapp'){
1451
+ ?>
1452
+ <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1453
+ value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1454
+ <?php } ?>
1455
+ <?php
1456
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1457
+ if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1458
+ <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1459
+ value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1460
+ <?php } ?>
1461
+ <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1462
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1463
+ <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1464
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1465
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1466
+ </form>
1467
+ </div>
1468
+ <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1469
+ <p>
1470
+ <?php
1471
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1472
+ <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1473
+ <?php }
1474
+ else{
1475
+ ?>
1476
+ <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1477
+ <?php } ?>
1478
+ <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1479
+ <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1480
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1481
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1482
+ <?php } else if($current_selected_method != 'OTP Over Telegram'){
1483
+ ?>
1484
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1485
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1486
+ <?php } ?>
1487
+ <br /><br />
1488
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1489
+ <?php if (sizeof($opt) > 1) { ?>
1490
+
1491
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1492
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1493
+ <?php } ?>
1494
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1495
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1496
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1497
+ <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1498
+ </form>
1499
+ <?php mo2f_customize_logo() ?>
1500
+ </div>
1501
+ </div>
1502
+ </div>
1503
+ </div>
1504
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1505
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1506
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1507
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1508
+ </form>
1509
+ <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1510
+ <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1511
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1512
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1513
+ </form>
1514
+ <?php if (sizeof($opt) > 1) { ?>
1515
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1516
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1517
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1518
+ <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1519
+ <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1520
+ </form>
1521
+ <?php } ?>
1522
+ <script>
1523
+ jQuery("#phone").intlTelInput();
1524
+ function mologinback(){
1525
+ jQuery('#mo2f_backto_mo_loginform').submit();
1526
+ }
1527
+ jQuery('#mo2f_inline_back_btn').click(function() {
1528
+ jQuery('#mo2f_goto_two_factor_form').submit();
1529
+ });
1530
+ jQuery('a[href="#resendsmslink"]').click(function(e) {
1531
+ jQuery('#mo2fa_inline_resend_otp_form').submit();
1532
+ });
1533
+ </script>
1534
+ </body>
1535
+
1536
+ </html>
1537
+ <?php
1538
  }
controllers/twofa/setup_twofa.php CHANGED
@@ -1,50 +1,50 @@
1
- <?php
2
-
3
- $email_registered = 1;
4
- global $Mo2fdbQueries;
5
- $email =$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', get_current_user_id() );
6
- if($email == '' or !isset($email))
7
- $email = wp_get_current_user()->user_email;
8
-
9
- if(isset($email))
10
- $email_registered = 1;
11
- else
12
- $email_registered = 0;
13
-
14
- $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
15
-
16
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
17
- {
18
- switch($_POST['option'])
19
- {
20
- case "mo2f_enable_2FA_on_login_page_option":
21
- wpns_handle_enable_2fa_login_prompt(($_POST));
22
- break;
23
- }
24
- }
25
-
26
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup_twofa.php';
27
-
28
- function wpns_handle_enable_2fa_login_prompt($postvalue)
29
- {
30
- if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page']))
31
- {
32
- update_site_option('mo2f_enable_2fa_prompt_on_login_page',sanitize_text_field($postvalue['mo2f_enable_2fa_prompt_on_login_page']));
33
-
34
- }
35
- else update_site_option('mo2f_enable_2fa_prompt_on_login_page',0 );
36
-
37
-
38
- if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_site_option') == 1 )
39
- {
40
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_ENABLED'),'SUCCESS');
41
- }
42
- else{
43
-
44
- if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page'])){
45
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_PROMPT_LOGIN_PAGE'),'ERROR');
46
- }else{
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_DISABLED'),'ERROR');
48
- }
49
- }
50
- }
1
+ <?php
2
+
3
+ $email_registered = 1;
4
+ global $Mo2fdbQueries;
5
+ $email =$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', get_current_user_id() );
6
+ if($email == '' or !isset($email))
7
+ $email = wp_get_current_user()->user_email;
8
+
9
+ if(isset($email))
10
+ $email_registered = 1;
11
+ else
12
+ $email_registered = 0;
13
+
14
+ $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
15
+
16
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
17
+ {
18
+ switch($_POST['option'])
19
+ {
20
+ case "mo2f_enable_2FA_on_login_page_option":
21
+ wpns_handle_enable_2fa_login_prompt(($_POST));
22
+ break;
23
+ }
24
+ }
25
+
26
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup_twofa.php';
27
+
28
+ function wpns_handle_enable_2fa_login_prompt($postvalue)
29
+ {
30
+ if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page']))
31
+ {
32
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page',sanitize_text_field($postvalue['mo2f_enable_2fa_prompt_on_login_page']));
33
+
34
+ }
35
+ else update_site_option('mo2f_enable_2fa_prompt_on_login_page',0 );
36
+
37
+
38
+ if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_site_option') == 1 )
39
+ {
40
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_ENABLED'),'SUCCESS');
41
+ }
42
+ else{
43
+
44
+ if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page'])){
45
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_PROMPT_LOGIN_PAGE'),'ERROR');
46
+ }else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_DISABLED'),'ERROR');
48
+ }
49
+ }
50
+ }
controllers/twofa/two_fa.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
-
3
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa.php';
4
  update_site_option('mo2f_two_factor',true);
1
+ <?php
2
+
3
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa.php';
4
  update_site_option('mo2f_two_factor',true);
controllers/twofa/two_fa_addon.php CHANGED
@@ -1,5 +1,5 @@
1
- <?php
2
- global $Mo2fdbQueries;
3
- $current_user = wp_get_current_user();
4
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
1
+ <?php
2
+ global $Mo2fdbQueries;
3
+ $current_user = wp_get_current_user();
4
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
5
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_addon.php';
controllers/twofa/two_fa_custom_form.php CHANGED
@@ -1,9 +1,9 @@
1
- <?php
2
-
3
- $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
- $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
- $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
- $is_custom = get_site_option('mo2f_custom_reg_custom');
7
- $is_registered = get_site_option('mo2f_customerkey');
8
-
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
1
+ <?php
2
+
3
+ $is_woocommerce = get_site_option('mo2f_custom_reg_wocommerce');
4
+ $is_bbpress = get_site_option('mo2f_custom_reg_bbpress');
5
+ $is_any_of_woo_bb = $is_woocommerce || $is_bbpress;
6
+ $is_custom = get_site_option('mo2f_custom_reg_custom');
7
+ $is_registered = get_site_option('mo2f_customerkey');
8
+
9
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_form.php';
controllers/twofa/two_fa_custom_login.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_login.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_custom_login.php';
controllers/twofa/two_fa_login_option.php CHANGED
@@ -1,2 +1,2 @@
1
- <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
1
+ <?php
2
  include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_login_option.php';
controllers/twofa/two_fa_premium_feature.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_premium_feature.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_premium_feature.php';
controllers/twofa/two_fa_rba.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_rba.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_rba.php';
controllers/twofa/two_fa_session_control.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_session_control.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_session_control.php';
controllers/twofa/two_fa_shortcode.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
-
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_shortcode.php';
1
+ <?php
2
+
3
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_shortcode.php';
controllers/twofa/two_fa_unlimittedUser.php CHANGED
@@ -1,3 +1,3 @@
1
- <?php
2
- global $moWpnsUtility, $mo2f_dirName;
3
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
1
+ <?php
2
+ global $moWpnsUtility, $mo2f_dirName;
3
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_unlimittedUser.php';
controllers/twofa/two_fa_unlimittedUser_ajax.php CHANGED
@@ -1,47 +1,47 @@
1
- <?php
2
-
3
- class WPNS_unlimittedUser
4
- {
5
- function __construct(){
6
-
7
- add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
- }
9
-
10
- function mo_two_fa_unlimittedUser_ajax(){
11
- add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
- }
13
-
14
- function wpns_two_fa_unlimittedUser(){
15
- switch($_POST['wpns_unlimittedUser_ajax'])
16
- {
17
- case 'save':
18
- $this->wpns_handle_save(); break;
19
- }
20
- }
21
- function wpns_handle_save()
22
- {
23
-
24
- if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
- wp_send_json('ERROR');
26
- return;
27
- }
28
- global $wp_roles;
29
- if (!isset($wp_roles))
30
- $wp_roles = new WP_Roles();
31
- foreach($wp_roles->role_names as $id => $name) {
32
- update_option('mo2fa_'.$id, 0);
33
- }
34
- $enabledrole = $_POST['enabledrole'];
35
- foreach($enabledrole as $role){
36
- update_option($role, 1);
37
- }
38
- update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
39
- update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
40
- update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
41
- update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
42
- update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
43
- wp_send_json('true');
44
- return;
45
- }
46
- }new WPNS_unlimittedUser();
47
  ?>
1
+ <?php
2
+
3
+ class WPNS_unlimittedUser
4
+ {
5
+ function __construct(){
6
+
7
+ add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
+ }
9
+
10
+ function mo_two_fa_unlimittedUser_ajax(){
11
+ add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
+ }
13
+
14
+ function wpns_two_fa_unlimittedUser(){
15
+ switch($_POST['wpns_unlimittedUser_ajax'])
16
+ {
17
+ case 'save':
18
+ $this->wpns_handle_save(); break;
19
+ }
20
+ }
21
+ function wpns_handle_save()
22
+ {
23
+
24
+ if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
+ wp_send_json('ERROR');
26
+ return;
27
+ }
28
+ global $wp_roles;
29
+ if (!isset($wp_roles))
30
+ $wp_roles = new WP_Roles();
31
+ foreach($wp_roles->role_names as $id => $name) {
32
+ update_option('mo2fa_'.$id, 0);
33
+ }
34
+ $enabledrole = $_POST['enabledrole'];
35
+ foreach($enabledrole as $role){
36
+ update_option($role, 1);
37
+ }
38
+ update_option('mo2fa_author_login_url',$_POST['mo2fa_author_login_url']);
39
+ update_option('mo2fa_subscriber_login_url',$_POST['mo2fa_subscriber_login_url']);
40
+ update_option('mo2fa_contributor_login_url',$_POST['mo2fa_contributor_login_url']);
41
+ update_option('mo2fa_editor_login_url',$_POST['mo2fa_editor_login_url']);
42
+ update_option('mo2fa_administrator_login_url',$_POST['mo2fa_administrator_login_url']);
43
+ wp_send_json('true');
44
+ return;
45
+ }
46
+ }new WPNS_unlimittedUser();
47
  ?>
controllers/twofa/two_fa_video_guide.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
- include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
-
4
 
1
+ <?php
2
+ include_once $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_video_guide.php';
3
+
4
 
controllers/twofa/two_factor_ajax.php CHANGED
@@ -1,1284 +1,1284 @@
1
- <?php
2
- class mo_2f_ajax
3
- {
4
- function __construct(){
5
-
6
- add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
- }
8
-
9
- function mo_2f_two_factor(){
10
- add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
- add_action( 'wp_ajax_nopriv_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
12
- }
13
-
14
- function mo_two_factor_ajax(){
15
- $GLOBALS['mo2f_is_ajax_request'] = true;
16
- switch ($_POST['mo_2f_two_factor_ajax']) {
17
- case 'mo2f_ajax_login_redirect':
18
- $this->mo2f_ajax_login_redirect(); break;
19
- case 'mo2f_save_email_verification':
20
- $this->mo2f_save_email_verification(); break;
21
- case 'mo2f_unlimitted_user':
22
- $this->mo2f_unlimitted_user();break;
23
- case 'mo2f_check_user_exist_miniOrange':
24
- $this->mo2f_check_user_exist_miniOrange();break;
25
- case 'mo2f_single_user':
26
- $this->mo2f_single_user();break;
27
- case 'CheckEVStatus':
28
- $this->CheckEVStatus(); break;
29
- case 'mo2f_role_based_2_factor':
30
- $this->mo2f_role_based_2_factor();break;
31
- case 'mo2f_enable_disable_twofactor':
32
- $this->mo2f_enable_disable_twofactor(); break;
33
- case 'mo2f_enable_disable_inline':
34
- $this->mo2f_enable_disable_inline(); break;
35
- case 'mo2f_enable_disable_configurd_methods':
36
- $this->mo2f_enable_disable_configurd_methods(); break;
37
- case 'mo2f_shift_to_onprem':
38
- $this->mo2f_shift_to_onprem();break;
39
- case 'mo2f_enable_disable_twofactor_prompt_on_login':
40
- $this->mo2f_enable_disable_twofactor_prompt_on_login();break;
41
- case 'mo2f_save_custom_form_settings':
42
- $this ->mo2f_save_custom_form_settings();
43
- break;
44
- case 'mo2f_enable_disable_debug_log':
45
- $this ->mo2f_enable_disable_debug_log();
46
- break;
47
- case 'mo2f_delete_log_file':
48
- $this->mo2f_delete_log_file();
49
- break;
50
- case 'select_method_setup_wizard':
51
- $this->mo2f_select_method_setup_wizard();
52
- break;
53
- case 'mo_wpns_register_verify_customer':
54
- $this->mo_wpns_register_verify_customer();
55
- break;
56
- case 'mo_2fa_configure_GA_setup_wizard':
57
- $this->mo_2fa_configure_GA_setup_wizard();
58
- break;
59
- case 'mo_2fa_verify_GA_setup_wizard':
60
- $this->mo_2fa_verify_GA_setup_wizard();
61
- break;
62
- case 'mo_2fa_configure_OTPOverSMS_setup_wizard':
63
- $this->mo_2fa_configure_OTPOverSMS_setup_wizard();
64
- break;
65
- case 'mo_2fa_configure_OTPOverEmail_setup_wizard':
66
- $this->mo_2fa_configure_OTPOverEmail_setup_wizard();
67
- break;
68
- case 'mo_2fa_verify_OTPOverEmail_setup_wizard':
69
- $this->mo_2fa_verify_OTPOverEmail_setup_wizard();
70
- break;
71
- case 'mo_2fa_verify_OTPOverSMS_setup_wizard':
72
- $this->mo_2fa_verify_OTPOverSMS_setup_wizard();
73
- break;
74
- case 'mo_2fa_configure_KBA_setup_wizard':
75
- $this->mo_2fa_configure_KBA_setup_wizard();
76
- break;
77
- case 'mo_2fa_verify_KBA_setup_wizard':
78
- $this->mo_2fa_verify_KBA_setup_wizard();
79
- break;
80
- case 'mo_2fa_send_otp_token':
81
- $this->mo_2fa_send_otp_token();
82
- break;
83
- case "mo2f_set_otp_over_sms":
84
- $this->mo2f_set_otp_over_sms(); break;
85
- case "mo2f_set_miniorange_methods":
86
- $this->mo2f_set_miniorange_methods(); break;
87
- case "mo2f_set_GA":
88
- $this->mo2f_set_GA(); break;
89
- }
90
- }
91
- function mo_2fa_verify_KBA_setup_wizard()
92
- {
93
- global $Mo2fdbQueries;
94
- $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
95
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
96
- $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
97
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
98
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
99
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
100
- $user = wp_get_current_user();
101
- $this->mo2f_check_and_create_user($user->ID);
102
- if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
103
- echo "Invalid Questions or Answers";
104
- exit;
105
- }
106
- if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
107
- echo "The questions you select must be unique.";
108
- exit;
109
- }
110
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
111
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
112
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
113
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
114
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
115
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
116
- $email = $user->user_email;
117
- $kba_registration = new Two_Factor_Setup();
118
- $Mo2fdbQueries->update_user_details( $user->ID, array(
119
- 'mo2f_SecurityQuestions_config_status' => true,
120
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
121
- 'mo2f_user_email' => $email
122
- ));
123
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
124
-
125
- if($kba_reg_reponse['status']=='SUCCESS')
126
- {
127
- echo "SUCCESS";
128
- exit;
129
- }
130
- else
131
- {
132
- echo "An error has occured while saving KBA details. Please try again.";
133
- exit;
134
- }
135
- }
136
- function mo_2fa_send_otp_token()
137
- {
138
- $enduser = new Customer_Setup();
139
- $email = sanitize_text_field($_POST['phone']);
140
- $customer_key = get_site_option('mo2f_customerKey');
141
- $api_key = get_site_option('mo2f_api_key');
142
- $selected_2FA_method = sanitize_text_field($_POST['selected_2FA_method']);
143
- $user_id = wp_get_current_user()->ID;
144
-
145
- if($selected_2FA_method == 'OTP Over Email')
146
- {
147
- update_user_meta($user_id,'tempRegEmail',$email);
148
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
149
- $emailErr = "Invalid email format";
150
- echo $emailErr;
151
- exit;
152
- }
153
- }
154
- else if($selected_2FA_method == 'OTP Over SMS')
155
- {
156
-
157
- }
158
- $content = $enduser->send_otp_token($email,$selected_2FA_method,$customer_key,$api_key);
159
- $content = json_decode($content);
160
-
161
- if($content->status =='SUCCESS')
162
- {
163
- echo 'SUCCESS';
164
- update_user_meta($user_id,'txId',$content->txId);
165
- update_user_meta($user_id,'tempRegPhone',$email);
166
- exit;
167
- }
168
- else
169
- echo "An error has occured while sending the OTP.";
170
- exit;
171
- }
172
- function mo2f_check_and_create_user($user_id)
173
- {
174
- global $Mo2fdbQueries;
175
- $twofactor_transactions = new Mo2fDB;
176
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
177
- if($exceeded){
178
- echo 'User Limit has been exceeded';
179
- exit;
180
- }
181
- $Mo2fdbQueries->insert_user( $user_id );
182
- }
183
- function mo_2fa_verify_OTPOverSMS_setup_wizard()
184
- {
185
- global $Mo2fdbQueries;
186
- $enduser = new Customer_Setup();
187
- $current_user = wp_get_current_user();
188
- $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
189
- $user_id = wp_get_current_user()->ID;
190
- $email = get_user_meta($user_id,'tempRegPhone',true);
191
- $content = json_decode($enduser->validate_otp_token( 'SMS', null, get_user_meta($user_id,'txId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
192
-
193
- if($content['status'] == 'SUCCESS')
194
- {
195
- $this->mo2f_check_and_create_user($user_id);
196
- $Mo2fdbQueries->update_user_details( $user_id, array(
197
- 'mo2f_OTPOverSMS_config_status' => true,
198
- 'mo2f_configured_2FA_method' => "OTP Over SMS",
199
- 'mo2f_user_phone' => $email,
200
- 'user_registration_with_miniorange' => 'SUCCESS',
201
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
202
- ) );
203
- echo "SUCCESS";
204
- }
205
- else
206
- {
207
- echo "Invalid OTP";
208
- }
209
- exit;
210
-
211
- }
212
- function mo_2fa_verify_OTPOverEmail_setup_wizard()
213
- {
214
- global $Mo2fdbQueries;
215
- $enduser = new Customer_Setup();
216
- $current_user = wp_get_current_user();
217
- $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
218
- $user_id = wp_get_current_user()->ID;
219
- $email = get_user_meta($user_id,'tempRegEmail',true);
220
- $content = json_decode($enduser->validate_otp_token( 'OTP_OVER_EMAIL', null, get_user_meta($current_user->ID,'mo2f_transactionId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
221
-
222
- if($content['status'] == 'SUCCESS')
223
- {
224
- $this->mo2f_check_and_create_user($user_id);
225
- $Mo2fdbQueries->update_user_details( $user_id, array(
226
- 'mo2f_OTPOverEmail_config_status' => true,
227
- 'mo2f_configured_2FA_method' => "OTP Over Email",
228
- 'mo2f_user_email' => $email,
229
- 'user_registration_with_miniorange' => 'SUCCESS',
230
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
231
- ) );
232
- echo "SUCCESS";
233
- }
234
- else
235
- {
236
- echo "Invalid OTP";
237
- }
238
- exit;
239
- }
240
- function mo_2fa_verify_GA_setup_wizard()
241
- {
242
- global $Mo2fdbQueries;
243
- $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
244
- include_once $path;
245
- $obj_google_auth = new Google_auth_onpremise();
246
- $user_id = wp_get_current_user()->ID;
247
- $otpToken = sanitize_text_field($_POST['mo2f_google_auth_code']);
248
- $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
249
- $secret= $obj_google_auth->mo_GAuth_get_secret($user_id);
250
- if($session_id_encrypt){
251
- $secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
252
- }
253
- $content = $obj_google_auth->verifyCode($secret, $otpToken);
254
- $content = json_decode($content);
255
- if($content->status== 'false')
256
- echo "Invalid One time Passcode. Please enter again";
257
- else
258
- {
259
- $obj_google_auth->mo_GAuth_set_secret($user_id,$secret);
260
- $this->mo2f_check_and_create_user($user_id);
261
- $Mo2fdbQueries->update_user_details( $user_id, array(
262
- 'mo2f_GoogleAuthenticator_config_status' => true,
263
- 'mo2f_AuthyAuthenticator_config_status' => false,
264
- 'mo2f_configured_2FA_method' => "Google Authenticator",
265
- 'user_registration_with_miniorange' => 'SUCCESS',
266
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
267
- ) );
268
-
269
- echo 'SUCCESS';
270
- }
271
- exit;
272
- }
273
- function mo_2fa_configure_GA_setup_wizard()
274
- {
275
- $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
276
- include_once $path;
277
- $obj_google_auth = new Google_auth_onpremise();
278
- update_option('mo2f_google_appname',$_SERVER['SERVER_NAME']);
279
- $res = $obj_google_auth->mo_GAuth_get_details(true);
280
- return $res;
281
- }
282
- function mo_2fa_configure_OTPOverSMS_setup_wizard()
283
- {
284
- global $Mo2fdbQueries;
285
- $user = wp_get_current_user();
286
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
287
- $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
288
- $session_id_encrypt = MO2f_Utility::random_str(20);
289
-
290
- ?>
291
- <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');?> </b></h4>
292
- <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
- <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
295
- <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
297
-
298
- <div style="display:inline;">
299
- <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px;" type="text" name="phone" id="phone"
300
- value="<?php echo $user_phone ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
301
- title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/><br>
302
- <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
303
- value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
304
- </div>
305
- </form>
306
- <br>
307
- <form name="f" method="post" action="" id="mo2f_validateotp_form">
308
- <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
310
- <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
312
- <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
313
- <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px" autofocus="true" type="text" name="mo2f_otp_token" id="mo2f_otp_token"
314
- placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
315
- <br><br>
316
- </form><br>
317
-
318
- <?php
319
- exit;
320
- }
321
- function mo_2fa_configure_OTPOverEmail_setup_wizard()
322
- {
323
- $session_id_encrypt = MO2f_Utility::random_str(20);
324
- $user_email = wp_get_current_user()->user_email;
325
- ?>
326
- <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQ');?> </b></h4>
327
- <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
- <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
330
- <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" ) ?>"/>
332
-
333
- <div style="display:inline;">
334
- <b>Email Address: </b>
335
- <input class="mo2f_table_textbox" style="width:280px;height: 30px;" type="email" name="verify_phone" id="phone"
336
- value="<?php echo $user_email ?>"
337
- title="<?php echo mo2f_lt( 'Enter your email address without any space or dashes' ); ?>"/><br><br>
338
- <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
339
- value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
340
- </div>
341
- </form>
342
- <br><br>
343
- <form name="f" method="post" action="" id="mo2f_validateotp_form">
344
- <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
346
- <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" ) ?>"/>
348
- <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
349
- <input class="mo2f_table_textbox" style="width:200px;height: 30px;" autofocus="true" type="text" name="mo2f_otp_token" id ="mo2f_otp_token"
350
- placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/></b>
351
- <br><br>
352
- </form><br>
353
-
354
- <?php
355
- exit;
356
- }
357
- function mo_2fa_configure_KBA_setup_wizard()
358
- {
359
- ?>
360
- <div class="mo2f_kba_header"><?php echo mo2f_lt( 'Please choose 3 questions' ); ?></div>
361
- <br>
362
- <table cellspacing="10">
363
- <tr class="mo2f_kba_header">
364
- <th style="width: 10%;">
365
- <?php echo mo2f_lt( 'Sr. No.' ); ?>
366
- </th>
367
- <th class="mo2f_kba_tb_data">
368
- <?php echo mo2f_lt( 'Questions' ); ?>
369
- </th>
370
- <th>
371
- <?php echo mo2f_lt( 'Answers' ); ?>
372
- </th>
373
- </tr>
374
- <tr class="mo2f_kba_body">
375
- <td>
376
- <center>1.</center>
377
- </td>
378
- <td class="mo2f_kba_tb_data">
379
- <select name="mo2f_kbaquestion_1" id="mo2f_kbaquestion_1" class="mo2f_kba_ques" required="true"
380
- >
381
- <option value="" selected="selected">
382
- -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
383
- -------------------------
384
- </option>
385
- <option id="mq1_1"
386
- value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
387
- <option id="mq2_1"
388
- value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
389
- <option id="mq3_1"
390
- value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
391
- <option id="mq4_1"
392
- value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
393
- <option id="mq5_1"
394
- value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
395
- <option id="mq6_1"
396
- value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
397
- <option id="mq7_1"
398
- value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
399
- <option id="mq8_1"
400
- value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
401
- <option id="mq9_1"
402
- value="What is your grandmother's maiden name?"><?php echo mo2f_lt( "What is your grandmother's maiden name?" ); ?></option>
403
- <option id="mq10_1"
404
- value="What was your first vehicle's registration number?"><?php echo mo2f_lt( "What was your first vehicle's registration number?" ); ?></option>
405
- </select>
406
- </td>
407
- <td style="text-align: end;">
408
- <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans1" id="mo2f_kba_ans1"
409
- title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
410
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true" autofocus="true"
411
- placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
412
- </td>
413
- </tr>
414
- <tr class="mo2f_kba_body">
415
- <td>
416
- <center>2.</center>
417
- </td>
418
- <td class="mo2f_kba_tb_data">
419
- <select name="mo2f_kbaquestion_2" id="mo2f_kbaquestion_2" class="mo2f_kba_ques" required="true"
420
- >
421
- <option value="" selected="selected">
422
- -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
423
- -------------------------
424
- </option>
425
- <option id="mq1_2"
426
- value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
427
- <option id="mq2_2"
428
- value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
429
- <option id="mq3_2"
430
- value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
431
- <option id="mq4_2"
432
- value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
433
- <option id="mq5_2"
434
- value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
435
- <option id="mq6_2"
436
- value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
437
- <option id="mq7_2"
438
- value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
439
- <option id="mq8_2"
440
- value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
441
- <option id="mq9_2"
442
- value="What is your grandmother's maiden name?"><?php echo mo2f_lt( 'What is your grandmother\'s maiden name?' ); ?></option>
443
- <option id="mq10_2"
444
- value="What was your first vehicle's registration number?"><?php echo mo2f_lt( 'What was your first vehicle\'s registration number?' ); ?></option>
445
- </select>
446
- </td>
447
- <td style="text-align: end;">
448
- <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans2" id="mo2f_kba_ans2"
449
- title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
450
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
451
- placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
452
- </td>
453
- </tr>
454
- <tr class="mo2f_kba_body">
455
- <td>
456
- <center>3.</center>
457
- </td>
458
- <td class="mo2f_kba_tb_data">
459
- <input class="mo2f_kba_ques" type="text" style="width: 100%;"name="mo2f_kbaquestion_3" id="mo2f_kbaquestion_3"
460
- required="true"
461
- placeholder="<?php echo mo2f_lt( 'Enter your custom question here' ); ?>"/>
462
- </td>
463
- <td style="text-align: end;">
464
- <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans3" id="mo2f_kba_ans3"
465
- title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
466
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
467
- placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
468
- </td>
469
- </tr>
470
- </table>
471
- <script type="text/javascript">
472
- var mo_option_to_hide1;
473
- //hidden element in dropdown list 2
474
- var mo_option_to_hide2;
475
-
476
- function mo_option_hide(list) {
477
- //grab the team selected by the user in the dropdown list
478
- var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
479
- //if an element is currently hidden, unhide it
480
- if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
481
- mo_option_to_hide1.style.display = 'block';
482
- } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
483
- mo_option_to_hide2.style.display = 'block';
484
- }
485
- //select the element to hide and then hide it
486
- if (list == 1) {
487
- if (list_selected != 0) {
488
- mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
489
- mo_option_to_hide2.style.display = 'none';
490
- }
491
- }
492
- if (list == 2) {
493
- if (list_selected != 0) {
494
- mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
495
- mo_option_to_hide1.style.display = 'none';
496
- }
497
- }
498
- }
499
-
500
-
501
- </script>
502
-
503
- <?php
504
- exit;
505
- }
506
-
507
- function mo2f_register_customer($post)
508
- {
509
- //validate and sanitize
510
- global $moWpnsUtility, $Mo2fdbQueries;
511
- $user = wp_get_current_user();
512
- $email = sanitize_email($post['email']);
513
- $company = $_SERVER["SERVER_NAME"];
514
-
515
- $password = $post['password'];
516
- $confirmPassword = $post['confirmPassword'];
517
-
518
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
519
- {
520
- return "Password length is less then expected";
521
- }
522
-
523
- if( $password != $confirmPassword )
524
- {
525
- return "Password and confirm Password does not match.";
526
- }
527
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
528
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
529
- {
530
- return "Unknown Error has occured.";
531
- }
532
-
533
- update_option( 'mo2f_email', $email );
534
-
535
- update_option( 'mo_wpns_company' , $company );
536
-
537
- update_option( 'mo_wpns_password' , $password );
538
-
539
- $customer = new MocURL();
540
- $content = json_decode($customer->check_customer($email), true);
541
- $Mo2fdbQueries->insert_user( $user->ID );
542
-
543
- switch ($content['status'])
544
- {
545
- case 'CUSTOMER_NOT_FOUND':
546
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
547
-
548
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
549
- {
550
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
551
- update_option( 'mo2f_email', $email );
552
- $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
553
- $this->_get_current_customer($email,$password);
554
- return "SUCCESS";
555
- }
556
-
557
- break;
558
- default:
559
- $res = $this->_get_current_customer($email,$password);
560
- if($res == "SUCCESS")
561
- return $res;
562
- return "Email is already registered in miniOrange. Please try to login to your account.";
563
-
564
- }
565
-
566
- }
567
- function _verify_customer($post)
568
- {
569
- global $moWpnsUtility;
570
- $email = sanitize_email( $post['email'] );
571
- $password = sanitize_text_field( $post['password'] );
572
-
573
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
574
- {
575
- return "Username or Password is missing.";
576
- }
577
- return $this->_get_current_customer($email,$password);
578
- }
579
- function _get_current_customer($email,$password)
580
- {
581
- global $Mo2fdbQueries;
582
- $user = wp_get_current_user();
583
- $customer = new MocURL();
584
- $content = $customer->get_customer_key($email, $password);
585
- $customerKey = json_decode($content, true);
586
- if(json_last_error() == JSON_ERROR_NONE)
587
- {
588
- if(isset($customerKey['phone'])){
589
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
590
- }
591
- update_option('mo2f_email',$email);
592
-
593
- $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
594
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
595
- $customerT = new Customer_Cloud_Setup();
596
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
597
- if($content['status'] == 'SUCCESS')
598
- {
599
- update_site_option('mo2f_license_type','PREMIUM');
600
- }
601
- else
602
- {
603
- update_site_option('mo2f_license_type','DEMO');
604
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
605
- }
606
- if(isset($content['smsRemaining']))
607
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
608
- else if($content['status'] =='SUCCESS')
609
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
610
-
611
- if(isset($content['emailRemaining']))
612
- {
613
- if($content['emailRemaining']>30)
614
- {
615
- $currentTransaction = $content['emailRemaining'];
616
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
617
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
618
- }
619
- else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
620
- {
621
- update_site_option('cmVtYWluaW5nT1RQ',30);
622
- }
623
- }
624
- return "SUCCESS";
625
- }
626
- else
627
- {
628
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
629
- update_option('mo_wpns_verify_customer', 'true');
630
- delete_option('mo_wpns_new_registration');
631
- return "Invalid Username or Password";
632
- }
633
- }
634
-
635
-
636
- function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
637
- {
638
- global $Mo2fdbQueries;
639
-
640
- $user = wp_get_current_user();
641
- update_option( 'mo2f_customerKey' , $id );
642
- update_option( 'mo2f_api_key' , $apiKey );
643
- update_option( 'mo2f_customer_token' , $token );
644
- update_option( 'mo2f_app_secret' , $appSecret );
645
- update_option( 'mo_wpns_enable_log_requests' , true );
646
- update_option( 'mo2f_miniorange_admin', $user->ID );
647
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
648
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
649
-
650
- $Mo2fdbQueries->update_user_details( $user->ID, array(
651
- 'mo2f_user_email' => $email,
652
- 'user_registration_with_miniorange' => 'SUCCESS'
653
- ) );
654
- $enduser = new Two_Factor_Setup();
655
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
656
-
657
-
658
- delete_option( 'mo_wpns_verify_customer' );
659
- delete_option( 'mo_wpns_registration_status' );
660
- delete_option( 'mo_wpns_password' );
661
- }
662
-
663
- function mo_wpns_register_verify_customer()
664
- {
665
- $res ="";
666
- if(isset($_POST['Login_and_Continue']) && $_POST['Login_and_Continue'] =='Login and Continue')
667
- $res = $this->_verify_customer($_POST);
668
-
669
- else
670
- $res = $this->mo2f_register_customer($_POST);
671
- wp_send_json($res);
672
- }
673
- function mo2f_select_method_setup_wizard()
674
- {
675
- global $Mo2fdbQueries;
676
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-select-method-setup-wizard'))
677
- {
678
- wp_send_json("ERROR");
679
- }
680
-
681
- $current_user = wp_get_current_user();
682
- $selected_2FA_method = sanitize_text_field($_POST['mo2f_method']);
683
-
684
- if(!MO2F_IS_ONPREM)
685
- {
686
- update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
687
- update_user_meta( $current_user->ID, 'register_account_popup', 1 );
688
- update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
689
- wp_send_json("SUCCESS");
690
-
691
- }
692
-
693
-
694
- $exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($current_user->ID);
695
- if(!$exceeded)
696
- $Mo2fdbQueries->insert_user( $current_user->ID );
697
-
698
- if($selected_2FA_method == 'OTP Over Email')
699
- {
700
- wp_send_json("SUCCESS");
701
- }
702
- update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
703
-
704
- $mo_2factor_admin_registration_status = get_option('mo_2factor_admin_registration_status');
705
- if($selected_2FA_method == 'OTP Over SMS' && $mo_2factor_admin_registration_status != 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
706
- {
707
- update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
708
- update_user_meta( $current_user->ID, 'register_account_popup', 1 );
709
- }
710
- else
711
- update_user_meta( $current_user->ID, 'configure_2FA', 1);
712
- wp_send_json("SUCCESS");
713
- }
714
- function mo2f_set_miniorange_methods(){
715
- $nonce = sanitize_text_field($_POST['nonce']);
716
- if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
717
- $error = new WP_Error();
718
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
719
- wp_send_json_error($error);
720
- exit;
721
- }
722
- global $Mo2fdbQueries;
723
- $transient_id=sanitize_text_field($_POST['transient_id']);
724
- $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
725
- if(empty($user_id)){
726
- wp_send_json('UserIdNotFound');
727
- }
728
- $user = get_user_by('id',$user_id);
729
- $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
730
- $otpToken=sanitize_text_field($_POST['code']);
731
- $customer = new Customer_Setup();
732
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
733
- wp_send_json($content);
734
- }
735
- function mo2f_set_otp_over_sms(){
736
- $nonce = sanitize_text_field($_POST['nonce']);
737
- if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
738
- $error = new WP_Error();
739
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
740
- wp_send_json_error($error);
741
- exit;
742
- }
743
- global $Mo2fdbQueries;
744
- $transient_id=sanitize_text_field($_POST['transient_id']);
745
- $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
746
- if(empty($user_id)){
747
- wp_send_json('UserIdNotFound');
748
- }
749
- $user = get_user_by('id',$user_id);
750
- $new_phone = sanitize_text_field($_POST['phone']);
751
- $new_phone = str_replace(' ','',$new_phone);
752
- $Mo2fdbQueries->update_user_details($user_id, array("mo2f_user_phone" => $new_phone) );
753
- $user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user_id );
754
- wp_send_json($user_phone);
755
- }
756
- function mo2f_set_GA(){
757
- $nonce = sanitize_text_field($_POST['nonce']);
758
- if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
759
- $error = new WP_Error();
760
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
761
- wp_send_json_error($error);
762
- exit;
763
- }
764
- include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR.'handler'. DIRECTORY_SEPARATOR.'twofa'. DIRECTORY_SEPARATOR. 'gaonprem.php';
765
- global $Mo2fdbQueries;
766
- $transient_id=sanitize_text_field($_POST['transient_id']);
767
- $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
768
- if(empty($user_id)){
769
- wp_send_json('UserIdNotFound');
770
- }
771
- $google_auth = new Miniorange_Rba_Attributes();
772
- $user = get_user_by('id',$user_id);
773
- $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
774
- $otpToken = sanitize_text_field($_POST['code']);
775
- $ga_secret = sanitize_text_field($_POST['ga_secret']);
776
- if(MO2F_IS_ONPREM){
777
- $gauth_obj = new Google_auth_onpremise();
778
- $gauth_obj->mo_GAuth_set_secret($user_id, $ga_secret);
779
- }else{
780
-
781
- $google_auth = new Miniorange_Rba_Attributes();
782
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, 'miniOrangeAu' ), true );
783
- }
784
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
785
- wp_send_json($google_response['status']);
786
- }
787
- function mo2f_ajax_login_redirect()
788
- {
789
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
790
- {
791
- wp_send_json("ERROR");
792
- exit;
793
- }
794
- $username = sanitize_text_field($_POST['username']);
795
- $password = $_POST['password'];
796
- apply_filters( 'authenticate', null, $username, $password );
797
- }
798
- function mo2f_save_custom_form_settings()
799
- {
800
-
801
- $customForm = false;
802
- $nonce = sanitize_text_field($_POST['mo2f_nonce_save_form_settings']);
803
-
804
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-save-form-settings' ) ) {
805
- $error = new WP_Error();
806
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
807
- //return $error;
808
- }
809
- if(isset($_POST['submit_selector']) and
810
- isset($_POST['email_selector']) and
811
- isset($_POST['authType']) and
812
- isset($_POST['customForm']) and
813
- isset($_POST['form_selector']) and
814
-
815
- $_POST['submit_selector']!="" and
816
- $_POST['email_selector']!="" and
817
- $_POST['customForm']!="" and
818
- $_POST['form_selector']!="")
819
- {
820
- $submit_selector = sanitize_text_field($_POST['submit_selector']);
821
- $form_selector = sanitize_text_field($_POST['form_selector']);
822
- $email_selector = sanitize_text_field($_POST['email_selector']);
823
- $phone_selector = sanitize_text_field($_POST['phone_selector']);
824
- $authType = sanitize_text_field($_POST['authType']);
825
- $customForm = sanitize_text_field( $_POST['customForm']);
826
- $enableShortcode = sanitize_text_field($_POST['enableShortcode']);
827
-
828
- switch ($form_selector)
829
- {
830
- case '.bbp-login-form':
831
- update_site_option('mo2f_custom_reg_bbpress',true);
832
- update_site_option('mo2f_custom_reg_wocommerce',false);
833
- update_site_option('mo2f_custom_reg_custom',false);
834
- break;
835
- case '.woocommerce-form woocommerce-form-register':
836
- update_site_option('mo2f_custom_reg_bbpress',false);
837
- update_site_option('mo2f_custom_reg_wocommerce',true);
838
- update_site_option('mo2f_custom_reg_custom',false);
839
- break;
840
- default:
841
- update_site_option('mo2f_custom_reg_bbpress',false);
842
- update_site_option('mo2f_custom_reg_wocommerce',false);
843
- update_site_option('mo2f_custom_reg_custom',true);
844
- }
845
-
846
- update_site_option('mo2f_custom_form_name', $form_selector);
847
- update_site_option('mo2f_custom_email_selector', $email_selector);
848
- update_site_option('mo2f_custom_phone_selector', $phone_selector);
849
- update_site_option('mo2f_custom_submit_selector', $submit_selector);
850
- update_site_option('mo2f_custom_auth_type', $authType);
851
-
852
- update_site_option('enable_form_shortcode',$enableShortcode);
853
- $saved = true;
854
- }
855
- else
856
- {
857
- $submit_selector = 'NA';
858
- $form_selector = 'NA';
859
- $email_selector = 'NA';
860
- $authType ='NA';
861
- $saved = false;
862
- }
863
- $return = array(
864
- 'authType' => $authType,
865
- 'submit' => $submit_selector,
866
- 'emailSelector' => $email_selector,
867
- 'phone_selector' => $phone_selector,
868
- 'form' => $form_selector,
869
- 'saved' => $saved,
870
- 'customForm' => $customForm,
871
- 'enableShortcode' => $enableShortcode
872
- );
873
-
874
- return wp_send_json($return);
875
- }
876
-
877
- function mo2f_check_user_exist_miniOrange()
878
- {
879
- $nonce = sanitize_text_field($_POST['nonce']);
880
-
881
- if ( ! wp_verify_nonce( $nonce, 'checkuserinminiOrangeNonce' ) ) {
882
- $error = new WP_Error();
883
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
884
- echo "NonceDidNotMatch";
885
- exit;
886
- }
887
-
888
- if(!get_option('mo2f_customerKey')){
889
- echo "NOTLOGGEDIN";
890
- exit;
891
- }
892
- $user = wp_get_current_user();
893
- global $Mo2fdbQueries;
894
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
895
- if($email == '' or is_null($email))
896
- $email = $user->user_email;
897
-
898
-
899
-
900
- if(isset($_POST['email']))
901
- {
902
- $email = sanitize_text_field($_POST['email']);
903
- }
904
-
905
- $enduser = new Two_Factor_Setup();
906
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
907
-
908
-
909
- if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
910
- echo "alreadyExist";
911
- exit;
912
- }
913
- else
914
- {
915
-
916
- update_user_meta($user->ID,'mo2f_email_miniOrange',$email);
917
- echo "USERCANBECREATED";
918
- exit;
919
- }
920
-
921
- }
922
- function mo2f_shift_to_onprem(){
923
-
924
- $current_user = wp_get_current_user();
925
- $current_userID = $current_user->ID;
926
- $miniorangeID = get_option( 'mo2f_miniorange_admin' );
927
- if(is_null($miniorangeID) or $miniorangeID =='')
928
- $is_customer_admin = true;
929
- else
930
- $is_customer_admin = $miniorangeID == $current_userID ? true : false;
931
- if($is_customer_admin)
932
- {
933
- update_option('is_onprem', 1);
934
- update_option( 'mo2f_remember_device',0);
935
- wp_send_json('true');
936
- }
937
- else
938
- {
939
- $adminUser = get_user_by('id',$miniorangeID);
940
- $email = $adminUser->user_email;
941
- wp_send_json($email);
942
- }
943
-
944
- }
945
-
946
-
947
- function mo2f_delete_log_file(){
948
- $nonce = sanitize_text_field($_POST['mo2f_nonce_delete_log']);
949
-
950
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-delete-log' ) ) {
951
- $error = new WP_Error();
952
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
953
-
954
- }else{
955
- $debug_log_path = wp_upload_dir();
956
- $debug_log_path = $debug_log_path['basedir'];
957
- $file_name = 'miniorange_debug_log.txt';
958
- $status = file_exists( $debug_log_path.DIRECTORY_SEPARATOR.$file_name);
959
- if($status){
960
- unlink($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
961
- wp_send_json('true');
962
- }
963
- else{
964
- wp_send_json('false');
965
- }
966
- }
967
- }
968
- function mo2f_enable_disable_debug_log(){
969
-
970
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_debug_log']);
971
-
972
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-debug-log' ) ) {
973
- $error = new WP_Error();
974
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
975
-
976
- }
977
-
978
- $enable = sanitize_text_field($_POST['mo2f_enable_debug_log']);
979
- if($enable == 'true'){
980
- update_site_option('mo2f_enable_debug_log' , 1);
981
- wp_send_json('true');
982
- }
983
- else{
984
- update_site_option('mo2f_enable_debug_log' , 0);
985
- wp_send_json('false');
986
- }
987
- }
988
-
989
- function mo2f_enable_disable_twofactor(){
990
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA']);
991
-
992
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-2FA' ) ) {
993
- $error = new WP_Error();
994
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
995
-
996
- }
997
-
998
- $enable = sanitize_text_field($_POST['mo2f_enable_2fa']);
999
- if($enable == 'true'){
1000
- update_option('mo2f_activate_plugin' , 1);
1001
- wp_send_json('true');
1002
- }
1003
- else{
1004
- update_option('mo2f_activate_plugin' , 0);
1005
- wp_send_json('false');
1006
- }
1007
- }
1008
-
1009
- function mo2f_enable_disable_twofactor_prompt_on_login(){
1010
-
1011
- global $Mo2fdbQueries;
1012
- $user = wp_get_current_user();
1013
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA_prompt_on_login']);
1014
- $auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1015
- if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-on-login-page-option-nonce' ) ) {
1016
- $error = new WP_Error();
1017
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1018
-
1019
- }
1020
- $enable= sanitize_text_field($_POST['mo2f_enable_2fa_prompt_on_login']);
1021
- if(!($auth_method == "Google Authenticator" || $auth_method =="miniOrange Soft Token" || $auth_method == "Authy Authenticator"))
1022
- {
1023
- update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1024
- if(!MO2F_IS_ONPREM)
1025
- wp_send_json('false_method_cloud');
1026
- else
1027
- wp_send_json('false_method_onprem');
1028
-
1029
- }
1030
- else if($enable == 'true'){
1031
- update_site_option('mo2f_enable_2fa_prompt_on_login_page' , true);
1032
- wp_send_json('true');
1033
- }
1034
- else{
1035
- update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1036
- wp_send_json('false');
1037
- }
1038
- }
1039
-
1040
- function mo2f_enable_disable_inline(){
1041
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_inline']);
1042
-
1043
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-inline' ) ) {
1044
- wp_send_json("error");
1045
- }
1046
- $enable = sanitize_text_field($_POST['mo2f_inline_registration']);
1047
- if($enable == 'true'){
1048
- update_site_option('mo2f_inline_registration' , 1);
1049
- wp_send_json('true');
1050
- }
1051
- else{
1052
- update_site_option('mo2f_inline_registration' , 0);
1053
- wp_send_json('false');
1054
- }
1055
- }
1056
- function mo2f_enable_disable_configurd_methods(){
1057
- $nonce = sanitize_text_field($_POST['nonce']);
1058
-
1059
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce_configurd_methods' ) ) {
1060
- wp_send_json_error("error");
1061
- }
1062
- $enable = sanitize_text_field($_POST['mo2f_nonce_enable_configured_methods']);
1063
-
1064
- if($enable == 'true'){
1065
- update_site_option('mo2f_nonce_enable_configured_methods' ,true);
1066
- wp_send_json('true');
1067
- }
1068
- else{
1069
- update_site_option('mo2f_nonce_enable_configured_methods' , false);
1070
- wp_send_json('false');
1071
- }
1072
- }
1073
-
1074
- function mo2f_role_based_2_factor(){
1075
- if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
1076
- wp_send_json('ERROR');
1077
- return;
1078
- }
1079
- global $wp_roles;
1080
- if (!isset($wp_roles))
1081
- $wp_roles = new WP_Roles();
1082
- foreach($wp_roles->role_names as $id => $name) {
1083
- update_option('mo2fa_'.$id, 0);
1084
- }
1085
-
1086
- if(isset($_POST['enabledrole'])){
1087
- $enabledrole = $_POST['enabledrole'];
1088
- }
1089
- else{
1090
- $enabledrole = array();
1091
- }
1092
- foreach($enabledrole as $role){
1093
- update_option($role, 1);
1094
- }
1095
- wp_send_json('true');
1096
- return;
1097
- }
1098
- function mo2f_single_user()
1099
- {
1100
- if(!wp_verify_nonce($_POST['nonce'],'singleUserNonce'))
1101
- {
1102
- echo "NonceDidNotMatch";
1103
- exit;
1104
- }
1105
- else
1106
- {
1107
- $current_user = wp_get_current_user();
1108
- $current_userID = $current_user->ID;
1109
- $miniorangeID = get_option( 'mo2f_miniorange_admin' );
1110
- $is_customer_admin = $miniorangeID == $current_userID ? true : false;
1111
-
1112
- if(is_null($miniorangeID) or $miniorangeID =='')
1113
- $is_customer_admin = true;
1114
-
1115
- if($is_customer_admin)
1116
- {
1117
- update_option('is_onprem', 0);
1118
- wp_send_json('true');
1119
- }
1120
- else
1121
- {
1122
- $adminUser = get_user_by('id',$miniorangeID);
1123
- $email = $adminUser->user_email;
1124
- wp_send_json($email);
1125
- }
1126
-
1127
- }
1128
- }
1129
-
1130
- function mo2f_unlimitted_user()
1131
- {
1132
- if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
1133
- {
1134
- echo "NonceDidNotMatch";
1135
- exit;
1136
- }
1137
- else
1138
- {
1139
- if($_POST['enableOnPremise'] == 'on')
1140
- {
1141
- global $wp_roles;
1142
- if (!isset($wp_roles))
1143
- $wp_roles = new WP_Roles();
1144
- foreach($wp_roles->role_names as $id => $name) {
1145
- add_site_option('mo2fa_'.$id, 1);
1146
- if($id == 'administrator'){
1147
- add_option('mo2fa_'.$id.'_login_url',admin_url());
1148
- }else{
1149
- add_option('mo2fa_'.$id.'_login_url',home_url());
1150
- }
1151
- }
1152
- echo "OnPremiseActive";
1153
- exit;
1154
- }
1155
- else
1156
- {
1157
- echo "OnPremiseDeactive";
1158
- exit;
1159
- }
1160
- }
1161
- }
1162
-
1163
- function mo2f_save_email_verification()
1164
- {
1165
-
1166
- if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
1167
- {
1168
- echo "NonceDidNotMatch";
1169
- exit;
1170
- }
1171
- else
1172
- {
1173
- $user_id = get_current_user_id();
1174
- $twofactor_transactions = new Mo2fDB;
1175
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
1176
-
1177
- if($exceeded){
1178
- echo "USER_LIMIT_EXCEEDED";
1179
- exit;
1180
- }
1181
- $email = sanitize_email($_POST['email']);
1182
- $currentMethod = sanitize_text_field($_POST['current_method']);
1183
- $error = false;
1184
-
1185
- $customer_key = get_site_option( 'mo2f_customerKey' );
1186
- $api_key = get_site_option( 'mo2f_api_key' );
1187
-
1188
-
1189
- if (!filter_var($email, FILTER_VALIDATE_EMAIL))
1190
- {
1191
- $error = true;
1192
- }
1193
- if($email!='' && !$error)
1194
- {
1195
- global $Mo2fdbQueries;
1196
- if($currentMethod == 'EmailVerification')
1197
- {
1198
-
1199
-
1200
-
1201
- if(MO2F_IS_ONPREM){
1202
-
1203
- update_user_meta($user_id,'tempEmail',$email);
1204
- $enduser = new Customer_Setup();
1205
- $content = $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key);
1206
- $decoded = json_decode($content,true);
1207
- if($decoded['status'] == 'FAILED'){
1208
- echo "smtpnotset";
1209
- exit;
1210
- }
1211
-
1212
- update_user_meta($user_id,'Mo2fTxid',$decoded['txId']);
1213
- $otpToken = '';
1214
- $otpToken .= rand(0,9);
1215
- update_user_meta($user_id,'Mo2fOtpToken',$otpToken);
1216
-
1217
- }
1218
-
1219
-
1220
-
1221
- //for cloud
1222
- if(! MO2F_IS_ONPREM){
1223
- $enduser = new Two_Factor_Setup();
1224
- $enduser->mo2f_update_userinfo($email, "OUT OF BAND EMAIL",null,null,null);
1225
- }
1226
- // }
1227
-
1228
- echo "settingsSaved";
1229
- exit;
1230
- }
1231
- elseif ($currentMethod == 'OTPOverEmail')
1232
- {
1233
- update_user_meta($user_id,'tempEmail',$email);
1234
- $enduser = new Customer_Setup();
1235
- $content = $enduser->send_otp_token($email,"OTP Over Email",$customer_key,$api_key);
1236
-
1237
- $decoded = json_decode($content,true);
1238
- if($decoded['status'] == 'FAILED'){
1239
-
1240
-
1241
- echo "smtpnotset";
1242
- exit;
1243
-
1244
- }
1245
- MO2f_Utility::mo2f_debug_file('OTP has been sent successfully over Email');
1246
- update_user_meta( $user_id, 'configure_2FA', 1 );
1247
- update_user_meta($user_id,'Mo2fOtpOverEmailtxId',$decoded['txId']);
1248
-
1249
-
1250
- }
1251
- update_user_meta($user_id,'tempRegEmail',$email);
1252
- echo "settingsSaved";
1253
- exit;
1254
- }
1255
- else
1256
- {
1257
- echo "invalidEmail";
1258
- exit;
1259
- }
1260
-
1261
- }
1262
-
1263
- }
1264
-
1265
- function CheckEVStatus()
1266
- {
1267
- if(isset($_POST['txid']))
1268
- {
1269
- $txid = sanitize_text_field($_POST['txid']);
1270
- $status = get_site_option($txid);
1271
- if($status ==1 || $status ==0)
1272
- delete_site_option($_POST['txid']);
1273
- echo $status;
1274
- exit();
1275
- }
1276
- echo "empty txid";
1277
- exit;
1278
- }
1279
-
1280
-
1281
- }
1282
-
1283
- new mo_2f_ajax;
1284
- ?>
1
+ <?php
2
+ class mo_2f_ajax
3
+ {
4
+ function __construct(){
5
+
6
+ add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
+ }
8
+
9
+ function mo_2f_two_factor(){
10
+ add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
+ add_action( 'wp_ajax_nopriv_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
12
+ }
13
+
14
+ function mo_two_factor_ajax(){
15
+ $GLOBALS['mo2f_is_ajax_request'] = true;
16
+ switch ($_POST['mo_2f_two_factor_ajax']) {
17
+ case 'mo2f_ajax_login_redirect':
18
+ $this->mo2f_ajax_login_redirect(); break;
19
+ case 'mo2f_save_email_verification':
20
+ $this->mo2f_save_email_verification(); break;
21
+ case 'mo2f_unlimitted_user':
22
+ $this->mo2f_unlimitted_user();break;
23
+ case 'mo2f_check_user_exist_miniOrange':
24
+ $this->mo2f_check_user_exist_miniOrange();break;
25
+ case 'mo2f_single_user':
26
+ $this->mo2f_single_user();break;
27
+ case 'CheckEVStatus':
28
+ $this->CheckEVStatus(); break;
29
+ case 'mo2f_role_based_2_factor':
30
+ $this->mo2f_role_based_2_factor();break;
31
+ case 'mo2f_enable_disable_twofactor':
32
+ $this->mo2f_enable_disable_twofactor(); break;
33
+ case 'mo2f_enable_disable_inline':
34
+ $this->mo2f_enable_disable_inline(); break;
35
+ case 'mo2f_enable_disable_configurd_methods':
36
+ $this->mo2f_enable_disable_configurd_methods(); break;
37
+ case 'mo2f_shift_to_onprem':
38
+ $this->mo2f_shift_to_onprem();break;
39
+ case 'mo2f_enable_disable_twofactor_prompt_on_login':
40
+ $this->mo2f_enable_disable_twofactor_prompt_on_login();break;
41
+ case 'mo2f_save_custom_form_settings':
42
+ $this ->mo2f_save_custom_form_settings();
43
+ break;
44
+ case 'mo2f_enable_disable_debug_log':
45
+ $this ->mo2f_enable_disable_debug_log();
46
+ break;
47
+ case 'mo2f_delete_log_file':
48
+ $this->mo2f_delete_log_file();
49
+ break;
50
+ case 'select_method_setup_wizard':
51
+ $this->mo2f_select_method_setup_wizard();
52
+ break;
53
+ case 'mo_wpns_register_verify_customer':
54
+ $this->mo_wpns_register_verify_customer();
55
+ break;
56
+ case 'mo_2fa_configure_GA_setup_wizard':
57
+ $this->mo_2fa_configure_GA_setup_wizard();
58
+ break;
59
+ case 'mo_2fa_verify_GA_setup_wizard':
60
+ $this->mo_2fa_verify_GA_setup_wizard();
61
+ break;
62
+ case 'mo_2fa_configure_OTPOverSMS_setup_wizard':
63
+ $this->mo_2fa_configure_OTPOverSMS_setup_wizard();
64
+ break;
65
+ case 'mo_2fa_configure_OTPOverEmail_setup_wizard':
66
+ $this->mo_2fa_configure_OTPOverEmail_setup_wizard();
67
+ break;
68
+ case 'mo_2fa_verify_OTPOverEmail_setup_wizard':
69
+ $this->mo_2fa_verify_OTPOverEmail_setup_wizard();
70
+ break;
71
+ case 'mo_2fa_verify_OTPOverSMS_setup_wizard':
72
+ $this->mo_2fa_verify_OTPOverSMS_setup_wizard();
73
+ break;
74
+ case 'mo_2fa_configure_KBA_setup_wizard':
75
+ $this->mo_2fa_configure_KBA_setup_wizard();
76
+ break;
77
+ case 'mo_2fa_verify_KBA_setup_wizard':
78
+ $this->mo_2fa_verify_KBA_setup_wizard();
79
+ break;
80
+ case 'mo_2fa_send_otp_token':
81
+ $this->mo_2fa_send_otp_token();
82
+ break;
83
+ case "mo2f_set_otp_over_sms":
84
+ $this->mo2f_set_otp_over_sms(); break;
85
+ case "mo2f_set_miniorange_methods":
86
+ $this->mo2f_set_miniorange_methods(); break;
87
+ case "mo2f_set_GA":
88
+ $this->mo2f_set_GA(); break;
89
+ }
90
+ }
91
+ function mo_2fa_verify_KBA_setup_wizard()
92
+ {
93
+ global $Mo2fdbQueries;
94
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
95
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
96
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
97
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
98
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
99
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
100
+ $user = wp_get_current_user();
101
+ $this->mo2f_check_and_create_user($user->ID);
102
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
103
+ echo "Invalid Questions or Answers";
104
+ exit;
105
+ }
106
+ if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
107
+ echo "The questions you select must be unique.";
108
+ exit;
109
+ }
110
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
111
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
112
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
113
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
114
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
115
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
116
+ $email = $user->user_email;
117
+ $kba_registration = new Two_Factor_Setup();
118
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
119
+ 'mo2f_SecurityQuestions_config_status' => true,
120
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
121
+ 'mo2f_user_email' => $email
122
+ ));
123
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
124
+
125
+ if($kba_reg_reponse['status']=='SUCCESS')
126
+ {
127
+ echo "SUCCESS";
128
+ exit;
129
+ }
130
+ else
131
+ {
132
+ echo "An error has occured while saving KBA details. Please try again.";
133
+ exit;
134
+ }
135
+ }
136
+ function mo_2fa_send_otp_token()
137
+ {
138
+ $enduser = new Customer_Setup();
139
+ $email = sanitize_text_field($_POST['phone']);
140
+ $customer_key = get_site_option('mo2f_customerKey');
141
+ $api_key = get_site_option('mo2f_api_key');
142
+ $selected_2FA_method = sanitize_text_field($_POST['selected_2FA_method']);
143
+ $user_id = wp_get_current_user()->ID;
144
+
145
+ if($selected_2FA_method == 'OTP Over Email')
146
+ {
147
+ update_user_meta($user_id,'tempRegEmail',$email);
148
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
149
+ $emailErr = "Invalid email format";
150
+ echo $emailErr;
151
+ exit;
152
+ }
153
+ }
154
+ else if($selected_2FA_method == 'OTP Over SMS')
155
+ {
156
+
157
+ }
158
+ $content = $enduser->send_otp_token($email,$selected_2FA_method,$customer_key,$api_key);
159
+ $content = json_decode($content);
160
+
161
+ if($content->status =='SUCCESS')
162
+ {
163
+ echo 'SUCCESS';
164
+ update_user_meta($user_id,'txId',$content->txId);
165
+ update_user_meta($user_id,'tempRegPhone',$email);
166
+ exit;
167
+ }
168
+ else
169
+ echo "An error has occured while sending the OTP.";
170
+ exit;
171
+ }
172
+ function mo2f_check_and_create_user($user_id)
173
+ {
174
+ global $Mo2fdbQueries;
175
+ $twofactor_transactions = new Mo2fDB;
176
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
177
+ if($exceeded){
178
+ echo 'User Limit has been exceeded';
179
+ exit;
180
+ }
181
+ $Mo2fdbQueries->insert_user( $user_id );
182
+ }
183
+ function mo_2fa_verify_OTPOverSMS_setup_wizard()
184
+ {
185
+ global $Mo2fdbQueries;
186
+ $enduser = new Customer_Setup();
187
+ $current_user = wp_get_current_user();
188
+ $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
189
+ $user_id = wp_get_current_user()->ID;
190
+ $email = get_user_meta($user_id,'tempRegPhone',true);
191
+ $content = json_decode($enduser->validate_otp_token( 'SMS', null, get_user_meta($user_id,'txId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
192
+
193
+ if($content['status'] == 'SUCCESS')
194
+ {
195
+ $this->mo2f_check_and_create_user($user_id);
196
+ $Mo2fdbQueries->update_user_details( $user_id, array(
197
+ 'mo2f_OTPOverSMS_config_status' => true,
198
+ 'mo2f_configured_2FA_method' => "OTP Over SMS",
199
+ 'mo2f_user_phone' => $email,
200
+ 'user_registration_with_miniorange' => 'SUCCESS',
201
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
202
+ ) );
203
+ echo "SUCCESS";
204
+ }
205
+ else
206
+ {
207
+ echo "Invalid OTP";
208
+ }
209
+ exit;
210
+
211
+ }
212
+ function mo_2fa_verify_OTPOverEmail_setup_wizard()
213
+ {
214
+ global $Mo2fdbQueries;
215
+ $enduser = new Customer_Setup();
216
+ $current_user = wp_get_current_user();
217
+ $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
218
+ $user_id = wp_get_current_user()->ID;
219
+ $email = get_user_meta($user_id,'tempRegEmail',true);
220
+ $content = json_decode($enduser->validate_otp_token( 'OTP_OVER_EMAIL', null, get_user_meta($current_user->ID,'mo2f_transactionId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
221
+
222
+ if($content['status'] == 'SUCCESS')
223
+ {
224
+ $this->mo2f_check_and_create_user($user_id);
225
+ $Mo2fdbQueries->update_user_details( $user_id, array(
226
+ 'mo2f_OTPOverEmail_config_status' => true,
227
+ 'mo2f_configured_2FA_method' => "OTP Over Email",
228
+ 'mo2f_user_email' => $email,
229
+ 'user_registration_with_miniorange' => 'SUCCESS',
230
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
231
+ ) );
232
+ echo "SUCCESS";
233
+ }
234
+ else
235
+ {
236
+ echo "Invalid OTP";
237
+ }
238
+ exit;
239
+ }
240
+ function mo_2fa_verify_GA_setup_wizard()
241
+ {
242
+ global $Mo2fdbQueries;
243
+ $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
244
+ include_once $path;
245
+ $obj_google_auth = new Google_auth_onpremise();
246
+ $user_id = wp_get_current_user()->ID;
247
+ $otpToken = sanitize_text_field($_POST['mo2f_google_auth_code']);
248
+ $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
249
+ $secret= $obj_google_auth->mo_GAuth_get_secret($user_id);
250
+ if($session_id_encrypt){
251
+ $secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
252
+ }
253
+ $content = $obj_google_auth->verifyCode($secret, $otpToken);
254
+ $content = json_decode($content);
255
+ if($content->status== 'false')
256
+ echo "Invalid One time Passcode. Please enter again";
257
+ else
258
+ {
259
+ $obj_google_auth->mo_GAuth_set_secret($user_id,$secret);
260
+ $this->mo2f_check_and_create_user($user_id);
261
+ $Mo2fdbQueries->update_user_details( $user_id, array(
262
+ 'mo2f_GoogleAuthenticator_config_status' => true,
263
+ 'mo2f_AuthyAuthenticator_config_status' => false,
264
+ 'mo2f_configured_2FA_method' => "Google Authenticator",
265
+ 'user_registration_with_miniorange' => 'SUCCESS',
266
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
267
+ ) );
268
+
269
+ echo 'SUCCESS';
270
+ }
271
+ exit;
272
+ }
273
+ function mo_2fa_configure_GA_setup_wizard()
274
+ {
275
+ $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
276
+ include_once $path;
277
+ $obj_google_auth = new Google_auth_onpremise();
278
+ update_option('mo2f_google_appname',$_SERVER['SERVER_NAME']);
279
+ $res = $obj_google_auth->mo_GAuth_get_details(true);
280
+ return $res;
281
+ }
282
+ function mo_2fa_configure_OTPOverSMS_setup_wizard()
283
+ {
284
+ global $Mo2fdbQueries;
285
+ $user = wp_get_current_user();
286
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
287
+ $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
288
+ $session_id_encrypt = MO2f_Utility::random_str(20);
289
+
290
+ ?>
291
+ <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');?> </b></h4>
292
+ <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
295
+ <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
297
+
298
+ <div style="display:inline;">
299
+ <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px;" type="text" name="phone" id="phone"
300
+ value="<?php echo $user_phone ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
301
+ title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/><br>
302
+ <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
303
+ value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
304
+ </div>
305
+ </form>
306
+ <br>
307
+ <form name="f" method="post" action="" id="mo2f_validateotp_form">
308
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
310
+ <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
312
+ <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
313
+ <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px" autofocus="true" type="text" name="mo2f_otp_token" id="mo2f_otp_token"
314
+ placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
315
+ <br><br>
316
+ </form><br>
317
+
318
+ <?php
319
+ exit;
320
+ }
321
+ function mo_2fa_configure_OTPOverEmail_setup_wizard()
322
+ {
323
+ $session_id_encrypt = MO2f_Utility::random_str(20);
324
+ $user_email = wp_get_current_user()->user_email;
325
+ ?>
326
+ <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQ');?> </b></h4>
327
+ <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
330
+ <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" ) ?>"/>
332
+
333
+ <div style="display:inline;">
334
+ <b>Email Address: </b>
335
+ <input class="mo2f_table_textbox" style="width:280px;height: 30px;" type="email" name="verify_phone" id="phone"
336
+ value="<?php echo $user_email ?>"
337
+ title="<?php echo mo2f_lt( 'Enter your email address without any space or dashes' ); ?>"/><br><br>
338
+ <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
339
+ value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
340
+ </div>
341
+ </form>
342
+ <br><br>
343
+ <form name="f" method="post" action="" id="mo2f_validateotp_form">
344
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
+ <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
346
+ <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
+ value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" ) ?>"/>
348
+ <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
349
+ <input class="mo2f_table_textbox" style="width:200px;height: 30px;" autofocus="true" type="text" name="mo2f_otp_token" id ="mo2f_otp_token"
350
+ placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/></b>
351
+ <br><br>
352
+ </form><br>
353
+
354
+ <?php
355
+ exit;
356
+ }
357
+ function mo_2fa_configure_KBA_setup_wizard()
358
+ {
359
+ ?>
360
+ <div class="mo2f_kba_header"><?php echo mo2f_lt( 'Please choose 3 questions' ); ?></div>
361
+ <br>
362
+ <table cellspacing="10">
363
+ <tr class="mo2f_kba_header">
364
+ <th style="width: 10%;">
365
+ <?php echo mo2f_lt( 'Sr. No.' ); ?>
366
+ </th>
367
+ <th class="mo2f_kba_tb_data">
368
+ <?php echo mo2f_lt( 'Questions' ); ?>
369
+ </th>
370
+ <th>
371
+ <?php echo mo2f_lt( 'Answers' ); ?>
372
+ </th>
373
+ </tr>
374
+ <tr class="mo2f_kba_body">
375
+ <td>
376
+ <center>1.</center>
377
+ </td>
378
+ <td class="mo2f_kba_tb_data">
379
+ <select name="mo2f_kbaquestion_1" id="mo2f_kbaquestion_1" class="mo2f_kba_ques" required="true"
380
+ >
381
+ <option value="" selected="selected">
382
+ -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
383
+ -------------------------
384
+ </option>
385
+ <option id="mq1_1"
386
+ value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
387
+ <option id="mq2_1"
388
+ value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
389
+ <option id="mq3_1"
390
+ value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
391
+ <option id="mq4_1"
392
+ value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
393
+ <option id="mq5_1"
394
+ value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
395
+ <option id="mq6_1"
396
+ value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
397
+ <option id="mq7_1"
398
+ value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
399
+ <option id="mq8_1"
400
+ value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
401
+ <option id="mq9_1"
402
+ value="What is your grandmother's maiden name?"><?php echo mo2f_lt( "What is your grandmother's maiden name?" ); ?></option>
403
+ <option id="mq10_1"
404
+ value="What was your first vehicle's registration number?"><?php echo mo2f_lt( "What was your first vehicle's registration number?" ); ?></option>
405
+ </select>
406
+ </td>
407
+ <td style="text-align: end;">
408
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans1" id="mo2f_kba_ans1"
409
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
410
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true" autofocus="true"
411
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
412
+ </td>
413
+ </tr>
414
+ <tr class="mo2f_kba_body">
415
+ <td>
416
+ <center>2.</center>
417
+ </td>
418
+ <td class="mo2f_kba_tb_data">
419
+ <select name="mo2f_kbaquestion_2" id="mo2f_kbaquestion_2" class="mo2f_kba_ques" required="true"
420
+ >
421
+ <option value="" selected="selected">
422
+ -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
423
+ -------------------------
424
+ </option>
425
+ <option id="mq1_2"
426
+ value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
427
+ <option id="mq2_2"
428
+ value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
429
+ <option id="mq3_2"
430
+ value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
431
+ <option id="mq4_2"
432
+ value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
433
+ <option id="mq5_2"
434
+ value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
435
+ <option id="mq6_2"
436
+ value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
437
+ <option id="mq7_2"
438
+ value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
439
+ <option id="mq8_2"
440
+ value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
441
+ <option id="mq9_2"
442
+ value="What is your grandmother's maiden name?"><?php echo mo2f_lt( 'What is your grandmother\'s maiden name?' ); ?></option>
443
+ <option id="mq10_2"
444
+ value="What was your first vehicle's registration number?"><?php echo mo2f_lt( 'What was your first vehicle\'s registration number?' ); ?></option>
445
+ </select>
446
+ </td>
447
+ <td style="text-align: end;">
448
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans2" id="mo2f_kba_ans2"
449
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
450
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
451
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
452
+ </td>
453
+ </tr>
454
+ <tr class="mo2f_kba_body">
455
+ <td>
456
+ <center>3.</center>
457
+ </td>
458
+ <td class="mo2f_kba_tb_data">
459
+ <input class="mo2f_kba_ques" type="text" style="width: 100%;"name="mo2f_kbaquestion_3" id="mo2f_kbaquestion_3"
460
+ required="true"
461
+ placeholder="<?php echo mo2f_lt( 'Enter your custom question here' ); ?>"/>
462
+ </td>
463
+ <td style="text-align: end;">
464
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans3" id="mo2f_kba_ans3"
465
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
466
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
467
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
468
+ </td>
469
+ </tr>
470
+ </table>
471
+ <script type="text/javascript">
472
+ var mo_option_to_hide1;
473
+ //hidden element in dropdown list 2
474
+ var mo_option_to_hide2;
475
+
476
+ function mo_option_hide(list) {
477
+ //grab the team selected by the user in the dropdown list
478
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
479
+ //if an element is currently hidden, unhide it
480
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
481
+ mo_option_to_hide1.style.display = 'block';
482
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
483
+ mo_option_to_hide2.style.display = 'block';
484
+ }
485
+ //select the element to hide and then hide it
486
+ if (list == 1) {
487
+ if (list_selected != 0) {
488
+ mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
489
+ mo_option_to_hide2.style.display = 'none';
490
+ }
491
+ }
492
+ if (list == 2) {
493
+ if (list_selected != 0) {
494
+ mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
495
+ mo_option_to_hide1.style.display = 'none';
496
+ }
497
+ }
498
+ }
499
+
500
+
501
+ </script>
502
+
503
+ <?php
504
+ exit;
505
+ }
506
+
507
+ function mo2f_register_customer($post)
508
+ {
509
+ //validate and sanitize
510
+ global $moWpnsUtility, $Mo2fdbQueries;
511
+ $user = wp_get_current_user();
512
+ $email = sanitize_email($post['email']);
513
+ $company = $_SERVER["SERVER_NAME"];
514
+
515
+ $password = $post['password'];
516
+ $confirmPassword = $post['confirmPassword'];
517
+
518
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
519
+ {
520
+ return "Password length is less then expected";
521
+ }
522
+
523
+ if( $password != $confirmPassword )
524
+ {
525
+ return "Password and confirm Password does not match.";
526
+ }
527
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
528
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
529
+ {
530
+ return "Unknown Error has occured.";
531
+ }
532
+
533
+ update_option( 'mo2f_email', $email );
534
+
535
+ update_option( 'mo_wpns_company' , $company );
536
+
537
+ update_option( 'mo_wpns_password' , $password );
538
+
539
+ $customer = new MocURL();
540
+ $content = json_decode($customer->check_customer($email), true);
541
+ $Mo2fdbQueries->insert_user( $user->ID );
542
+
543
+ switch ($content['status'])
544
+ {
545
+ case 'CUSTOMER_NOT_FOUND':
546
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
547
+
548
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
549
+ {
550
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
551
+ update_option( 'mo2f_email', $email );
552
+ $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
553
+ $this->_get_current_customer($email,$password);
554
+ return "SUCCESS";
555
+ }
556
+
557
+ break;
558
+ default:
559
+ $res = $this->_get_current_customer($email,$password);
560
+ if($res == "SUCCESS")
561
+ return $res;
562
+ return "Email is already registered in miniOrange. Please try to login to your account.";
563
+
564
+ }
565
+
566
+ }
567
+ function _verify_customer($post)
568
+ {
569
+ global $moWpnsUtility;
570
+ $email = sanitize_email( $post['email'] );
571
+ $password = sanitize_text_field( $post['password'] );
572
+
573
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
574
+ {
575
+ return "Username or Password is missing.";
576
+ }
577
+ return $this->_get_current_customer($email,$password);
578
+ }
579
+ function _get_current_customer($email,$password)
580
+ {
581
+ global $Mo2fdbQueries;
582
+ $user = wp_get_current_user();
583
+ $customer = new MocURL();
584
+ $content = $customer->get_customer_key($email, $password);
585
+ $customerKey = json_decode($content, true);
586
+ if(json_last_error() == JSON_ERROR_NONE)
587
+ {
588
+ if(isset($customerKey['phone'])){
589
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
590
+ }
591
+ update_option('mo2f_email',$email);
592
+
593
+ $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
594
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
595
+ $customerT = new Customer_Cloud_Setup();
596
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
597
+ if($content['status'] == 'SUCCESS')
598
+ {
599
+ update_site_option('mo2f_license_type','PREMIUM');
600
+ }
601
+ else
602
+ {
603
+ update_site_option('mo2f_license_type','DEMO');
604
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
605
+ }
606
+ if(isset($content['smsRemaining']))
607
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
608
+ else if($content['status'] =='SUCCESS')
609
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
610
+
611
+ if(isset($content['emailRemaining']))
612
+ {
613
+ if($content['emailRemaining']>30)
614
+ {
615
+ $currentTransaction = $content['emailRemaining'];
616
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
617
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
618
+ }
619
+ else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
620
+ {
621
+ update_site_option('cmVtYWluaW5nT1RQ',30);
622
+ }
623
+ }
624
+ return "SUCCESS";
625
+ }
626
+ else
627
+ {
628
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
629
+ update_option('mo_wpns_verify_customer', 'true');
630
+ delete_option('mo_wpns_new_registration');
631
+ return "Invalid Username or Password";
632
+ }
633
+ }
634
+
635
+
636
+ function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
637
+ {
638
+ global $Mo2fdbQueries;
639
+
640
+ $user = wp_get_current_user();
641
+ update_option( 'mo2f_customerKey' , $id );
642
+ update_option( 'mo2f_api_key' , $apiKey );
643
+ update_option( 'mo2f_customer_token' , $token );
644
+ update_option( 'mo2f_app_secret' , $appSecret );
645
+ update_option( 'mo_wpns_enable_log_requests' , true );
646
+ update_option( 'mo2f_miniorange_admin', $user->ID );
647
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
648
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
649
+
650
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
651
+ 'mo2f_user_email' => $email,
652
+ 'user_registration_with_miniorange' => 'SUCCESS'
653
+ ) );
654
+ $enduser = new Two_Factor_Setup();
655
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
656
+
657
+
658
+ delete_option( 'mo_wpns_verify_customer' );
659
+ delete_option( 'mo_wpns_registration_status' );
660
+ delete_option( 'mo_wpns_password' );
661
+ }
662
+
663
+ function mo_wpns_register_verify_customer()
664
+ {
665
+ $res ="";
666
+ if(isset($_POST['Login_and_Continue']) && $_POST['Login_and_Continue'] =='Login and Continue')
667
+ $res = $this->_verify_customer($_POST);
668
+
669
+ else
670
+ $res = $this->mo2f_register_customer($_POST);
671
+ wp_send_json($res);
672
+ }
673
+ function mo2f_select_method_setup_wizard()
674
+ {
675
+ global $Mo2fdbQueries;
676
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-select-method-setup-wizard'))
677
+ {
678
+ wp_send_json("ERROR");
679
+ }
680
+
681
+ $current_user = wp_get_current_user();
682
+ $selected_2FA_method = sanitize_text_field($_POST['mo2f_method']);
683
+
684
+ if(!MO2F_IS_ONPREM)
685
+ {
686
+ update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
687
+ update_user_meta( $current_user->ID, 'register_account_popup', 1 );
688
+ update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
689
+ wp_send_json("SUCCESS");
690
+
691
+ }
692
+
693
+
694
+ $exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($current_user->ID);
695
+ if(!$exceeded)
696
+ $Mo2fdbQueries->insert_user( $current_user->ID );
697
+
698
+ if($selected_2FA_method == 'OTP Over Email')
699
+ {
700
+ wp_send_json("SUCCESS");
701
+ }
702
+ update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
703
+
704
+ $mo_2factor_admin_registration_status = get_option('mo_2factor_admin_registration_status');
705
+ if($selected_2FA_method == 'OTP Over SMS' && $mo_2factor_admin_registration_status != 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
706
+ {
707
+ update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
708
+ update_user_meta( $current_user->ID, 'register_account_popup', 1 );
709
+ }
710
+ else
711
+ update_user_meta( $current_user->ID, 'configure_2FA', 1);
712
+ wp_send_json("SUCCESS");
713
+ }
714
+ function mo2f_set_miniorange_methods(){
715
+ $nonce = sanitize_text_field($_POST['nonce']);
716
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
717
+ $error = new WP_Error();
718
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
719
+ wp_send_json_error($error);
720
+ exit;
721
+ }
722
+ global $Mo2fdbQueries;
723
+ $transient_id=sanitize_text_field($_POST['transient_id']);
724
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
725
+ if(empty($user_id)){
726
+ wp_send_json('UserIdNotFound');
727
+ }
728
+ $user = get_user_by('id',$user_id);
729
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
730
+ $otpToken=sanitize_text_field($_POST['code']);
731
+ $customer = new Customer_Setup();
732
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
733
+ wp_send_json($content);
734
+ }
735
+ function mo2f_set_otp_over_sms(){
736
+ $nonce = sanitize_text_field($_POST['nonce']);
737
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
738
+ $error = new WP_Error();
739
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
740
+ wp_send_json_error($error);
741
+ exit;
742
+ }
743
+ global $Mo2fdbQueries;
744
+ $transient_id=sanitize_text_field($_POST['transient_id']);
745
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
746
+ if(empty($user_id)){
747
+ wp_send_json('UserIdNotFound');
748
+ }
749
+ $user = get_user_by('id',$user_id);
750
+ $new_phone = sanitize_text_field($_POST['phone']);
751
+ $new_phone = str_replace(' ','',$new_phone);
752
+ $Mo2fdbQueries->update_user_details($user_id, array("mo2f_user_phone" => $new_phone) );
753
+ $user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user_id );
754
+ wp_send_json($user_phone);
755
+ }
756
+ function mo2f_set_GA(){
757
+ $nonce = sanitize_text_field($_POST['nonce']);
758
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
759
+ $error = new WP_Error();
760
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
761
+ wp_send_json_error($error);
762
+ exit;
763
+ }
764
+ include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR.'handler'. DIRECTORY_SEPARATOR.'twofa'. DIRECTORY_SEPARATOR. 'gaonprem.php';
765
+ global $Mo2fdbQueries;
766
+ $transient_id=sanitize_text_field($_POST['transient_id']);
767
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
768
+ if(empty($user_id)){
769
+ wp_send_json('UserIdNotFound');
770
+ }
771
+ $google_auth = new Miniorange_Rba_Attributes();
772
+ $user = get_user_by('id',$user_id);
773
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
774
+ $otpToken = sanitize_text_field($_POST['code']);
775
+ $ga_secret = sanitize_text_field($_POST['ga_secret']);
776
+ if(MO2F_IS_ONPREM){
777
+ $gauth_obj = new Google_auth_onpremise();
778
+ $gauth_obj->mo_GAuth_set_secret($user_id, $ga_secret);
779
+ }else{
780
+
781
+ $google_auth = new Miniorange_Rba_Attributes();
782
+ $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, 'miniOrangeAu' ), true );
783
+ }
784
+ $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
785
+ wp_send_json($google_response['status']);
786
+ }
787
+ function mo2f_ajax_login_redirect()
788
+ {
789
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
790
+ {
791
+ wp_send_json("ERROR");
792
+ exit;
793
+ }
794
+ $username = sanitize_text_field($_POST['username']);
795
+ $password = $_POST['password'];
796
+ apply_filters( 'authenticate', null, $username, $password );
797
+ }
798
+ function mo2f_save_custom_form_settings()
799
+ {
800
+
801
+ $customForm = false;
802
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_save_form_settings']);
803
+
804
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-save-form-settings' ) ) {
805
+ $error = new WP_Error();
806
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
807
+ //return $error;
808
+ }
809
+ if(isset($_POST['submit_selector']) and
810
+ isset($_POST['email_selector']) and
811
+ isset($_POST['authType']) and
812
+ isset($_POST['customForm']) and
813
+ isset($_POST['form_selector']) and
814
+
815
+ $_POST['submit_selector']!="" and
816
+ $_POST['email_selector']!="" and
817
+ $_POST['customForm']!="" and
818
+ $_POST['form_selector']!="")
819
+ {
820
+ $submit_selector = sanitize_text_field($_POST['submit_selector']);
821
+ $form_selector = sanitize_text_field($_POST['form_selector']);
822
+ $email_selector = sanitize_text_field($_POST['email_selector']);
823
+ $phone_selector = sanitize_text_field($_POST['phone_selector']);
824
+ $authType = sanitize_text_field($_POST['authType']);
825
+ $customForm = sanitize_text_field( $_POST['customForm']);
826
+ $enableShortcode = sanitize_text_field($_POST['enableShortcode']);
827
+
828
+ switch ($form_selector)
829
+ {
830
+ case '.bbp-login-form':
831
+ update_site_option('mo2f_custom_reg_bbpress',true);
832
+ update_site_option('mo2f_custom_reg_wocommerce',false);
833
+ update_site_option('mo2f_custom_reg_custom',false);
834
+ break;
835
+ case '.woocommerce-form woocommerce-form-register':
836
+ update_site_option('mo2f_custom_reg_bbpress',false);
837
+ update_site_option('mo2f_custom_reg_wocommerce',true);
838
+ update_site_option('mo2f_custom_reg_custom',false);
839
+ break;
840
+ default:
841
+ update_site_option('mo2f_custom_reg_bbpress',false);
842
+ update_site_option('mo2f_custom_reg_wocommerce',false);
843
+ update_site_option('mo2f_custom_reg_custom',true);
844
+ }
845
+
846
+ update_site_option('mo2f_custom_form_name', $form_selector);
847
+ update_site_option('mo2f_custom_email_selector', $email_selector);
848
+ update_site_option('mo2f_custom_phone_selector', $phone_selector);
849
+ update_site_option('mo2f_custom_submit_selector', $submit_selector);
850
+ update_site_option('mo2f_custom_auth_type', $authType);
851
+
852
+ update_site_option('enable_form_shortcode',$enableShortcode);
853
+ $saved = true;
854
+ }
855
+ else
856
+ {
857
+ $submit_selector = 'NA';
858
+ $form_selector = 'NA';
859
+ $email_selector = 'NA';
860
+ $authType ='NA';
861
+ $saved = false;
862
+ }
863
+ $return = array(
864
+ 'authType' => $authType,
865
+ 'submit' => $submit_selector,
866
+ 'emailSelector' => $email_selector,
867
+ 'phone_selector' => $phone_selector,
868
+ 'form' => $form_selector,
869
+ 'saved' => $saved,
870
+ 'customForm' => $customForm,
871
+ 'enableShortcode' => $enableShortcode
872
+ );
873
+
874
+ return wp_send_json($return);
875
+ }
876
+
877
+ function mo2f_check_user_exist_miniOrange()
878
+ {
879
+ $nonce = sanitize_text_field($_POST['nonce']);
880
+
881
+ if ( ! wp_verify_nonce( $nonce, 'checkuserinminiOrangeNonce' ) ) {
882
+ $error = new WP_Error();
883
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
884
+ echo "NonceDidNotMatch";
885
+ exit;
886
+ }
887
+
888
+ if(!get_option('mo2f_customerKey')){
889
+ echo "NOTLOGGEDIN";
890
+ exit;
891
+ }
892
+ $user = wp_get_current_user();
893
+ global $Mo2fdbQueries;
894
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
895
+ if($email == '' or is_null($email))
896
+ $email = $user->user_email;
897
+
898
+
899
+
900
+ if(isset($_POST['email']))
901
+ {
902
+ $email = sanitize_text_field($_POST['email']);
903
+ }
904
+
905
+ $enduser = new Two_Factor_Setup();
906
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
907
+
908
+
909
+ if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
910
+ echo "alreadyExist";
911
+ exit;
912
+ }
913
+ else
914
+ {
915
+
916
+ update_user_meta($user->ID,'mo2f_email_miniOrange',$email);
917
+ echo "USERCANBECREATED";
918
+ exit;
919
+ }
920
+
921
+ }
922
+ function mo2f_shift_to_onprem(){
923
+
924
+ $current_user = wp_get_current_user();
925
+ $current_userID = $current_user->ID;
926
+ $miniorangeID = get_option( 'mo2f_miniorange_admin' );
927
+ if(is_null($miniorangeID) or $miniorangeID =='')
928
+ $is_customer_admin = true;
929
+ else
930
+ $is_customer_admin = $miniorangeID == $current_userID ? true : false;
931
+ if($is_customer_admin)
932
+ {
933
+ update_option('is_onprem', 1);
934
+ update_option( 'mo2f_remember_device',0);
935
+ wp_send_json('true');
936
+ }
937
+ else
938
+ {
939
+ $adminUser = get_user_by('id',$miniorangeID);
940
+ $email = $adminUser->user_email;
941
+ wp_send_json($email);
942
+ }
943
+
944
+ }
945
+
946
+
947
+ function mo2f_delete_log_file(){
948
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_delete_log']);
949
+
950
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-delete-log' ) ) {
951
+ $error = new WP_Error();
952
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
953
+
954
+ }else{
955
+ $debug_log_path = wp_upload_dir();
956
+ $debug_log_path = $debug_log_path['basedir'];
957
+ $file_name = 'miniorange_debug_log.txt';
958
+ $status = file_exists( $debug_log_path.DIRECTORY_SEPARATOR.$file_name);
959
+ if($status){
960
+ unlink($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
961
+ wp_send_json('true');
962
+ }
963
+ else{
964
+ wp_send_json('false');
965
+ }
966
+ }
967
+ }
968
+ function mo2f_enable_disable_debug_log(){
969
+
970
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_debug_log']);
971
+
972
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-debug-log' ) ) {
973
+ $error = new WP_Error();
974
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
975
+
976
+ }
977
+
978
+ $enable = sanitize_text_field($_POST['mo2f_enable_debug_log']);
979
+ if($enable == 'true'){
980
+ update_site_option('mo2f_enable_debug_log' , 1);
981
+ wp_send_json('true');
982
+ }
983
+ else{
984
+ update_site_option('mo2f_enable_debug_log' , 0);
985
+ wp_send_json('false');
986
+ }
987
+ }
988
+
989
+ function mo2f_enable_disable_twofactor(){
990
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA']);
991
+
992
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-2FA' ) ) {
993
+ $error = new WP_Error();
994
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
995
+
996
+ }
997
+
998
+ $enable = sanitize_text_field($_POST['mo2f_enable_2fa']);
999
+ if($enable == 'true'){
1000
+ update_option('mo2f_activate_plugin' , 1);
1001
+ wp_send_json('true');
1002
+ }
1003
+ else{
1004
+ update_option('mo2f_activate_plugin' , 0);
1005
+ wp_send_json('false');
1006
+ }
1007
+ }
1008
+
1009
+ function mo2f_enable_disable_twofactor_prompt_on_login(){
1010
+
1011
+ global $Mo2fdbQueries;
1012
+ $user = wp_get_current_user();
1013
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA_prompt_on_login']);
1014
+ $auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1015
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-on-login-page-option-nonce' ) ) {
1016
+ $error = new WP_Error();
1017
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1018
+
1019
+ }
1020
+ $enable= sanitize_text_field($_POST['mo2f_enable_2fa_prompt_on_login']);
1021
+ if(!($auth_method == "Google Authenticator" || $auth_method =="miniOrange Soft Token" || $auth_method == "Authy Authenticator"))
1022
+ {
1023
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1024
+ if(!MO2F_IS_ONPREM)
1025
+ wp_send_json('false_method_cloud');
1026
+ else
1027
+ wp_send_json('false_method_onprem');
1028
+
1029
+ }
1030
+ else if($enable == 'true'){
1031
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page' , true);
1032
+ wp_send_json('true');
1033
+ }
1034
+ else{
1035
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1036
+ wp_send_json('false');
1037
+ }
1038
+ }
1039
+
1040
+ function mo2f_enable_disable_inline(){
1041
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_inline']);
1042
+
1043
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-inline' ) ) {
1044
+ wp_send_json("error");
1045
+ }
1046
+ $enable = sanitize_text_field($_POST['mo2f_inline_registration']);
1047
+ if($enable == 'true'){
1048
+ update_site_option('mo2f_inline_registration' , 1);
1049
+ wp_send_json('true');
1050
+ }
1051
+ else{
1052
+ update_site_option('mo2f_inline_registration' , 0);
1053
+ wp_send_json('false');
1054
+ }
1055
+ }
1056
+ function mo2f_enable_disable_configurd_methods(){
1057
+ $nonce = sanitize_text_field($_POST['nonce']);
1058
+
1059
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce_configurd_methods' ) ) {
1060
+ wp_send_json_error("error");
1061
+ }
1062
+ $enable = sanitize_text_field($_POST['mo2f_nonce_enable_configured_methods']);
1063
+
1064
+ if($enable == 'true'){
1065
+ update_site_option('mo2f_nonce_enable_configured_methods' ,true);
1066
+ wp_send_json('true');
1067
+ }
1068
+ else{
1069
+ update_site_option('mo2f_nonce_enable_configured_methods' , false);
1070
+ wp_send_json('false');
1071
+ }
1072
+ }
1073
+
1074
+ function mo2f_role_based_2_factor(){
1075
+ if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
1076
+ wp_send_json('ERROR');
1077
+ return;
1078
+ }
1079
+ global $wp_roles;
1080
+ if (!isset($wp_roles))
1081
+ $wp_roles = new WP_Roles();
1082
+ foreach($wp_roles->role_names as $id => $name) {
1083
+ update_option('mo2fa_'.$id, 0);
1084
+ }
1085
+
1086
+ if(isset($_POST['enabledrole'])){
1087
+ $enabledrole = $_POST['enabledrole'];
1088
+ }
1089
+ else{
1090
+ $enabledrole = array();
1091
+ }
1092
+ foreach($enabledrole as $role){
1093
+ update_option($role, 1);
1094
+ }
1095
+ wp_send_json('true');
1096
+ return;
1097
+ }
1098
+ function mo2f_single_user()
1099
+ {
1100
+ if(!wp_verify_nonce($_POST['nonce'],'singleUserNonce'))
1101
+ {
1102
+ echo "NonceDidNotMatch";
1103
+ exit;
1104
+ }
1105
+ else
1106
+ {
1107
+ $current_user = wp_get_current_user();
1108
+ $current_userID = $current_user->ID;
1109
+ $miniorangeID = get_option( 'mo2f_miniorange_admin' );
1110
+ $is_customer_admin = $miniorangeID == $current_userID ? true : false;
1111
+
1112
+ if(is_null($miniorangeID) or $miniorangeID =='')
1113
+ $is_customer_admin = true;
1114
+
1115
+ if($is_customer_admin)
1116
+ {
1117
+ update_option('is_onprem', 0);
1118
+ wp_send_json('true');
1119
+ }
1120
+ else
1121
+ {
1122
+ $adminUser = get_user_by('id',$miniorangeID);
1123
+ $email = $adminUser->user_email;
1124
+ wp_send_json($email);
1125
+ }
1126
+
1127
+ }
1128
+ }
1129
+
1130
+ function mo2f_unlimitted_user()
1131
+ {
1132
+ if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
1133
+ {
1134
+ echo "NonceDidNotMatch";
1135
+ exit;
1136
+ }
1137
+ else
1138
+ {
1139
+ if($_POST['enableOnPremise'] == 'on')
1140
+ {
1141
+ global $wp_roles;
1142
+ if (!isset($wp_roles))
1143
+ $wp_roles = new WP_Roles();
1144
+ foreach($wp_roles->role_names as $id => $name) {
1145
+ add_site_option('mo2fa_'.$id, 1);
1146
+ if($id == 'administrator'){
1147
+ add_option('mo2fa_'.$id.'_login_url',admin_url());
1148
+ }else{
1149
+ add_option('mo2fa_'.$id.'_login_url',home_url());
1150
+ }
1151
+ }
1152
+ echo "OnPremiseActive";
1153
+ exit;
1154
+ }
1155
+ else
1156
+ {
1157
+ echo "OnPremiseDeactive";
1158
+ exit;
1159
+ }
1160
+ }
1161
+ }
1162
+
1163
+ function mo2f_save_email_verification()
1164
+ {
1165
+
1166
+ if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
1167
+ {
1168
+ echo "NonceDidNotMatch";
1169
+ exit;
1170
+ }
1171
+ else
1172
+ {
1173
+ $user_id = get_current_user_id();
1174
+ $twofactor_transactions = new Mo2fDB;
1175
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
1176
+
1177
+ if($exceeded){
1178
+ echo "USER_LIMIT_EXCEEDED";
1179
+ exit;
1180
+ }
1181
+ $email = sanitize_email($_POST['email']);
1182
+ $currentMethod = sanitize_text_field($_POST['current_method']);
1183
+ $error = false;
1184
+
1185
+ $customer_key = get_site_option( 'mo2f_customerKey' );
1186
+ $api_key = get_site_option( 'mo2f_api_key' );
1187
+
1188
+
1189
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL))
1190
+ {
1191
+ $error = true;
1192
+ }
1193
+ if($email!='' && !$error)
1194
+ {
1195
+ global $Mo2fdbQueries;
1196
+ if($currentMethod == 'EmailVerification')
1197
+ {
1198
+
1199
+
1200
+
1201
+ if(MO2F_IS_ONPREM){
1202
+
1203
+ update_user_meta($user_id,'tempEmail',$email);
1204
+ $enduser = new Customer_Setup();
1205
+ $content = $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key);
1206
+ $decoded = json_decode($content,true);
1207
+ if($decoded['status'] == 'FAILED'){
1208
+ echo "smtpnotset";
1209
+ exit;
1210
+ }
1211
+
1212
+ update_user_meta($user_id,'Mo2fTxid',$decoded['txId']);
1213
+ $otpToken = '';
1214
+ $otpToken .= rand(0,9);
1215
+ update_user_meta($user_id,'Mo2fOtpToken',$otpToken);
1216
+
1217
+ }
1218
+
1219
+
1220
+
1221
+ //for cloud
1222
+ if(! MO2F_IS_ONPREM){
1223
+ $enduser = new Two_Factor_Setup();
1224
+ $enduser->mo2f_update_userinfo($email, "OUT OF BAND EMAIL",null,null,null);
1225
+ }
1226
+ // }
1227
+
1228
+ echo "settingsSaved";
1229
+ exit;
1230
+ }
1231
+ elseif ($currentMethod == 'OTPOverEmail')
1232
+ {
1233
+ update_user_meta($user_id,'tempEmail',$email);
1234
+ $enduser = new Customer_Setup();
1235
+ $content = $enduser->send_otp_token($email,"OTP Over Email",$customer_key,$api_key);
1236
+
1237
+ $decoded = json_decode($content,true);
1238
+ if($decoded['status'] == 'FAILED'){
1239
+
1240
+
1241
+ echo "smtpnotset";
1242
+ exit;
1243
+
1244
+ }
1245
+ MO2f_Utility::mo2f_debug_file('OTP has been sent successfully over Email');
1246
+ update_user_meta( $user_id, 'configure_2FA', 1 );
1247
+ update_user_meta($user_id,'Mo2fOtpOverEmailtxId',$decoded['txId']);
1248
+
1249
+
1250
+ }
1251
+ update_user_meta($user_id,'tempRegEmail',$email);
1252
+ echo "settingsSaved";
1253
+ exit;
1254
+ }
1255
+ else
1256
+ {
1257
+ echo "invalidEmail";
1258
+ exit;
1259
+ }
1260
+
1261
+ }
1262
+
1263
+ }
1264
+
1265
+ function CheckEVStatus()
1266
+ {
1267
+ if(isset($_POST['txid']))
1268
+ {
1269
+ $txid = sanitize_text_field($_POST['txid']);
1270
+ $status = get_site_option($txid);
1271
+ if($status ==1 || $status ==0)
1272
+ delete_site_option($_POST['txid']);
1273
+ echo $status;
1274
+ exit();
1275
+ }
1276
+ echo "empty txid";
1277
+ exit;
1278
+ }
1279
+
1280
+
1281
+ }
1282
+
1283
+ new mo_2f_ajax;
1284
+ ?>
controllers/upgrade.php CHANGED
@@ -1,4 +1,4 @@
1
- <?php
2
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
3
- MoWpnsUtility::checkSecurity();
4
  update_site_option("mo_2fa_pnp",time());
1
+ <?php
2
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'upgrade.php';
3
+ MoWpnsUtility::checkSecurity();
4
  update_site_option("mo_2fa_pnp",time());
controllers/waf.php CHANGED
@@ -1,48 +1,48 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
- $mo_wpns_handler = new MoWpnsHandler();
4
- $sqlC = $mo_wpns_handler->get_blocked_attacks_count("SQL");
5
- $rceC = $mo_wpns_handler->get_blocked_attacks_count("RCE");
6
- $rfiC = $mo_wpns_handler->get_blocked_attacks_count("RFI");
7
- $lfiC = $mo_wpns_handler->get_blocked_attacks_count("LFI");
8
- $xssC = $mo_wpns_handler->get_blocked_attacks_count("XSS");
9
- $totalAttacks = $sqlC+$lfiC+$rfiC+$xssC+$rceC;
10
- $manualBlocks = $mo_wpns_handler->get_manual_blocked_ip_count();
11
- $realTime = 0;
12
- $countryBlocked = $mo_wpns_handler->get_blocked_countries();
13
- $IPblockedByWAF = $mo_wpns_handler->get_blocked_ip_waf();
14
- $totalIPBlocked = $manualBlocks+$realTime+$IPblockedByWAF;
15
- $mo_waf = get_option('WAFEnabled');
16
- if(!get_option('mo2f_tour_firewall'))
17
- update_option('mo2f_tour_firewall',1);
18
- if($mo_waf)
19
- {
20
- $mo_waf = false;
21
- }
22
- else
23
- {
24
- $mo_waf = true;
25
- }
26
-
27
-
28
- $path = dirname(dirname(__FILE__)).'/includes/images/loader.gif';
29
- $path = explode('plugins', $path);
30
-
31
-
32
- $img_loader_url = plugins_url().'/'.$path[1];
33
- if($totalIPBlocked>999)
34
- {
35
- $totalIPBlocked = strval(intval($totalIPBlocked/1000)).'k+';
36
- }
37
-
38
- if($totalAttacks>999)
39
- {
40
- $totalAttacks = strval(intval($totalAttacks/1000)).'k+';
41
- }
42
- update_site_option('mo2f_visit_waf',true);
43
-
44
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'waf.php';
45
-
46
-
47
-
48
-
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+ $mo_wpns_handler = new MoWpnsHandler();
4
+ $sqlC = $mo_wpns_handler->get_blocked_attacks_count("SQL");
5
+ $rceC = $mo_wpns_handler->get_blocked_attacks_count("RCE");
6
+ $rfiC = $mo_wpns_handler->get_blocked_attacks_count("RFI");
7
+ $lfiC = $mo_wpns_handler->get_blocked_attacks_count("LFI");
8
+ $xssC = $mo_wpns_handler->get_blocked_attacks_count("XSS");
9
+ $totalAttacks = $sqlC+$lfiC+$rfiC+$xssC+$rceC;
10
+ $manualBlocks = $mo_wpns_handler->get_manual_blocked_ip_count();
11
+ $realTime = 0;
12
+ $countryBlocked = $mo_wpns_handler->get_blocked_countries();
13
+ $IPblockedByWAF = $mo_wpns_handler->get_blocked_ip_waf();
14
+ $totalIPBlocked = $manualBlocks+$realTime+$IPblockedByWAF;
15
+ $mo_waf = get_option('WAFEnabled');
16
+ if(!get_option('mo2f_tour_firewall'))
17
+ update_option('mo2f_tour_firewall',1);
18
+ if($mo_waf)
19
+ {
20
+ $mo_waf = false;
21
+ }
22
+ else
23
+ {
24
+ $mo_waf = true;
25
+ }
26
+
27
+
28
+ $path = dirname(dirname(__FILE__)).'/includes/images/loader.gif';
29
+ $path = explode('plugins', $path);
30
+
31
+
32
+ $img_loader_url = plugins_url().'/'.$path[1];
33
+ if($totalIPBlocked>999)
34
+ {
35
+ $totalIPBlocked = strval(intval($totalIPBlocked/1000)).'k+';
36
+ }
37
+
38
+ if($totalAttacks>999)
39
+ {
40
+ $totalAttacks = strval(intval($totalAttacks/1000)).'k+';
41
+ }
42
+ update_site_option('mo2f_visit_waf',true);
43
+
44
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'waf.php';
45
+
46
+
47
+
48
+
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -1,1398 +1,1398 @@
1
- <?php
2
- class wpns_ajax
3
- {
4
- function __construct(){
5
- //add comment here
6
- add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
- add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
- }
9
-
10
- function mo_login_security_ajax(){
11
-
12
- add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
- add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
- add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
- }
16
-
17
- function mo2f_ajax(){
18
- $GLOBALS['mo2f_is_ajax_request'] = true;
19
- switch ($_POST['mo2f_ajax_option']) {
20
- case "mo2f_ajax_kba":
21
- $this->mo2f_ajax_kba();break;
22
- case "mo2f_ajax_login":
23
- $this->mo2f_ajax_login(); break;
24
- case "mo2f_ajax_otp":
25
- $this->mo2f_ajax_otp(); break;
26
- }
27
- }
28
- function mo2fa_elementor_ajax_fun()
29
- {
30
-
31
- if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
- $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
- wp_send_json('ERROR');
35
- }
36
- if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
- {
38
- $info = array();
39
- $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
- $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
- $info['remember'] = false;
42
- $user_signon = wp_signon($info, false);
43
- if (is_wp_error($user_signon)) {
44
- wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
- }
46
- }
47
- }
48
- }
49
- function wpns_login_security(){
50
- switch($_POST['wpns_loginsecurity_ajax'])
51
- {
52
- case "wpns_bruteforce_form":
53
- $this->wpns_handle_bf_configuration_form(); break;
54
- case "wpns_save_captcha":
55
- $this->wpns_captcha_settings();break;
56
- case "save_strong_password":
57
- $this->wpns_strong_password_settings();break;
58
- case 'wpns_ManualIPBlock_form':
59
- $this->wpns_handle_IP_blocking();break;
60
- case 'wpns_WhitelistIP_form':
61
- $this->wpns_whitelist_ip(); break;
62
- case 'wpns_waf_settings_form':
63
- $this->wpns_waf_settings_form(); break;
64
- case 'wpns_waf_rate_limiting_form':
65
- $this->wpns_waf_rate_limiting_form(); break;
66
- case 'wpns_waf_realtime_ip_block_free':
67
- $this->wpns_waf_realtime_ip_block_free();break;
68
- case 'wpns_ip_lookup':
69
- $this->wpns_ip_lookup(); break;
70
- case 'wpns_all_plans':
71
- $this->wpns_all_plans(); break;
72
- case 'wpns_logout_form':
73
- $this->wpns_logout_form(); break;
74
- case 'wpns_check_transaction':
75
- $this->wpns_check_transaction(); break;
76
- case 'waf_settings_mail_form_notify':
77
- $this->waf_settings_mail_form_notify(); break;
78
- case 'waf_settings_IP_mail_form':
79
- $this->waf_settings_IP_mail_form();break;
80
- case 'update_plan':
81
- $this->update_plan(); break;
82
- }
83
- }
84
-
85
- function update_plan(){
86
- $mo2f_all_plannames = $_POST['planname'];
87
- $mo_2fa_plan_type = $_POST['planType'];
88
- update_option('mo2f_planname', $mo2f_all_plannames);
89
- if ($mo2f_all_plannames == 'addon_plan')
90
- {
91
- update_option('mo2f_planname', 'addon_plan');
92
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
- }
94
- elseif ($mo2f_all_plannames == '2fa_plan')
95
- {
96
- update_option('mo2f_planname', '2fa_plan');
97
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
- }
99
- }
100
-
101
-
102
- function mo2f_ajax_otp(){
103
- $obj = new Miniorange_Password_2Factor_Login();
104
- $obj->check_miniorange_soft_token($_POST);
105
- }
106
- function mo2f_ajax_kba(){
107
- $obj = new Miniorange_Password_2Factor_Login();
108
- $obj->check_kba_validation($_POST);
109
- }
110
-
111
- function wpns_check_transaction()
112
- {
113
- $customerT = new Customer_Cloud_Setup();
114
-
115
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
116
- if($content['status'] == 'SUCCESS')
117
- {
118
- update_site_option('mo2f_license_type','PREMIUM');
119
- }
120
- else
121
- {
122
- update_site_option('mo2f_license_type','DEMO');
123
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), t