Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.5.75

Version Description

  • Google Authenticator - Two factor Authentication (2FA, OTP) :
  • Bug Fixes and Code Improvements
Download this release

Release Info

Developer prashantbhivsane
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.5.75
Comparing to
See all releases

Code changes from version 5.5.7 to 5.5.75

Files changed (77) hide show
  1. api/class-customer-common-setup.php +20 -19
  2. controllers/account.php +1 -1
  3. controllers/ip-blocking.php +5 -5
  4. controllers/login-security.php +10 -10
  5. controllers/twofa/mo2fa_common_login.php +86 -86
  6. controllers/twofa/mo2fa_inline_registration.php +72 -72
  7. controllers/twofa/two_factor_ajax.php +6 -6
  8. handler/WAF/waf-include.php +22 -14
  9. handler/feedback_form.php +1 -0
  10. handler/login.php +4 -1
  11. handler/malware_scanner.php +5 -5
  12. handler/mo-waf-plugin.php +19 -12
  13. handler/mo-waf.php +20 -12
  14. handler/twofa/class-twofacustomregformshortcode.php +69 -69
  15. handler/twofa/class_miniorange_2fa_strong_password.php +1 -1
  16. handler/twofa/setup_twofa.php +8 -8
  17. handler/twofa/two_fa_login.php +4 -4
  18. handler/twofa/two_fa_pass2login.php +3 -3
  19. handler/twofa/two_fa_settings.php +5 -5
  20. handler/twofa/two_fa_utility.php +12 -7
  21. handler/user-profile-2fa.php +5 -5
  22. helper/curl.php +5 -20
  23. helper/dashboard_security_notification.php +7 -7
  24. helper/utility.php +7 -3
  25. includes/email-New-release.php +1 -2
  26. includes/js/select2.min.js +3 -0
  27. miniorange_2_factor_settings.php +5 -5
  28. readme.txt +998 -994
  29. views/addons.php +2 -2
  30. views/advanced-blocking.php +8 -8
  31. views/backup/backup_created_report.php +2 -2
  32. views/backup/backup_schdule.php +5 -5
  33. views/backup/backup_setting_view.php +2 -2
  34. views/common-elements.php +5 -5
  35. views/content-protection.php +8 -8
  36. views/dashboard.php +13 -13
  37. views/feedback_footer.php +4 -4
  38. views/feedback_form.php +7 -7
  39. views/ip-blocking.php +3 -3
  40. views/licensing.php +8 -8
  41. views/login-security.php +11 -11
  42. views/malware_scanner/scan_report_view.php +4 -4
  43. views/malware_scanner/scan_settings_view.php +4 -4
  44. views/malware_scanner/scan_summary_view.php +6 -6
  45. views/navbar.php +13 -13
  46. views/notification-settings.php +6 -6
  47. views/registration-security.php +2 -2
  48. views/request_christmas_offer.php +1 -1
  49. views/request_demo.php +1 -1
  50. views/request_offer.php +1 -1
  51. views/test/test_twofa_email_verification.php +1 -1
  52. views/test/test_twofa_miniorange_push_notification.php +3 -3
  53. views/test/test_twofa_miniorange_qrcode_authentication.php +1 -1
  54. views/tour-model.php +4 -4
  55. views/trial.php +5 -5
  56. views/twofa/setup/setup_duo_authenticator.php +2 -2
  57. views/twofa/setup/setup_google_authenticator.php +1 -1
  58. views/twofa/setup/setup_google_authenticator_onpremise.php +2 -2
  59. views/twofa/setup/setup_miniorange_authenticator.php +5 -5
  60. views/twofa/setup/setup_otp_over_sms.php +2 -2
  61. views/twofa/setup/setup_otp_over_whatsapp.php +1 -1
  62. views/twofa/setup_twofa.php +10 -10
  63. views/twofa/test/test_twofa_email_verification.php +1 -1
  64. views/twofa/test/test_twofa_kba_questions.php +2 -2
  65. views/twofa/test/test_twofa_miniorange_push_notification.php +2 -2
  66. views/twofa/test/test_twofa_miniorange_qrcode_authentication.php +3 -3
  67. views/twofa/two_fa_custom_form.php +8 -8
  68. views/twofa/two_fa_premium_feature.php +26 -26
  69. views/twofa/two_fa_rba.php +1 -1
  70. views/twofa/two_fa_session_control.php +1 -1
  71. views/twofa/two_fa_setup_notification.php +3 -3
  72. views/twofa/two_fa_shortcode.php +2 -2
  73. views/twofa/two_fa_unlimittedUser.php +13 -13
  74. views/upgrade.php +6 -6
  75. views/upgrade_2fa_lite.php +4 -4
  76. views/waf-settings.php +11 -11
  77. views/waf.php +13 -13
api/class-customer-common-setup.php CHANGED
@@ -118,7 +118,7 @@ class Customer_Cloud_Setup {
118
 
119
  $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
 
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . $_SERVER['SERVER_NAME'] . '" target="_blank" >' . $_SERVER['SERVER_NAME'] . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
 
123
  $fields = array(
124
  'customerKey' => $customerKey,
@@ -312,26 +312,26 @@ class Customer_Cloud_Setup {
312
  public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
313
 
314
 
315
- $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
316
 
317
- $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
318
-
319
- $postdata = array('mo2f_email'=> $mo2f_user_email,
320
- 'mo2f_domain' =>$site_url,
321
- 'headers'=>$headers['header'],
322
- 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
323
- $args = array(
324
- 'method' => 'POST',
325
- 'timeout' => 45,
326
- 'sslverify' => false,
327
- 'headers' => array(),
328
- 'body' => $postdata,
329
- );
330
-
331
- $mo2f_api=new Mo2f_Api();
332
- $data=$mo2f_api->mo2f_wp_remote_post($url,$postdata);
333
 
334
- return $data;
 
 
 
 
 
 
 
 
 
 
335
 
336
  }
337
 
@@ -462,6 +462,7 @@ class Customer_Cloud_Setup {
462
  $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
463
 
464
  $content = $mo2fApi->make_curl_call( $url, $field_string );
 
465
 
466
  return true;
467
  }
118
 
119
  $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
 
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . sanitize_text_field($_SERVER['SERVER_NAME']) . '" target="_blank" >' . sanitize_text_field($_SERVER['SERVER_NAME']) . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
 
123
  $fields = array(
124
  'customerKey' => $customerKey,
312
  public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
313
 
314
 
315
+ $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
316
 
317
+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
318
+
319
+ $postdata = array('mo2f_email'=> $mo2f_user_email,
320
+ 'mo2f_domain' =>$site_url,
321
+ 'headers'=>$headers['header'],
322
+ 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
 
 
 
 
 
 
 
 
 
 
323
 
324
+ $args = array(
325
+ 'method' => 'POST',
326
+ 'timeout' => 45,
327
+ 'sslverify' => false,
328
+ 'headers' => array(),
329
+ 'body' => $postdata,
330
+ );
331
+
332
+ $mo2f_api=new Mo2f_Api();
333
+ $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
334
+ return $data;
335
 
336
  }
337
 
462
  $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
463
 
464
  $content = $mo2fApi->make_curl_call( $url, $field_string );
465
+
466
 
467
  return true;
468
  }
controllers/account.php CHANGED
@@ -63,7 +63,7 @@
63
  global $moWpnsUtility, $Mo2fdbQueries;
64
  $user = wp_get_current_user();
65
  $email = sanitize_email($post['email']);
66
- $company = $_SERVER["SERVER_NAME"];
67
 
68
  $password = sanitize_text_field($post['password']);
69
  $confirmPassword = sanitize_text_field($post['confirmPassword']);
63
  global $moWpnsUtility, $Mo2fdbQueries;
64
  $user = wp_get_current_user();
65
  $email = sanitize_email($post['email']);
66
+ $company = sanitize_text_field($_SERVER["SERVER_NAME"]);
67
 
68
  $password = sanitize_text_field($post['password']);
69
  $confirmPassword = sanitize_text_field($post['confirmPassword']);
controllers/ip-blocking.php CHANGED
@@ -67,11 +67,11 @@
67
  global $mo2f_dirName;
68
  foreach($blockedips as $blockedip)
69
  {
70
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".esc_attr($blockedip->reason)."</td><td>";
71
  if(empty($blockedip->blocked_for_time))
72
  echo "<span class=redtext>Permanently</span>";
73
  else
74
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
75
  echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_html($blockedip->id)."')>Unblock IP</a></td></tr>";
76
  }
77
  ?>
@@ -120,12 +120,12 @@
120
  global $mo2f_dirName;
121
  foreach($blockedips as $blockedip)
122
  {
123
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".esc_html($blockedip->reason)."</td><td>";
124
  if(empty($blockedip->blocked_for_time))
125
  echo "<span class=redtext>Permanently</span>";
126
  else
127
- echo date("M j, Y, g:i:s a",esc_html($blockedip->blocked_for_time));
128
- echo "</td><td>".date("M j, Y, g:i:s a",esc_html($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_html($blockedip->id)."')>Unblock IP</a></td></tr>";
129
  }
130
  ?>
131
  </tbody>
67
  global $mo2f_dirName;
68
  foreach($blockedips as $blockedip)
69
  {
70
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
71
  if(empty($blockedip->blocked_for_time))
72
  echo "<span class=redtext>Permanently</span>";
73
  else
74
+ echo date("M j, Y, g:i:s a", esc_attr($blockedip->blocked_for_time));
75
  echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_html($blockedip->id)."')>Unblock IP</a></td></tr>";
76
  }
77
  ?>
120
  global $mo2f_dirName;
121
  foreach($blockedips as $blockedip)
122
  {
123
+ echo "<tr class='mo_wpns_not_bold'><td>". esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
124
  if(empty($blockedip->blocked_for_time))
125
  echo "<span class=redtext>Permanently</span>";
126
  else
127
+ echo date("M j, Y, g:i:s a",esc_attr($blockedip->blocked_for_time));
128
+ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_attr($blockedip->id)."')>Unblock IP</a></td></tr>";
129
  }
130
  ?>
131
  </tbody>
controllers/login-security.php CHANGED
@@ -49,10 +49,10 @@
49
 
50
 
51
 
52
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
53
 
54
 
55
- $test_recaptcha_url_v3 = add_query_arg( array('option'=>'testrecaptchaconfig3'), $_SERVER['REQUEST_URI'] );
56
  $captcha_url_v2 = 'https://www.google.com/recaptcha/admin#list';
57
  $captcha_url_v3 = 'https://www.google.com/recaptcha/admin/create';
58
 
@@ -105,7 +105,7 @@
105
  //Function to handle enabling and disabling of brute force protection
106
  function wpns_handle_bf_enable_form($postData)
107
  {
108
- $enable = isset($postData['enable_brute_force_protection']) ? $postData['enable_brute_force_protection'] : false;
109
  update_option( 'mo2f_enable_brute_force', $enable );
110
 
111
  if($enable)
@@ -118,10 +118,10 @@
118
  //Function to handle brute force configuration
119
  function wpns_handle_bf_configuration_form($postData)
120
  {
121
- $login_attempts = $postData['allwed_login_attempts'];
122
- $blocking_type = $postData['time_of_blocking_type'];
123
- $blocking_value = isset($postData['time_of_blocking_val']) ? $postData['time_of_blocking_val'] : false;
124
- $remaining_attempts = isset($postData['show_remaining_attempts'])? $postData['show_remaining_attempts'] : false;
125
 
126
  update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
  update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
@@ -151,9 +151,9 @@
151
  //Function to handle enabling and disabling enforcement of strong password
152
  function wpns_handle_enable_strong_password($postData)
153
  {
154
- $set = isset($postData['mo2f_enforce_strong_passswords']) ? $postData['mo2f_enforce_strong_passswords'] : 0;
155
  update_option( 'mo2f_enforce_strong_passswords' , $set);
156
- update_option( 'mo2f_enforce_strong_passswords_for_accounts', $postData['mo2f_enforce_strong_passswords_for_accounts']);
157
  if($set)
158
  do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_ENABLED'),'SUCCESS');
159
  else
@@ -177,7 +177,7 @@
177
  //Function to handle enabling and disabling google recaptcha
178
  function wpns_handle_enable_recaptcha($postData)
179
  {
180
- $enable = isset($postData['mo_wpns_activate_recaptcha']) ? $postData['mo_wpns_activate_recaptcha'] : false;
181
  update_option( 'mo_wpns_activate_recaptcha', $enable );
182
 
183
  if($enable)
49
 
50
 
51
 
52
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), sanitize_url($_SERVER['REQUEST_URI']));
53
 
54
 
55
+ $test_recaptcha_url_v3 = add_query_arg( array('option'=>'testrecaptchaconfig3'), sanitize_url($_SERVER['REQUEST_URI']));
56
  $captcha_url_v2 = 'https://www.google.com/recaptcha/admin#list';
57
  $captcha_url_v3 = 'https://www.google.com/recaptcha/admin/create';
58
 
105
  //Function to handle enabling and disabling of brute force protection
106
  function wpns_handle_bf_enable_form($postData)
107
  {
108
+ $enable = isset($postData['enable_brute_force_protection']) ? sanitize_text_field($postData['enable_brute_force_protection']) : false;
109
  update_option( 'mo2f_enable_brute_force', $enable );
110
 
111
  if($enable)
118
  //Function to handle brute force configuration
119
  function wpns_handle_bf_configuration_form($postData)
120
  {
121
+ $login_attempts = sanitize_text_field($postData['allwed_login_attempts']);
122
+ $blocking_type = sanitize_text_field($postData['time_of_blocking_type']);
123
+ $blocking_value = isset($postData['time_of_blocking_val']) ? sanitize_text_field($postData['time_of_blocking_val']) : false;
124
+ $remaining_attempts = isset($postData['show_remaining_attempts'])? sanitize_text_field($postData['show_remaining_attempts']) : false;
125
 
126
  update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
  update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
151
  //Function to handle enabling and disabling enforcement of strong password
152
  function wpns_handle_enable_strong_password($postData)
153
  {
154
+ $set = isset($postData['mo2f_enforce_strong_passswords']) ? sanitize_text_field($postData['mo2f_enforce_strong_passswords']) : 0;
155
  update_option( 'mo2f_enforce_strong_passswords' , $set);
156
+ update_option( 'mo2f_enforce_strong_passswords_for_accounts', sanitize_text_field($postData['mo2f_enforce_strong_passswords_for_accounts']));
157
  if($set)
158
  do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_ENABLED'),'SUCCESS');
159
  else
177
  //Function to handle enabling and disabling google recaptcha
178
  function wpns_handle_enable_recaptcha($postData)
179
  {
180
+ $enable = isset($postData['mo_wpns_activate_recaptcha']) ? sanitize_text_field($postData['mo_wpns_activate_recaptcha']) : false;
181
  update_option( 'mo_wpns_activate_recaptcha', $enable );
182
 
183
  if($enable)
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -19,7 +19,7 @@ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_t
19
  ?>
20
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
  <?php
22
- wp_register_script('mo2f_rba_jquery',plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(dirname(__FILE__))) ));
23
  wp_register_script('mo2f_rba_flash',plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ));
24
  wp_register_script('mo2f_rba_ua_parser',plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ));
25
  wp_register_script('mo2f_client',plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ));
@@ -29,7 +29,7 @@ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_t
29
  wp_register_script('mo2f_murmur',plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ));
30
  wp_register_script('mo2f_fd',plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ));
31
 
32
- wp_print_scripts( 'mo2f_rba_jquery');
33
  wp_print_scripts( 'mo2f_rba_flash');
34
  wp_print_scripts( 'mo2f_rba_ua_parser');
35
  wp_print_scripts( 'mo2f_client');
@@ -42,8 +42,8 @@ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_t
42
  ?>
43
  <input type="hidden" name="miniorange_attribute_collection_nonce"
44
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' ); ?>"/>
45
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
46
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
47
  </form>
48
  </div>
49
  </body>
@@ -97,15 +97,15 @@ function mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encr
97
  </div>
98
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
99
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
100
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
101
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
102
  </form>
103
  <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
104
  <input type="hidden" name="mo2f_selected_mfactor_method" />
105
  <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo wp_create_nonce('mo2f_miniorange-2factor-method-nonce'); ?>" />
106
  <input type="hidden" name="option" value="miniorange_mfactor_method" />
107
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
108
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
109
  </form>
110
 
111
  <script>
@@ -281,7 +281,7 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
281
  <?php if ( $mo2f_forgotphone_enabled ) {
282
  if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
283
  <div id="otpMessage" class="mo2fa_display_message_frontend">
284
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
285
  </div>
286
  <?php } ?>
287
  <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
@@ -311,16 +311,16 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
311
  class="mo2f_display_none_forms">
312
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
313
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
314
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
315
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
316
  </form>
317
  <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
318
  <input type="hidden" name="mo2f_configured_2FA_method"/>
319
  <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
320
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' ); ?>"/>
321
  <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
322
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
323
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
324
  </form>
325
 
326
  <script>
@@ -377,13 +377,13 @@ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redi
377
  <div id="mo2f_kba_content">
378
  <p style="font-size:15px;">
379
  <?php $kba_questions = $cookievalue;
380
- echo $kba_questions[0]['question']; ?><br>
381
  <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
382
  required="true" autofocus="true"
383
  pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
384
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
385
  autocomplete="off"><br>
386
- <?php echo $kba_questions[1]['question']; ?><br>
387
  <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
388
  required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
389
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
@@ -409,8 +409,8 @@ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redi
409
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-kba-nonce' ); ?>"/>
410
  <input type="hidden" name="option"
411
  value="miniorange_kba_validate"/>
412
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
413
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
414
  </form>
415
  <br>
416
  </div><br>
@@ -430,7 +430,7 @@ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redi
430
  <?php }
431
  ?>
432
  <div style="padding:10px;">
433
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
434
  </div>
435
 
436
  <?php
@@ -446,7 +446,7 @@ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redi
446
  class="mo2f_display_none_forms">
447
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
448
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
449
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
450
  </form>
451
 
452
  <script>
@@ -542,8 +542,8 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
542
  <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
543
  <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
544
  <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
545
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
546
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
547
  </form>
548
  </br>
549
  </div>
@@ -606,7 +606,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
606
  <div class="mo2f_modal-body">
607
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
608
  <div id="otpMessage">
609
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
610
  </div>
611
  <?php } ?>
612
  <div id="pushSection">
@@ -660,7 +660,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
660
  <?php }
661
  ?>
662
  <div style="padding:10px;">
663
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
664
  </div>
665
  </center>
666
  </div>
@@ -678,8 +678,8 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
678
  <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
679
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' ); ?>"/>
680
  <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
681
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
682
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
683
  <input type="hidden" name="currentMethod" value="emailVer"/>
684
 
685
  </form>
@@ -687,27 +687,27 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
687
  <input type="hidden" name="miniorange_duo_push_validation_nonce"
688
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' ); ?>"/>
689
  <input type="hidden" name="option" value="miniorange_duo_push_validation">
690
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
691
  <input type="hidden" name="tx_type"/>
692
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
693
  <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
694
 
695
  </form>
696
 
697
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
698
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
699
  <input type="hidden" name="miniorange_forgotphone"
700
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
701
  <input type="hidden" name="option" value="miniorange_forgotphone">
702
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
703
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
704
  </form>
705
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
706
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
707
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
708
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
709
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
710
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
711
  </form>
712
 
713
  <script>
@@ -718,7 +718,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
718
  {
719
  var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
720
  var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
721
- var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
722
  var data={
723
  'action':'mo2f_duo_ajax_request',
724
  'call_type':'check_duo_push_auth_status',
@@ -805,7 +805,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
805
  <div class="mo2f_modal-body">
806
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
807
  <div id="otpMessage">
808
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
809
  </div>
810
  <?php } ?>
811
  <div id="pushSection">
@@ -861,7 +861,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
861
  <?php }
862
  ?>
863
  <div style="padding:10px;">
864
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
865
  </div>
866
  </center>
867
  </div>
@@ -879,8 +879,8 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
879
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
880
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
881
  <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
882
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
883
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
884
  <input type="hidden" name="currentMethod" value="emailVer"/>
885
 
886
  </form>
@@ -888,9 +888,9 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
888
  <input type="hidden" name="miniorange_mobile_validation_nonce"
889
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
890
  <input type="hidden" name="option" value="miniorange_mobile_validation">
891
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
892
  <input type="hidden" name="tx_type"/>
893
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
894
  <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
895
 
896
  </form>
@@ -898,28 +898,28 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
898
  <input type="hidden" name="miniorange_softtoken"
899
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
900
  <input type="hidden" name="option" value="miniorange_softtoken">
901
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
902
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
903
  </form>
904
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
905
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
906
  <input type="hidden" name="miniorange_forgotphone"
907
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
908
  <input type="hidden" name="option" value="miniorange_forgotphone">
909
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
910
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
911
  </form>
912
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
913
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
914
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
915
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
916
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
917
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
918
  </form>
919
 
920
  <script>
921
  var timeout;
922
- var login_status = '<?php echo $login_status;?>';
923
  var calls = 0;
924
  var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
925
 
@@ -1042,7 +1042,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1042
  <div class="mo2f_modal-body center">
1043
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1044
  <div id="otpMessage">
1045
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1046
  </div>
1047
  <br>
1048
  <?php } ?>
@@ -1087,7 +1087,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1087
  <?php }
1088
  ?>
1089
  <div style="padding:10px;">
1090
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1091
  </div>
1092
  </div>
1093
  <?php
@@ -1102,30 +1102,30 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1102
  class="mo2f_display_none_forms">
1103
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1104
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1105
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1106
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1107
  </form>
1108
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1109
  <input type="hidden" name="miniorange_mobile_validation_nonce"
1110
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
1111
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1112
  <input type="hidden" name="option" value="miniorange_mobile_validation">
1113
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1114
  </form>
1115
  <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1116
  <input type="hidden" name="miniorange_softtoken"
1117
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
1118
  <input type="hidden" name="option" value="miniorange_softtoken">
1119
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1120
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1121
  </form>
1122
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1123
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1124
  <input type="hidden" name="miniorange_forgotphone"
1125
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1126
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1127
  <input type="hidden" name="option" value="miniorange_forgotphone">
1128
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1129
  </form>
1130
 
1131
  <script>
@@ -1224,7 +1224,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1224
  <div class="mo2f_modal-body center">
1225
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1226
  <div id="otpMessage">
1227
- <p class="mo2fa_display_message_frontend"><?php echo $login_message; ?></p>
1228
  </div>
1229
  <?php } ?><br><?php
1230
  ?>
@@ -1258,12 +1258,12 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1258
  <?php
1259
  }
1260
  ?>
1261
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1262
  <input type="hidden" name="miniorange_soft_token_nonce"
1263
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
1264
  <input type="hidden" name="option" value="miniorange_soft_token">
1265
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1266
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1267
  <?php if($mo2fa_transaction_id!=null){ ?>
1268
  <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1269
  <?php }?>
@@ -1294,7 +1294,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1294
  ?>
1295
 
1296
  <div style="padding:10px;">
1297
- <p><a href="<?php echo $mo_wpns_config->lockedOutlink();?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1298
  </div>
1299
  <?php } ?>
1300
  </div>
@@ -1315,9 +1315,9 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1315
  class="mo2f_display_none_forms">
1316
  <input type="hidden" name="miniorange_back_inline_reg_nonce"
1317
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
1318
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1319
  <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1320
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1321
 
1322
  </form>
1323
 
@@ -1325,17 +1325,17 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1325
  class="mo2f_display_none_forms">
1326
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1327
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1328
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1329
  </form>
1330
 
1331
  <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1332
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1333
- <input type="hidden" name="request_origin_method" value="<?php echo $login_status; ?>"/>
1334
  <input type="hidden" name="miniorange_forgotphone"
1335
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1336
  <input type="hidden" name="option" value="miniorange_forgotphone">
1337
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1338
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1339
  </form>
1340
 
1341
  <?php } ?>
@@ -1455,22 +1455,22 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1455
  class="mo2f_display_none_forms">
1456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1457
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1458
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1459
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1460
  </form>
1461
  <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1462
  <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1463
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' ); ?>"/>
1464
  <input type="hidden" name="option" value="miniorange_rba_validate">
1465
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1466
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1467
  </form>
1468
  <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1469
  <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1470
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' ); ?>"/>
1471
  <input type="hidden" name="option" value="miniorange_rba_cancle">
1472
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1473
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1474
  </form>
1475
  <script>
1476
  function mologinback() {
@@ -1613,7 +1613,7 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1613
  <form name="f" method="post" id="mo2f_users_backup1" action="">
1614
  <input type="hidden" name="option" value="mo2f_users_backup1" />
1615
  <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1616
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1617
  <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1618
 
1619
  <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
@@ -1623,8 +1623,8 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1623
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1624
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1625
  <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1626
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1627
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1628
  <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1629
  </form>
1630
  </div>
@@ -1638,8 +1638,8 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1638
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1639
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1640
  <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1641
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1642
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
1643
  <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1644
  </form>
1645
  </div>
@@ -1667,16 +1667,16 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1667
  <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1668
  <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1669
  <input type="hidden" name="option" value="miniorange_backup_nonce">
1670
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1671
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1672
  </form>
1673
  <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1674
  <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1675
  <input type="hidden" name="option" value="miniorange_create_backup_codes">
1676
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>" />
1677
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>" />
1678
- <input type="hidden" name="login_status" value="<?php echo $login_status; ?>" />
1679
- <input type="hidden" name="login_message" value="<?php echo $login_message; ?>" />
1680
  </form>
1681
  <?php
1682
  }
19
  ?>
20
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
  <?php
22
+ wp_enqueue_script('jquery');
23
  wp_register_script('mo2f_rba_flash',plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ));
24
  wp_register_script('mo2f_rba_ua_parser',plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ));
25
  wp_register_script('mo2f_client',plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ));
29
  wp_register_script('mo2f_murmur',plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ));
30
  wp_register_script('mo2f_fd',plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ));
31
 
32
+ wp_print_scripts( 'jquery');
33
  wp_print_scripts( 'mo2f_rba_flash');
34
  wp_print_scripts( 'mo2f_rba_ua_parser');
35
  wp_print_scripts( 'mo2f_client');
42
  ?>
43
  <input type="hidden" name="miniorange_attribute_collection_nonce"
44
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' ); ?>"/>
45
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
46
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
47
  </form>
48
  </div>
49
  </body>
97
  </div>
98
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
99
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
100
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
101
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
102
  </form>
103
  <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
104
  <input type="hidden" name="mo2f_selected_mfactor_method" />
105
  <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo wp_create_nonce('mo2f_miniorange-2factor-method-nonce'); ?>" />
106
  <input type="hidden" name="option" value="miniorange_mfactor_method" />
107
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
108
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
109
  </form>
110
 
111
  <script>
281
  <?php if ( $mo2f_forgotphone_enabled ) {
282
  if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
283
  <div id="otpMessage" class="mo2fa_display_message_frontend">
284
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
285
  </div>
286
  <?php } ?>
287
  <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
311
  class="mo2f_display_none_forms">
312
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
313
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
314
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
315
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
316
  </form>
317
  <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
318
  <input type="hidden" name="mo2f_configured_2FA_method"/>
319
  <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
320
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' ); ?>"/>
321
  <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
322
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
323
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
324
  </form>
325
 
326
  <script>
377
  <div id="mo2f_kba_content">
378
  <p style="font-size:15px;">
379
  <?php $kba_questions = $cookievalue;
380
+ echo esc_html($kba_questions[0]['question']); ?><br>
381
  <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
382
  required="true" autofocus="true"
383
  pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
384
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
385
  autocomplete="off"><br>
386
+ <?php echo esc_html($kba_questions[1]['question']); ?><br>
387
  <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
388
  required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
389
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
409
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-kba-nonce' ); ?>"/>
410
  <input type="hidden" name="option"
411
  value="miniorange_kba_validate"/>
412
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
413
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
414
  </form>
415
  <br>
416
  </div><br>
430
  <?php }
431
  ?>
432
  <div style="padding:10px;">
433
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
434
  </div>
435
 
436
  <?php
446
  class="mo2f_display_none_forms">
447
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
448
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
449
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
450
  </form>
451
 
452
  <script>
542
  <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
543
  <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
544
  <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
545
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
546
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
547
  </form>
548
  </br>
549
  </div>
606
  <div class="mo2f_modal-body">
607
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
608
  <div id="otpMessage">
609
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
610
  </div>
611
  <?php } ?>
612
  <div id="pushSection">
660
  <?php }
661
  ?>
662
  <div style="padding:10px;">
663
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
664
  </div>
665
  </center>
666
  </div>
678
  <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
679
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' ); ?>"/>
680
  <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
681
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
682
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
683
  <input type="hidden" name="currentMethod" value="emailVer"/>
684
 
685
  </form>
687
  <input type="hidden" name="miniorange_duo_push_validation_nonce"
688
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' ); ?>"/>
689
  <input type="hidden" name="option" value="miniorange_duo_push_validation">
690
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
691
  <input type="hidden" name="tx_type"/>
692
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
693
  <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
694
 
695
  </form>
696
 
697
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
698
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
699
  <input type="hidden" name="miniorange_forgotphone"
700
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
701
  <input type="hidden" name="option" value="miniorange_forgotphone">
702
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
703
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
704
  </form>
705
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
706
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
707
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
708
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
709
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
710
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
711
  </form>
712
 
713
  <script>
718
  {
719
  var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
720
  var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
721
+ var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
722
  var data={
723
  'action':'mo2f_duo_ajax_request',
724
  'call_type':'check_duo_push_auth_status',
805
  <div class="mo2f_modal-body">
806
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
807
  <div id="otpMessage">
808
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
809
  </div>
810
  <?php } ?>
811
  <div id="pushSection">
861
  <?php }
862
  ?>
863
  <div style="padding:10px;">
864
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
865
  </div>
866
  </center>
867
  </div>
879
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
880
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
881
  <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
882
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
883
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
884
  <input type="hidden" name="currentMethod" value="emailVer"/>
885
 
886
  </form>
888
  <input type="hidden" name="miniorange_mobile_validation_nonce"
889
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
890
  <input type="hidden" name="option" value="miniorange_mobile_validation">
891
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
892
  <input type="hidden" name="tx_type"/>
893
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
894
  <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
895
 
896
  </form>
898
  <input type="hidden" name="miniorange_softtoken"
899
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
900
  <input type="hidden" name="option" value="miniorange_softtoken">
901
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
902
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
903
  </form>
904
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
905
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
906
  <input type="hidden" name="miniorange_forgotphone"
907
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
908
  <input type="hidden" name="option" value="miniorange_forgotphone">
909
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
910
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
911
  </form>
912
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
913
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
914
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
915
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
916
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
917
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
918
  </form>
919
 
920
  <script>
921
  var timeout;
922
+ var login_status = '<?php echo esc_html($login_status);?>';
923
  var calls = 0;
924
  var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
925
 
1042
  <div class="mo2f_modal-body center">
1043
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1044
  <div id="otpMessage">
1045
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1046
  </div>
1047
  <br>
1048
  <?php } ?>
1087
  <?php }
1088
  ?>
1089
  <div style="padding:10px;">
1090
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1091
  </div>
1092
  </div>
1093
  <?php
1102
  class="mo2f_display_none_forms">
1103
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1104
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1105
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1106
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1107
  </form>
1108
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1109
  <input type="hidden" name="miniorange_mobile_validation_nonce"
1110
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
1111
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1112
  <input type="hidden" name="option" value="miniorange_mobile_validation">
1113
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1114
  </form>
1115
  <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1116
  <input type="hidden" name="miniorange_softtoken"
1117
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
1118
  <input type="hidden" name="option" value="miniorange_softtoken">
1119
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1120
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1121
  </form>
1122
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1123
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1124
  <input type="hidden" name="miniorange_forgotphone"
1125
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1126
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1127
  <input type="hidden" name="option" value="miniorange_forgotphone">
1128
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1129
  </form>
1130
 
1131
  <script>
1224
  <div class="mo2f_modal-body center">
1225
  <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1226
  <div id="otpMessage">
1227
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1228
  </div>
1229
  <?php } ?><br><?php
1230
  ?>
1258
  <?php
1259
  }
1260
  ?>
1261
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1262
  <input type="hidden" name="miniorange_soft_token_nonce"
1263
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
1264
  <input type="hidden" name="option" value="miniorange_soft_token">
1265
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1266
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1267
  <?php if($mo2fa_transaction_id!=null){ ?>
1268
  <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1269
  <?php }?>
1294
  ?>
1295
 
1296
  <div style="padding:10px;">
1297
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1298
  </div>
1299
  <?php } ?>
1300
  </div>
1315
  class="mo2f_display_none_forms">
1316
  <input type="hidden" name="miniorange_back_inline_reg_nonce"
1317
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
1318
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1319
  <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1320
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1321
 
1322
  </form>
1323
 
1325
  class="mo2f_display_none_forms">
1326
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1327
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1328
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1329
  </form>
1330
 
1331
  <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1332
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1333
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1334
  <input type="hidden" name="miniorange_forgotphone"
1335
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1336
  <input type="hidden" name="option" value="miniorange_forgotphone">
1337
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1338
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1339
  </form>
1340
 
1341
  <?php } ?>
1455
  class="mo2f_display_none_forms">
1456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1457
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1458
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1459
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1460
  </form>
1461
  <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1462
  <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1463
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' ); ?>"/>
1464
  <input type="hidden" name="option" value="miniorange_rba_validate">
1465
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1466
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1467
  </form>
1468
  <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1469
  <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1470
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' ); ?>"/>
1471
  <input type="hidden" name="option" value="miniorange_rba_cancle">
1472
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1473
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1474
  </form>
1475
  <script>
1476
  function mologinback() {
1613
  <form name="f" method="post" id="mo2f_users_backup1" action="">
1614
  <input type="hidden" name="option" value="mo2f_users_backup1" />
1615
  <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1616
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1617
  <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1618
 
1619
  <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1623
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1624
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1625
  <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1626
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1627
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1628
  <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1629
  </form>
1630
  </div>
1638
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1639
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1640
  <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1641
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1642
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1643
  <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1644
  </form>
1645
  </div>
1667
  <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1668
  <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1669
  <input type="hidden" name="option" value="miniorange_backup_nonce">
1670
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1671
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1672
  </form>
1673
  <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1674
  <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1675
  <input type="hidden" name="option" value="miniorange_create_backup_codes">
1676
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1677
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1678
+ <input type="hidden" name="login_status" value="<?php echo esc_html($login_status); ?>" />
1679
+ <input type="hidden" name="login_message" value="<?php echo wp_kses($login_message, array('b'=>array())); ?>" />
1680
  </form>
1681
  <?php
1682
  }
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -204,22 +204,22 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
204
  </div>
205
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
206
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
207
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
208
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
209
  </form>
210
  <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
  <input type="hidden" name="mo2f_selected_2factor_method" />
212
  <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
213
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
215
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
216
  </form>
217
 
218
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
  <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
  <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
221
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
222
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
223
  </form>
224
 
225
  <script>
@@ -336,8 +336,8 @@ function mo2f_inline_email_form($email,$current_user_id)
336
  <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
337
  <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
  <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
340
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
341
  </form>
342
  <br>
343
  <?php mo2f_customize_logo() ?>
@@ -352,14 +352,14 @@ function mo2f_inline_email_form($email,$current_user_id)
352
  <input type="hidden" name="mo2f_selected_2factor_method" />
353
  <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
354
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
356
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
357
  </form>
358
  <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
  <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
361
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
362
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
363
  </form>
364
  <?php } ?>
365
 
@@ -463,27 +463,27 @@ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $
463
  </div>
464
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
466
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
467
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
468
  </form>
469
  <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
472
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
473
  <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
474
  </form>
475
  <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
  <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
478
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
479
  <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
480
  </form>
481
  <?php if (sizeof($opt) > 1) { ?>
482
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
  <input type="hidden" name="option" value="miniorange_back_inline"/>
484
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
485
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
486
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
487
  </form>
488
  <?php } ?>
489
  <script>
@@ -572,27 +572,27 @@ function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status
572
  </div>
573
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
574
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
575
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
576
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
577
  </form>
578
  <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
581
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
582
  <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
583
  </form>
584
  <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
  <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
587
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
588
  <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce'); ?>" />
589
  </form>
590
  <?php if (sizeof($opt) > 1) { ?>
591
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
  <input type="hidden" name="option" value="miniorange_back_inline"/>
593
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
594
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
595
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
596
  </form>
597
  <?php } ?>
598
  <script>
@@ -743,7 +743,7 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
743
  <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
744
  <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
745
  <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
746
- <?php echo $ga_secret; ?>
747
  </div>
748
  <div style="font-size: 80%;color: #666666;">
749
  <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
@@ -765,15 +765,15 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
765
  <div class="center">
766
  <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
767
  </div>
768
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
769
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
770
  <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
771
  </form>
772
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
  <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
  <input type="hidden" name="option" value="miniorange_back_inline"/>
775
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
776
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
777
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
778
  </form>
779
  </div>
@@ -786,13 +786,13 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
786
  </div>
787
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
789
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
790
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
791
  </form>
792
  <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
793
  <input type="hidden" name="google_phone_type" />
794
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
795
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
796
  <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
797
  </form>
798
 
@@ -983,13 +983,13 @@ function initialize_inline_duo_auth_registration($current_user,$session_id_encry
983
  </form>
984
  <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
987
  <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
  value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-success-nonce" ) ?>"/>
989
  </form>
990
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
- <input type="hidden" name="session_id" value="<?php echo $session_id_encrypt; ?>"/>
993
  <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
  value="<?php echo wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" ) ?>"/>
995
  </form>
@@ -1008,7 +1008,7 @@ function initialize_inline_duo_auth_registration($current_user,$session_id_encry
1008
  function pollMobileValidation() {
1009
  var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1010
  var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
1011
- var session_id_encrypt = "<?php echo $session_id_encrypt; ?>";
1012
 
1013
  var data={
1014
  'action':'mo2f_duo_ajax_request',
@@ -1082,8 +1082,8 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1082
  </div>
1083
  <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
  <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1085
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1086
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1087
  </form>
1088
  <?php if (sizeof($opt) > 1) { ?>
1089
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
@@ -1093,8 +1093,8 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1093
  </div>
1094
  </div>
1095
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1096
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1097
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1098
  </form>
1099
  <?php } ?>
1100
 
@@ -1105,8 +1105,8 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1105
  </div>
1106
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1108
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1109
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1110
  </form>
1111
 
1112
  <script>
@@ -1150,13 +1150,13 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1150
  <div class="mo2f_modal-body">
1151
  <?php if(isset($login_message) && !empty($login_message)){ ?>
1152
  <div id="otpMessage">
1153
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1154
  </div>
1155
  <?php } ?>
1156
  <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1157
  <input type="hidden" name="option" value="miniorange_inline_register" />
1158
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1159
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1160
  <p>This method requires you to have an account with miniOrange.</p>
1161
  <table class="mo_wpns_settings_table">
1162
  <tr>
@@ -1185,8 +1185,8 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1185
  <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1186
  <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1187
  <input type="hidden" name="option" value="miniorange_inline_login"/>
1188
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1189
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1190
  <table class="mo_wpns_settings_table">
1191
  <tr>
1192
  <td><b><font color="#FF0000">*</font>Email:</b></td>
@@ -1216,13 +1216,13 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1216
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1219
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1220
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1221
  </form>
1222
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1223
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1224
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1225
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1226
  </form>
1227
 
1228
  <script>
@@ -1306,7 +1306,7 @@ function prompt_user_for_setup_success($id, $login_status, $login_message,$redir
1306
  <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1307
  <?php if(isset($login_message) && !empty($login_message)){ ?>
1308
  <div id="otpMessage">
1309
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo $login_message; ?></p>
1310
  </div>
1311
  <?php } ?>
1312
  <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
@@ -1318,9 +1318,9 @@ function prompt_user_for_setup_success($id, $login_status, $login_message,$redir
1318
  </center>
1319
  <input type="hidden" name="mo2f_inline_kba_option" />
1320
  <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1321
- <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo $login_status; ?>" />
1322
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1323
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1324
  </form>
1325
  </div>
1326
  <?php }
@@ -1359,8 +1359,8 @@ function prompt_user_for_setup_success($id, $login_status, $login_message,$redir
1359
  </div>
1360
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1361
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1362
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1363
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1364
  </form>
1365
 
1366
  <script>
@@ -1426,7 +1426,7 @@ $current_user = get_userdata($current_user_id);
1426
  <div id="otpMessage"
1427
  <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1428
  >
1429
- <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo $login_message; ?></p>
1430
  </div>
1431
  <?php if(isset($login_message)) {?> <br/> <?php } ?>
1432
  <?php } ?>
@@ -1475,8 +1475,8 @@ $current_user = get_userdata($current_user_id);
1475
  <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
  <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
  <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1478
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1479
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1480
  </form>
1481
  </div>
1482
  <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
@@ -1505,8 +1505,8 @@ $current_user = get_userdata($current_user_id);
1505
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1506
  <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1507
  <?php } ?>
1508
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1509
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1510
  <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
  <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1512
  </form>
@@ -1517,20 +1517,20 @@ $current_user = get_userdata($current_user_id);
1517
  </div>
1518
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1520
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1521
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1522
  </form>
1523
  <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
  <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1525
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1526
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1527
  </form>
1528
  <?php if (sizeof($opt) > 1) { ?>
1529
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1532
- <input type="hidden" name="redirect_to" value="<?php echo $redirect_to; ?>"/>
1533
- <input type="hidden" name="session_id" value="<?php echo $session_id; ?>"/>
1534
  </form>
1535
  <?php } ?>
1536
  <script>
204
  </div>
205
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
206
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
207
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
208
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
209
  </form>
210
  <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
  <input type="hidden" name="mo2f_selected_2factor_method" />
212
  <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
213
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
215
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
216
  </form>
217
 
218
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
  <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
  <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
221
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
222
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
223
  </form>
224
 
225
  <script>
336
  <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
337
  <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
  <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
340
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
341
  </form>
342
  <br>
343
  <?php mo2f_customize_logo() ?>
352
  <input type="hidden" name="mo2f_selected_2factor_method" />
353
  <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
354
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
356
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
357
  </form>
358
  <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
  <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
361
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
362
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
363
  </form>
364
  <?php } ?>
365
 
463
  </div>
464
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
466
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
467
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
468
  </form>
469
  <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
472
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
473
  <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
474
  </form>
475
  <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
  <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
478
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
479
  <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
480
  </form>
481
  <?php if (sizeof($opt) > 1) { ?>
482
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
  <input type="hidden" name="option" value="miniorange_back_inline"/>
484
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
485
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
486
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
487
  </form>
488
  <?php } ?>
489
  <script>
572
  </div>
573
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
574
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
575
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
576
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
577
  </form>
578
  <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
581
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
582
  <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
583
  </form>
584
  <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
  <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
587
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
588
  <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce'); ?>" />
589
  </form>
590
  <?php if (sizeof($opt) > 1) { ?>
591
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
  <input type="hidden" name="option" value="miniorange_back_inline"/>
593
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
594
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
595
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
596
  </form>
597
  <?php } ?>
598
  <script>
743
  <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
744
  <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
745
  <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
746
+ <?php echo esc_html($ga_secret) ?>
747
  </div>
748
  <div style="font-size: 80%;color: #666666;">
749
  <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
765
  <div class="center">
766
  <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
767
  </div>
768
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
769
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
770
  <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
771
  </form>
772
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
  <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
  <input type="hidden" name="option" value="miniorange_back_inline"/>
775
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
776
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
777
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
778
  </form>
779
  </div>
786
  </div>
787
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
789
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
790
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
791
  </form>
792
  <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
793
  <input type="hidden" name="google_phone_type" />
794
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
795
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
796
  <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
797
  </form>
798
 
983
  </form>
984
  <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
987
  <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
  value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-success-nonce" ) ?>"/>
989
  </form>
990
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
993
  <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
  value="<?php echo wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" ) ?>"/>
995
  </form>
1008
  function pollMobileValidation() {
1009
  var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1010
  var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
1011
+ var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
1012
 
1013
  var data={
1014
  'action':'mo2f_duo_ajax_request',
1082
  </div>
1083
  <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
  <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1085
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1086
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1087
  </form>
1088
  <?php if (sizeof($opt) > 1) { ?>
1089
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
1093
  </div>
1094
  </div>
1095
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1096
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1097
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1098
  </form>
1099
  <?php } ?>
1100
 
1105
  </div>
1106
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1108
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1109
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1110
  </form>
1111
 
1112
  <script>
1150
  <div class="mo2f_modal-body">
1151
  <?php if(isset($login_message) && !empty($login_message)){ ?>
1152
  <div id="otpMessage">
1153
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1154
  </div>
1155
  <?php } ?>
1156
  <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1157
  <input type="hidden" name="option" value="miniorange_inline_register" />
1158
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1159
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1160
  <p>This method requires you to have an account with miniOrange.</p>
1161
  <table class="mo_wpns_settings_table">
1162
  <tr>
1185
  <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1186
  <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1187
  <input type="hidden" name="option" value="miniorange_inline_login"/>
1188
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1189
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1190
  <table class="mo_wpns_settings_table">
1191
  <tr>
1192
  <td><b><font color="#FF0000">*</font>Email:</b></td>
1216
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1219
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1220
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1221
  </form>
1222
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1223
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1224
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1225
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1226
  </form>
1227
 
1228
  <script>
1306
  <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1307
  <?php if(isset($login_message) && !empty($login_message)){ ?>
1308
  <div id="otpMessage">
1309
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1310
  </div>
1311
  <?php } ?>
1312
  <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1318
  </center>
1319
  <input type="hidden" name="mo2f_inline_kba_option" />
1320
  <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1321
+ <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo esc_html($login_status); ?>" />
1322
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1323
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1324
  </form>
1325
  </div>
1326
  <?php }
1359
  </div>
1360
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1361
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1362
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1363
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1364
  </form>
1365
 
1366
  <script>
1426
  <div id="otpMessage"
1427
  <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1428
  >
1429
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1430
  </div>
1431
  <?php if(isset($login_message)) {?> <br/> <?php } ?>
1432
  <?php } ?>
1475
  <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
  <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
  <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1478
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1479
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1480
  </form>
1481
  </div>
1482
  <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1505
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1506
  <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1507
  <?php } ?>
1508
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1509
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1510
  <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
  <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1512
  </form>
1517
  </div>
1518
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1520
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1521
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1522
  </form>
1523
  <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
  <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1525
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1526
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1527
  </form>
1528
  <?php if (sizeof($opt) > 1) { ?>
1529
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
  <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1532
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1533
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1534
  </form>
1535
  <?php } ?>
1536
  <script>
controllers/twofa/two_factor_ajax.php CHANGED
@@ -291,7 +291,7 @@ class mo_2f_ajax
291
  <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');?> </b></h4>
292
  <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
295
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
297
 
@@ -306,7 +306,7 @@ class mo_2f_ajax
306
  <br>
307
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
308
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
310
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
312
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
@@ -326,14 +326,14 @@ class mo_2f_ajax
326
  <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQ');?> </b></h4>
327
  <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
  <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
330
  <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" ) ?>"/>
332
 
333
  <div style="display:inline;">
334
  <b>Email Address: </b>
335
  <input class="mo2f_table_textbox" style="width:280px;height: 30px;" type="email" name="verify_phone" id="phone"
336
- value="<?php echo $user_email ?>"
337
  title="<?php echo mo2f_lt( 'Enter your email address without any space or dashes' ); ?>"/><br><br>
338
  <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
339
  value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
@@ -342,7 +342,7 @@ class mo_2f_ajax
342
  <br><br>
343
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
344
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
346
  <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" ) ?>"/>
348
  <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
@@ -1270,7 +1270,7 @@ function mo2f_save_email_verification()
1270
  $status = get_site_option($txid);
1271
  if($status ==1 || $status ==0)
1272
  delete_site_option($_POST['txid']);
1273
- echo $status;
1274
  exit();
1275
  }
1276
  echo "empty txid";
291
  <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');?> </b></h4>
292
  <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
295
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
297
 
306
  <br>
307
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
308
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
310
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
312
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
326
  <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQ');?> </b></h4>
327
  <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
  <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
330
  <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" ) ?>"/>
332
 
333
  <div style="display:inline;">
334
  <b>Email Address: </b>
335
  <input class="mo2f_table_textbox" style="width:280px;height: 30px;" type="email" name="verify_phone" id="phone"
336
+ value="<?php echo esc_html($user_email) ?>"
337
  title="<?php echo mo2f_lt( 'Enter your email address without any space or dashes' ); ?>"/><br><br>
338
  <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
339
  value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
342
  <br><br>
343
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
344
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
346
  <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" ) ?>"/>
348
  <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
1270
  $status = get_site_option($txid);
1271
  if($status ==1 || $status ==0)
1272
  delete_site_option($_POST['txid']);
1273
+ echo esc_html($status);
1274
  exit();
1275
  }
1276
  echo "empty txid";
handler/WAF/waf-include.php CHANGED
@@ -22,21 +22,29 @@
22
  include_once($xssFile);
23
  include_once($lfiFile);
24
 
 
 
 
 
 
25
  function get_ipaddress()
26
  {
27
  $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['REMOTE_ADDR']))
31
- $ipaddress = $_SERVER['REMOTE_ADDR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
34
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
35
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
36
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
38
- else if(isset($_SERVER['HTTP_FORWARDED']))
39
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
 
 
 
40
  else
41
  $ipaddress = 'UNKNOWN';
42
 
@@ -44,7 +52,7 @@
44
  }
45
  function is_crawler()
46
  {
47
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
48
  $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
49
  foreach ($Botsign as $key => $value)
50
  {
@@ -57,7 +65,7 @@
57
  }
58
  function is_fake_googlebot($ipaddress)
59
  {
60
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
61
  if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
62
  {
63
  if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
22
  include_once($xssFile);
23
  include_once($lfiFile);
24
 
25
+ function mo2f_isValidIP($IP)
26
+ {
27
+ return filter_var($IP, FILTER_VALIDATE_IP) !== false;
28
+ }
29
+
30
  function get_ipaddress()
31
  {
32
  $ipaddress = '';
33
+ if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
34
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
35
+ elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
36
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
37
+ elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
38
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
39
+ elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
40
+ {
41
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
42
+ $ipaddress = explode(",", $ipaddress)[0];
43
+ }
44
+ elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
45
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
46
+ elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
47
+ $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
48
  else
49
  $ipaddress = 'UNKNOWN';
50
 
52
  }
53
  function is_crawler()
54
  {
55
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])? sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
56
  $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
57
  foreach ($Botsign as $key => $value)
58
  {
65
  }
66
  function is_fake_googlebot($ipaddress)
67
  {
68
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])? sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
69
  if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
70
  {
71
  if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
handler/feedback_form.php CHANGED
@@ -110,6 +110,7 @@ class FeedbackHandler
110
  wp_redirect('plugins.php');
111
  } else {
112
  $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
 
113
  if (json_last_error() == JSON_ERROR_NONE) {
114
  if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
115
  do_action('wpns_show_message',$submited['message'],'ERROR');
110
  wp_redirect('plugins.php');
111
  } else {
112
  $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
+
114
  if (json_last_error() == JSON_ERROR_NONE) {
115
  if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
116
  do_action('wpns_show_message',$submited['message'],'ERROR');
handler/login.php CHANGED
@@ -139,6 +139,8 @@ class LoginHandler
139
  if (empty($email)) {
140
  $email = $user->user_email;
141
  }
 
 
142
  $check_Ip = get_user_meta($user->ID,$meta_key)[0];
143
 
144
  if ($check_Ip != $userIp)
@@ -150,7 +152,8 @@ class LoginHandler
150
  {
151
  wp_mail( $email,$subject,$message,$headers);
152
  }
153
- }
 
154
  }
155
 
156
  function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
139
  if (empty($email)) {
140
  $email = $user->user_email;
141
  }
142
+ if(get_user_meta($user->ID,$meta_key))
143
+ {
144
  $check_Ip = get_user_meta($user->ID,$meta_key)[0];
145
 
146
  if ($check_Ip != $userIp)
152
  {
153
  wp_mail( $email,$subject,$message,$headers);
154
  }
155
+ }
156
+ }
157
  }
158
 
159
  function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
handler/malware_scanner.php CHANGED
@@ -69,7 +69,7 @@ class Mo_wpns_Scan_Handler{
69
  if($result === -99){
70
  $scan_config['check_repo'] = 0;
71
  $repo_check_status_code = -99;
72
- }else if(!$result){
73
  $scan_config['check_repo'] = 0;
74
  $repo_check_status_code = -100;
75
  }
@@ -94,7 +94,7 @@ class Mo_wpns_Scan_Handler{
94
  if($result === -99){
95
  $scan_config['check_repo'] = 0;
96
  $repo_check_status_code = -99;
97
- }else if(!$result){
98
  $scan_config['check_repo'] = 0;
99
  $repo_check_status_code = -100;
100
  }
@@ -110,7 +110,7 @@ class Mo_wpns_Scan_Handler{
110
  if($result === -99){
111
  $scan_config['check_repo'] = 0;
112
  $repo_check_status_code = -99;
113
- }else if(!$result){
114
  $scan_config['check_repo'] = 0;
115
  $repo_check_status_code = -100;
116
  }
@@ -158,11 +158,11 @@ class Mo_wpns_Scan_Handler{
158
  $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
  if($result === -99){
160
  return -99;
161
- }else if(!$result){
162
  return false;
163
  }
164
  }
165
- } else if($type=='themes'){
166
  if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
  $result= $this->download_repo($key, $data, $path, $type);
168
  if($result === -99){
69
  if($result === -99){
70
  $scan_config['check_repo'] = 0;
71
  $repo_check_status_code = -99;
72
+ }elseif(!$result){
73
  $scan_config['check_repo'] = 0;
74
  $repo_check_status_code = -100;
75
  }
94
  if($result === -99){
95
  $scan_config['check_repo'] = 0;
96
  $repo_check_status_code = -99;
97
+ }elseif(!$result){
98
  $scan_config['check_repo'] = 0;
99
  $repo_check_status_code = -100;
100
  }
110
  if($result === -99){
111
  $scan_config['check_repo'] = 0;
112
  $repo_check_status_code = -99;
113
+ }elseif(!$result){
114
  $scan_config['check_repo'] = 0;
115
  $repo_check_status_code = -100;
116
  }
158
  $result= $this->download_repo($plugin_slug, $plugin_version, $path, $type);
159
  if($result === -99){
160
  return -99;
161
+ }elseif(!$result){
162
  return false;
163
  }
164
  }
165
+ } elseif($type=='themes'){
166
  if(!is_dir($path.DIRECTORY_SEPARATOR.$key)){
167
  $result= $this->download_repo($key, $data, $path, $type);
168
  if($result === -99){
handler/mo-waf-plugin.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  $dir =dirname(__FILE__);
4
  $dir = str_replace('\\', "/", $dir);
5
  $sqlInjectionFile = $dir.'/signature/APSQLI.php';
@@ -25,18 +29,21 @@
25
 
26
  global $wpdb;
27
  $ipaddress = '';
28
- if (isset($_SERVER['HTTP_CLIENT_IP']))
29
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
30
- else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
31
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
32
- else if(isset($_SERVER['HTTP_X_FORWARDED']))
33
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
34
- else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
35
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
36
- else if(isset($_SERVER['HTTP_FORWARDED']))
37
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
38
- else if(isset($_SERVER['REMOTE_ADDR']))
39
- $ipaddress = $_SERVER['REMOTE_ADDR'];
 
 
 
40
  else
41
  $ipaddress = 'UNKNOWN';
42
 
1
  <?php
2
 
3
+ function mo2f_isValidIP($IP){
4
+ return filter_var($IP, FILTER_VALIDATE_IP) !== false;
5
+ }
6
+
7
  $dir =dirname(__FILE__);
8
  $dir = str_replace('\\', "/", $dir);
9
  $sqlInjectionFile = $dir.'/signature/APSQLI.php';
29
 
30
  global $wpdb;
31
  $ipaddress = '';
32
+ if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
33
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
34
+ elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
35
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
36
+ elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
37
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
38
+ elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
39
+ {
40
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
41
+ $ipaddress = explode(",", $ipaddress)[0];
42
+ }
43
+ elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
44
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
45
+ elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
46
+ $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
47
  else
48
  $ipaddress = 'UNKNOWN';
49
 
handler/mo-waf.php CHANGED
@@ -1,5 +1,9 @@
1
  <?php
2
 
 
 
 
 
3
  $dir =dirname(__FILE__);
4
  $dir = str_replace('\\', "/", $dir);
5
  $sqlInjectionFile = $dir.'/signature/APSQLI.php';
@@ -99,18 +103,22 @@
99
  $row = mysqli_fetch_array($results1);
100
  if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
101
  $ipaddress = '';
102
- if (isset($_SERVER['HTTP_CLIENT_IP']))
103
- $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
104
- elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
105
- $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
106
- elseif(isset($_SERVER['HTTP_X_FORWARDED']))
107
- $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
108
- elseif(isset($_SERVER['HTTP_FORWARDED_FOR']))
109
- $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
110
- elseif(isset($_SERVER['HTTP_FORWARDED']))
111
- $ipaddress = $_SERVER['HTTP_FORWARDED'];
112
- elseif(isset($_SERVER['REMOTE_ADDR']))
113
- $ipaddress = $_SERVER['REMOTE_ADDR'];
 
 
 
 
114
  else
115
  $ipaddress = 'UNKNOWN';
116
 
1
  <?php
2
 
3
+ function mo2f_isValidIP($IP){
4
+ return filter_var($IP, FILTER_VALIDATE_IP) !== false;
5
+ }
6
+
7
  $dir =dirname(__FILE__);
8
  $dir = str_replace('\\', "/", $dir);
9
  $sqlInjectionFile = $dir.'/signature/APSQLI.php';
103
  $row = mysqli_fetch_array($results1);
104
  if(isset($row['option_value']) && $row['option_value']=='HtaccessLevel'){
105
  $ipaddress = '';
106
+
107
+ if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
108
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
109
+ elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
110
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
111
+ elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
112
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
113
+ elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
114
+ {
115
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
116
+ $ipaddress = explode(",", $ipaddress)[0];
117
+ }
118
+ elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
119
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
120
+ elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
121
+ $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
122
  else
123
  $ipaddress = 'UNKNOWN';
124
 
handler/twofa/class-twofacustomregformshortcode.php CHANGED
@@ -1,69 +1,69 @@
1
- <?php
2
-
3
- include_once('two_fa_short_call.php');
4
-
5
- class TwoFACustomRegFormShortcode
6
-
7
- {
8
- public function __construct()
9
- {
10
- add_action('woocommerce_created_customer',array($this,'wc_post_registration'), 1, 3);
11
- }
12
-
13
- public function mo_enqueue_shortcode()
14
- {
15
- add_action("wp_ajax_mo_shortcode",array( $this, 'mo_shortcode' ));
16
- add_action("wp_ajax_nopriv_mo_shortcode",array($this,'mo_shortcode'));
17
- add_action("wp_ajax_mo_ajax_register",array( $this, 'mo_ajax_register' ));
18
- add_action("wp_ajax_nopriv_mo_ajax_register",array($this,'mo_ajax_register'));
19
- }
20
-
21
- public function mo_shortcode()
22
- {
23
- switch($_POST['mo_action'])
24
- {
25
- case "challenge":
26
- $email = sanitize_email($_POST['email']);
27
- $phone = sanitize_text_field($_POST['phone']);
28
- $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
29
- TwoFACustomRegFormAPI::challenge($phone,$email,$authTypeSend);
30
- break;
31
-
32
- case "validate":
33
- $otp = sanitize_text_field($_POST['otp']);
34
- $txId = sanitize_text_field($_POST['txId']);
35
- TwoFACustomRegFormAPI::validate($txId,$otp);
36
- break;
37
- }
38
- }
39
-
40
- public function mo_ajax_register(){
41
- switch ($_POST['mo_action']) {
42
- case 'send_otp_over_email':
43
- $email = isset($_POST['email'])? sanitize_email($_POST['email']): "";
44
- $phone = isset($_POST['phone'])? sanitize_text_field($_POST['phone']): "";
45
- $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
46
- TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
47
- break;
48
- case 'send_otp_over_sms' :
49
- $email = isset($_POST['email'])? sanitize_email($_POST['email']): "";
50
- $phone = isset($_POST['phone'])? sanitize_text_field($_POST['phone']): "";
51
- $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
52
- TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
53
- break;
54
-
55
- default:
56
- $otp = sanitize_text_field($_POST['otp']);
57
- $txId = sanitize_text_field($_POST['txId']);
58
- TwoFACustomRegFormAPI :: validate($txId,$otp);
59
- break;
60
- }
61
- }
62
-
63
- function wc_post_registration( $user_id, $new_customer_data, $password_generated) {
64
- if ( isset( $_POST['phone'] ))
65
- update_user_meta($user_id, 'billing_phone', sanitize_text_field($_POST['phone']));
66
- }
67
- }
68
-
69
-
1
+ <?php
2
+
3
+ include_once('two_fa_short_call.php');
4
+
5
+ class TwoFACustomRegFormShortcode
6
+
7
+ {
8
+ public function __construct()
9
+ {
10
+ add_action('woocommerce_created_customer',array($this,'wc_post_registration'), 1, 3);
11
+ }
12
+
13
+ public function mo_enqueue_shortcode()
14
+ {
15
+ add_action("wp_ajax_mo_shortcode",array( $this, 'mo_shortcode' ));
16
+ add_action("wp_ajax_nopriv_mo_shortcode",array($this,'mo_shortcode'));
17
+ add_action("wp_ajax_mo_ajax_register",array( $this, 'mo_ajax_register' ));
18
+ add_action("wp_ajax_nopriv_mo_ajax_register",array($this,'mo_ajax_register'));
19
+ }
20
+
21
+ public function mo_shortcode()
22
+ {
23
+ switch($_POST['mo_action'])
24
+ {
25
+ case "challenge":
26
+ $email = sanitize_email($_POST['email']);
27
+ $phone = sanitize_text_field($_POST['phone']);
28
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
29
+ TwoFACustomRegFormAPI::challenge($phone,$email,$authTypeSend);
30
+ break;
31
+
32
+ case "validate":
33
+ $otp = sanitize_text_field($_POST['otp']);
34
+ $txId = sanitize_text_field($_POST['txId']);
35
+ TwoFACustomRegFormAPI::validate($txId,$otp);
36
+ break;
37
+ }
38
+ }
39
+
40
+ public function mo_ajax_register(){
41
+ switch ($_POST['mo_action']) {
42
+ case 'send_otp_over_email':
43
+ $email = isset($_POST['email'])? sanitize_email($_POST['email']): "";
44
+ $phone = isset($_POST['phone'])? sanitize_text_field($_POST['phone']): "";
45
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
46
+ TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
47
+ break;
48
+ case 'send_otp_over_sms' :
49
+ $email = isset($_POST['email'])? sanitize_email($_POST['email']): "";
50
+ $phone = isset($_POST['phone'])? sanitize_text_field($_POST['phone']): "";
51
+ $authTypeSend = sanitize_text_field($_POST['authTypeSend']);
52
+ TwoFACustomRegFormAPI :: challenge($phone,$email,$authTypeSend);
53
+ break;
54
+
55
+ default:
56
+ $otp = sanitize_text_field($_POST['otp']);
57
+ $txId = sanitize_text_field($_POST['txId']);
58
+ TwoFACustomRegFormAPI :: validate($txId,$otp);
59
+ break;
60
+ }
61
+ }
62
+
63
+ function wc_post_registration( $user_id, $new_customer_data, $password_generated) {
64
+ if ( isset( $_POST['phone'] ))
65
+ update_user_meta($user_id, 'billing_phone', sanitize_text_field($_POST['phone']));
66
+ }
67
+ }
68
+
69
+
handler/twofa/class_miniorange_2fa_strong_password.php CHANGED
@@ -31,7 +31,7 @@ class class_miniorange_2fa_strong_password {
31
  $password = (isset($_POST['pass1']) && trim($_POST['pass1'])) ? $_POST['pass1'] : false;
32
  $password=($password==false)?(isset($_POST['password_1'])?$_POST['password_1']:false):$password ;
33
  $user_id = isset($userData->ID) ? $userData->ID : false;
34
- $username = isset($_POST["user_login"]) ? $_POST["user_login"] : (isset($userData->user_login)?$userData->user_login:$userData->user_email);
35
 
36
  if ($password == false) { return $errors; }
37
  if ($errors->get_error_data("pass")) { return $errors; }
31
  $password = (isset($_POST['pass1']) && trim($_POST['pass1'])) ? $_POST['pass1'] : false;
32
  $password=($password==false)?(isset($_POST['password_1'])?$_POST['password_1']:false):$password ;
33
  $user_id = isset($userData->ID) ? $userData->ID : false;
34
+ $username = isset($_POST["user_login"]) ? $_POST["user_login"] : (isset($userData->user_login) ? sanitize_user($userData->user_login) : sanitize_email($userData->user_email));
35
 
36
  if ($password == false) { return $errors; }
37
  if ($errors->get_error_data("pass")) { return $errors; }
handler/twofa/setup_twofa.php CHANGED
@@ -899,11 +899,11 @@ function mo2f_rba_description($mo2f_user_email) {?>
899
  </div>
900
  </div>
901
  <form style="display:none;" id="mo2fa_loginform"
902
- action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
903
  target="_blank" method="post">
904
- <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
905
  <input type="text" name="redirectUrl"
906
- value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
907
  <input type="text" name="requestOrigin" id="requestOrigin"/>
908
  </form>
909
  <script>
@@ -918,7 +918,7 @@ function mo2f_rba_description($mo2f_user_email) {?>
918
  function mo2f_personalization_description($mo2f_user_email) {?>
919
  <div id="mo2f_custom_addon">
920
  <?php if ( get_option( 'mo2f_personalization_installed' ) ) { ?>
921
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_custom_addon"
922
  class="button button-primary button-large"
923
  style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
924
  <?php } ?>
@@ -974,7 +974,7 @@ function mo2f_personalization_description($mo2f_user_email) {?>
974
  function mo2f_shortcode_description($mo2f_user_email) { ?>
975
  <div id="mo2f_Shortcode_addon_hide">
976
  <?php if ( get_option( 'mo2f_shortcode_installed' ) ) { ?>
977
- <a href="<?php echo admin_url(); ?>plugins.php" id="mo2f_activate_shortcode_addon"
978
  class="button button-primary button-large" style="float:right; margin-top:2%;"><?php echo __( 'Activate
979
  Plugin', 'miniorange-2-factor-authentication' ); ?></a>
980
  <?php } if ( ! get_option( 'mo2f_shortcode_purchased' ) ) { ?>
@@ -1006,10 +1006,10 @@ function mo2f_shortcode_description($mo2f_user_email) { ?>
1006
  </div>
1007
  <br>
1008
  </div>
1009
- <form style="display:none;" id="mo2fa_loginform" action="<?php echo MO_HOST_NAME . '/moas/login'; ?>" target="_blank" method="post">
1010
- <input type="email" name="username" value="<?php echo $mo2f_user_email; ?>"/>
1011
  <input type="text" name="redirectUrl"
1012
- value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
1013
  <input type="text" name="requestOrigin" id="requestOrigin"/>
1014
  </form>
1015
  <script>
899
  </div>
900
  </div>
901
  <form style="display:none;" id="mo2fa_loginform"
902
+ action="<?php echo esc_url(MO_HOST_NAME . '/moas/login'); ?>"
903
  target="_blank" method="post">
904
+ <input type="email" name="username" value="<?php echo esc_html($mo2f_user_email); ?>"/>
905
  <input type="text" name="redirectUrl"
906
+ value="<?php echo esc_url(MO_HOST_NAME . '/moas/initializepayment'); ?>"/>
907
  <input type="text" name="requestOrigin" id="requestOrigin"/>
908
  </form>
909
  <script>
918
  function mo2f_personalization_description($mo2f_user_email) {?>
919
  <div id="mo2f_custom_addon">
920
  <?php if ( get_option( 'mo2f_personalization_installed' ) ) { ?>
921
+ <a href="<?php echo esc_url(admin_url()); ?>plugins.php" id="mo2f_activate_custom_addon"
922
  class="button button-primary button-large"
923
  style="float:right; margin-top:2%;"><?php echo __( 'Activate Plugin', 'miniorange-2-factor-authentication' ); ?></a>
924
  <?php } ?>
974
  function mo2f_shortcode_description($mo2f_user_email) { ?>
975
  <div id="mo2f_Shortcode_addon_hide">
976
  <?php if ( get_option( 'mo2f_shortcode_installed' ) ) { ?>
977
+ <a href="<?php echo esc_url(admin_url()); ?>plugins.php" id="mo2f_activate_shortcode_addon"
978
  class="button button-primary button-large" style="float:right; margin-top:2%;"><?php echo __( 'Activate
979
  Plugin', 'miniorange-2-factor-authentication' ); ?></a>
980
  <?php } if ( ! get_option( 'mo2f_shortcode_purchased' ) ) { ?>
1006
  </div>
1007
  <br>
1008
  </div>
1009
+ <form style="display:none;" id="mo2fa_loginform" action="<?php echo esc_url(MO_HOST_NAME . '/moas/login'); ?>" target="_blank" method="post">
1010
+ <input type="email" name="username" value="<?php echo esc_html($mo2f_user_email); ?>"/>
1011
  <input type="text" name="redirectUrl"
1012
+ value="<?php echo esc_url(MO_HOST_NAME . '/moas/initializepayment'); ?>"/>
1013
  <input type="text" name="requestOrigin" id="requestOrigin"/>
1014
  </form>
1015
  <script>
handler/twofa/two_fa_login.php CHANGED
@@ -371,11 +371,11 @@ class Miniorange_Mobile_Login {
371
  ?>
372
  <input type="hidden" name="miniorange_login_nonce"
373
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" hidden>
375
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
  <input type="hidden" id="sessids" name="session_id"
378
- value="<?php echo $session_id_encrypt; ?>"/>
379
  </form>
380
  <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
  <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
@@ -383,11 +383,11 @@ class Miniorange_Mobile_Login {
383
  <input type="hidden" name="miniorange_login_nonce"
384
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
  <input type="hidden" id="sessid" name="session_id"
386
- value="<?php echo $session_id_encrypt; ?>"/>
387
  </form>
388
  <script>
389
  jQuery(document).ready(function () {
390
- var session_ids="<?php echo $session_id_encrypt; ?>";
391
  if (document.getElementById('loginform') != null) {
392
  jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
  jQuery(".wp-hide-pw").addClass('mo2fa_visible');
371
  ?>
372
  <input type="hidden" name="miniorange_login_nonce"
373
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" hidden>
375
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
  <input type="hidden" id="sessids" name="session_id"
378
+ value="<?php echo esc_html($session_id_encrypt); ?>"/>
379
  </form>
380
  <form name="f" id="mo2fa-g-recaptcha-response-form" method="post" action="" hidden>
381
  <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
383
  <input type="hidden" name="miniorange_login_nonce"
384
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
  <input type="hidden" id="sessid" name="session_id"
386
+ value="<?php echo esc_html($session_id_encrypt); ?>"/>
387
  </form>
388
  <script>
389
  jQuery(document).ready(function () {
390
+ var session_ids="<?php echo esc_html($session_id_encrypt); ?>";
391
  if (document.getElementById('loginform') != null) {
392
  jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
  jQuery(".wp-hide-pw").addClass('mo2fa_visible');
handler/twofa/two_fa_pass2login.php CHANGED
@@ -2168,7 +2168,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2168
  update_option('optionVal1',$status); //??
2169
  if($status ==1 || $status ==0)
2170
  delete_site_option($txidpost);
2171
- echo $status;
2172
  exit();
2173
  }
2174
 
@@ -2714,7 +2714,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2714
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
2715
 
2716
  <input type="hidden" id="sessid" name="session_id"
2717
- value="<?php echo $session_id_encrypt; ?>"/>
2718
 
2719
  </p>
2720
 
@@ -2723,7 +2723,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2723
  ?>
2724
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
2725
  <?php
2726
- wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', dirname(dirname(__FILE__)) ) );
2727
  wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
2728
  wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
2729
  wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
2168
  update_option('optionVal1',$status); //??
2169
  if($status ==1 || $status ==0)
2170
  delete_site_option($txidpost);
2171
+ echo esc_html($status);
2172
  exit();
2173
  }
2174
 
2714
  value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
2715
 
2716
  <input type="hidden" id="sessid" name="session_id"
2717
+ value="<?php echo esc_html($session_id_encrypt); ?>"/>
2718
 
2719
  </p>
2720
 
2723
  ?>
2724
  <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
2725
  <?php
2726
+ wp_enqueue_script( 'jquery');
2727
  wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
2728
  wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
2729
  wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
handler/twofa/two_fa_settings.php CHANGED
@@ -324,7 +324,7 @@ class Miniorange_Authentication {
324
  }
325
 
326
  function display_customer_transactions( $content ) {
327
- echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>' . mo2f_lt( 'miniOrange 2-Factor Plugin:' ) . '</b> ' . mo2f_lt( 'You have' ) . ' <b style="color:red">' . $content . ' ' . mo2f_lt( 'SMS transactions' ) . ' </b>' . mo2f_lt( 'remaining' ) . '<input type="submit" name="submit" value="' . mo2f_lt( 'Check Transactions' ) . ' " class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
328
  }
329
 
330
  function prompt_user_to_setup_two_factor() {
@@ -345,7 +345,7 @@ class Miniorange_Authentication {
345
  $message = get_option( 'mo2f_message' ); ?>
346
  <script>
347
  jQuery(document).ready(function () {
348
- var message = "<?php echo $message; ?>";
349
  jQuery('#messages').append("<div style='padding:5px;'><div class='error notice is-dismissible mo2f_error_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 99999;background-color: bisque;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
350
  });
351
  </script>
@@ -357,7 +357,7 @@ class Miniorange_Authentication {
357
 
358
  <script>
359
  jQuery(document).ready(function () {
360
- var message = "<?php echo $message; ?>";
361
  jQuery('#messages').append("<div style='padding:5px;'><div class='updated notice is-dismissible mo2f_success_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 9999;background-color: #bcffb4;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
362
  });
363
  </script>
@@ -2546,10 +2546,10 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
2546
 
2547
  if ( ! in_array( $_POST['deactivate_plugin'], $reasons_not_to_worry_about ) ) {
2548
 
2549
- $message .= $_POST['deactivate_plugin'];
2550
 
2551
  if ( $_POST['query_feedback'] != '' ) {
2552
- $message .= ':' . $_POST['query_feedback'];
2553
  }
2554
 
2555
 
324
  }
325
 
326
  function display_customer_transactions( $content ) {
327
+ echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>' . mo2f_lt( 'miniOrange 2-Factor Plugin:' ) . '</b> ' . mo2f_lt( 'You have' ) . ' <b style="color:red">' . esc_html($content) . ' ' . mo2f_lt( 'SMS transactions' ) . ' </b>' . mo2f_lt( 'remaining' ) . '<input type="submit" name="submit" value="' . mo2f_lt( 'Check Transactions' ) . ' " class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
328
  }
329
 
330
  function prompt_user_to_setup_two_factor() {
345
  $message = get_option( 'mo2f_message' ); ?>
346
  <script>
347
  jQuery(document).ready(function () {
348
+ var message = "<?php echo esc_html($message); ?>";
349
  jQuery('#messages').append("<div style='padding:5px;'><div class='error notice is-dismissible mo2f_error_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 99999;background-color: bisque;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
350
  });
351
  </script>
357
 
358
  <script>
359
  jQuery(document).ready(function () {
360
+ var message = "<?php echo esc_html($message); ?>";
361
  jQuery('#messages').append("<div style='padding:5px;'><div class='updated notice is-dismissible mo2f_success_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 9999;background-color: #bcffb4;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
362
  });
363
  </script>
2546
 
2547
  if ( ! in_array( $_POST['deactivate_plugin'], $reasons_not_to_worry_about ) ) {
2548
 
2549
+ $message .= sanitize_text_field($_POST['deactivate_plugin']);
2550
 
2551
  if ( $_POST['query_feedback'] != '' ) {
2552
+ $message .= ':' . sanitize_text_field($_POST['query_feedback']);
2553
  }
2554
 
2555
 
handler/twofa/two_fa_utility.php CHANGED
@@ -171,19 +171,24 @@ class MO2f_Utility {
171
  }
172
  }
173
  }
174
- public static function get_client_ipaddress(){
175
 
176
- $ip = null;
177
- if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
 
 
178
 
179
- $ip = $_SERVER['HTTP_CLIENT_IP'];
180
 
181
- } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
 
 
182
 
183
- $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
 
 
184
 
185
  } else {
186
- $ip = $_SERVER['REMOTE_ADDR'];
187
  }
188
  return $ip;
189
  }
171
  }
172
  }
173
  }
 
174
 
175
+ function mo2f_isValidIP($IP)
176
+ {
177
+ return filter_var($IP, FILTER_VALIDATE_IP) !== false;
178
+ }
179
 
180
+ public static function get_client_ipaddress(){
181
 
182
+ $ip = null;
183
+ if (!empty($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP'])) {
184
+ $ip = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
185
 
186
+ } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR'])) {
187
+ $ip = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
188
+ $ip = explode(",",$ip)[0];
189
 
190
  } else {
191
+ $ip = mo2f_isValidIP($_SERVER['REMOTE_ADDR']) ? sanitize_text_field($_SERVER['REMOTE_ADDR']) : 'UNKNOWN';
192
  }
193
  return $ip;
194
  }
handler/user-profile-2fa.php CHANGED
@@ -93,12 +93,12 @@ wp_enqueue_style( 'mo2f_user-profile_style', $mainDir.'/includes/css/user-profi
93
  </tr>
94
  </table>
95
  <div id="wpns_nav_message"></div>
96
- <input type="hidden" name="MO2F_IS_ONPREM" value="<?php echo MO2F_IS_ONPREM;?>">
97
- <input type="hidden" name="same_user" value="<?php echo $same_user;?>">
98
- <input type="hidden" name="is_registered" value="<?php echo $is_registered;?>">
99
  <input type="hidden" name="mo2f-update-mobile-nonce" value="<?php echo wp_create_nonce("mo2f-update-mobile-nonce");?>">
100
  <input type="hidden" name="mo2fa_count" id="mo2fa_count" value="1">
101
- <input type="hidden" name="transient_id" value="<?php echo $transient_id;?>">
102
  <input type="hidden" name='method' id="method" value="NONE">
103
  <input type="hidden" name='mo2f_configuration_status' id="mo2f_configuration_status" value="Configuration">
104
  <?php
@@ -227,7 +227,7 @@ wp_enqueue_style( 'mo2f_user-profile_style', $mainDir.'/includes/css/user-profi
227
  <td><a id="<?php echo 'save-'.mo2f_lt($trimmed_method); ?>" name="save_GA" class="button button1" ><?php echo mo2f_lt( 'Verify and Save' ); ?></a></td>
228
  </table>
229
 
230
- <input type="hidden" name="ga_secret" value="<?php echo $ga_secret;?>">
231
  </form>
232
 
233
  </div>
93
  </tr>
94
  </table>
95
  <div id="wpns_nav_message"></div>
96
+ <input type="hidden" name="MO2F_IS_ONPREM" value="<?php echo esc_attr(MO2F_IS_ONPREM);?>">
97
+ <input type="hidden" name="same_user" value="<?php echo esc_attr($same_user); ?>">
98
+ <input type="hidden" name="is_registered" value="<?php echo esc_attr($is_registered); ?>">
99
  <input type="hidden" name="mo2f-update-mobile-nonce" value="<?php echo wp_create_nonce("mo2f-update-mobile-nonce");?>">
100
  <input type="hidden" name="mo2fa_count" id="mo2fa_count" value="1">
101
+ <input type="hidden" name="transient_id" value="<?php echo esc_attr($transient_id) ;?>">
102
  <input type="hidden" name='method' id="method" value="NONE">
103
  <input type="hidden" name='mo2f_configuration_status' id="mo2f_configuration_status" value="Configuration">
104
  <?php
227
  <td><a id="<?php echo 'save-'.mo2f_lt($trimmed_method); ?>" name="save_GA" class="button button1" ><?php echo mo2f_lt( 'Verify and Save' ); ?></a></td>
228
  </table>
229
 
230
+ <input type="hidden" name="ga_secret" value="<?php echo esc_html($ga_secret);?>">
231
  </form>
232
 
233
  </div>
helper/curl.php CHANGED
@@ -237,26 +237,11 @@ class MocURL
237
  $query = '[WordPress 2 Factor Authentication Plugin: ' .$onprem.$customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
238
 
239
 
240
- $content='<div >Hello, <br><br>Ticket ID:'.$moWpnsUtility->getFeatureStatus().'<br><br>First Name :'.$user->user_firstname.'<br><br>Last Name :'.$user->user_lastname.' <br><br>Company :<a href="'.$_SERVER['SERVER_NAME'].'" target="_blank" >'.$_SERVER['SERVER_NAME'].'</a><br><br>Phone Number :'.$phone.'<br><br>Email :<a href="mailto:'.$email.'" target="_blank">'.$email.'</a><br><br>Query :'.$query.'</div>';
241
-
242
-
243
- $fields = array(
244
- 'customerKey' => $customerKey,
245
- 'sendEmail' => true,
246
- 'email' => array(
247
- 'customerKey' => $customerKey,
248
- 'fromEmail' => $fromEmail,
249
- 'fromName' => 'Xecurify',
250
- 'toEmail' => '2fasupport@xecurify.com',
251
- 'toName' => '2fasupport@xecurify.com',
252
- 'subject' => $subject,
253
- 'content' => $content
254
- ),
255
- );
256
- $field_string = json_encode($fields);
257
- $authHeader = $this->createAuthHeader($customerKey,$apiKey);
258
- $response = self::callAPI($url, $field_string,$authHeader);
259
-
260
  return $response;
261
 
262
  }
237
  $query = '[WordPress 2 Factor Authentication Plugin: ' .$onprem.$customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
238
 
239
 
240
+ $content='<div >Hello, <br><br>Ticket ID:'.$moWpnsUtility->getFeatureStatus().'<br><br>First Name :'.$user->user_firstname.'<br><br>Last Name :'.$user->user_lastname.' <br><br>Company :<a href="'.sanitize_text_field(sanitize_text_field($_SERVER['SERVER_NAME'])).'" target="_blank" >'.sanitize_text_field($_SERVER['SERVER_NAME']).'</a><br><br>Phone Number :'.$phone.'<br><br>Email :<a href="mailto:'.$email.'" target="_blank">'.$email.'</a><br><br>Query :'.$query.'</div>';
241
+
242
+ $headers = array('Content-Type: text/html; charset=UTF-8');
243
+
244
+ $response = wp_mail( '2fasupport@xecurify.com', $subject, $content, $headers );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
245
  return $response;
246
 
247
  }
helper/dashboard_security_notification.php CHANGED
@@ -121,7 +121,7 @@ class miniorange_security_notification{
121
 
122
  <div style='width:100%;background-color:#555f5f;padding-top:10px;''>
123
  <div style='font-size:25px;color:white;text-align:center'>
124
- <strong style='font-weight:300;''>Last Scan Result <span style='color:orange;'>[". $type_of_scan."]</span></strong>
125
  </div>
126
  <hr>
127
  <div>
@@ -206,14 +206,14 @@ class miniorange_security_notification{
206
  </tbody>
207
  </table>
208
  </div>
209
- <a class='button button-primary' style='background-color:#f0a702;width:100%;text-align:center' href='admin.php?page=mo_2fa_login_and_spam&tab=default&view==".$latest_id."'><h3 style='background-color:#f0a702'>View Details</h3></a>
210
  </div>";
211
 
212
  echo '<br><br>';
213
 
214
  echo "<div style='width:100%;background-color:#555f5f;padding-top:10px;'>
215
  <div style='font-size:20px;color:white;text-align:center'>
216
- <strong style='font-weight:300;'>Backup <span style='color:orange;'>[".$last_backup." ]</span></strong>
217
  </div>
218
  <hr>
219
  <div>
@@ -225,10 +225,10 @@ class miniorange_security_notification{
225
  <table dir='ltr' style='table-layout:fixed;margin:10px 0 20px 0;padding:0;vertical-align:top;width:100%'>
226
  <tbody>
227
  <tr>
228
- <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400' ><strong>" .esc_html($array['plugin_count'])."</strong></td>
229
- <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400'><strong>" .esc_html($array['themes_count'])."</strong></td>
230
- <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400'><strong>" .esc_html($array['wp_files_count'])."</strong></td>
231
- <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400'><strong>" .esc_html($array['db_count'])."</strong></td>
232
 
233
  </tr>
234
 
121
 
122
  <div style='width:100%;background-color:#555f5f;padding-top:10px;''>
123
  <div style='font-size:25px;color:white;text-align:center'>
124
+ <strong style='font-weight:300;''>Last Scan Result <span style='color:orange;'>[". esc_html($type_of_scan)."]</span></strong>
125
  </div>
126
  <hr>
127
  <div>
206
  </tbody>
207
  </table>
208
  </div>
209
+ <a class='button button-primary' style='background-color:#f0a702;width:100%;text-align:center' href='admin.php?page=mo_2fa_login_and_spam&tab=default&view==".esc_html($latest_id)."'><h3 style='background-color:#f0a702'>View Details</h3></a>
210
  </div>";
211
 
212
  echo '<br><br>';
213
 
214
  echo "<div style='width:100%;background-color:#555f5f;padding-top:10px;'>
215
  <div style='font-size:20px;color:white;text-align:center'>
216
+ <strong style='font-weight:300;'>Backup <span style='color:orange;'>[".esc_html($last_backup)." ]</span></strong>
217
  </div>
218
  <hr>
219
  <div>
225
  <table dir='ltr' style='table-layout:fixed;margin:10px 0 20px 0;padding:0;vertical-align:top;width:100%'>
226
  <tbody>
227
  <tr>
228
+ <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400' ><strong>" .esc_attr($array['plugin_count'])."</strong></td>
229
+ <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400'><strong>" .esc_attr($array['themes_count'])."</strong></td>
230
+ <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400'><strong>" .esc_attr($array['wp_files_count'])."</strong></td>
231
+ <td style='text-align:center;font-size:36px;color:#ffffff;font-weight:400'><strong>" .esc_attr($array['db_count'])."</strong></td>
232
 
233
  </tr>
234
 
helper/utility.php CHANGED
@@ -65,15 +65,19 @@ class MoWpnsUtility
65
  else
66
  return false;
67
  }
 
 
 
 
68
 
69
  public static function get_client_ip()
70
  {
71
  if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
72
- return sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
73
  } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
74
- return sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
75
  } else {
76
- return sanitize_text_field($_SERVER['REMOTE_ADDR']);
77
  }
78
  return '';
79
  }
65
  else
66
  return false;
67
  }
68
+
69
+ static function mo2f_isValidIP($IP){
70
+ return filter_var($IP, FILTER_VALIDATE_IP) !== false;
71
+ }
72
 
73
  public static function get_client_ip()
74
  {
75
  if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
76
+ return self::mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']) ? sanitize_text_field($_SERVER['HTTP_CLIENT_IP']) : '';
77
  } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
78
+ return self::mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']) ? sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']) : '';
79
  } else {
80
+ return self::mo2f_isValidIP($_SERVER['REMOTE_ADDR']) ? sanitize_text_field($_SERVER['REMOTE_ADDR']) : '';
81
  }
82
  return '';
83
  }
includes/email-New-release.php CHANGED
@@ -1,9 +1,8 @@
1
  <?php
2
 
3
- global $imagePath;
4
-
5
  function mail_tem()
6
  {
 
7
  return '
8
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
9
  <html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
1
  <?php
2
 
 
 
3
  function mail_tem()
4
  {
5
+ global $imagePath;
6
  return '
7
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional //EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
8
  <html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
includes/js/select2.min.js ADDED
@@ -0,0 +1,3 @@
 
 
 
1
+ /*! Select2 4.0.3 | https://github.com/select2/select2/blob/master/LICENSE.md */!function(a){"function"==typeof define&&define.amd?define(["jquery"],a):a("object"==typeof exports?require("jquery"):jQuery)}(function(a){var b=function(){if(a&&a.fn&&a.fn.select2&&a.fn.select2.amd)var b=a.fn.select2.amd;var b;return function(){if(!b||!b.requirejs){b?c=b:b={};var a,c,d;!function(b){function e(a,b){return u.call(a,b)}function f(a,b){var c,d,e,f,g,h,i,j,k,l,m,n=b&&b.split("/"),o=s.map,p=o&&o["*"]||{};if(a&&"."===a.charAt(0))if(b){for(a=a.split("/"),g=a.length-1,s.nodeIdCompat&&w.test(a[g])&&(a[g]=a[g].replace(w,"")),a=n.slice(0,n.length-1).concat(a),k=0;k<a.length;k+=1)if(m=a[k],"."===m)a.splice(k,1),k-=1;else if(".."===m){if(1===k&&(".."===a[2]||".."===a[0]))break;k>0&&(a.splice(k-1,2),k-=2)}a=a.join("/")}else 0===a.indexOf("./")&&(a=a.substring(2));if((n||p)&&o){for(c=a.split("/"),k=c.length;k>0;k-=1){if(d=c.slice(0,k).join("/"),n)for(l=n.length;l>0;l-=1)if(e=o[n.slice(0,l).join("/")],e&&(e=e[d])){f=e,h=k;break}if(f)break;!i&&p&&p[d]&&(i=p[d],j=k)}!f&&i&&(f=i,h=j),f&&(c.splice(0,h,f),a=c.join("/"))}return a}function g(a,c){return function(){var d=v.call(arguments,0);return"string"!=typeof d[0]&&1===d.length&&d.push(null),n.apply(b,d.concat([a,c]))}}function h(a){return function(b){return f(b,a)}}function i(a){return function(b){q[a]=b}}function j(a){if(e(r,a)){var c=r[a];delete r[a],t[a]=!0,m.apply(b,c)}if(!e(q,a)&&!e(t,a))throw new Error("No "+a);return q[a]}function k(a){var b,c=a?a.indexOf("!"):-1;return c>-1&&(b=a.substring(0,c),a=a.substring(c+1,a.length)),[b,a]}function l(a){return function(){return s&&s.config&&s.config[a]||{}}}var m,n,o,p,q={},r={},s={},t={},u=Object.prototype.hasOwnProperty,v=[].slice,w=/\.js$/;o=function(a,b){var c,d=k(a),e=d[0];return a=d[1],e&&(e=f(e,b),c=j(e)),e?a=c&&c.normalize?c.normalize(a,h(b)):f(a,b):(a=f(a,b),d=k(a),e=d[0],a=d[1],e&&(c=j(e))),{f:e?e+"!"+a:a,n:a,pr:e,p:c}},p={require:function(a){return g(a)},exports:function(a){var b=q[a];return"undefined"!=typeof b?b:q[a]={}},module:function(a){return{id:a,uri:"",exports:q[a],config:l(a)}}},m=function(a,c,d,f){var h,k,l,m,n,s,u=[],v=typeof d;if(f=f||a,"undefined"===v||"function"===v){for(c=!c.length&&d.length?["require","exports","module"]:c,n=0;n<c.length;n+=1)if(m=o(c[n],f),k=m.f,"require"===k)u[n]=p.require(a);else if("exports"===k)u[n]=p.exports(a),s=!0;else if("module"===k)h=u[n]=p.module(a);else if(e(q,k)||e(r,k)||e(t,k))u[n]=j(k);else{if(!m.p)throw new Error(a+" missing "+k);m.p.load(m.n,g(f,!0),i(k),{}),u[n]=q[k]}l=d?d.apply(q[a],u):void 0,a&&(h&&h.exports!==b&&h.exports!==q[a]?q[a]=h.exports:l===b&&s||(q[a]=l))}else a&&(q[a]=d)},a=c=n=function(a,c,d,e,f){if("string"==typeof a)return p[a]?p[a](c):j(o(a,c).f);if(!a.splice){if(s=a,s.deps&&n(s.deps,s.callback),!c)return;c.splice?(a=c,c=d,d=null):a=b}return c=c||function(){},"function"==typeof d&&(d=e,e=f),e?m(b,a,c,d):setTimeout(function(){m(b,a,c,d)},4),n},n.config=function(a){return n(a)},a._defined=q,d=function(a,b,c){if("string"!=typeof a)throw new Error("See almond README: incorrect module build, no module name");b.splice||(c=b,b=[]),e(q,a)||e(r,a)||(r[a]=[a,b,c])},d.amd={jQuery:!0}}(),b.requirejs=a,b.require=c,b.define=d}}(),b.define("almond",function(){}),b.define("jquery",[],function(){var b=a||$;return null==b&&console&&console.error&&console.error("Select2: An instance of jQuery or a jQuery-compatible library was not found. Make sure that you are including jQuery before Select2 on your web page."),b}),b.define("select2/utils",["jquery"],function(a){function b(a){var b=a.prototype,c=[];for(var d in b){var e=b[d];"function"==typeof e&&"constructor"!==d&&c.push(d)}return c}var c={};c.Extend=function(a,b){function c(){this.constructor=a}var d={}.hasOwnProperty;for(var e in b)d.call(b,e)&&(a[e]=b[e]);return c.prototype=b.prototype,a.prototype=new c,a.__super__=b.prototype,a},c.Decorate=function(a,c){function d(){var b=Array.prototype.unshift,d=c.prototype.constructor.length,e=a.prototype.constructor;d>0&&(b.call(arguments,a.prototype.constructor),e=c.prototype.constructor),e.apply(this,arguments)}function e(){this.constructor=d}var f=b(c),g=b(a);c.displayName=a.displayName,d.prototype=new e;for(var h=0;h<g.length;h++){var i=g[h];d.prototype[i]=a.prototype[i]}for(var j=(function(a){var b=function(){};a in d.prototype&&(b=d.prototype[a]);var e=c.prototype[a];return function(){var a=Array.prototype.unshift;return a.call(arguments,b),e.apply(this,arguments)}}),k=0;k<f.length;k++){var l=f[k];d.prototype[l]=j(l)}return d};var d=function(){this.listeners={}};return d.prototype.on=function(a,b){this.listeners=this.listeners||{},a in this.listeners?this.listeners[a].push(b):this.listeners[a]=[b]},d.prototype.trigger=function(a){var b=Array.prototype.slice,c=b.call(arguments,1);this.listeners=this.listeners||{},null==c&&(c=[]),0===c.length&&c.push({}),c[0]._type=a,a in this.listeners&&this.invoke(this.listeners[a],b.call(arguments,1)),"*"in this.listeners&&this.invoke(this.listeners["*"],arguments)},d.prototype.invoke=function(a,b){for(var c=0,d=a.length;d>c;c++)a[c].apply(this,b)},c.Observable=d,c.generateChars=function(a){for(var b="",c=0;a>c;c++){var d=Math.floor(36*Math.random());b+=d.toString(36)}return b},c.bind=function(a,b){return function(){a.apply(b,arguments)}},c._convertData=function(a){for(var b in a){var c=b.split("-"),d=a;if(1!==c.length){for(var e=0;e<c.length;e++){var f=c[e];f=f.substring(0,1).toLowerCase()+f.substring(1),f in d||(d[f]={}),e==c.length-1&&(d[f]=a[b]),d=d[f]}delete a[b]}}return a},c.hasScroll=function(b,c){var d=a(c),e=c.style.overflowX,f=c.style.overflowY;return e!==f||"hidden"!==f&&"visible"!==f?"scroll"===e||"scroll"===f?!0:d.innerHeight()<c.scrollHeight||d.innerWidth()<c.scrollWidth:!1},c.escapeMarkup=function(a){var b={"\\":"&#92;","&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;","'":"&#39;","/":"&#47;"};return"string"!=typeof a?a:String(a).replace(/[&<>"'\/\\]/g,function(a){return b[a]})},c.appendMany=function(b,c){if("1.7"===a.fn.jquery.substr(0,3)){var d=a();a.map(c,function(a){d=d.add(a)}),c=d}b.append(c)},c}),b.define("select2/results",["jquery","./utils"],function(a,b){function c(a,b,d){this.$element=a,this.data=d,this.options=b,c.__super__.constructor.call(this)}return b.Extend(c,b.Observable),c.prototype.render=function(){var b=a('<ul class="select2-results__options" role="tree"></ul>');return this.options.get("multiple")&&b.attr("aria-multiselectable","true"),this.$results=b,b},c.prototype.clear=function(){this.$results.empty()},c.prototype.displayMessage=function(b){var c=this.options.get("escapeMarkup");this.clear(),this.hideLoading();var d=a('<li role="treeitem" aria-live="assertive" class="select2-results__option"></li>'),e=this.options.get("translations").get(b.message);d.append(c(e(b.args))),d[0].className+=" select2-results__message",this.$results.append(d)},c.prototype.hideMessages=function(){this.$results.find(".select2-results__message").remove()},c.prototype.append=function(a){this.hideLoading();var b=[];if(null==a.results||0===a.results.length)return void(0===this.$results.children().length&&this.trigger("results:message",{message:"noResults"}));a.results=this.sort(a.results);for(var c=0;c<a.results.length;c++){var d=a.results[c],e=this.option(d);b.push(e)}this.$results.append(b)},c.prototype.position=function(a,b){var c=b.find(".select2-results");c.append(a)},c.prototype.sort=function(a){var b=this.options.get("sorter");return b(a)},c.prototype.highlightFirstItem=function(){var a=this.$results.find(".select2-results__option[aria-selected]"),b=a.filter("[aria-selected=true]");b.length>0?b.first().trigger("mouseenter"):a.first().trigger("mouseenter"),this.ensureHighlightVisible()},c.prototype.setClasses=function(){var b=this;this.data.current(function(c){var d=a.map(c,function(a){return a.id.toString()}),e=b.$results.find(".select2-results__option[aria-selected]");e.each(function(){var b=a(this),c=a.data(this,"data"),e=""+c.id;null!=c.element&&c.element.selected||null==c.element&&a.inArray(e,d)>-1?b.attr("aria-selected","true"):b.attr("aria-selected","false")})})},c.prototype.showLoading=function(a){this.hideLoading();var b=this.options.get("translations").get("searching"),c={disabled:!0,loading:!0,text:b(a)},d=this.option(c);d.className+=" loading-results",this.$results.prepend(d)},c.prototype.hideLoading=function(){this.$results.find(".loading-results").remove()},c.prototype.option=function(b){var c=document.createElement("li");c.className="select2-results__option";var d={role:"treeitem","aria-selected":"false"};b.disabled&&(delete d["aria-selected"],d["aria-disabled"]="true"),null==b.id&&delete d["aria-selected"],null!=b._resultId&&(c.id=b._resultId),b.title&&(c.title=b.title),b.children&&(d.role="group",d["aria-label"]=b.text,delete d["aria-selected"]);for(var e in d){var f=d[e];c.setAttribute(e,f)}if(b.children){var g=a(c),h=document.createElement("strong");h.className="select2-results__group";a(h);this.template(b,h);for(var i=[],j=0;j<b.children.length;j++){var k=b.children[j],l=this.option(k);i.push(l)}var m=a("<ul></ul>",{"class":"select2-results__options select2-results__options--nested"});m.append(i),g.append(h),g.append(m)}else this.template(b,c);return a.data(c,"data",b),c},c.prototype.bind=function(b,c){var d=this,e=b.id+"-results";this.$results.attr("id",e),b.on("results:all",function(a){d.clear(),d.append(a.data),b.isOpen()&&(d.setClasses(),d.highlightFirstItem())}),b.on("results:append",function(a){d.append(a.data),b.isOpen()&&d.setClasses()}),b.on("query",function(a){d.hideMessages(),d.showLoading(a)}),b.on("select",function(){b.isOpen()&&(d.setClasses(),d.highlightFirstItem())}),b.on("unselect",function(){b.isOpen()&&(d.setClasses(),d.highlightFirstItem())}),b.on("open",function(){d.$results.attr("aria-expanded","true"),d.$results.attr("aria-hidden","false"),d.setClasses(),d.ensureHighlightVisible()}),b.on("close",function(){d.$results.attr("aria-expanded","false"),d.$results.attr("aria-hidden","true"),d.$results.removeAttr("aria-activedescendant")}),b.on("results:toggle",function(){var a=d.getHighlightedResults();0!==a.length&&a.trigger("mouseup")}),b.on("results:select",function(){var a=d.getHighlightedResults();if(0!==a.length){var b=a.data("data");"true"==a.attr("aria-selected")?d.trigger("close",{}):d.trigger("select",{data:b})}}),b.on("results:previous",function(){var a=d.getHighlightedResults(),b=d.$results.find("[aria-selected]"),c=b.index(a);if(0!==c){var e=c-1;0===a.length&&(e=0);var f=b.eq(e);f.trigger("mouseenter");var g=d.$results.offset().top,h=f.offset().top,i=d.$results.scrollTop()+(h-g);0===e?d.$results.scrollTop(0):0>h-g&&d.$results.scrollTop(i)}}),b.on("results:next",function(){var a=d.getHighlightedResults(),b=d.$results.find("[aria-selected]"),c=b.index(a),e=c+1;if(!(e>=b.length)){var f=b.eq(e);f.trigger("mouseenter");var g=d.$results.offset().top+d.$results.outerHeight(!1),h=f.offset().top+f.outerHeight(!1),i=d.$results.scrollTop()+h-g;0===e?d.$results.scrollTop(0):h>g&&d.$results.scrollTop(i)}}),b.on("results:focus",function(a){a.element.addClass("select2-results__option--highlighted")}),b.on("results:message",function(a){d.displayMessage(a)}),a.fn.mousewheel&&this.$results.on("mousewheel",function(a){var b=d.$results.scrollTop(),c=d.$results.get(0).scrollHeight-b+a.deltaY,e=a.deltaY>0&&b-a.deltaY<=0,f=a.deltaY<0&&c<=d.$results.height();e?(d.$results.scrollTop(0),a.preventDefault(),a.stopPropagation()):f&&(d.$results.scrollTop(d.$results.get(0).scrollHeight-d.$results.height()),a.preventDefault(),a.stopPropagation())}),this.$results.on("mouseup",".select2-results__option[aria-selected]",function(b){var c=a(this),e=c.data("data");return"true"===c.attr("aria-selected")?void(d.options.get("multiple")?d.trigger("unselect",{originalEvent:b,data:e}):d.trigger("close",{})):void d.trigger("select",{originalEvent:b,data:e})}),this.$results.on("mouseenter",".select2-results__option[aria-selected]",function(b){var c=a(this).data("data");d.getHighlightedResults().removeClass("select2-results__option--highlighted"),d.trigger("results:focus",{data:c,element:a(this)})})},c.prototype.getHighlightedResults=function(){var a=this.$results.find(".select2-results__option--highlighted");return a},c.prototype.destroy=function(){this.$results.remove()},c.prototype.ensureHighlightVisible=function(){var a=this.getHighlightedResults();if(0!==a.length){var b=this.$results.find("[aria-selected]"),c=b.index(a),d=this.$results.offset().top,e=a.offset().top,f=this.$results.scrollTop()+(e-d),g=e-d;f-=2*a.outerHeight(!1),2>=c?this.$results.scrollTop(0):(g>this.$results.outerHeight()||0>g)&&this.$results.scrollTop(f)}},c.prototype.template=function(b,c){var d=this.options.get("templateResult"),e=this.options.get("escapeMarkup"),f=d(b,c);null==f?c.style.display="none":"string"==typeof f?c.innerHTML=e(f):a(c).append(f)},c}),b.define("select2/keys",[],function(){var a={BACKSPACE:8,TAB:9,ENTER:13,SHIFT:16,CTRL:17,ALT:18,ESC:27,SPACE:32,PAGE_UP:33,PAGE_DOWN:34,END:35,HOME:36,LEFT:37,UP:38,RIGHT:39,DOWN:40,DELETE:46};return a}),b.define("select2/selection/base",["jquery","../utils","../keys"],function(a,b,c){function d(a,b){this.$element=a,this.options=b,d.__super__.constructor.call(this)}return b.Extend(d,b.Observable),d.prototype.render=function(){var b=a('<span class="select2-selection" role="combobox" aria-haspopup="true" aria-expanded="false"></span>');return this._tabindex=0,null!=this.$element.data("old-tabindex")?this._tabindex=this.$element.data("old-tabindex"):null!=this.$element.attr("tabindex")&&(this._tabindex=this.$element.attr("tabindex")),b.attr("title",this.$element.attr("title")),b.attr("tabindex",this._tabindex),this.$selection=b,b},d.prototype.bind=function(a,b){var d=this,e=(a.id+"-container",a.id+"-results");this.container=a,this.$selection.on("focus",function(a){d.trigger("focus",a)}),this.$selection.on("blur",function(a){d._handleBlur(a)}),this.$selection.on("keydown",function(a){d.trigger("keypress",a),a.which===c.SPACE&&a.preventDefault()}),a.on("results:focus",function(a){d.$selection.attr("aria-activedescendant",a.data._resultId)}),a.on("selection:update",function(a){d.update(a.data)}),a.on("open",function(){d.$selection.attr("aria-expanded","true"),d.$selection.attr("aria-owns",e),d._attachCloseHandler(a)}),a.on("close",function(){d.$selection.attr("aria-expanded","false"),d.$selection.removeAttr("aria-activedescendant"),d.$selection.removeAttr("aria-owns"),d.$selection.focus(),d._detachCloseHandler(a)}),a.on("enable",function(){d.$selection.attr("tabindex",d._tabindex)}),a.on("disable",function(){d.$selection.attr("tabindex","-1")})},d.prototype._handleBlur=function(b){var c=this;window.setTimeout(function(){document.activeElement==c.$selection[0]||a.contains(c.$selection[0],document.activeElement)||c.trigger("blur",b)},1)},d.prototype._attachCloseHandler=function(b){a(document.body).on("mousedown.select2."+b.id,function(b){var c=a(b.target),d=c.closest(".select2"),e=a(".select2.select2-container--open");e.each(function(){var b=a(this);if(this!=d[0]){var c=b.data("element");c.select2("close")}})})},d.prototype._detachCloseHandler=function(b){a(document.body).off("mousedown.select2."+b.id)},d.prototype.position=function(a,b){var c=b.find(".selection");c.append(a)},d.prototype.destroy=function(){this._detachCloseHandler(this.container)},d.prototype.update=function(a){throw new Error("The `update` method must be defined in child classes.")},d}),b.define("select2/selection/single",["jquery","./base","../utils","../keys"],function(a,b,c,d){function e(){e.__super__.constructor.apply(this,arguments)}return c.Extend(e,b),e.prototype.render=function(){var a=e.__super__.render.call(this);return a.addClass("select2-selection--single"),a.html('<span class="select2-selection__rendered"></span><span class="select2-selection__arrow" role="presentation"><b role="presentation"></b></span>'),a},e.prototype.bind=function(a,b){var c=this;e.__super__.bind.apply(this,arguments);var d=a.id+"-container";this.$selection.find(".select2-selection__rendered").attr("id",d),this.$selection.attr("aria-labelledby",d),this.$selection.on("mousedown",function(a){1===a.which&&c.trigger("toggle",{originalEvent:a})}),this.$selection.on("focus",function(a){}),this.$selection.on("blur",function(a){}),a.on("focus",function(b){a.isOpen()||c.$selection.focus()}),a.on("selection:update",function(a){c.update(a.data)})},e.prototype.clear=function(){this.$selection.find(".select2-selection__rendered").empty()},e.prototype.display=function(a,b){var c=this.options.get("templateSelection"),d=this.options.get("escapeMarkup");return d(c(a,b))},e.prototype.selectionContainer=function(){return a("<span></span>")},e.prototype.update=function(a){if(0===a.length)return void this.clear();var b=a[0],c=this.$selection.find(".select2-selection__rendered"),d=this.display(b,c);c.empty().append(d),c.prop("title",b.title||b.text)},e}),b.define("select2/selection/multiple",["jquery","./base","../utils"],function(a,b,c){function d(a,b){d.__super__.constructor.apply(this,arguments)}return c.Extend(d,b),d.prototype.render=function(){var a=d.__super__.render.call(this);return a.addClass("select2-selection--multiple"),a.html('<ul class="select2-selection__rendered"></ul>'),a},d.prototype.bind=function(b,c){var e=this;d.__super__.bind.apply(this,arguments),this.$selection.on("click",function(a){e.trigger("toggle",{originalEvent:a})}),this.$selection.on("click",".select2-selection__choice__remove",function(b){if(!e.options.get("disabled")){var c=a(this),d=c.parent(),f=d.data("data");e.trigger("unselect",{originalEvent:b,data:f})}})},d.prototype.clear=function(){this.$selection.find(".select2-selection__rendered").empty()},d.prototype.display=function(a,b){var c=this.options.get("templateSelection"),d=this.options.get("escapeMarkup");return d(c(a,b))},d.prototype.selectionContainer=function(){var b=a('<li class="select2-selection__choice"><span class="select2-selection__choice__remove" role="presentation">&times;</span></li>');return b},d.prototype.update=function(a){if(this.clear(),0!==a.length){for(var b=[],d=0;d<a.length;d++){var e=a[d],f=this.selectionContainer(),g=this.display(e,f);f.append(g),f.prop("title",e.title||e.text),f.data("data",e),b.push(f)}var h=this.$selection.find(".select2-selection__rendered");c.appendMany(h,b)}},d}),b.define("select2/selection/placeholder",["../utils"],function(a){function b(a,b,c){this.placeholder=this.normalizePlaceholder(c.get("placeholder")),a.call(this,b,c)}return b.prototype.normalizePlaceholder=function(a,b){return"string"==typeof b&&(b={id:"",text:b}),b},b.prototype.createPlaceholder=function(a,b){var c=this.selectionContainer();return c.html(this.display(b)),c.addClass("select2-selection__placeholder").removeClass("select2-selection__choice"),c},b.prototype.update=function(a,b){var c=1==b.length&&b[0].id!=this.placeholder.id,d=b.length>1;if(d||c)return a.call(this,b);this.clear();var e=this.createPlaceholder(this.placeholder);this.$selection.find(".select2-selection__rendered").append(e)},b}),b.define("select2/selection/allowClear",["jquery","../keys"],function(a,b){function c(){}return c.prototype.bind=function(a,b,c){var d=this;a.call(this,b,c),null==this.placeholder&&this.options.get("debug")&&window.console&&console.error&&console.error("Select2: The `allowClear` option should be used in combination with the `placeholder` option."),this.$selection.on("mousedown",".select2-selection__clear",function(a){d._handleClear(a)}),b.on("keypress",function(a){d._handleKeyboardClear(a,b)})},c.prototype._handleClear=function(a,b){if(!this.options.get("disabled")){var c=this.$selection.find(".select2-selection__clear");if(0!==c.length){b.stopPropagation();for(var d=c.data("data"),e=0;e<d.length;e++){var f={data:d[e]};if(this.trigger("unselect",f),f.prevented)return}this.$element.val(this.placeholder.id).trigger("change"),this.trigger("toggle",{})}}},c.prototype._handleKeyboardClear=function(a,c,d){d.isOpen()||(c.which==b.DELETE||c.which==b.BACKSPACE)&&this._handleClear(c)},c.prototype.update=function(b,c){if(b.call(this,c),!(this.$selection.find(".select2-selection__placeholder").length>0||0===c.length)){var d=a('<span class="select2-selection__clear">&times;</span>');d.data("data",c),this.$selection.find(".select2-selection__rendered").prepend(d)}},c}),b.define("select2/selection/search",["jquery","../utils","../keys"],function(a,b,c){function d(a,b,c){a.call(this,b,c)}return d.prototype.render=function(b){var c=a('<li class="select2-search select2-search--inline"><input class="select2-search__field" type="search" tabindex="-1" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" role="textbox" aria-autocomplete="list" /></li>');this.$searchContainer=c,this.$search=c.find("input");var d=b.call(this);return this._transferTabIndex(),d},d.prototype.bind=function(a,b,d){var e=this;a.call(this,b,d),b.on("open",function(){e.$search.trigger("focus")}),b.on("close",function(){e.$search.val(""),e.$search.removeAttr("aria-activedescendant"),e.$search.trigger("focus")}),b.on("enable",function(){e.$search.prop("disabled",!1),e._transferTabIndex()}),b.on("disable",function(){e.$search.prop("disabled",!0)}),b.on("focus",function(a){e.$search.trigger("focus")}),b.on("results:focus",function(a){e.$search.attr("aria-activedescendant",a.id)}),this.$selection.on("focusin",".select2-search--inline",function(a){e.trigger("focus",a)}),this.$selection.on("focusout",".select2-search--inline",function(a){e._handleBlur(a)}),this.$selection.on("keydown",".select2-search--inline",function(a){a.stopPropagation(),e.trigger("keypress",a),e._keyUpPrevented=a.isDefaultPrevented();var b=a.which;if(b===c.BACKSPACE&&""===e.$search.val()){var d=e.$searchContainer.prev(".select2-selection__choice");if(d.length>0){var f=d.data("data");e.searchRemoveChoice(f),a.preventDefault()}}});var f=document.documentMode,g=f&&11>=f;this.$selection.on("input.searchcheck",".select2-search--inline",function(a){return g?void e.$selection.off("input.search input.searchcheck"):void e.$selection.off("keyup.search")}),this.$selection.on("keyup.search input.search",".select2-search--inline",function(a){if(g&&"input"===a.type)return void e.$selection.off("input.search input.searchcheck");var b=a.which;b!=c.SHIFT&&b!=c.CTRL&&b!=c.ALT&&b!=c.TAB&&e.handleSearch(a)})},d.prototype._transferTabIndex=function(a){this.$search.attr("tabindex",this.$selection.attr("tabindex")),this.$selection.attr("tabindex","-1")},d.prototype.createPlaceholder=function(a,b){this.$search.attr("placeholder",b.text)},d.prototype.update=function(a,b){var c=this.$search[0]==document.activeElement;this.$search.attr("placeholder",""),a.call(this,b),this.$selection.find(".select2-selection__rendered").append(this.$searchContainer),this.resizeSearch(),c&&this.$search.focus()},d.prototype.handleSearch=function(){if(this.resizeSearch(),!this._keyUpPrevented){var a=this.$search.val();this.trigger("query",{term:a})}this._keyUpPrevented=!1},d.prototype.searchRemoveChoice=function(a,b){this.trigger("unselect",{data:b}),this.$search.val(b.text),this.handleSearch()},d.prototype.resizeSearch=function(){this.$search.css("width","25px");var a="";if(""!==this.$search.attr("placeholder"))a=this.$selection.find(".select2-selection__rendered").innerWidth();else{var b=this.$search.val().length+1;a=.75*b+"em"}this.$search.css("width",a)},d}),b.define("select2/selection/eventRelay",["jquery"],function(a){function b(){}return b.prototype.bind=function(b,c,d){var e=this,f=["open","opening","close","closing","select","selecting","unselect","unselecting"],g=["opening","closing","selecting","unselecting"];b.call(this,c,d),c.on("*",function(b,c){if(-1!==a.inArray(b,f)){c=c||{};var d=a.Event("select2:"+b,{params:c});e.$element.trigger(d),-1!==a.inArray(b,g)&&(c.prevented=d.isDefaultPrevented())}})},b}),b.define("select2/translation",["jquery","require"],function(a,b){function c(a){this.dict=a||{}}return c.prototype.all=function(){return this.dict},c.prototype.get=function(a){return this.dict[a]},c.prototype.extend=function(b){this.dict=a.extend({},b.all(),this.dict)},c._cache={},c.loadPath=function(a){if(!(a in c._cache)){var d=b(a);c._cache[a]=d}return new c(c._cache[a])},c}),b.define("select2/diacritics",[],function(){var a={"Ⓐ":"A","A":"A","À":"A","Á":"A","Â":"A","Ầ":"A","Ấ":"A","Ẫ":"A","Ẩ":"A","Ã":"A","Ā":"A","Ă":"A","Ằ":"A","Ắ":"A","Ẵ":"A","Ẳ":"A","Ȧ":"A","Ǡ":"A","Ä":"A","Ǟ":"A","Ả":"A","Å":"A","Ǻ":"A","Ǎ":"A","Ȁ":"A","Ȃ":"A","Ạ":"A","Ậ":"A","Ặ":"A","Ḁ":"A","Ą":"A","Ⱥ":"A","Ɐ":"A","Ꜳ":"AA","Æ":"AE","Ǽ":"AE","Ǣ":"AE","Ꜵ":"AO","Ꜷ":"AU","Ꜹ":"AV","Ꜻ":"AV","Ꜽ":"AY","Ⓑ":"B","B":"B","Ḃ":"B","Ḅ":"B","Ḇ":"B","Ƀ":"B","Ƃ":"B","Ɓ":"B","Ⓒ":"C","C":"C","Ć":"C","Ĉ":"C","Ċ":"C","Č":"C","Ç":"C","Ḉ":"C","Ƈ":"C","Ȼ":"C","Ꜿ":"C","Ⓓ":"D","D":"D","Ḋ":"D","Ď":"D","Ḍ":"D","Ḑ":"D","Ḓ":"D","Ḏ":"D","Đ":"D","Ƌ":"D","Ɗ":"D","Ɖ":"D","Ꝺ":"D","DZ":"DZ","DŽ":"DZ","Dz":"Dz","Dž":"Dz","Ⓔ":"E","E":"E","È":"E","É":"E","Ê":"E","Ề":"E","Ế":"E","Ễ":"E","Ể":"E","Ẽ":"E","Ē":"E","Ḕ":"E","Ḗ":"E","Ĕ":"E","Ė":"E","Ë":"E","Ẻ":"E","Ě":"E","Ȅ":"E","Ȇ":"E","Ẹ":"E","Ệ":"E","Ȩ":"E","Ḝ":"E","Ę":"E","Ḙ":"E","Ḛ":"E","Ɛ":"E","Ǝ":"E","Ⓕ":"F","F":"F","Ḟ":"F","Ƒ":"F","Ꝼ":"F","Ⓖ":"G","G":"G","Ǵ":"G","Ĝ":"G","Ḡ":"G","Ğ":"G","Ġ":"G","Ǧ":"G","Ģ":"G","Ǥ":"G","Ɠ":"G","Ꞡ":"G","Ᵹ":"G","Ꝿ":"G","Ⓗ":"H","H":"H","Ĥ":"H","Ḣ":"H","Ḧ":"H","Ȟ":"H","Ḥ":"H","Ḩ":"H","Ḫ":"H","Ħ":"H","Ⱨ":"H","Ⱶ":"H","Ɥ":"H","Ⓘ":"I","I":"I","Ì":"I","Í":"I","Î":"I","Ĩ":"I","Ī":"I","Ĭ":"I","İ":"I","Ï":"I","Ḯ":"I","Ỉ":"I","Ǐ":"I","Ȉ":"I","Ȋ":"I","Ị":"I","Į":"I","Ḭ":"I","Ɨ":"I","Ⓙ":"J","J":"J","Ĵ":"J","Ɉ":"J","Ⓚ":"K","K":"K","Ḱ":"K","Ǩ":"K","Ḳ":"K","Ķ":"K","Ḵ":"K","Ƙ":"K","Ⱪ":"K","Ꝁ":"K","Ꝃ":"K","Ꝅ":"K","Ꞣ":"K","Ⓛ":"L","L":"L","Ŀ":"L","Ĺ":"L","Ľ":"L","Ḷ":"L","Ḹ":"L","Ļ":"L","Ḽ":"L","Ḻ":"L","Ł":"L","Ƚ":"L","Ɫ":"L","Ⱡ":"L","Ꝉ":"L","Ꝇ":"L","Ꞁ":"L","LJ":"LJ","Lj":"Lj","Ⓜ":"M","M":"M","Ḿ":"M","Ṁ":"M","Ṃ":"M","Ɱ":"M","Ɯ":"M","Ⓝ":"N","N":"N","Ǹ":"N","Ń":"N","Ñ":"N","Ṅ":"N","Ň":"N","Ṇ":"N","Ņ":"N","Ṋ":"N","Ṉ":"N","Ƞ":"N","Ɲ":"N","Ꞑ":"N","Ꞥ":"N","NJ":"NJ","Nj":"Nj","Ⓞ":"O","O":"O","Ò":"O","Ó":"O","Ô":"O","Ồ":"O","Ố":"O","Ỗ":"O","Ổ":"O","Õ":"O","Ṍ":"O","Ȭ":"O","Ṏ":"O","Ō":"O","Ṑ":"O","Ṓ":"O","Ŏ":"O","Ȯ":"O","Ȱ":"O","Ö":"O","Ȫ":"O","Ỏ":"O","Ő":"O","Ǒ":"O","Ȍ":"O","Ȏ":"O","Ơ":"O","Ờ":"O","Ớ":"O","Ỡ":"O","Ở":"O","Ợ":"O","Ọ":"O","Ộ":"O","Ǫ":"O","Ǭ":"O","Ø":"O","Ǿ":"O","Ɔ":"O","Ɵ":"O","Ꝋ":"O","Ꝍ":"O","Ƣ":"OI","Ꝏ":"OO","Ȣ":"OU","Ⓟ":"P","P":"P","Ṕ":"P","Ṗ":"P","Ƥ":"P","Ᵽ":"P","Ꝑ":"P","Ꝓ":"P","Ꝕ":"P","Ⓠ":"Q","Q":"Q","Ꝗ":"Q","Ꝙ":"Q","Ɋ":"Q","Ⓡ":"R","R":"R","Ŕ":"R","Ṙ":"R","Ř":"R","Ȑ":"R","Ȓ":"R","Ṛ":"R","Ṝ":"R","Ŗ":"R","Ṟ":"R","Ɍ":"R","Ɽ":"R","Ꝛ":"R","Ꞧ":"R","Ꞃ":"R","Ⓢ":"S","S":"S","ẞ":"S","Ś":"S","Ṥ":"S","Ŝ":"S","Ṡ":"S","Š":"S","Ṧ":"S","Ṣ":"S","Ṩ":"S","Ș":"S","Ş":"S","Ȿ":"S","Ꞩ":"S","Ꞅ":"S","Ⓣ":"T","T":"T","Ṫ":"T","Ť":"T","Ṭ":"T","Ț":"T","Ţ":"T","Ṱ":"T","Ṯ":"T","Ŧ":"T","Ƭ":"T","Ʈ":"T","Ⱦ":"T","Ꞇ":"T","Ꜩ":"TZ","Ⓤ":"U","U":"U","Ù":"U","Ú":"U","Û":"U","Ũ":"U","Ṹ":"U","Ū":"U","Ṻ":"U","Ŭ":"U","Ü":"U","Ǜ":"U","Ǘ":"U","Ǖ":"U","Ǚ":"U","Ủ":"U","Ů":"U","Ű":"U","Ǔ":"U","Ȕ":"U","Ȗ":"U","Ư":"U","Ừ":"U","Ứ":"U","Ữ":"U","Ử":"U","Ự":"U","Ụ":"U","Ṳ":"U","Ų":"U","Ṷ":"U","Ṵ":"U","Ʉ":"U","Ⓥ":"V","V":"V","Ṽ":"V","Ṿ":"V","Ʋ":"V","Ꝟ":"V","Ʌ":"V","Ꝡ":"VY","Ⓦ":"W","W":"W","Ẁ":"W","Ẃ":"W","Ŵ":"W","Ẇ":"W","Ẅ":"W","Ẉ":"W","Ⱳ":"W","Ⓧ":"X","X":"X","Ẋ":"X","Ẍ":"X","Ⓨ":"Y","Y":"Y","Ỳ":"Y","Ý":"Y","Ŷ":"Y","Ỹ":"Y","Ȳ":"Y","Ẏ":"Y","Ÿ":"Y","Ỷ":"Y","Ỵ":"Y","Ƴ":"Y","Ɏ":"Y","Ỿ":"Y","Ⓩ":"Z","Z":"Z","Ź":"Z","Ẑ":"Z","Ż":"Z","Ž":"Z","Ẓ":"Z","Ẕ":"Z","Ƶ":"Z","Ȥ":"Z","Ɀ":"Z","Ⱬ":"Z","Ꝣ":"Z","ⓐ":"a","a":"a","ẚ":"a","à":"a","á":"a","â":"a","ầ":"a","ấ":"a","ẫ":"a","ẩ":"a","ã":"a","ā":"a","ă":"a","ằ":"a","ắ":"a","ẵ":"a","ẳ":"a","ȧ":"a","ǡ":"a","ä":"a","ǟ":"a","ả":"a","å":"a","ǻ":"a","ǎ":"a","ȁ":"a","ȃ":"a","ạ":"a","ậ":"a","ặ":"a","ḁ":"a","ą":"a","ⱥ":"a","ɐ":"a","ꜳ":"aa","æ":"ae","ǽ":"ae","ǣ":"ae","ꜵ":"ao","ꜷ":"au","ꜹ":"av","ꜻ":"av","ꜽ":"ay","ⓑ":"b","b":"b","ḃ":"b","ḅ":"b","ḇ":"b","ƀ":"b","ƃ":"b","ɓ":"b","ⓒ":"c","c":"c","ć":"c","ĉ":"c","ċ":"c","č":"c","ç":"c","ḉ":"c","ƈ":"c","ȼ":"c","ꜿ":"c","ↄ":"c","ⓓ":"d","d":"d","ḋ":"d","ď":"d","ḍ":"d","ḑ":"d","ḓ":"d","ḏ":"d","đ":"d","ƌ":"d","ɖ":"d","ɗ":"d","ꝺ":"d","dz":"dz","dž":"dz","ⓔ":"e","e":"e","è":"e","é":"e","ê":"e","ề":"e","ế":"e","ễ":"e","ể":"e","ẽ":"e","ē":"e","ḕ":"e","ḗ":"e","ĕ":"e","ė":"e","ë":"e","ẻ":"e","ě":"e","ȅ":"e","ȇ":"e","ẹ":"e","ệ":"e","ȩ":"e","ḝ":"e","ę":"e","ḙ":"e","ḛ":"e","ɇ":"e","ɛ":"e","ǝ":"e","ⓕ":"f","f":"f","ḟ":"f","ƒ":"f","ꝼ":"f","ⓖ":"g","g":"g","ǵ":"g","ĝ":"g","ḡ":"g","ğ":"g","ġ":"g","ǧ":"g","ģ":"g","ǥ":"g","ɠ":"g","ꞡ":"g","ᵹ":"g","ꝿ":"g","ⓗ":"h","h":"h","ĥ":"h","ḣ":"h","ḧ":"h","ȟ":"h","ḥ":"h","ḩ":"h","ḫ":"h","ẖ":"h","ħ":"h","ⱨ":"h","ⱶ":"h","ɥ":"h","ƕ":"hv","ⓘ":"i","i":"i","ì":"i","í":"i","î":"i","ĩ":"i","ī":"i","ĭ":"i","ï":"i","ḯ":"i","ỉ":"i","ǐ":"i","ȉ":"i","ȋ":"i","ị":"i","į":"i","ḭ":"i","ɨ":"i","ı":"i","ⓙ":"j","j":"j","ĵ":"j","ǰ":"j","ɉ":"j","ⓚ":"k","k":"k","ḱ":"k","ǩ":"k","ḳ":"k","ķ":"k","ḵ":"k","ƙ":"k","ⱪ":"k","ꝁ":"k","ꝃ":"k","ꝅ":"k","ꞣ":"k","ⓛ":"l","l":"l","ŀ":"l","ĺ":"l","ľ":"l","ḷ":"l","ḹ":"l","ļ":"l","ḽ":"l","ḻ":"l","ſ":"l","ł":"l","ƚ":"l","ɫ":"l","ⱡ":"l","ꝉ":"l","ꞁ":"l","ꝇ":"l","lj":"lj","ⓜ":"m","m":"m","ḿ":"m","ṁ":"m","ṃ":"m","ɱ":"m","ɯ":"m","ⓝ":"n","n":"n","ǹ":"n","ń":"n","ñ":"n","ṅ":"n","ň":"n","ṇ":"n","ņ":"n","ṋ":"n","ṉ":"n","ƞ":"n","ɲ":"n","ʼn":"n","ꞑ":"n","ꞥ":"n","nj":"nj","ⓞ":"o","o":"o","ò":"o","ó":"o","ô":"o","ồ":"o","ố":"o","ỗ":"o","ổ":"o","õ":"o","ṍ":"o","ȭ":"o","ṏ":"o","ō":"o","ṑ":"o","ṓ":"o","ŏ":"o","ȯ":"o","ȱ":"o","ö":"o","ȫ":"o","ỏ":"o","ő":"o","ǒ":"o","ȍ":"o","ȏ":"o","ơ":"o","ờ":"o","ớ":"o","ỡ":"o","ở":"o","ợ":"o","ọ":"o","ộ":"o","ǫ":"o","ǭ":"o","ø":"o","ǿ":"o","ɔ":"o","ꝋ":"o","ꝍ":"o","ɵ":"o","ƣ":"oi","ȣ":"ou","ꝏ":"oo","ⓟ":"p","p":"p","ṕ":"p","ṗ":"p","ƥ":"p","ᵽ":"p","ꝑ":"p","ꝓ":"p","ꝕ":"p","ⓠ":"q","q":"q","ɋ":"q","ꝗ":"q","ꝙ":"q","ⓡ":"r","r":"r","ŕ":"r","ṙ":"r","ř":"r","ȑ":"r","ȓ":"r","ṛ":"r","ṝ":"r","ŗ":"r","ṟ":"r","ɍ":"r","ɽ":"r","ꝛ":"r","ꞧ":"r","ꞃ":"r","ⓢ":"s","s":"s","ß":"s","ś":"s","ṥ":"s","ŝ":"s","ṡ":"s","š":"s","ṧ":"s","ṣ":"s","ṩ":"s","ș":"s","ş":"s","ȿ":"s","ꞩ":"s","ꞅ":"s","ẛ":"s","ⓣ":"t","t":"t","ṫ":"t","ẗ":"t","ť":"t","ṭ":"t","ț":"t","ţ":"t","ṱ":"t","ṯ":"t","ŧ":"t","ƭ":"t","ʈ":"t","ⱦ":"t","ꞇ":"t","ꜩ":"tz","ⓤ":"u","u":"u","ù":"u","ú":"u","û":"u","ũ":"u","ṹ":"u","ū":"u","ṻ":"u","ŭ":"u","ü":"u","ǜ":"u","ǘ":"u","ǖ":"u","ǚ":"u","ủ":"u","ů":"u","ű":"u","ǔ":"u","ȕ":"u","ȗ":"u","ư":"u","ừ":"u","ứ":"u","ữ":"u","ử":"u","ự":"u","ụ":"u","ṳ":"u","ų":"u","ṷ":"u","ṵ":"u","ʉ":"u","ⓥ":"v","v":"v","ṽ":"v","ṿ":"v","ʋ":"v","ꝟ":"v","ʌ":"v","ꝡ":"vy","ⓦ":"w","w":"w","ẁ":"w","ẃ":"w","ŵ":"w","ẇ":"w","ẅ":"w","ẘ":"w","ẉ":"w","ⱳ":"w","ⓧ":"x","x":"x","ẋ":"x","ẍ":"x","ⓨ":"y","y":"y","ỳ":"y","ý":"y","ŷ":"y","ỹ":"y","ȳ":"y","ẏ":"y","ÿ":"y","ỷ":"y","ẙ":"y","ỵ":"y","ƴ":"y","ɏ":"y","ỿ":"y","ⓩ":"z","z":"z","ź":"z","ẑ":"z","ż":"z","ž":"z","ẓ":"z","ẕ":"z","ƶ":"z","ȥ":"z","ɀ":"z","ⱬ":"z","ꝣ":"z","Ά":"Α","Έ":"Ε","Ή":"Η","Ί":"Ι","Ϊ":"Ι","Ό":"Ο","Ύ":"Υ","Ϋ":"Υ","Ώ":"Ω","ά":"α","έ":"ε","ή":"η","ί":"ι","ϊ":"ι","ΐ":"ι","ό":"ο","ύ":"υ","ϋ":"υ","ΰ":"υ","ω":"ω","ς":"σ"};return a}),b.define("select2/data/base",["../utils"],function(a){function b(a,c){b.__super__.constructor.call(this)}return a.Extend(b,a.Observable),b.prototype.current=function(a){throw new Error("The `current` method must be defined in child classes.")},b.prototype.query=function(a,b){throw new Error("The `query` method must be defined in child classes.")},b.prototype.bind=function(a,b){},b.prototype.destroy=function(){},b.prototype.generateResultId=function(b,c){var d=b.id+"-result-";return d+=a.generateChars(4),d+=null!=c.id?"-"+c.id.toString():"-"+a.generateChars(4)},b}),b.define("select2/data/select",["./base","../utils","jquery"],function(a,b,c){function d(a,b){this.$element=a,this.options=b,d.__super__.constructor.call(this)}return b.Extend(d,a),d.prototype.current=function(a){var b=[],d=this;this.$element.find(":selected").each(function(){var a=c(this),e=d.item(a);b.push(e)}),a(b)},d.prototype.select=function(a){var b=this;if(a.selected=!0,c(a.element).is("option"))return a.element.selected=!0,void this.$element.trigger("change");
2
+ if(this.$element.prop("multiple"))this.current(function(d){var e=[];a=[a],a.push.apply(a,d);for(var f=0;f<a.length;f++){var g=a[f].id;-1===c.inArray(g,e)&&e.push(g)}b.$element.val(e),b.$element.trigger("change")});else{var d=a.id;this.$element.val(d),this.$element.trigger("change")}},d.prototype.unselect=function(a){var b=this;if(this.$element.prop("multiple"))return a.selected=!1,c(a.element).is("option")?(a.element.selected=!1,void this.$element.trigger("change")):void this.current(function(d){for(var e=[],f=0;f<d.length;f++){var g=d[f].id;g!==a.id&&-1===c.inArray(g,e)&&e.push(g)}b.$element.val(e),b.$element.trigger("change")})},d.prototype.bind=function(a,b){var c=this;this.container=a,a.on("select",function(a){c.select(a.data)}),a.on("unselect",function(a){c.unselect(a.data)})},d.prototype.destroy=function(){this.$element.find("*").each(function(){c.removeData(this,"data")})},d.prototype.query=function(a,b){var d=[],e=this,f=this.$element.children();f.each(function(){var b=c(this);if(b.is("option")||b.is("optgroup")){var f=e.item(b),g=e.matches(a,f);null!==g&&d.push(g)}}),b({results:d})},d.prototype.addOptions=function(a){b.appendMany(this.$element,a)},d.prototype.option=function(a){var b;a.children?(b=document.createElement("optgroup"),b.label=a.text):(b=document.createElement("option"),void 0!==b.textContent?b.textContent=a.text:b.innerText=a.text),a.id&&(b.value=a.id),a.disabled&&(b.disabled=!0),a.selected&&(b.selected=!0),a.title&&(b.title=a.title);var d=c(b),e=this._normalizeItem(a);return e.element=b,c.data(b,"data",e),d},d.prototype.item=function(a){var b={};if(b=c.data(a[0],"data"),null!=b)return b;if(a.is("option"))b={id:a.val(),text:a.text(),disabled:a.prop("disabled"),selected:a.prop("selected"),title:a.prop("title")};else if(a.is("optgroup")){b={text:a.prop("label"),children:[],title:a.prop("title")};for(var d=a.children("option"),e=[],f=0;f<d.length;f++){var g=c(d[f]),h=this.item(g);e.push(h)}b.children=e}return b=this._normalizeItem(b),b.element=a[0],c.data(a[0],"data",b),b},d.prototype._normalizeItem=function(a){c.isPlainObject(a)||(a={id:a,text:a}),a=c.extend({},{text:""},a);var b={selected:!1,disabled:!1};return null!=a.id&&(a.id=a.id.toString()),null!=a.text&&(a.text=a.text.toString()),null==a._resultId&&a.id&&null!=this.container&&(a._resultId=this.generateResultId(this.container,a)),c.extend({},b,a)},d.prototype.matches=function(a,b){var c=this.options.get("matcher");return c(a,b)},d}),b.define("select2/data/array",["./select","../utils","jquery"],function(a,b,c){function d(a,b){var c=b.get("data")||[];d.__super__.constructor.call(this,a,b),this.addOptions(this.convertToOptions(c))}return b.Extend(d,a),d.prototype.select=function(a){var b=this.$element.find("option").filter(function(b,c){return c.value==a.id.toString()});0===b.length&&(b=this.option(a),this.addOptions(b)),d.__super__.select.call(this,a)},d.prototype.convertToOptions=function(a){function d(a){return function(){return c(this).val()==a.id}}for(var e=this,f=this.$element.find("option"),g=f.map(function(){return e.item(c(this)).id}).get(),h=[],i=0;i<a.length;i++){var j=this._normalizeItem(a[i]);if(c.inArray(j.id,g)>=0){var k=f.filter(d(j)),l=this.item(k),m=c.extend(!0,{},j,l),n=this.option(m);k.replaceWith(n)}else{var o=this.option(j);if(j.children){var p=this.convertToOptions(j.children);b.appendMany(o,p)}h.push(o)}}return h},d}),b.define("select2/data/ajax",["./array","../utils","jquery"],function(a,b,c){function d(a,b){this.ajaxOptions=this._applyDefaults(b.get("ajax")),null!=this.ajaxOptions.processResults&&(this.processResults=this.ajaxOptions.processResults),d.__super__.constructor.call(this,a,b)}return b.Extend(d,a),d.prototype._applyDefaults=function(a){var b={data:function(a){return c.extend({},a,{q:a.term})},transport:function(a,b,d){var e=c.ajax(a);return e.then(b),e.fail(d),e}};return c.extend({},b,a,!0)},d.prototype.processResults=function(a){return a},d.prototype.query=function(a,b){function d(){var d=f.transport(f,function(d){var f=e.processResults(d,a);e.options.get("debug")&&window.console&&console.error&&(f&&f.results&&c.isArray(f.results)||console.error("Select2: The AJAX results did not return an array in the `results` key of the response.")),b(f)},function(){d.status&&"0"===d.status||e.trigger("results:message",{message:"errorLoading"})});e._request=d}var e=this;null!=this._request&&(c.isFunction(this._request.abort)&&this._request.abort(),this._request=null);var f=c.extend({type:"GET"},this.ajaxOptions);"function"==typeof f.url&&(f.url=f.url.call(this.$element,a)),"function"==typeof f.data&&(f.data=f.data.call(this.$element,a)),this.ajaxOptions.delay&&null!=a.term?(this._queryTimeout&&window.clearTimeout(this._queryTimeout),this._queryTimeout=window.setTimeout(d,this.ajaxOptions.delay)):d()},d}),b.define("select2/data/tags",["jquery"],function(a){function b(b,c,d){var e=d.get("tags"),f=d.get("createTag");void 0!==f&&(this.createTag=f);var g=d.get("insertTag");if(void 0!==g&&(this.insertTag=g),b.call(this,c,d),a.isArray(e))for(var h=0;h<e.length;h++){var i=e[h],j=this._normalizeItem(i),k=this.option(j);this.$element.append(k)}}return b.prototype.query=function(a,b,c){function d(a,f){for(var g=a.results,h=0;h<g.length;h++){var i=g[h],j=null!=i.children&&!d({results:i.children},!0),k=i.text===b.term;if(k||j)return f?!1:(a.data=g,void c(a))}if(f)return!0;var l=e.createTag(b);if(null!=l){var m=e.option(l);m.attr("data-select2-tag",!0),e.addOptions([m]),e.insertTag(g,l)}a.results=g,c(a)}var e=this;return this._removeOldTags(),null==b.term||null!=b.page?void a.call(this,b,c):void a.call(this,b,d)},b.prototype.createTag=function(b,c){var d=a.trim(c.term);return""===d?null:{id:d,text:d}},b.prototype.insertTag=function(a,b,c){b.unshift(c)},b.prototype._removeOldTags=function(b){var c=(this._lastTag,this.$element.find("option[data-select2-tag]"));c.each(function(){this.selected||a(this).remove()})},b}),b.define("select2/data/tokenizer",["jquery"],function(a){function b(a,b,c){var d=c.get("tokenizer");void 0!==d&&(this.tokenizer=d),a.call(this,b,c)}return b.prototype.bind=function(a,b,c){a.call(this,b,c),this.$search=b.dropdown.$search||b.selection.$search||c.find(".select2-search__field")},b.prototype.query=function(b,c,d){function e(b){var c=g._normalizeItem(b),d=g.$element.find("option").filter(function(){return a(this).val()===c.id});if(!d.length){var e=g.option(c);e.attr("data-select2-tag",!0),g._removeOldTags(),g.addOptions([e])}f(c)}function f(a){g.trigger("select",{data:a})}var g=this;c.term=c.term||"";var h=this.tokenizer(c,this.options,e);h.term!==c.term&&(this.$search.length&&(this.$search.val(h.term),this.$search.focus()),c.term=h.term),b.call(this,c,d)},b.prototype.tokenizer=function(b,c,d,e){for(var f=d.get("tokenSeparators")||[],g=c.term,h=0,i=this.createTag||function(a){return{id:a.term,text:a.term}};h<g.length;){var j=g[h];if(-1!==a.inArray(j,f)){var k=g.substr(0,h),l=a.extend({},c,{term:k}),m=i(l);null!=m?(e(m),g=g.substr(h+1)||"",h=0):h++}else h++}return{term:g}},b}),b.define("select2/data/minimumInputLength",[],function(){function a(a,b,c){this.minimumInputLength=c.get("minimumInputLength"),a.call(this,b,c)}return a.prototype.query=function(a,b,c){return b.term=b.term||"",b.term.length<this.minimumInputLength?void this.trigger("results:message",{message:"inputTooShort",args:{minimum:this.minimumInputLength,input:b.term,params:b}}):void a.call(this,b,c)},a}),b.define("select2/data/maximumInputLength",[],function(){function a(a,b,c){this.maximumInputLength=c.get("maximumInputLength"),a.call(this,b,c)}return a.prototype.query=function(a,b,c){return b.term=b.term||"",this.maximumInputLength>0&&b.term.length>this.maximumInputLength?void this.trigger("results:message",{message:"inputTooLong",args:{maximum:this.maximumInputLength,input:b.term,params:b}}):void a.call(this,b,c)},a}),b.define("select2/data/maximumSelectionLength",[],function(){function a(a,b,c){this.maximumSelectionLength=c.get("maximumSelectionLength"),a.call(this,b,c)}return a.prototype.query=function(a,b,c){var d=this;this.current(function(e){var f=null!=e?e.length:0;return d.maximumSelectionLength>0&&f>=d.maximumSelectionLength?void d.trigger("results:message",{message:"maximumSelected",args:{maximum:d.maximumSelectionLength}}):void a.call(d,b,c)})},a}),b.define("select2/dropdown",["jquery","./utils"],function(a,b){function c(a,b){this.$element=a,this.options=b,c.__super__.constructor.call(this)}return b.Extend(c,b.Observable),c.prototype.render=function(){var b=a('<span class="select2-dropdown"><span class="select2-results"></span></span>');return b.attr("dir",this.options.get("dir")),this.$dropdown=b,b},c.prototype.bind=function(){},c.prototype.position=function(a,b){},c.prototype.destroy=function(){this.$dropdown.remove()},c}),b.define("select2/dropdown/search",["jquery","../utils"],function(a,b){function c(){}return c.prototype.render=function(b){var c=b.call(this),d=a('<span class="select2-search select2-search--dropdown"><input class="select2-search__field" type="search" tabindex="-1" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" role="textbox" /></span>');return this.$searchContainer=d,this.$search=d.find("input"),c.prepend(d),c},c.prototype.bind=function(b,c,d){var e=this;b.call(this,c,d),this.$search.on("keydown",function(a){e.trigger("keypress",a),e._keyUpPrevented=a.isDefaultPrevented()}),this.$search.on("input",function(b){a(this).off("keyup")}),this.$search.on("keyup input",function(a){e.handleSearch(a)}),c.on("open",function(){e.$search.attr("tabindex",0),e.$search.focus(),window.setTimeout(function(){e.$search.focus()},0)}),c.on("close",function(){e.$search.attr("tabindex",-1),e.$search.val("")}),c.on("focus",function(){c.isOpen()&&e.$search.focus()}),c.on("results:all",function(a){if(null==a.query.term||""===a.query.term){var b=e.showSearch(a);b?e.$searchContainer.removeClass("select2-search--hide"):e.$searchContainer.addClass("select2-search--hide")}})},c.prototype.handleSearch=function(a){if(!this._keyUpPrevented){var b=this.$search.val();this.trigger("query",{term:b})}this._keyUpPrevented=!1},c.prototype.showSearch=function(a,b){return!0},c}),b.define("select2/dropdown/hidePlaceholder",[],function(){function a(a,b,c,d){this.placeholder=this.normalizePlaceholder(c.get("placeholder")),a.call(this,b,c,d)}return a.prototype.append=function(a,b){b.results=this.removePlaceholder(b.results),a.call(this,b)},a.prototype.normalizePlaceholder=function(a,b){return"string"==typeof b&&(b={id:"",text:b}),b},a.prototype.removePlaceholder=function(a,b){for(var c=b.slice(0),d=b.length-1;d>=0;d--){var e=b[d];this.placeholder.id===e.id&&c.splice(d,1)}return c},a}),b.define("select2/dropdown/infiniteScroll",["jquery"],function(a){function b(a,b,c,d){this.lastParams={},a.call(this,b,c,d),this.$loadingMore=this.createLoadingMore(),this.loading=!1}return b.prototype.append=function(a,b){this.$loadingMore.remove(),this.loading=!1,a.call(this,b),this.showLoadingMore(b)&&this.$results.append(this.$loadingMore)},b.prototype.bind=function(b,c,d){var e=this;b.call(this,c,d),c.on("query",function(a){e.lastParams=a,e.loading=!0}),c.on("query:append",function(a){e.lastParams=a,e.loading=!0}),this.$results.on("scroll",function(){var b=a.contains(document.documentElement,e.$loadingMore[0]);if(!e.loading&&b){var c=e.$results.offset().top+e.$results.outerHeight(!1),d=e.$loadingMore.offset().top+e.$loadingMore.outerHeight(!1);c+50>=d&&e.loadMore()}})},b.prototype.loadMore=function(){this.loading=!0;var b=a.extend({},{page:1},this.lastParams);b.page++,this.trigger("query:append",b)},b.prototype.showLoadingMore=function(a,b){return b.pagination&&b.pagination.more},b.prototype.createLoadingMore=function(){var b=a('<li class="select2-results__option select2-results__option--load-more"role="treeitem" aria-disabled="true"></li>'),c=this.options.get("translations").get("loadingMore");return b.html(c(this.lastParams)),b},b}),b.define("select2/dropdown/attachBody",["jquery","../utils"],function(a,b){function c(b,c,d){this.$dropdownParent=d.get("dropdownParent")||a(document.body),b.call(this,c,d)}return c.prototype.bind=function(a,b,c){var d=this,e=!1;a.call(this,b,c),b.on("open",function(){d._showDropdown(),d._attachPositioningHandler(b),e||(e=!0,b.on("results:all",function(){d._positionDropdown(),d._resizeDropdown()}),b.on("results:append",function(){d._positionDropdown(),d._resizeDropdown()}))}),b.on("close",function(){d._hideDropdown(),d._detachPositioningHandler(b)}),this.$dropdownContainer.on("mousedown",function(a){a.stopPropagation()})},c.prototype.destroy=function(a){a.call(this),this.$dropdownContainer.remove()},c.prototype.position=function(a,b,c){b.attr("class",c.attr("class")),b.removeClass("select2"),b.addClass("select2-container--open"),b.css({position:"absolute",top:-999999}),this.$container=c},c.prototype.render=function(b){var c=a("<span></span>"),d=b.call(this);return c.append(d),this.$dropdownContainer=c,c},c.prototype._hideDropdown=function(a){this.$dropdownContainer.detach()},c.prototype._attachPositioningHandler=function(c,d){var e=this,f="scroll.select2."+d.id,g="resize.select2."+d.id,h="orientationchange.select2."+d.id,i=this.$container.parents().filter(b.hasScroll);i.each(function(){a(this).data("select2-scroll-position",{x:a(this).scrollLeft(),y:a(this).scrollTop()})}),i.on(f,function(b){var c=a(this).data("select2-scroll-position");a(this).scrollTop(c.y)}),a(window).on(f+" "+g+" "+h,function(a){e._positionDropdown(),e._resizeDropdown()})},c.prototype._detachPositioningHandler=function(c,d){var e="scroll.select2."+d.id,f="resize.select2."+d.id,g="orientationchange.select2."+d.id,h=this.$container.parents().filter(b.hasScroll);h.off(e),a(window).off(e+" "+f+" "+g)},c.prototype._positionDropdown=function(){var b=a(window),c=this.$dropdown.hasClass("select2-dropdown--above"),d=this.$dropdown.hasClass("select2-dropdown--below"),e=null,f=this.$container.offset();f.bottom=f.top+this.$container.outerHeight(!1);var g={height:this.$container.outerHeight(!1)};g.top=f.top,g.bottom=f.top+g.height;var h={height:this.$dropdown.outerHeight(!1)},i={top:b.scrollTop(),bottom:b.scrollTop()+b.height()},j=i.top<f.top-h.height,k=i.bottom>f.bottom+h.height,l={left:f.left,top:g.bottom},m=this.$dropdownParent;"static"===m.css("position")&&(m=m.offsetParent());var n=m.offset();l.top-=n.top,l.left-=n.left,c||d||(e="below"),k||!j||c?!j&&k&&c&&(e="below"):e="above",("above"==e||c&&"below"!==e)&&(l.top=g.top-n.top-h.height),null!=e&&(this.$dropdown.removeClass("select2-dropdown--below select2-dropdown--above").addClass("select2-dropdown--"+e),this.$container.removeClass("select2-container--below select2-container--above").addClass("select2-container--"+e)),this.$dropdownContainer.css(l)},c.prototype._resizeDropdown=function(){var a={width:this.$container.outerWidth(!1)+"px"};this.options.get("dropdownAutoWidth")&&(a.minWidth=a.width,a.position="relative",a.width="auto"),this.$dropdown.css(a)},c.prototype._showDropdown=function(a){this.$dropdownContainer.appendTo(this.$dropdownParent),this._positionDropdown(),this._resizeDropdown()},c}),b.define("select2/dropdown/minimumResultsForSearch",[],function(){function a(b){for(var c=0,d=0;d<b.length;d++){var e=b[d];e.children?c+=a(e.children):c++}return c}function b(a,b,c,d){this.minimumResultsForSearch=c.get("minimumResultsForSearch"),this.minimumResultsForSearch<0&&(this.minimumResultsForSearch=1/0),a.call(this,b,c,d)}return b.prototype.showSearch=function(b,c){return a(c.data.results)<this.minimumResultsForSearch?!1:b.call(this,c)},b}),b.define("select2/dropdown/selectOnClose",[],function(){function a(){}return a.prototype.bind=function(a,b,c){var d=this;a.call(this,b,c),b.on("close",function(a){d._handleSelectOnClose(a)})},a.prototype._handleSelectOnClose=function(a,b){if(b&&null!=b.originalSelect2Event){var c=b.originalSelect2Event;if("select"===c._type||"unselect"===c._type)return}var d=this.getHighlightedResults();if(!(d.length<1)){var e=d.data("data");null!=e.element&&e.element.selected||null==e.element&&e.selected||this.trigger("select",{data:e})}},a}),b.define("select2/dropdown/closeOnSelect",[],function(){function a(){}return a.prototype.bind=function(a,b,c){var d=this;a.call(this,b,c),b.on("select",function(a){d._selectTriggered(a)}),b.on("unselect",function(a){d._selectTriggered(a)})},a.prototype._selectTriggered=function(a,b){var c=b.originalEvent;c&&c.ctrlKey||this.trigger("close",{originalEvent:c,originalSelect2Event:b})},a}),b.define("select2/i18n/en",[],function(){return{errorLoading:function(){return"The results could not be loaded."},inputTooLong:function(a){var b=a.input.length-a.maximum,c="Please delete "+b+" character";return 1!=b&&(c+="s"),c},inputTooShort:function(a){var b=a.minimum-a.input.length,c="Please enter "+b+" or more characters";return c},loadingMore:function(){return"Loading more results…"},maximumSelected:function(a){var b="You can only select "+a.maximum+" item";return 1!=a.maximum&&(b+="s"),b},noResults:function(){return"No results found"},searching:function(){return"Searching…"}}}),b.define("select2/defaults",["jquery","require","./results","./selection/single","./selection/multiple","./selection/placeholder","./selection/allowClear","./selection/search","./selection/eventRelay","./utils","./translation","./diacritics","./data/select","./data/array","./data/ajax","./data/tags","./data/tokenizer","./data/minimumInputLength","./data/maximumInputLength","./data/maximumSelectionLength","./dropdown","./dropdown/search","./dropdown/hidePlaceholder","./dropdown/infiniteScroll","./dropdown/attachBody","./dropdown/minimumResultsForSearch","./dropdown/selectOnClose","./dropdown/closeOnSelect","./i18n/en"],function(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,A,B,C){function D(){this.reset()}D.prototype.apply=function(l){if(l=a.extend(!0,{},this.defaults,l),null==l.dataAdapter){if(null!=l.ajax?l.dataAdapter=o:null!=l.data?l.dataAdapter=n:l.dataAdapter=m,l.minimumInputLength>0&&(l.dataAdapter=j.Decorate(l.dataAdapter,r)),l.maximumInputLength>0&&(l.dataAdapter=j.Decorate(l.dataAdapter,s)),l.maximumSelectionLength>0&&(l.dataAdapter=j.Decorate(l.dataAdapter,t)),l.tags&&(l.dataAdapter=j.Decorate(l.dataAdapter,p)),(null!=l.tokenSeparators||null!=l.tokenizer)&&(l.dataAdapter=j.Decorate(l.dataAdapter,q)),null!=l.query){var C=b(l.amdBase+"compat/query");l.dataAdapter=j.Decorate(l.dataAdapter,C)}if(null!=l.initSelection){var D=b(l.amdBase+"compat/initSelection");l.dataAdapter=j.Decorate(l.dataAdapter,D)}}if(null==l.resultsAdapter&&(l.resultsAdapter=c,null!=l.ajax&&(l.resultsAdapter=j.Decorate(l.resultsAdapter,x)),null!=l.placeholder&&(l.resultsAdapter=j.Decorate(l.resultsAdapter,w)),l.selectOnClose&&(l.resultsAdapter=j.Decorate(l.resultsAdapter,A))),null==l.dropdownAdapter){if(l.multiple)l.dropdownAdapter=u;else{var E=j.Decorate(u,v);l.dropdownAdapter=E}if(0!==l.minimumResultsForSearch&&(l.dropdownAdapter=j.Decorate(l.dropdownAdapter,z)),l.closeOnSelect&&(l.dropdownAdapter=j.Decorate(l.dropdownAdapter,B)),null!=l.dropdownCssClass||null!=l.dropdownCss||null!=l.adaptDropdownCssClass){var F=b(l.amdBase+"compat/dropdownCss");l.dropdownAdapter=j.Decorate(l.dropdownAdapter,F)}l.dropdownAdapter=j.Decorate(l.dropdownAdapter,y)}if(null==l.selectionAdapter){if(l.multiple?l.selectionAdapter=e:l.selectionAdapter=d,null!=l.placeholder&&(l.selectionAdapter=j.Decorate(l.selectionAdapter,f)),l.allowClear&&(l.selectionAdapter=j.Decorate(l.selectionAdapter,g)),l.multiple&&(l.selectionAdapter=j.Decorate(l.selectionAdapter,h)),null!=l.containerCssClass||null!=l.containerCss||null!=l.adaptContainerCssClass){var G=b(l.amdBase+"compat/containerCss");l.selectionAdapter=j.Decorate(l.selectionAdapter,G)}l.selectionAdapter=j.Decorate(l.selectionAdapter,i)}if("string"==typeof l.language)if(l.language.indexOf("-")>0){var H=l.language.split("-"),I=H[0];l.language=[l.language,I]}else l.language=[l.language];if(a.isArray(l.language)){var J=new k;l.language.push("en");for(var K=l.language,L=0;L<K.length;L++){var M=K[L],N={};try{N=k.loadPath(M)}catch(O){try{M=this.defaults.amdLanguageBase+M,N=k.loadPath(M)}catch(P){l.debug&&window.console&&console.warn&&console.warn('Select2: The language file for "'+M+'" could not be automatically loaded. A fallback will be used instead.');continue}}J.extend(N)}l.translations=J}else{var Q=k.loadPath(this.defaults.amdLanguageBase+"en"),R=new k(l.language);R.extend(Q),l.translations=R}return l},D.prototype.reset=function(){function b(a){function b(a){return l[a]||a}return a.replace(/[^\u0000-\u007E]/g,b)}function c(d,e){if(""===a.trim(d.term))return e;if(e.children&&e.children.length>0){for(var f=a.extend(!0,{},e),g=e.children.length-1;g>=0;g--){var h=e.children[g],i=c(d,h);null==i&&f.children.splice(g,1)}return f.children.length>0?f:c(d,f)}var j=b(e.text).toUpperCase(),k=b(d.term).toUpperCase();return j.indexOf(k)>-1?e:null}this.defaults={amdBase:"./",amdLanguageBase:"./i18n/",closeOnSelect:!0,debug:!1,dropdownAutoWidth:!1,escapeMarkup:j.escapeMarkup,language:C,matcher:c,minimumInputLength:0,maximumInputLength:0,maximumSelectionLength:0,minimumResultsForSearch:0,selectOnClose:!1,sorter:function(a){return a},templateResult:function(a){return a.text},templateSelection:function(a){return a.text},theme:"default",width:"resolve"}},D.prototype.set=function(b,c){var d=a.camelCase(b),e={};e[d]=c;var f=j._convertData(e);a.extend(this.defaults,f)};var E=new D;return E}),b.define("select2/options",["require","jquery","./defaults","./utils"],function(a,b,c,d){function e(b,e){if(this.options=b,null!=e&&this.fromElement(e),this.options=c.apply(this.options),e&&e.is("input")){var f=a(this.get("amdBase")+"compat/inputData");this.options.dataAdapter=d.Decorate(this.options.dataAdapter,f)}}return e.prototype.fromElement=function(a){var c=["select2"];null==this.options.multiple&&(this.options.multiple=a.prop("multiple")),null==this.options.disabled&&(this.options.disabled=a.prop("disabled")),null==this.options.language&&(a.prop("lang")?this.options.language=a.prop("lang").toLowerCase():a.closest("[lang]").prop("lang")&&(this.options.language=a.closest("[lang]").prop("lang"))),null==this.options.dir&&(a.prop("dir")?this.options.dir=a.prop("dir"):a.closest("[dir]").prop("dir")?this.options.dir=a.closest("[dir]").prop("dir"):this.options.dir="ltr"),a.prop("disabled",this.options.disabled),a.prop("multiple",this.options.multiple),a.data("select2Tags")&&(this.options.debug&&window.console&&console.warn&&console.warn('Select2: The `data-select2-tags` attribute has been changed to use the `data-data` and `data-tags="true"` attributes and will be removed in future versions of Select2.'),a.data("data",a.data("select2Tags")),a.data("tags",!0)),a.data("ajaxUrl")&&(this.options.debug&&window.console&&console.warn&&console.warn("Select2: The `data-ajax-url` attribute has been changed to `data-ajax--url` and support for the old attribute will be removed in future versions of Select2."),a.attr("ajax--url",a.data("ajaxUrl")),a.data("ajax--url",a.data("ajaxUrl")));var e={};e=b.fn.jquery&&"1."==b.fn.jquery.substr(0,2)&&a[0].dataset?b.extend(!0,{},a[0].dataset,a.data()):a.data();var f=b.extend(!0,{},e);f=d._convertData(f);for(var g in f)b.inArray(g,c)>-1||(b.isPlainObject(this.options[g])?b.extend(this.options[g],f[g]):this.options[g]=f[g]);return this},e.prototype.get=function(a){return this.options[a]},e.prototype.set=function(a,b){this.options[a]=b},e}),b.define("select2/core",["jquery","./options","./utils","./keys"],function(a,b,c,d){var e=function(a,c){null!=a.data("select2")&&a.data("select2").destroy(),this.$element=a,this.id=this._generateId(a),c=c||{},this.options=new b(c,a),e.__super__.constructor.call(this);var d=a.attr("tabindex")||0;a.data("old-tabindex",d),a.attr("tabindex","-1");var f=this.options.get("dataAdapter");this.dataAdapter=new f(a,this.options);var g=this.render();this._placeContainer(g);var h=this.options.get("selectionAdapter");this.selection=new h(a,this.options),this.$selection=this.selection.render(),this.selection.position(this.$selection,g);var i=this.options.get("dropdownAdapter");this.dropdown=new i(a,this.options),this.$dropdown=this.dropdown.render(),this.dropdown.position(this.$dropdown,g);var j=this.options.get("resultsAdapter");this.results=new j(a,this.options,this.dataAdapter),this.$results=this.results.render(),this.results.position(this.$results,this.$dropdown);var k=this;this._bindAdapters(),this._registerDomEvents(),this._registerDataEvents(),this._registerSelectionEvents(),this._registerDropdownEvents(),this._registerResultsEvents(),this._registerEvents(),this.dataAdapter.current(function(a){k.trigger("selection:update",{data:a})}),a.addClass("select2-hidden-accessible"),a.attr("aria-hidden","true"),this._syncAttributes(),a.data("select2",this)};return c.Extend(e,c.Observable),e.prototype._generateId=function(a){var b="";return b=null!=a.attr("id")?a.attr("id"):null!=a.attr("name")?a.attr("name")+"-"+c.generateChars(2):c.generateChars(4),b=b.replace(/(:|\.|\[|\]|,)/g,""),b="select2-"+b},e.prototype._placeContainer=function(a){a.insertAfter(this.$element);var b=this._resolveWidth(this.$element,this.options.get("width"));null!=b&&a.css("width",b)},e.prototype._resolveWidth=function(a,b){var c=/^width:(([-+]?([0-9]*\.)?[0-9]+)(px|em|ex|%|in|cm|mm|pt|pc))/i;if("resolve"==b){var d=this._resolveWidth(a,"style");return null!=d?d:this._resolveWidth(a,"element")}if("element"==b){var e=a.outerWidth(!1);return 0>=e?"auto":e+"px"}if("style"==b){var f=a.attr("style");if("string"!=typeof f)return null;for(var g=f.split(";"),h=0,i=g.length;i>h;h+=1){var j=g[h].replace(/\s/g,""),k=j.match(c);if(null!==k&&k.length>=1)return k[1]}return null}return b},e.prototype._bindAdapters=function(){this.dataAdapter.bind(this,this.$container),this.selection.bind(this,this.$container),this.dropdown.bind(this,this.$container),this.results.bind(this,this.$container)},e.prototype._registerDomEvents=function(){var b=this;this.$element.on("change.select2",function(){b.dataAdapter.current(function(a){b.trigger("selection:update",{data:a})})}),this.$element.on("focus.select2",function(a){b.trigger("focus",a)}),this._syncA=c.bind(this._syncAttributes,this),this._syncS=c.bind(this._syncSubtree,this),this.$element[0].attachEvent&&this.$element[0].attachEvent("onpropertychange",this._syncA);var d=window.MutationObserver||window.WebKitMutationObserver||window.MozMutationObserver;null!=d?(this._observer=new d(function(c){a.each(c,b._syncA),a.each(c,b._syncS)}),this._observer.observe(this.$element[0],{attributes:!0,childList:!0,subtree:!1})):this.$element[0].addEventListener&&(this.$element[0].addEventListener("DOMAttrModified",b._syncA,!1),this.$element[0].addEventListener("DOMNodeInserted",b._syncS,!1),this.$element[0].addEventListener("DOMNodeRemoved",b._syncS,!1))},e.prototype._registerDataEvents=function(){var a=this;this.dataAdapter.on("*",function(b,c){a.trigger(b,c)})},e.prototype._registerSelectionEvents=function(){var b=this,c=["toggle","focus"];this.selection.on("toggle",function(){b.toggleDropdown()}),this.selection.on("focus",function(a){b.focus(a)}),this.selection.on("*",function(d,e){-1===a.inArray(d,c)&&b.trigger(d,e)})},e.prototype._registerDropdownEvents=function(){var a=this;this.dropdown.on("*",function(b,c){a.trigger(b,c)})},e.prototype._registerResultsEvents=function(){var a=this;this.results.on("*",function(b,c){a.trigger(b,c)})},e.prototype._registerEvents=function(){var a=this;this.on("open",function(){a.$container.addClass("select2-container--open")}),this.on("close",function(){a.$container.removeClass("select2-container--open")}),this.on("enable",function(){a.$container.removeClass("select2-container--disabled")}),this.on("disable",function(){a.$container.addClass("select2-container--disabled")}),this.on("blur",function(){a.$container.removeClass("select2-container--focus")}),this.on("query",function(b){a.isOpen()||a.trigger("open",{}),this.dataAdapter.query(b,function(c){a.trigger("results:all",{data:c,query:b})})}),this.on("query:append",function(b){this.dataAdapter.query(b,function(c){a.trigger("results:append",{data:c,query:b})})}),this.on("keypress",function(b){var c=b.which;a.isOpen()?c===d.ESC||c===d.TAB||c===d.UP&&b.altKey?(a.close(),b.preventDefault()):c===d.ENTER?(a.trigger("results:select",{}),b.preventDefault()):c===d.SPACE&&b.ctrlKey?(a.trigger("results:toggle",{}),b.preventDefault()):c===d.UP?(a.trigger("results:previous",{}),b.preventDefault()):c===d.DOWN&&(a.trigger("results:next",{}),b.preventDefault()):(c===d.ENTER||c===d.SPACE||c===d.DOWN&&b.altKey)&&(a.open(),b.preventDefault())})},e.prototype._syncAttributes=function(){this.options.set("disabled",this.$element.prop("disabled")),this.options.get("disabled")?(this.isOpen()&&this.close(),this.trigger("disable",{})):this.trigger("enable",{})},e.prototype._syncSubtree=function(a,b){var c=!1,d=this;if(!a||!a.target||"OPTION"===a.target.nodeName||"OPTGROUP"===a.target.nodeName){if(b)if(b.addedNodes&&b.addedNodes.length>0)for(var e=0;e<b.addedNodes.length;e++){var f=b.addedNodes[e];f.selected&&(c=!0)}else b.removedNodes&&b.removedNodes.length>0&&(c=!0);else c=!0;c&&this.dataAdapter.current(function(a){d.trigger("selection:update",{data:a})})}},e.prototype.trigger=function(a,b){var c=e.__super__.trigger,d={open:"opening",close:"closing",select:"selecting",unselect:"unselecting"};if(void 0===b&&(b={}),a in d){var f=d[a],g={prevented:!1,name:a,args:b};if(c.call(this,f,g),g.prevented)return void(b.prevented=!0)}c.call(this,a,b)},e.prototype.toggleDropdown=function(){this.options.get("disabled")||(this.isOpen()?this.close():this.open())},e.prototype.open=function(){this.isOpen()||this.trigger("query",{})},e.prototype.close=function(){this.isOpen()&&this.trigger("close",{})},e.prototype.isOpen=function(){return this.$container.hasClass("select2-container--open")},e.prototype.hasFocus=function(){return this.$container.hasClass("select2-container--focus")},e.prototype.focus=function(a){this.hasFocus()||(this.$container.addClass("select2-container--focus"),this.trigger("focus",{}))},e.prototype.enable=function(a){this.options.get("debug")&&window.console&&console.warn&&console.warn('Select2: The `select2("enable")` method has been deprecated and will be removed in later Select2 versions. Use $element.prop("disabled") instead.'),(null==a||0===a.length)&&(a=[!0]);var b=!a[0];this.$element.prop("disabled",b)},e.prototype.data=function(){this.options.get("debug")&&arguments.length>0&&window.console&&console.warn&&console.warn('Select2: Data can no longer be set using `select2("data")`. You should consider setting the value instead using `$element.val()`.');var a=[];return this.dataAdapter.current(function(b){a=b}),a},e.prototype.val=function(b){if(this.options.get("debug")&&window.console&&console.warn&&console.warn('Select2: The `select2("val")` method has been deprecated and will be removed in later Select2 versions. Use $element.val() instead.'),null==b||0===b.length)return this.$element.val();var c=b[0];a.isArray(c)&&(c=a.map(c,function(a){return a.toString()})),this.$element.val(c).trigger("change")},e.prototype.destroy=function(){this.$container.remove(),this.$element[0].detachEvent&&this.$element[0].detachEvent("onpropertychange",this._syncA),null!=this._observer?(this._observer.disconnect(),this._observer=null):this.$element[0].removeEventListener&&(this.$element[0].removeEventListener("DOMAttrModified",this._syncA,!1),this.$element[0].removeEventListener("DOMNodeInserted",this._syncS,!1),this.$element[0].removeEventListener("DOMNodeRemoved",this._syncS,!1)),this._syncA=null,this._syncS=null,this.$element.off(".select2"),this.$element.attr("tabindex",this.$element.data("old-tabindex")),this.$element.removeClass("select2-hidden-accessible"),this.$element.attr("aria-hidden","false"),this.$element.removeData("select2"),this.dataAdapter.destroy(),this.selection.destroy(),this.dropdown.destroy(),this.results.destroy(),this.dataAdapter=null,this.selection=null,this.dropdown=null,this.results=null;
3
+ },e.prototype.render=function(){var b=a('<span class="select2 select2-container"><span class="selection"></span><span class="dropdown-wrapper" aria-hidden="true"></span></span>');return b.attr("dir",this.options.get("dir")),this.$container=b,this.$container.addClass("select2-container--"+this.options.get("theme")),b.data("element",this.$element),b},e}),b.define("jquery-mousewheel",["jquery"],function(a){return a}),b.define("jquery.select2",["jquery","jquery-mousewheel","./select2/core","./select2/defaults"],function(a,b,c,d){if(null==a.fn.select2){var e=["open","close","destroy"];a.fn.select2=function(b){if(b=b||{},"object"==typeof b)return this.each(function(){var d=a.extend(!0,{},b);new c(a(this),d)}),this;if("string"==typeof b){var d,f=Array.prototype.slice.call(arguments,1);return this.each(function(){var c=a(this).data("select2");null==c&&window.console&&console.error&&console.error("The select2('"+b+"') method was called on an element that is not using Select2."),d=c[b].apply(c,f)}),a.inArray(b,e)>-1?this:d}throw new Error("Invalid arguments for Select2: "+b)}}return null==a.fn.select2.defaults&&(a.fn.select2.defaults=d),c}),{define:b.define,require:b.require}}(),c=b.require("jquery.select2");return a.fn.select2.amd=b,c});
miniorange_2_factor_settings.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
- * Version: 5.5.7
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
@@ -14,7 +14,7 @@
14
  require dirname(__FILE__).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'email-IPaddress.php';
15
 
16
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17
- define( 'MO2F_VERSION', '5.5.7' );
18
  define( 'MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
19
  define( 'MO2F_TEST_MODE', false );
20
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
@@ -414,7 +414,7 @@
414
  wp_enqueue_script( 'mo_wpns_min_qrcode_script', plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", __FILE__ ) );
415
  wp_enqueue_script('jquery-ui-core');
416
  wp_enqueue_script('jquery-ui-autocomplete');
417
- wp_enqueue_script('mo_2fa_select2_script', 'https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.3/js/select2.min.js');
418
  }
419
  }
420
 
@@ -434,7 +434,7 @@
434
  jQuery(".ncore_input_password ").append("<input type='hidden' id='miniorange_rba_attribures' name='miniorange_rba_attribures' value=''/>");
435
  </script>
436
  <?php
437
- wp_enqueue_script( 'jquery_script', plugins_url( 'includes/js/rba/js/jquery-1.9.1.js', __FILE__ ) );
438
  wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', __FILE__ ) );
439
  wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', __FILE__) );
440
  wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', __FILE__ ) );
@@ -648,7 +648,7 @@
648
  <p>You have specified this user for reset:</p>
649
 
650
  <ul>
651
- <li>ID #<?php echo $user_info->ID; ?>: <?php echo $user_info->user_login; ?></li>
652
  </ul>
653
  <input type="hidden" name="userid" value="<?php echo esc_attr($user_id); ?>">
654
  <input type="hidden" name="miniorange_reset_2fa_option" value="mo_reset_2fa">
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
+ * Version: 5.5.75
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
14
  require dirname(__FILE__).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'email-IPaddress.php';
15
 
16
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17
+ define( 'MO2F_VERSION', '5.5.75' );
18
  define( 'MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
19
  define( 'MO2F_TEST_MODE', false );
20
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
414
  wp_enqueue_script( 'mo_wpns_min_qrcode_script', plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", __FILE__ ) );
415
  wp_enqueue_script('jquery-ui-core');
416
  wp_enqueue_script('jquery-ui-autocomplete');
417
+ wp_enqueue_script('mo_2fa_select2_script', plugins_url("/includes/js/select2.min.js", __FILE__));
418
  }
419
  }
420
 
434
  jQuery(".ncore_input_password ").append("<input type='hidden' id='miniorange_rba_attribures' name='miniorange_rba_attribures' value=''/>");
435
  </script>
436
  <?php
437
+ wp_enqueue_script( 'jquery');
438
  wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', __FILE__ ) );
439
  wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', __FILE__) );
440
  wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', __FILE__ ) );
648
  <p>You have specified this user for reset:</p>
649
 
650
  <ul>
651
+ <li>ID #<?php echo esc_html($user_info->ID); ?>: <?php echo esc_html($user_info->user_login); ?></li>
652
  </ul>
653
  <input type="hidden" name="userid" value="<?php echo esc_attr($user_id); ?>">
654
  <input type="hidden" name="miniorange_reset_2fa_option" value="mo_reset_2fa">
readme.txt CHANGED
@@ -1,995 +1,999 @@
1
- === miniOrange's Google Authenticator - WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login ===
2
-
3
- Contributors: twofactor, twofactorauthentication, hsn97,cyberlord92
4
- Tags: google authenticator,two factor,two factor authentication, OTP Authentication, 2FA , wp 2fa, 2-factor authentication, multi factor authentication , MFA ,two step verification, TFA, mobile verification, MFA, Remember Device, OTP Over Telegram, Mobile Authentication, 2 step authentication, passwordless login, QR Code Authentication, email verification, KBA, Security Questions, login with SMS, Authy, Authy two factor , FIDO, FIDO2, Webauthn, multi factor, wordfence, IP Blocking, IP Whitelisting, SMS login, OTP Over SMS and Email, login without password, Mobile verification, password free authentication, session restriction.
5
- Donate link: https://miniorange.com/
6
- Requires at least: 3.0.1
7
- Tested up to: 6.0
8
- Requires PHP: 5.3.0
9
- Stable tag: 5.5.7
10
- License: GPLv2 or later
11
- License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
-
13
- Google Authenticator-multi Factor(WP 2FA / OTP) - Supports TOTP/OTP Login based methods like Duo/Google Authenticator along with OTP Over SMS/Email & more.
14
-
15
- == Description ==
16
-
17
- **Google Authenticator - Two Factor (WP 2FA / OTP)** - Provides *secure login* to WordPress. This plugin can be configured for any **TOTP-based/OTP Login** methods like Duo/Microsoft/Google Authenticator. It supports OTP login based 2fa methods.
18
-
19
- You can check out following video to configure google authenticator as a two factor:
20
-
21
- [youtube https://youtu.be/_nkMCkxLcIs]
22
-
23
- = Trial for Google authenticator Premium and Enterprise plugin =
24
- We do provide 7 days trial of our Google Authenticator Premium plugins. You can test all Premium features including 2fa methods/OTP authentication methods such as google authenticator, OTP Over SMS/Email.
25
-
26
- = [Google Authenticator - Two step verification/ 2 Factor Authentication/ WP 2FA] FREE Plugin Features =
27
- * Simplified & easy user interface to set up **Google Authenticator** and other Two-Factor Authentication ( WP 2FA/TFA/OTP ) methods.
28
- * **3 Users** forever FREE!
29
- * QR Code authentication, Push Notification, Soft Token and Security Questions(KBA) are supported in the plugin for multi factor authentication(WP 2FA/TFA).
30
- * Includes Language Translation Support
31
- * **[User Profile 2fa](https://plugins.miniorange.com/how-to-set-up-2-factor-from-wordpress-user-profile-section):** Administrators can set up Two Factor (TFA)of users via WordPress users section
32
- * **Multi Factor Authentication(MFA):** This feature can be used to invoke any two factor method on login among multiple methods which were configured. You can configure multiple TOTP/OTP Login based 2fa methods that can be used as a **backup 2fa method**
33
- * **Two-Factor Authentication** ( TFA/2FA ) for Ajax login forms like User Pro, login with ajax, Theme my login, etc with all authentication methods.
34
- * **Passwordless login** and login with phone number
35
- * **[Prevent account sharing](https://security.miniorange.com/restricting-users-from-sharing-their-login-credentials/):** Google Authenticator(WP 2FA) is OTP login based method which restricts users from sharing WordPress login credentials which help to secure WordPress Websites. The Google authenticator plugin also adds a session control feature that limits user sessions based on WordPress User activities.
36
- * This plugin Supports standard TOTP
37
- * Two-Factor Authentication (WP 2FA/TFA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token
38
- * **[Multiple Login Options](https://docs.miniorange.com/documentation/login-username-2nd-factor-2):** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login /Login without password /Password free authentication
39
- * Recovery codes in case you are locked out for all Two-Factor Authentication (WP 2FA/TFA)
40
- * **Mobile verification - two step verification** (WP 2FA/TFA) using a user's mobile phone with authentication method like google authenticator, QR code authentication, etc.
41
-
42
- = Additional Features other than the basic Google Authenticator two-factor authentication =
43
-
44
- * Complete Web Security suite to protect wordpress from any attacks
45
- * Web Application Firewall (WAF): Wordpress Firewall to protect your site
46
- * OWASP TOP 10 Protection
47
- * Login Protection: Spam and Login Protection
48
- * Malware scanner: Detects any virus, malware and trojan
49
- * Backup: Taking Encrypted Backup with local storage and cloud storage
50
- * Limit Login Attempts to stop password guessing
51
- * Realtime Global IP Blocking
52
- * Limit Rate of Request: Protecting resources from any security hole exploit
53
- * Crawler Detection and blocking
54
- * Blocking IP and Attacks
55
- * Country Blocking and Browser Blocking
56
- * Brute Force Attacks prevention to stop password hack
57
- * Captcha for Bot Detection
58
- * Google Recaptcha
59
- * Login Form Protection
60
- * Registration Form Protection
61
- * Integration with different plugin - WooCommerce, Buddypress, Ultimate Member and others
62
- * Reporting
63
- * Audit Log
64
-
65
- = Apps Supported by the two-factor authentication (2FA / MFA) plugin =
66
- * Google Authenticator
67
- * miniOrange Authenticator
68
- * Duo Authenticator
69
- * Microsoft Authenticator
70
- * Authy 2 Factor Authenticator
71
- * LastPass Authenticator
72
- * FreeOTP Authenticator
73
-
74
- = User Identity Verification or multi-factor authentication with Google Authenticator =
75
- **Login and Registration:** Verify users on login with different OTP Login methods & other two factor methods like OTP over SMS, OTP Over Email, OTP Over Telegram, Google Authenticator, SMS Verification, Email, Authy Authenticator, Duo Authenticator, Microsoft Authenticator, TOTP Based Authenticator, Security Questions, and many others.
76
- Users will receive an OTP at the time of registration which will be used to verify their identity. OTP authentication can be done either via OTP Login methods(OTP Over email or via OTP over SMS).
77
-
78
- = Plugin Integrations and Support for all methods of two-factor authentication/two step verification ( WP 2FA/TFA/OTP Authentication ) =
79
- Our plugin is integrated with [popular Plugins](https://plugins.miniorange.com/2-factor-authentication-for-wordpress-wp-2fa#integrations) such as WooCommerce and Ultimate member.
80
-
81
- = Third Party Custom SMS Gateway for OTP Over SMS ( OTP Login/two-factor authentication / 2FA ) =
82
- The premium plugin supports any third-party **custom SMS Gateway**. If you don't have your SMS gateway you can use miniOrange gateway and send SMS(OTP over SMS) all over the world for OTP authentication.
83
- [Here](https://plugins.miniorange.com/supported-sms-email-gateways) are some famous gateways supported for two factor (WP 2FA/TFA/OTP).
84
- [Test your Gateway](https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/admin/customer/smsconfig)
85
-
86
- = Why do you need to register for Google Authenticator? =
87
-
88
- **Google authenticator** uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign API keys specific to your account. This way your account and users' calls can be only accessed by API keys assigned to you.
89
- Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or WordPress 2FA like Google Authenticator if you are using our cloud solution. Single code generated in Google Authenticator will be enough to log in to all sites. With this, you can also achieve sync of **two-factor authentication on multiple sites**.
90
-
91
- = Google Authenticator ( WP 2FA - two-factor authentication ) Premium Lite Plugin Features =
92
-
93
- * Google Authenticator - Two-Factor Authentication (WP 2FA/TFA) for all users and all user roles *( Site-based pricing )*
94
- * **Two-Factor Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions(KBA), OTP Authentication( OTP Over Email & OTP Over SMS), Email Verification, Mobile Verification *( SMS credits need to be purchased as per the need)*
95
- * **[Multiple Login Options](https://docs.miniorange.com/documentation/login-username-2nd-factor-2):** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login /Login without password /Password free authentication. With google authenticator plugin, the 2FA plugin user is authenticated directly with the second layer of security without entering the password. You can opt between a password and 2FA or only a second factor.
96
- * **Unlimited Email transactions:** miniOrange's google authenticator plugin provides unlimited Email transactions with your SMTP server
97
- * **Backup Method:** KBA(Security Questions), OTP Over Email, Backup codes if you are unable to validate two step verification
98
- * [User role based redirection after Login](https://docs.miniorange.com/documentation/custom-redirect-login-url)
99
- * [Customize account name in Google Authenticator app](https://docs.miniorange.com/documentation/google-authenticator-app-name)
100
- * [Custom Security Questions (KBA)](https://docs.miniorange.com/documentation/custom-security-questions)
101
- * [Role based 2 Factor](https://docs.miniorange.com/documentation/specific-set-authentication-methods-based-role)
102
- * [Force Two factor for users](https://docs.miniorange.com/documentation/enforce-2fa-users)
103
- * [Email notification to users asking them to set up Two-Factor Authentication (WP 2FA/TFA)](https://docs.miniorange.com/documentation/want-send-email-notification-users-setting-2-factor)
104
- * [Set Privacy Policy for users](https://docs.miniorange.com/documentation/privacy-policy-site)
105
- * [Remember Device to skip 2fa](https://docs.miniorange.com/documentation/remember-my-device)
106
- * **Customizable Login UI Popup:** Using google authenticator plugin you can customize the user interface of the login popup as per your preference.
107
-
108
- = Google Authenticator ( WP 2FA / OTP ) Enterprise Plugin Features =
109
-
110
- * [Google Authenticator - Two-Factor Authentication](https://plugins.miniorange.com/2-factor-authentication-for-wordpress) - 2FA for Users as per the upgrade *( User-based pricing )*
111
- * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Authentication(OTP Over Email, OTP Over SMS or OTP Over SMS and Email), Email Verification, Hardware Token. *( SMS and Email credits need to be purchased for successful OTP authentication as per the need)*
112
- * **Multiple Login Options:** Username + password + two-factor Authentication (or) Username + two-factor authentication(2FA) i.e. Passwordless login /Login without password /Password free authentication.
113
- * **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes
114
- * **[Sync 2fa for multiple websites](https://plugins.miniorange.com/two-factor-authentication-2fa-for-multiple-wordpress-websites)**
115
- * **Multisite compatible** for all WordPress 2FA methods.
116
- * Email notification to users asking them to set up Google Authenticator - Two-Factor Authentication (WP 2FA/TFA).
117
- * User **role based redirection** after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
118
- * Enable Two-Factor Authentication (WP 2FA/OTP) for specific Users/User Roles
119
- * Choose specific two-factor authentication methods for Users
120
- * **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
121
- * **Brute force attack prevention, IP Blocking & User login Monitoring**
122
- * File protection & strong password
123
- * Monitoring current Google Authenticator and other two-factor authentication (2 Factor) method of all the users in the plugin
124
- * Session restriction
125
-
126
- = Add Ons for two-factor authentication ( WP 2FA / OTP ) =
127
-
128
- * RBA & Trusted Devices Management Add-on Features for two-factor authentication ( WP 2FA/OTP Login )
129
- * **Remember Device** to skip the two-factor authentication ( 2 Factor ) from the **trusted devices**.
130
- * Set **Device Limit** for the users to login
131
-
132
- * Personalization Add-on Features to customize your two-factor authentication/OTP Authentication pages
133
- * Custom UI of Two-Factor Authentication (WP 2FA/TFA) pop-ups
134
- * Custom Email and SMS Templates
135
- * Customize 'Powered by' Logo on wp 2fa authentication page
136
- * Customize Plugin Icon
137
- * Customize Plugin Name
138
-
139
- * Short Codes Add-on Features for two-factor authentication ( 2FA / MFA )
140
- * Turn on/off 2 factor (two-factor authentication) by user
141
- * Reconfigure 2fa methods
142
- * 'Enable Remember Device' from a custom login form to skip 2 factor for trusted devices.
143
- * On-Demand ShortCodes for specific functionalities ( like for enabling WordPress 2FA (Two-Factor authentication) for specific pages)
144
-
145
- * [Device restriction with webauthn/ FIDO2](https://plugins.miniorange.com/passwordless-login-with-web-authentication-wordpress)
146
- Password free authentication is possible with WebAuthn.
147
-
148
- Check all the features other than two-factor authentication ( Two step verification/OTP authentication ) here: [miniOrange Website](https://security.miniorange.com/)
149
-
150
- <h4>Useful blog posts about two-factor authentication ( 2FA / MFA ) plugin </h4>
151
- * [Beginner’s Guide: How to Add Two-Factor Authentication to WordPress](https://themeisle.com/blog/how-to-add-two-factor-authentication-to-wordpress/)
152
- * [How to Add WordPress Two-Factor Authentication (WP 2FA/TFA)](https://phppot.com/wordpress/how-to-add-wordpress-two-factor-authentication-2fa-using-google-authenticator-plugin/)
153
- * [How to translate WordPress Two-Factor Authentication (WP 2FA/TFA)](https://plugins.miniorange.com/the-plugin-translate-spanish-language-with-2-factor-wordpress)
154
-
155
- Customized solutions and Active support are available. Email us at info@xecurify.com or call us at +1 9786589387.
156
-
157
- **Note: The plugin is GDPR Compliant and supports a wide variety of Language Translation**
158
-
159
- == Installation ==
160
-
161
- = From your WordPress dashboard =
162
- 1. Navigate to `Plugins > Add New` from your WP Admin dashboard.
163
- 2. Search for `miniOrange 2 Factor Authentication (2FA)`or `Google Authenticator.`
164
- 3. Install `miniOrange 2 Factor Authentication (2FA)` and activate the plugin.
165
-
166
- = From WordPress.org =
167
- 1. Search for `miniOrange 2 Factor Authentication (2FA)` and download it.
168
- 2. Unzip and upload the `miniorange-2-factor-authentication (2FA)` directory to your `/wp-content/plugins/` directory.
169
- 3. Activate miniOrange 2 Factor Authentication (2FA) from the Plugins tab of your admin dashboard.
170
-
171
- = Once Activated [Google Authenticator - Two Step Verification]=
172
- 1. Select miniOrange 2-Factor ( 2 factor authentication ) from the left menu and follow the instructions.
173
- 2. Configure any 2 factor method, say Google Authenticator.
174
- 2. Once, you complete your setup. Click on the Log Out button.
175
- 3. Enter the username and password. After the initial validation, you will be prompted for the 2-factor method you had set up.
176
- 4. Validate yourself with the 2-factor authentication(WP 2FA/TFA) method you configured.
177
-
178
- **Video Guide** :
179
- [youtube https://youtu.be/_nkMCkxLcIs]
180
-
181
- == Frequently Asked Questions ==
182
-
183
- = How do I gain access to my website if I get locked out using the Google Authenticator? =
184
-
185
- You can obtain access to your website by one of the below options:
186
-
187
- 1. If you have an additional administrator account whose Two Factor (2FA) is not enabled yet, you can login with it.
188
- 2. If you had set up KBA questions earlier, you can use them as an alternate method to login to your website instead of 2FA.
189
- 3. Rename the plugin from FTP - this disables the Google Authenticator (WP 2FA/TFA) plugin and you will be able to login with your WordPress username and password.
190
-
191
- For detailed information, Please check on our website. <a href="https://faq.miniorange.com/knowledgebase/how-to-gain-access-to-my-website-if-i-get-locked-out/" target="_blank">Locked Out</a>.<br>
192
- You can also check our video Tutorial:
193
- [youtube https://www.youtube.com/watch?v=wLFKakQkpk8]
194
-
195
- = I want to enable Google Authenticator 2 Factor authentication (2FA) as the backup method? =
196
-
197
- You can use google authenticator as the backup method for your specific user or all users in the premium version of the two-factor authentication. [PREMIUM FEATURE]
198
-
199
- = I have enabled Two-Factor Authentication (2FA / TFA) for all users, what happens if an end-user tries to login but has not yet registered? =
200
-
201
- If a user has not set up Two-Factor yet, the user has to register by inline registration that will be invoked during the login.
202
-
203
- = I want to enable only one authentication method for my users. What should I do? =
204
-
205
- You can select the two-factor authentication methods under the Login Settings tab. The selected authentication methods will be shown to the user during inline registration for example if you select Google Authenticator it will be shown on login. [PREMIUM FEATURE]
206
-
207
- = I have a custom/front-end login page on my site and I want the look and feel to remain the same when I add 2 factor ? =
208
-
209
- If you have a custom login form other than wp-login.php then we will provide you the shortcode. Shortcode will work only for the customized login page created from WordPress plugins. We are not claiming that it will work with all the customized login pages. In such a case, custom work is needed to integrate two factor with your customized login page. You can submit a query in our <b>Support Section</b> in the plugin or you can contact us at info@xecurify.com for more details.
210
-
211
- = I have installed plugins that limit the login attempts like Limit Login Attempt, Loginizer, Wordfence, etc. Are there any incompatibilities with these kinds of plugins? =
212
-
213
- The limit login attempt kind of plugins limit the number of login attempts and block the IP temporarily. So if you are using 2 factor(WP 2fa/TFA) along with these kinds of plugins then you should increase the login attempts (minimum 5) so that you don't get locked out yourself.
214
-
215
- = If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor. =
216
-
217
- Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.
218
-
219
- = If you are using any render-blocking javascript and CSS plugin like Async JS and CSS Plugin and you are not able to login with Two-Factor or your screen got blank. =
220
-
221
- If you are using Async JS and CSS Plugin. Please go to its settings and add jquery to the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.
222
-
223
- = My phone has no internet connectivity and I am entering the one time passcode from miniOrange Authenticator App during OTP login, it says Invalid OTP?
224
-
225
- Click on the <b>Settings Icon</b> on top right corner in <b>miniOrange Authenticator App</b> and then press <b>Sync button</b> under 'Time correction for codes' to sync your time with miniOrange Servers. If you still can't logged in then please email us at info@xecurify.com or <a href="https://miniorange.com/contact" target="_blank">Contact us</a>.Soft Token method is just like google authenticator method.
226
-
227
- = I am upgrading my phone. =
228
-
229
- You should go to <b>Setup Two Factor (2FA) </b> Tab and click on <b>Reconfigure</b> to reconfigure 2-Factor with your new phone.
230
-
231
- == Screenshots ==
232
-
233
- 1. Google Authenticator (WP 2FA/OTP) - Setup different 2 Factor methods
234
- 2. Google Authenticator (WP 2FA/OTP) - Test 2 factor configured
235
- 3. Google Authenticator (WP 2FA/OTP) - 2 Factor Authentication (2FA) methods available
236
- 4. Google Authenticator (WP 2FA/OTP) - Google Authenticator login
237
- 5. Google Authenticator (WP 2FA/OTP) - QR code 2 Factor (2FA) login
238
- 6. Google Authenticator (WP 2FA/OTP) - miniOrange Authenticator login
239
- 7. Google Authenticator (WP 2FA/OTP) - Push notification login
240
- 8. Google Authenticator (WP 2FA/OTP) - Remember device and personalization add-ons
241
-
242
- == Changelog ==
243
-
244
- = 5.5.7 =
245
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
246
- * Bug Fixes and Code Improvements
247
-
248
- = 5.5.6 =
249
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
250
- * Bug Fixes
251
-
252
- = 5.5.5 =
253
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
254
- * Compatibility with Wordpress v6.0
255
- * Added SMS transactions link
256
-
257
- = 5.5.4 =
258
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
259
- * Minor Bug fix
260
-
261
- = 5.5.3 =
262
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
263
- * UI fixes for non-admin users
264
-
265
- = 5.5.2 =
266
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
267
- * Updated Plugin UI
268
-
269
- = 5.5.1 =
270
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
271
- * Updated Pricing page UI
272
-
273
- = 5.5 =
274
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
275
- * Updated Network Security UI
276
-
277
- For older changelog entries, please see the [additional changelog.txt file](https://plugins.svn.wordpress.org/miniorange-2-factor-authentication/trunk/changelog.txt) provided with the plugin.
278
-
279
- == Upgrade Notice ==
280
-
281
- = 5.5.7 =
282
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
283
- * Bug Fixes and Code Improvements
284
-
285
- = 5.5.1 =
286
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
287
- * Updated Pricing page UI
288
-
289
- = 5.5 =
290
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
291
- * Updated Network Security UI
292
-
293
- = 5.4.52 =
294
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
295
- * Updated Trial Request Form
296
-
297
- = 5.4.51 =
298
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
299
- * Trial notification visibility issue fixed
300
-
301
- = 5.4.50 =
302
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
303
- * Bug fix - Headers already sent
304
-
305
- = 5.4.49 =
306
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
307
- * Trial Notification for Premium Plugins
308
- * CSRF Fix
309
-
310
- = 5.4.48 =
311
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
312
- * Close button on offer banner
313
-
314
- = 5.4.47 =
315
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
316
- * Christmas offer
317
-
318
- = 5.4.46 =
319
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
320
- * Black friday offer
321
- * Get email notification on the plugin's new release
322
-
323
- = 5.4.45 =
324
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
325
- * Added login with the any configured methods
326
- * Minor bug fix
327
-
328
- = 5.4.44 =
329
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
330
- * Added link to WordPress forum in support form
331
- * Minor bug fix
332
-
333
- = 5.4.43 =
334
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
335
- * Special offer - Special discount for limited time
336
-
337
- = 5.4.42 =
338
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
339
- * Backup Code as a cloud service
340
-
341
- = 5.4.41 =
342
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
343
- * Minor UI Changes and Bug Fixes
344
-
345
- = 5.4.40 =
346
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
347
- * XSS Vulnerability fix
348
- * Added video link for miniOrange Authenticator
349
-
350
- = 5.4.39 =
351
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
352
- * Added 2FA setup using user profile option
353
- * Support Form UI
354
- * 2FA Form support for login with ajax, Elementor Pro, UserPro login forms
355
- * Minor bug fixes
356
-
357
- = 5.4.38 =
358
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
359
- * Added 2FA setup using user profile option
360
- * Setup Wizard for configuring 2FA
361
- * 2FA Form support for login with ajax, Elementor Pro, UserPro login forms
362
- * Minor bug fixes
363
-
364
- = 5.4.37 =
365
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
366
- * Minor bug fixes
367
-
368
- = 5.4.36 =
369
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
370
- * Remove extra comma
371
-
372
- = 5.4.35 =
373
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
374
- * Minor bug fixes
375
-
376
- = 5.4.34 =
377
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
378
- * New User Interface for easy setup
379
- * Added developers logs
380
- * Minor fixes
381
-
382
- = 5.4.33 =
383
- * Google Authenticator – Two Factor Authentication (2FA, TFA) :
384
- * New pricing page for two factor authentication
385
- * Added Duo Authenticator push notification method.
386
- * WooCommerce redirect issue fix.
387
-
388
- = 5.4.32 =
389
- * Google Authenticator Two Factor Authentication (2FA, TFA) :
390
- * Replaced sessions with transient.
391
-
392
- = 5.4.31 =
393
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
394
- * OTP over Email as two factor fix
395
- * Low Email transaction alert fix
396
-
397
- = 5.4.30 =
398
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
399
- * Feedback changes
400
-
401
- = 5.4.29 =
402
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
403
- * Session independent Google Authenticator
404
- * Session independent KBA
405
- * Feedback improvement for two factor authentication plugin
406
-
407
- = 5.4.28 =
408
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
409
- * New year sale update
410
-
411
- = 5.4.27 =
412
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
413
- * New year sale
414
- * WordPress 5.6 compatibility fix
415
- * WAF fixes
416
- * Real time IP blocking
417
- * IP based user login
418
- * New feature release notification
419
-
420
- = 5.4.26 =
421
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
422
- * Christmas Offer
423
-
424
- = 5.4.25 =
425
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
426
- * OTP over Telegram Fixes
427
-
428
- = 5.4.24 =
429
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
430
- * OTP over Whatsapp
431
- * OTP over Telegram
432
- * Feedback form changes
433
-
434
- = 5.4.23 =
435
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
436
- * Call support with technical team
437
- * Email and SMS transaction sync
438
- * Feedback form on network deactivate
439
- * Enable/Disable 2FA fix
440
- * 2FA added for super admin role
441
-
442
- = 5.4.22 =
443
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
444
- * Backup Codes
445
- * Sanitization and JS improvements
446
- * SMS and Email Sync
447
- * Whatsapp based Two factor in Premium plugin
448
- * Telegram based Two factor in Premium plugin
449
-
450
- = 5.4.21 =
451
- * Google Authenticator - Two Factor Authentication (2FA, SMS) :
452
- * Sanitization of some input values.
453
-
454
- = 5.4.20 =
455
- * Google Authenticator - Two Factor Authentication (2FA, SMS) :
456
- * Google Authenticator Qr code fix.
457
- * My theme login Login fix.
458
-
459
- = 5.4.19 =
460
- * Google Authenticator - Two Factor Authentication (2FA, OTP) : Google Authenticator cloud fix.
461
-
462
- = 5.4.18 =
463
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
464
- * Added missing file
465
-
466
- = 5.4.17 =
467
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
468
- *Digimember Form Support
469
- *Memberpress Form Support
470
- *SMS Verification Support
471
- *OTP Verification on WooCommerce Registration
472
-
473
- = 5.4.16 =
474
- * Google Authenticator - Two Factor Authentication (2FA, OTP) : Quick form fix.
475
-
476
- = 5.4.15 =
477
- * Google Authenticator - Two Factor Authentication (2FA, OTP) :
478
- * Theme My Login plugin Support
479
- * Ultimate Member Registration Support
480
- * WooCommerce Registration Support
481
- * Ultimate Member Redirect
482
- * Restrict Content Pro Login and Registration
483
-
484
- = 5.4.14 =
485
- * Google Authenticator - Two Factor Authentication (2FA, MFA) : Performance improvement with fixes in Security Questions. And User Email verification and Phone Verification issues resolved.
486
-
487
- = 5.4.13 =
488
- * Google Authenticator - Two Factor Authentication (2FA, TFA) : Support Form Improvement.
489
-
490
- = 5.4.11 =
491
- * Google Authenticator - Two Factor Authentication (2FA, MFA) : Feedback Issue fix.
492
-
493
- = 5.4.9 =
494
- * Google Authenticator - Two Factor Authentication (2FA, TFA) : User Experience, new support form and Security disabled by default. Added New Methods for users to choose.
495
-
496
- = 5.4.8 =
497
- * Google Authenticator - Two Factor Authentication (2FA, OTP Verification) : Learning Management System support, Microsoft Authenticator and Duo Authenticator support and restrict account sharing add-on.
498
-
499
- = 5.4.7 =
500
- * Google Authenticator - Two Factor Authentication (2FA, SMS Verification) : Fixing warnings and adding minor changes in the plans.
501
-
502
- = 5.4.6 =
503
- * Google Authenticator - Two Factor Authentication (2FA) : Improving Google Authenticator and adding Payment options.
504
-
505
- = 5.4.5 =
506
- * Google Authenticator - Two Factor Authentication (2FA, OTP) : Security and MFA UI updates.
507
-
508
- = 5.4.4 =
509
- * Google Authenticator - Two Factor Authentication (2FA, TFA) : Two Factor : WooCommerce login page integration.
510
-
511
- = 5.4.3 =
512
- * Google Authenticator - Two Factor Authentication (2FA, MFA) : Session issue fix for customers using Two Factor.
513
-
514
- = 5.4.2 =
515
- * Google Authenticator - Two Factor Authentication (2FA, MFA) : Warning for cloud customer moving to on-premise Two factor
516
-
517
- = 5.4.1 =
518
- * Google Authenticator - Two Factor Authentication (2FA) : Headers sent issue is security firewall.
519
-
520
- = 5.4.0 =
521
- * Google Authenticator - Two Factor Authentication (2FA) : Two Factor FAQ Fix and OTP code convenience.
522
-
523
- = 5.3.26 =
524
- * Google Authenticator - Two Factor Authentication (2FA) : Two Factor On-premise FAQ update.
525
-
526
- = 5.3.25 =
527
- * Google Authenticator - Two Factor Authentication (2FA) : Two Factor On-premise support form.
528
-
529
- = 5.3.24 =
530
- * Google Authenticator - Two Factor Authentication (2FA) : On-premise two factor released with multiple user support for some authentication methods.
531
-
532
- = 5.3.23 =
533
- * Google Authenticator - Two Factor Authentication (2FA) : Scanner : Timing and caching issue fix.
534
- * Disable 2fa on WooCommerce login.
535
- * Login with Username only fix.
536
-
537
- = 5.3.22 =
538
- * Google Authenticator - Two Factor Authentication (2FA) : Antivirus : Fixing Cache issues and adding nonce.
539
-
540
- = 5.3.21 =
541
- * Google Authenticator - Two Factor Authentication (2FA) : Two Factor : Choice between Two factor and Security.
542
-
543
- = 5.3.20 =
544
- * Google Authenticator - Two Factor Authentication (2FA) : Anti Malware : Fixing issue faced by users during scan.
545
-
546
- = 5.3.19 =
547
- * Google Authenticator - Two Factor Authentication (2FA) : Security : Giving users choice of two factor.
548
-
549
- = 5.3.18 =
550
- * Google Authenticator - Two Factor Authentication (2FA) : Antivirus and Firewall : Fix Scan.
551
-
552
- = 5.3.17 =
553
- * Google Authenticator - Two Factor Authentication (2FA) : Anti-Virus : Improved Stop Scan.
554
-
555
- = 5.3.16 =
556
- * Google Authenticator - Two Factor Authentication (2FA) : Anti-Virus : Stop Scan.
557
-
558
- = 5.3.15 =
559
- * Google Authenticator - Two Factor Authentication (2FA) : Anti-Malware : schedule scan.
560
-
561
- = 5.3.14 =
562
- * Google Authenticator - Two Factor Authentication (2FA) : Anti-Malware : Adding more signatures.
563
-
564
- = 5.3.13 =
565
- * Google Authenticator - Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
566
-
567
- = 5.3.12 =
568
- * Google Authenticator - Two Factor Authentication (2FA) : Security : backup table fix.
569
-
570
- = 5.3.11 =
571
- * Google Authenticator - Two Factor Authentication (2FA) : Security : Limiting Firewall, Malware, backup and login security for users not needing it.
572
-
573
- = 5.3.10 =
574
- * Google Authenticator - Two Factor Authentication (2FA) : Security : Moved to Old WAF version minor issues..
575
-
576
- = 5.3.9 =
577
- * Google Authenticator - Two Factor Authentication (2FA) : Security : Web application Firewall Sql Injections report and monitoring.
578
-
579
- = 5.3.8 =
580
- * Google Authenticator - Two Factor Authentication (2FA) : Security : Malware Scanner Fix.
581
-
582
- = 5.3.7 =
583
- * Google Authenticator - Two Factor Authentication (2FA) : Security : Two factor login with username fix.
584
-
585
- = 5.3.6 =
586
- * Google Authenticator - Two Factor Authentication (2FA) : Anti virus zip file fix.
587
-
588
- = 5.3.5 =
589
- * Google Authenticator - Two Factor Authentication (2FA) : Backup URL Fix and space issue in google authenticator.
590
-
591
- = 5.3.4 =
592
- * Google Authenticator - Two Factor Authentication (2FA) : CSS fix for Malware Scanner, Security and firewall.
593
-
594
- = 5.3.3 =
595
- * Google Authenticator - Two Factor Authentication (2FA) : Minor Malware Scanner issues fix.
596
-
597
- = 5.3.2 =
598
- * Google Authenticator - Two Factor Authentication (2FA) : File Changes.
599
-
600
- = 5.3.1 =
601
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fix.
602
-
603
- = 5.3.0 =
604
- * Google Authenticator - Two Factor Authentication (2FA) : Releasing Firewall with Two Factor.
605
-
606
- = 5.2.6 =
607
- * Google Authenticator - Two Factor Authentication (2FA) : Fixed conflict and filter issues.
608
-
609
- = 5.2.5 =
610
- * Google Authenticator - Two Factor Authentication (2FA) : Some warnings in remote posts.
611
-
612
- = 5.2.4 =
613
- * Google Authenticator - Two Factor Authentication (2FA) : Removed curl calls and unnecessary files.
614
-
615
- = 5.2.3 =
616
- * Google Authenticator - Two Factor Authentication (2FA) : Fix for some users facing issues in api calls.
617
-
618
- = 5.2.2 =
619
- * Google Authenticator - Two Factor Authentication (2FA) : Adding File Protection and Strong Password feature.
620
- :
621
- = 5.2.1 =
622
- * Google Authenticator - Two Factor Authentication (2FA) : UI changes for description.
623
-
624
- = 5.2.0 =
625
- * Google Authenticator - Two Factor Authentication (2FA) : UI changes with more description.
626
-
627
- = 5.1.22 =
628
- * Google Authenticator - Two Factor Authentication (2FA) : UI Fixes.
629
-
630
- = 5.1.21 =
631
- * Google Authenticator - Two Factor Authentication (2FA) : Login Redirect.
632
-
633
- = 5.1.20 =
634
- * Google Authenticator - Two Factor Authentication (2FA) : Minor Bug fix.
635
-
636
- = 5.1.19 =
637
- * Google Authenticator - Two Factor Authentication (2FA) : Adding basic Security Features Monitoring, IP blocking and login transaction report.
638
-
639
- = 5.1.18 =
640
- * Google Authenticator - Two Factor Authentication (2FA) : Object access error for lower PHP versions.
641
-
642
- = 5.1.17 =
643
- * Google Authenticator - Two Factor Authentication (2FA) : Minor Bug fix and Documentation changes.
644
-
645
- = 5.1.16 =
646
- * Google Authenticator - Two Factor Authentication (2FA) : Login redirect fix.
647
-
648
- = 5.1.15 =
649
- * Google Authenticator - Two Factor Authentication (2FA) : UI Fixes.
650
-
651
- = 5.1.14 =
652
- * Google Authenticator - Two Factor Authentication (2FA) : Database Error Fix and Custom Redirect.
653
-
654
- = 5.1.12 =
655
- * Google Authenticator - Two Factor Authentication (2FA) : Removing redundant code.
656
-
657
- = 5.1.11 =
658
- * Google Authenticator - Two Factor Authentication (2FA) : Password Pattern Fix.
659
-
660
- = 5.1.10 =
661
- * Google Authenticator - Two Factor Authentication (2FA) : Javascript Error fixes.
662
-
663
- = 5.1.9 =
664
- * Google Authenticator - Two Factor Authentication (2FA) : Added visual tour and security fixes.
665
-
666
- = 5.1.8 =
667
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for Validation.
668
-
669
- = 5.1.7 =
670
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for DB error after Update.
671
-
672
- = 5.1.6 =
673
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for DB error.
674
-
675
- = 5.1.5 =
676
- * Google Authenticator - Two Factor Authentication (2FA) : UI changes.
677
-
678
- = 5.1.4 =
679
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fixes for redirect to login page issues.
680
-
681
- = 5.1.3 =
682
- * Google Authenticator - Two Factor Authentication (2FA) : Minor bug fixes.
683
-
684
- = 5.1.2 =
685
- * Google Authenticator - Two Factor Authentication (2FA) : Changes in registration flow.
686
-
687
- = 5.1.1 =
688
- * Google Authenticator - Two Factor Authentication (2FA) : Minor changes.
689
-
690
- = 5.1.0 =
691
- * Google Authenticator - Two Factor Authentication (2FA) : Added new user plans
692
-
693
- = 5.0.17 =
694
- * Google Authenticator - Two Factor Authentication (2FA) : Minor Bug fix.
695
-
696
- = 5.0.16 =
697
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fixes.
698
-
699
- = 5.0.15 =
700
- * Google Authenticator - Two Factor Authentication (2FA) : Added Google Authenticator option in the WP login page itself.
701
-
702
- = 5.0.14 =
703
- * Google Authenticator - Two Factor Authentication (2FA) : Bug Fixes.
704
-
705
- = 5.0.13 =
706
- * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix and code optimization.
707
-
708
- = 5.0.12 =
709
- * Google Authenticator - Two Factor Authentication (2FA) : Added GDPR Compliance.
710
-
711
- = 5.0.11 =
712
- * Google Authenticator - Two Factor Authentication (2FA) : Readme Update.
713
-
714
- = 5.0.10 =
715
- * Google Authenticator - Two Factor Authentication (2FA) : Added Proxy Setup feature.
716
-
717
- = 5.0.9 =
718
- * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix for "The loopback request to your site failed." error.
719
-
720
- = 5.0.8 =
721
- * Google Authenticator - Two Factor Authentication (2FA) : Changes for 2FA Free plugin for 1 user forever.
722
-
723
- = 5.0.7 =
724
- * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix for User Registration and other plugin conflicts in Dashboard.
725
-
726
- = 5.0.6 =
727
- * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix for existing customers who upgraded from 4.5.x version to versions between 5.0.0 and 5.0.4 and are facing issues with the Account Setup Tab.
728
-
729
- = 5.0.5 =
730
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for user entry during plugin update.
731
-
732
- = 5.0.4 =
733
- * Google Authenticator - Two Factor Authentication (2FA) : Workaround for errors during sending of OTP during registration.
734
-
735
- = 5.0.3 =
736
- * Google Authenticator - Two Factor Authentication (2FA) : Minor fix for removing warings.
737
-
738
- = 5.0.2 =
739
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fix.
740
-
741
- = 5.0.1 =
742
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fix.
743
-
744
- = 5.0.0 =
745
- * Google Authenticator - Two Factor Authentication (2FA) : New UI Interface, 2-factor authentication for Unlimited Users.
746
- * This is a major release.
747
-
748
- = 4.6.2 =
749
- * Google Authenticator - Two Factor Authentication (2FA) : Plugin registration fixes and minor warning fixes.
750
-
751
- = 4.6.1 =
752
- * Google Authenticator - Two Factor Authentication (2FA) : Login error fix. Please skip version 4.5.9 and update to version 4.6.1
753
-
754
- = 4.5.9 =
755
- * Google Authenticator - Two Factor Authentication (2FA) : Bug fixes for customers who were getting redirected to the login page after the two factor authentication.
756
-
757
- = 4.5.8 =
758
- * Google Authenticator - Two Factor Authentication (2FA) : Tested up to 4.9.4 and Removed External links.
759
-
760
- = 4.5.7 =
761
- * Google Authenticator - Two Factor Authentication (2FA) : Minor bug fixes.
762
-
763
- = 4.5.6 =
764
- * Google Authenticator - Two Factor Authentication (2FA) : Tested up to Wordpress 4.9.
765
-
766
- = 4.5.5 =
767
- * Google Authenticator - Two Factor Authentication (2FA) : 404 bug fixes.
768
-
769
- = 4.5.4 =
770
- * Google Authenticator - Two Factor Authentication (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action errors.
771
-
772
- = 4.5.3 =
773
- * Google Authenticator - Two Factor Authentication (2FA) : Changed UI of the Login Pages, Redirect to Login Page bug fixes.
774
-
775
- = 4.5.2 =
776
- * Google Authenticator - Two Factor Authentication (2FA) : Readme Update: Description Update
777
-
778
- = 4.5.1 =
779
- * Google Authenticator - Two Factor Authentication (2FA) : Updated the new Google Authenticator App's link and the 'How to Setup Tab' tab.
780
-
781
- = 4.5.0 =
782
- * Google Authenticator - Two Factor Authentication (2FA) : Fix Google Authenticator configuration issue.
783
-
784
- = 4.4.9 =
785
- * Google Authenticator - Two Factor Authentication (2FA) : Added Alert Message for SMS Transactions only when authentication method is OTP over SMS.
786
-
787
- = 4.4.8 =
788
- * Google Authenticator - Two Factor Authentication (2FA) : Added Alert Message for SMS Transactions. Fixed Remember Device flow and confliction with themes. Added support for multiple instances of wordpress.
789
-
790
- = 4.4.7 =
791
- * Google Authenticator - Two Factor Authentication (2FA) : Updated the error message for 2 factor configuration.
792
-
793
- = 4.4.6 =
794
- * Google Authenticator - Two Factor Authentication (2FA) : Instructions for login in case user get locked out.
795
-
796
- = 4.4.5 =
797
- * Google Authenticator - Two Factor Authentication (2FA) : Fixed the issue of session variable on the login with username page.
798
-
799
- = 4.4.4 =
800
- * Google Authenticator - Two Factor Authentication (2FA) : Added alert messages for OTP over SMS usages.
801
-
802
- = 4.4.3 =
803
- * Google Authenticator - Two Factor Authentication (2FA) : Fixed the login flow for third party Apps that supports XML-RPC.
804
-
805
- = 4.4 =
806
- * Google Authenticator - Two Factor Authentication (2FA):
807
- * Note: This is a very important update having altogether a new UI and compatibility with Limit Login Attempts. After updating, please do not logout from your admin dashboard. Try to login from another browser and if you face any issue , please contact us at info@xecurify.com
808
- * Compatibility with Limit Login Attempts.
809
- * New User Interface for login.
810
-
811
- = 4.3.2 =
812
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Revised licensing cost for users.
813
-
814
- = 4.3.1 =
815
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Compatible upto 4.7
816
-
817
- = 4.3.0 =
818
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Updated miniOrange APIs.
819
-
820
- = 4.2.9 =
821
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Tested up to WordPress 4.6.
822
-
823
- = 4.2.7 =
824
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Session Warning fix in the last version for some of the users.
825
-
826
- = 4.2.6 =
827
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Compatible with wordpress caching.
828
-
829
- = 4.2.5 =
830
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Improved the session handler.
831
-
832
- = 4.2.4 =
833
- * Google Authenticator - Two Factor Authentication (2FA, MFA): Updated faq for limit login attempt type of plugins.
834
-
835
- = 4.2.3 =
836
- * Google Authenticator - Two Factor Authentication ( 2FA ):
837
- * Improved Error handling during Account Creation.
838
-
839
- = 4.2.2 =
840
- * Google Authenticator - Two Factor Authentication ( 2FA ):
841
- * Registration Flow fixes
842
-
843
- = 4.2.1 =
844
- * Google Authenticator - Two Factor Authentication ( 2FA ):
845
- * Change of status during login with phone flow and tested with WP 4.5
846
-
847
- = 4.2.0 =
848
- * Google Authenticator - Two Factor Authentication ( 2FA ):
849
- * Mark as tested on Wordpress 4.5
850
-
851
- = 4.1.8 =
852
- * Google Authenticator - Two Factor Authentication ( 2FA ):
853
- * Changed the location of images used for the demo. Now being loaded from the site having SSL certificate.
854
-
855
- = 4.1.7 =
856
- * Google Authenticator - Two Factor Authentication ( 2FA ):
857
- * Improved Error Handling for Remember Device.
858
-
859
- = 4.1.6 =
860
- * Google Authenticator - Two Factor Authentication ( 2 Factor ):
861
- * Licensing Plan Updated.
862
-
863
- = 4.1.5 =
864
- * Google Authenticator - Two Factor Authentication ( 2FA ):
865
- * Added Forgot Password functionality for miniOrange customer admin.
866
- * Added warning message for the users who are using lower version of php.
867
- * Added functionality to change the customer email.
868
-
869
- = 4.1.4 =
870
- * Google Authenticator - Two Factor Authentication ( 2FA ):
871
- * Added an option for admin to enable or disable login for XML-RPC supported applications.
872
-
873
- = 4.1.3 =
874
- * Google Authenticator - Two Factor Authentication ( 2FA ):
875
- * Fixed CSS Conflict with the plugins in the admin dashboard.
876
- * More intuitive UI for WooCommerce login.
877
- * Tested front-end login with themes like wordpress default theme,
878
- customize theme,zerif-lite theme,accesspress store theme,ishop theme and many more.
879
-
880
- = 4.1.2 =
881
- * Google Authenticator - Two Factor Authentication ( 2FA ): Google Authenticator for Windows phone
882
- * Fixed CSS conflict with front-end of site if WooCommerce is not enabled.
883
-
884
- = 4.1.1 =
885
- * Google Authenticator - Two Factor Authentication ( 2FA ): Adding Validation in choosing Security Questions (KBA).
886
-
887
- = 4.1.0 =
888
- * Google Authenticator - Two Factor Authentication ( 2FA ): Features added.
889
- multisite support
890
- Custom login redirection
891
- Authy 2-Factor Authentication as separate authentication method
892
-
893
- = 4.0.6 = Google Authenticator - Two Factor Authentication Added multisite support and custom redirection after login feature.
894
-
895
- = 4.0.5 = Google Authenticator - Two Factor Authentication Login into third party apps which support XML-RPC.
896
-
897
- = 4.0.4 = Google Authenticator - Two Factor Authentication Added a check of KBA configuration from mobile login.
898
-
899
- = 4.0.3 = Google Authenticator - Two Factor Authentication Added Support for Authy 2-Factor Authentication App.
900
-
901
- = 4.0.2 = Google Authenticator - Two Factor Authentication Added a check for selection of unique questions during KBA setup .
902
-
903
- = 4.0.1 = Bug Fix Google Authenticator - 2 Factor
904
-
905
- = 4.0 =
906
- * Google Authenticator - Two Factor Authentication ( 2FA ): Features added.
907
- * KBA as backup method.
908
- * mobile browser support.
909
- * more intuitive UI for WooCommerce login.
910
-
911
- = 3.8 =
912
- * Google Authenticator - Two Factor Authentication ( 2 Factor ): Bug Fix for roles.
913
-
914
- = 3.7 =
915
- * Google Authenticator - Two Factor Authentication ( 2FA ): Activation of two factor role wise.
916
-
917
- = 3.6 =
918
- * Google Authenticator - Two Factor Authentication ( 2FA ): email verification in inline registration flow for all users.
919
- More descriptive setup messages and UI changes.
920
-
921
- = 3.5 =
922
- * Google Authenticator - Two Factor Authentication ( 2FA ): Provided mobile login support.
923
-
924
- = 3.4 =
925
- * Google Authenticator - Two Factor Authentication ( 2FA ): Features added
926
- * Inline registration flow for users.
927
- * Security Questions (KBA) as additional method
928
- * Alternate way of user identification in customer creation.
929
- * premium customizable features.
930
-
931
- = 3.3 =
932
- * Google Authenticator - Two Factor Authentication ( 2FA ): Fix the issue of session for some versions of php.
933
-
934
- = 3.2 =
935
- * Google Authenticator - Two Factor Authentication ( 2FA ): Fix for device-id compatibility.
936
-
937
- = 3.1 =
938
- * Google Authenticator - Two Factor Authentication ( 2 Factor ): Fix for 2FA ShortCode.
939
-
940
- = 3.0 =
941
- * Google Authenticator - Two Factor Authentication ( 2FA ): Features added
942
- * Google Authenticator.
943
- * Device Id (Remember device).
944
- * Choice given to admin to enable specific authentication methods for users.
945
- * Two Factor support for WooCommerce theme.
946
- * Short Code for various customized fronted login.
947
- * More intuitive UI and descriptive instructions.
948
-
949
- = 2.6 =
950
- * Google Authenticator - Two Factor Authentication ( 2FA ): Fix the compatibility issues of user session with other security plugins.
951
-
952
- = 2.5 =
953
- * Google Authenticator - Two Factor Authentication ( 2FA ): Fix the compatibility issues with All In One WP Security & Firewall plugin.
954
-
955
- = 2.4 =
956
- * Google Authenticator - Two Factor Authentication ( 2FA ): UI fixes for admin media library dashboard.
957
-
958
- = 2.3 =
959
- * Google Authenticator - Two Factor Authentication ( 2FA ): More descriptive setup messages, more intuitive UI.
960
-
961
- = 2.2 =
962
- * Google Authenticator - Two Factor Authentication ( 2FA ): Fixed css issues for existing users
963
-
964
- = 2.1 =
965
- * Google Authenticator - Two Factor Authentication ( 2FA ): Added support for multiple Two Factor Choices like OTP Over SMS, Phone Call Verification, Push Notification, Soft Token (like Google Authenticator Code), Email Verification, etc.
966
-
967
- = 2.0 =
968
- * Google Authenticator - Two Factor Authentication ( 2FA ): Added login with password plus second factor feature.
969
-
970
- = 1.8 =
971
- * Google Authenticator - Two Factor Authentication ( 2FA ): Added feature of different login form choice,test authentication and help for configuration and setup.
972
-
973
- = 1.7 =
974
- * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): Modifying login screen adaptable to user's login form
975
-
976
- = 1.6 =
977
- * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): fetching 2 factor configuration when activating the plugin after deactivating it.
978
-
979
- = 1.5 =
980
- * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): Login issues and password save issues resolved
981
-
982
- = 1.4 =
983
- * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): Authentication was not working on some version of php.
984
-
985
- = 1.3 =
986
- * Google Authenticator - Two Factor Authentication Bug Fixes
987
-
988
- = 1.2 =
989
- * Google Authenticator - Two Factor Authentication ( 2FA ): Added 2 factor for all users along with forgot phone functionality.
990
-
991
- = 1.1 =
992
- * Google Authenticator - Two Factor Authentication ( 2FA ): Added email ID verification during registration.
993
-
994
- = 1.0.0 =
 
 
 
 
995
  * First version of Google Authenticator - Two Factor Authentication ( 2FA ) plugin supported with mobile authentication for admins only.
1
+ === miniOrange's Google Authenticator - WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless login ===
2
+
3
+ Contributors: twofactor, twofactorauthentication, hsn97,cyberlord92
4
+ Tags: google authenticator,two factor,two factor authentication, OTP Authentication, 2FA , wp 2fa, 2-factor authentication, multi factor authentication , MFA ,two step verification, TFA, mobile verification, MFA, Remember Device, OTP Over Telegram, Mobile Authentication, 2 step authentication, passwordless login, QR Code Authentication, email verification, KBA, Security Questions, login with SMS, Authy, Authy two factor , FIDO, FIDO2, Webauthn, multi factor, wordfence, IP Blocking, IP Whitelisting, SMS login, OTP Over SMS and Email, login without password, Mobile verification, password free authentication, session restriction.
5
+ Donate link: https://miniorange.com/
6
+ Requires at least: 3.0.1
7
+ Tested up to: 6.0
8
+ Requires PHP: 5.3.0
9
+ Stable tag: 5.5.75
10
+ License: GPLv2 or later
11
+ License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
+
13
+ Google Authenticator-multi Factor(WP 2FA / OTP) - Supports TOTP/OTP Login based methods like Duo/Google Authenticator along with OTP Over SMS/Email & more.
14
+
15
+ == Description ==
16
+
17
+ **Google Authenticator - Two Factor (WP 2FA / OTP)** - Provides *secure login* to WordPress. This plugin can be configured for any **TOTP-based/OTP Login** methods like Duo/Microsoft/Google Authenticator. It supports OTP login based 2fa methods.
18
+
19
+ You can check out following video to configure google authenticator as a two factor:
20
+
21
+ [youtube https://youtu.be/_nkMCkxLcIs]
22
+
23
+ = Trial for Google authenticator Premium and Enterprise plugin =
24
+ We do provide 7 days trial of our Google Authenticator Premium plugins. You can test all Premium features including 2fa methods/OTP authentication methods such as google authenticator, OTP Over SMS/Email.
25
+
26
+ = [Google Authenticator - Two step verification/ 2 Factor Authentication/ WP 2FA] FREE Plugin Features =
27
+ * Simplified & easy user interface to set up **Google Authenticator** and other Two-Factor Authentication ( WP 2FA/TFA/OTP ) methods.
28
+ * **3 Users** forever FREE!
29
+ * QR Code authentication, Push Notification, Soft Token and Security Questions(KBA) are supported in the plugin for multi factor authentication(WP 2FA/TFA).
30
+ * Includes Language Translation Support
31
+ * **[User Profile 2fa](https://plugins.miniorange.com/how-to-set-up-2-factor-from-wordpress-user-profile-section):** Administrators can set up Two Factor (TFA)of users via WordPress users section
32
+ * **Multi Factor Authentication(MFA):** This feature can be used to invoke any two factor method on login among multiple methods which were configured. You can configure multiple TOTP/OTP Login based 2fa methods that can be used as a **backup 2fa method**
33
+ * **Two-Factor Authentication** ( TFA/2FA ) for Ajax login forms like User Pro, login with ajax, Theme my login, etc with all authentication methods.
34
+ * **Passwordless login** and login with phone number
35
+ * **[Prevent account sharing](https://security.miniorange.com/restricting-users-from-sharing-their-login-credentials/):** Google Authenticator(WP 2FA) is OTP login based method which restricts users from sharing WordPress login credentials which help to secure WordPress Websites. The Google authenticator plugin also adds a session control feature that limits user sessions based on WordPress User activities.
36
+ * This plugin Supports standard TOTP
37
+ * Two-Factor Authentication (WP 2FA/TFA) allows authentication on the login page itself for Google Authenticator & miniOrange Soft Token
38
+ * **[Multiple Login Options](https://docs.miniorange.com/documentation/login-username-2nd-factor-2):** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login /Login without password /Password free authentication
39
+ * Recovery codes in case you are locked out for all Two-Factor Authentication (WP 2FA/TFA)
40
+ * **Mobile verification - two step verification** (WP 2FA/TFA) using a user's mobile phone with authentication method like google authenticator, QR code authentication, etc.
41
+
42
+ = Additional Features other than the basic Google Authenticator two-factor authentication =
43
+
44
+ * Complete Web Security suite to protect wordpress from any attacks
45
+ * Web Application Firewall (WAF): Wordpress Firewall to protect your site
46
+ * OWASP TOP 10 Protection
47
+ * Login Protection: Spam and Login Protection
48
+ * Malware scanner: Detects any virus, malware and trojan
49
+ * Backup: Taking Encrypted Backup with local storage and cloud storage
50
+ * Limit Login Attempts to stop password guessing
51
+ * Realtime Global IP Blocking
52
+ * Limit Rate of Request: Protecting resources from any security hole exploit
53
+ * Crawler Detection and blocking
54
+ * Blocking IP and Attacks
55
+ * Country Blocking and Browser Blocking
56
+ * Brute Force Attacks prevention to stop password hack
57
+ * Captcha for Bot Detection
58
+ * Google Recaptcha
59
+ * Login Form Protection
60
+ * Registration Form Protection
61
+ * Integration with different plugin - WooCommerce, Buddypress, Ultimate Member and others
62
+ * Reporting
63
+ * Audit Log
64
+
65
+ = Apps Supported by the two-factor authentication (2FA / MFA) plugin =
66
+ * Google Authenticator
67
+ * miniOrange Authenticator
68
+ * Duo Authenticator
69
+ * Microsoft Authenticator
70
+ * Authy 2 Factor Authenticator
71
+ * LastPass Authenticator
72
+ * FreeOTP Authenticator
73
+
74
+ = User Identity Verification or multi-factor authentication with Google Authenticator =
75
+ **Login and Registration:** Verify users on login with different OTP Login methods & other two factor methods like OTP over SMS, OTP Over Email, OTP Over Telegram, Google Authenticator, SMS Verification, Email, Authy Authenticator, Duo Authenticator, Microsoft Authenticator, TOTP Based Authenticator, Security Questions, and many others.
76
+ Users will receive an OTP at the time of registration which will be used to verify their identity. OTP authentication can be done either via OTP Login methods(OTP Over email or via OTP over SMS).
77
+
78
+ = Plugin Integrations and Support for all methods of two-factor authentication/two step verification ( WP 2FA/TFA/OTP Authentication ) =
79
+ Our plugin is integrated with [popular Plugins](https://plugins.miniorange.com/2-factor-authentication-for-wordpress-wp-2fa#integrations) such as WooCommerce and Ultimate member.
80
+
81
+ = Third Party Custom SMS Gateway for OTP Over SMS ( OTP Login/two-factor authentication / 2FA ) =
82
+ The premium plugin supports any third-party **custom SMS Gateway**. If you don't have your SMS gateway you can use miniOrange gateway and send SMS(OTP over SMS) all over the world for OTP authentication.
83
+ [Here](https://plugins.miniorange.com/supported-sms-email-gateways) are some famous gateways supported for two factor (WP 2FA/TFA/OTP).
84
+ [Test your Gateway](https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/admin/customer/smsconfig)
85
+
86
+ = Why do you need to register for Google Authenticator? =
87
+
88
+ **Google authenticator** uses miniOrange APIs to communicate between your WP and miniOrange. To keep this communication secure, we ask you to register and assign API keys specific to your account. This way your account and users' calls can be only accessed by API keys assigned to you.
89
+ Adding to this, you can also use the same account on multiple applications and your users do not have to maintain multiple accounts or WordPress 2FA like Google Authenticator if you are using our cloud solution. Single code generated in Google Authenticator will be enough to log in to all sites. With this, you can also achieve sync of **two-factor authentication on multiple sites**.
90
+
91
+ = Google Authenticator ( WP 2FA - two-factor authentication ) Premium Lite Plugin Features =
92
+
93
+ * Google Authenticator - Two-Factor Authentication (WP 2FA/TFA) for all users and all user roles *( Site-based pricing )*
94
+ * **Two-Factor Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, Security Questions(KBA), OTP Authentication( OTP Over Email & OTP Over SMS), Email Verification, Mobile Verification *( SMS credits need to be purchased as per the need)*
95
+ * **[Multiple Login Options](https://docs.miniorange.com/documentation/login-username-2nd-factor-2):** Username + password + two-factor (or) Username + two-factor i.e. Passwordless login /Login without password /Password free authentication. With google authenticator plugin, the 2FA plugin user is authenticated directly with the second layer of security without entering the password. You can opt between a password and 2FA or only a second factor.
96
+ * **Unlimited Email transactions:** miniOrange's google authenticator plugin provides unlimited Email transactions with your SMTP server
97
+ * **Backup Method:** KBA(Security Questions), OTP Over Email, Backup codes if you are unable to validate two step verification
98
+ * [User role based redirection after Login](https://docs.miniorange.com/documentation/custom-redirect-login-url)
99
+ * [Customize account name in Google Authenticator app](https://docs.miniorange.com/documentation/google-authenticator-app-name)
100
+ * [Custom Security Questions (KBA)](https://docs.miniorange.com/documentation/custom-security-questions)
101
+ * [Role based 2 Factor](https://docs.miniorange.com/documentation/specific-set-authentication-methods-based-role)
102
+ * [Force Two factor for users](https://docs.miniorange.com/documentation/enforce-2fa-users)
103
+ * [Email notification to users asking them to set up Two-Factor Authentication (WP 2FA/TFA)](https://docs.miniorange.com/documentation/want-send-email-notification-users-setting-2-factor)
104
+ * [Set Privacy Policy for users](https://docs.miniorange.com/documentation/privacy-policy-site)
105
+ * [Remember Device to skip 2fa](https://docs.miniorange.com/documentation/remember-my-device)
106
+ * **Customizable Login UI Popup:** Using google authenticator plugin you can customize the user interface of the login popup as per your preference.
107
+
108
+ = Google Authenticator ( WP 2FA / OTP ) Enterprise Plugin Features =
109
+
110
+ * [Google Authenticator - Two-Factor Authentication](https://plugins.miniorange.com/2-factor-authentication-for-wordpress) - 2FA for Users as per the upgrade *( User-based pricing )*
111
+ * **Available Authentication Methods:** Google Authenticator, Authy Authenticator, Microsoft Authenticator, LastPass Authenticator, QR Code, Push Notification, Soft Token, Security Questions(KBA), OTP Authentication(OTP Over Email, OTP Over SMS or OTP Over SMS and Email), Email Verification, Hardware Token. *( SMS and Email credits need to be purchased for successful OTP authentication as per the need)*
112
+ * **Multiple Login Options:** Username + password + two-factor Authentication (or) Username + two-factor authentication(2FA) i.e. Passwordless login /Login without password /Password free authentication.
113
+ * **Backup Methods:** KBA(Security Questions), OTP Over Email, Backup Codes
114
+ * **[Sync 2fa for multiple websites](https://plugins.miniorange.com/two-factor-authentication-2fa-for-multiple-wordpress-websites)**
115
+ * **Multisite compatible** for all WordPress 2FA methods.
116
+ * Email notification to users asking them to set up Google Authenticator - Two-Factor Authentication (WP 2FA/TFA).
117
+ * User **role based redirection** after Login, Custom Security Questions (KBA), Customize account name in Google Authenticator app.
118
+ * Enable Two-Factor Authentication (WP 2FA/OTP) for specific Users/User Roles
119
+ * Choose specific two-factor authentication methods for Users
120
+ * **Add-Ons Included:** RBA & Trusted Devices Management Add-on, Personalization Add-on and Short Codes Add-on
121
+ * **Brute force attack prevention, IP Blocking & User login Monitoring**
122
+ * File protection & strong password
123
+ * Monitoring current Google Authenticator and other two-factor authentication (2 Factor) method of all the users in the plugin
124
+ * Session restriction
125
+
126
+ = Add Ons for two-factor authentication ( WP 2FA / OTP ) =
127
+
128
+ * RBA & Trusted Devices Management Add-on Features for two-factor authentication ( WP 2FA/OTP Login )
129
+ * **Remember Device** to skip the two-factor authentication ( 2 Factor ) from the **trusted devices**.
130
+ * Set **Device Limit** for the users to login
131
+
132
+ * Personalization Add-on Features to customize your two-factor authentication/OTP Authentication pages
133
+ * Custom UI of Two-Factor Authentication (WP 2FA/TFA) pop-ups
134
+ * Custom Email and SMS Templates
135
+ * Customize 'Powered by' Logo on wp 2fa authentication page
136
+ * Customize Plugin Icon
137
+ * Customize Plugin Name
138
+
139
+ * Short Codes Add-on Features for two-factor authentication ( 2FA / MFA )
140
+ * Turn on/off 2 factor (two-factor authentication) by user
141
+ * Reconfigure 2fa methods
142
+ * 'Enable Remember Device' from a custom login form to skip 2 factor for trusted devices.
143
+ * On-Demand ShortCodes for specific functionalities ( like for enabling WordPress 2FA (Two-Factor authentication) for specific pages)
144
+
145
+ * [Device restriction with webauthn/ FIDO2](https://plugins.miniorange.com/passwordless-login-with-web-authentication-wordpress)
146
+ Password free authentication is possible with WebAuthn.
147
+
148
+ Check all the features other than two-factor authentication ( Two step verification/OTP authentication ) here: [miniOrange Website](https://security.miniorange.com/)
149
+
150
+ <h4>Useful blog posts about two-factor authentication ( 2FA / MFA ) plugin </h4>
151
+ * [Beginner’s Guide: How to Add Two-Factor Authentication to WordPress](https://themeisle.com/blog/how-to-add-two-factor-authentication-to-wordpress/)
152
+ * [How to Add WordPress Two-Factor Authentication (WP 2FA/TFA)](https://phppot.com/wordpress/how-to-add-wordpress-two-factor-authentication-2fa-using-google-authenticator-plugin/)
153
+ * [How to translate WordPress Two-Factor Authentication (WP 2FA/TFA)](https://plugins.miniorange.com/the-plugin-translate-spanish-language-with-2-factor-wordpress)
154
+
155
+ Customized solutions and Active support are available. Email us at info@xecurify.com or call us at +1 9786589387.
156
+
157
+ **Note: The plugin is GDPR Compliant and supports a wide variety of Language Translation**
158
+
159
+ == Installation ==
160
+
161
+ = From your WordPress dashboard =
162
+ 1. Navigate to `Plugins > Add New` from your WP Admin dashboard.
163
+ 2. Search for `miniOrange 2 Factor Authentication (2FA)`or `Google Authenticator.`
164
+ 3. Install `miniOrange 2 Factor Authentication (2FA)` and activate the plugin.
165
+
166
+ = From WordPress.org =
167
+ 1. Search for `miniOrange 2 Factor Authentication (2FA)` and download it.
168
+ 2. Unzip and upload the `miniorange-2-factor-authentication (2FA)` directory to your `/wp-content/plugins/` directory.
169
+ 3. Activate miniOrange 2 Factor Authentication (2FA) from the Plugins tab of your admin dashboard.
170
+
171
+ = Once Activated [Google Authenticator - Two Step Verification]=
172
+ 1. Select miniOrange 2-Factor ( 2 factor authentication ) from the left menu and follow the instructions.
173
+ 2. Configure any 2 factor method, say Google Authenticator.
174
+ 2. Once, you complete your setup. Click on the Log Out button.
175
+ 3. Enter the username and password. After the initial validation, you will be prompted for the 2-factor method you had set up.
176
+ 4. Validate yourself with the 2-factor authentication(WP 2FA/TFA) method you configured.
177
+
178
+ **Video Guide** :
179
+ [youtube https://youtu.be/_nkMCkxLcIs]
180
+
181
+ == Frequently Asked Questions ==
182
+
183
+ = How do I gain access to my website if I get locked out using the Google Authenticator? =
184
+
185
+ You can obtain access to your website by one of the below options:
186
+
187
+ 1. If you have an additional administrator account whose Two Factor (2FA) is not enabled yet, you can login with it.
188
+ 2. If you had set up KBA questions earlier, you can use them as an alternate method to login to your website instead of 2FA.
189
+ 3. Rename the plugin from FTP - this disables the Google Authenticator (WP 2FA/TFA) plugin and you will be able to login with your WordPress username and password.
190
+
191
+ For detailed information, Please check on our website. <a href="https://faq.miniorange.com/knowledgebase/how-to-gain-access-to-my-website-if-i-get-locked-out/" target="_blank">Locked Out</a>.<br>
192
+ You can also check our video Tutorial:
193
+ [youtube https://www.youtube.com/watch?v=wLFKakQkpk8]
194
+
195
+ = I want to enable Google Authenticator 2 Factor authentication (2FA) as the backup method? =
196
+
197
+ You can use google authenticator as the backup method for your specific user or all users in the premium version of the two-factor authentication. [PREMIUM FEATURE]
198
+
199
+ = I have enabled Two-Factor Authentication (2FA / TFA) for all users, what happens if an end-user tries to login but has not yet registered? =
200
+
201
+ If a user has not set up Two-Factor yet, the user has to register by inline registration that will be invoked during the login.
202
+
203
+ = I want to enable only one authentication method for my users. What should I do? =
204
+
205
+ You can select the two-factor authentication methods under the Login Settings tab. The selected authentication methods will be shown to the user during inline registration for example if you select Google Authenticator it will be shown on login. [PREMIUM FEATURE]
206
+
207
+ = I have a custom/front-end login page on my site and I want the look and feel to remain the same when I add 2 factor ? =
208
+
209
+ If you have a custom login form other than wp-login.php then we will provide you the shortcode. Shortcode will work only for the customized login page created from WordPress plugins. We are not claiming that it will work with all the customized login pages. In such a case, custom work is needed to integrate two factor with your customized login page. You can submit a query in our <b>Support Section</b> in the plugin or you can contact us at info@xecurify.com for more details.
210
+
211
+ = I have installed plugins that limit the login attempts like Limit Login Attempt, Loginizer, Wordfence, etc. Are there any incompatibilities with these kinds of plugins? =
212
+
213
+ The limit login attempt kind of plugins limit the number of login attempts and block the IP temporarily. So if you are using 2 factor(WP 2fa/TFA) along with these kinds of plugins then you should increase the login attempts (minimum 5) so that you don't get locked out yourself.
214
+
215
+ = If you are using any Security Plugin in WordPress like Simple Security Firewall, All in One WP Security Plugin and you are not able to login with Two-Factor. =
216
+
217
+ Our Two-Factor plugin is compatible with most of the security plugins, but if it is not working for you. Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.
218
+
219
+ = If you are using any render-blocking javascript and CSS plugin like Async JS and CSS Plugin and you are not able to login with Two-Factor or your screen got blank. =
220
+
221
+ If you are using Async JS and CSS Plugin. Please go to its settings and add jquery to the list of exceptions and save settings. It will work. If you are still not able to get it right, Please submit a query in our Support Section in the plugin or you can contact us at info@xecurify.com.
222
+
223
+ = My phone has no internet connectivity and I am entering the one time passcode from miniOrange Authenticator App during OTP login, it says Invalid OTP?
224
+
225
+ Click on the <b>Settings Icon</b> on top right corner in <b>miniOrange Authenticator App</b> and then press <b>Sync button</b> under 'Time correction for codes' to sync your time with miniOrange Servers. If you still can't logged in then please email us at info@xecurify.com or <a href="https://miniorange.com/contact" target="_blank">Contact us</a>.Soft Token method is just like google authenticator method.
226
+
227
+ = I am upgrading my phone. =
228
+
229
+ You should go to <b>Setup Two Factor (2FA) </b> Tab and click on <b>Reconfigure</b> to reconfigure 2-Factor with your new phone.
230
+
231
+ == Screenshots ==
232
+
233
+ 1. Google Authenticator (WP 2FA/OTP) - Setup different 2 Factor methods
234
+ 2. Google Authenticator (WP 2FA/OTP) - Test 2 factor configured
235
+ 3. Google Authenticator (WP 2FA/OTP) - 2 Factor Authentication (2FA) methods available
236
+ 4. Google Authenticator (WP 2FA/OTP) - Google Authenticator login
237
+ 5. Google Authenticator (WP 2FA/OTP) - QR code 2 Factor (2FA) login
238
+ 6. Google Authenticator (WP 2FA/OTP) - miniOrange Authenticator login
239
+ 7. Google Authenticator (WP 2FA/OTP) - Push notification login
240
+ 8. Google Authenticator (WP 2FA/OTP) - Remember device and personalization add-ons
241
+
242
+ == Changelog ==
243
+
244
+ = 5.5.75 =
245
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
246
+ * Bug Fixes and Code Improvements
247
+
248
+ = 5.5.7 =
249
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
250
+ * Bug Fixes and Code Improvements
251
+
252
+ = 5.5.6 =
253
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
254
+ * Bug Fixes
255
+
256
+ = 5.5.5 =
257
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
258
+ * Compatibility with Wordpress v6.0
259
+ * Added SMS transactions link
260
+
261
+ = 5.5.4 =
262
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
263
+ * Minor Bug fix
264
+
265
+ = 5.5.3 =
266
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
267
+ * UI fixes for non-admin users
268
+
269
+ = 5.5.2 =
270
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
271
+ * Updated Plugin UI
272
+
273
+ = 5.5.1 =
274
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
275
+ * Updated Pricing page UI
276
+
277
+ = 5.5 =
278
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
279
+ * Updated Network Security UI
280
+
281
+ For older changelog entries, please see the [additional changelog.txt file](https://plugins.svn.wordpress.org/miniorange-2-factor-authentication/trunk/changelog.txt) provided with the plugin.
282
+
283
+ == Upgrade Notice ==
284
+
285
+ = 5.5.7 =
286
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
287
+ * Bug Fixes and Code Improvements
288
+
289
+ = 5.5.1 =
290
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
291
+ * Updated Pricing page UI
292
+
293
+ = 5.5 =
294
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
295
+ * Updated Network Security UI
296
+
297
+ = 5.4.52 =
298
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
299
+ * Updated Trial Request Form
300
+
301
+ = 5.4.51 =
302
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
303
+ * Trial notification visibility issue fixed
304
+
305
+ = 5.4.50 =
306
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
307
+ * Bug fix - Headers already sent
308
+
309
+ = 5.4.49 =
310
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
311
+ * Trial Notification for Premium Plugins
312
+ * CSRF Fix
313
+
314
+ = 5.4.48 =
315
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
316
+ * Close button on offer banner
317
+
318
+ = 5.4.47 =
319
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
320
+ * Christmas offer
321
+
322
+ = 5.4.46 =
323
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
324
+ * Black friday offer
325
+ * Get email notification on the plugin's new release
326
+
327
+ = 5.4.45 =
328
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
329
+ * Added login with the any configured methods
330
+ * Minor bug fix
331
+
332
+ = 5.4.44 =
333
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
334
+ * Added link to WordPress forum in support form
335
+ * Minor bug fix
336
+
337
+ = 5.4.43 =
338
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
339
+ * Special offer - Special discount for limited time
340
+
341
+ = 5.4.42 =
342
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
343
+ * Backup Code as a cloud service
344
+
345
+ = 5.4.41 =
346
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
347
+ * Minor UI Changes and Bug Fixes
348
+
349
+ = 5.4.40 =
350
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
351
+ * XSS Vulnerability fix
352
+ * Added video link for miniOrange Authenticator
353
+
354
+ = 5.4.39 =
355
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
356
+ * Added 2FA setup using user profile option
357
+ * Support Form UI
358
+ * 2FA Form support for login with ajax, Elementor Pro, UserPro login forms
359
+ * Minor bug fixes
360
+
361
+ = 5.4.38 =
362
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
363
+ * Added 2FA setup using user profile option
364
+ * Setup Wizard for configuring 2FA
365
+ * 2FA Form support for login with ajax, Elementor Pro, UserPro login forms
366
+ * Minor bug fixes
367
+
368
+ = 5.4.37 =
369
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
370
+ * Minor bug fixes
371
+
372
+ = 5.4.36 =
373
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
374
+ * Remove extra comma
375
+
376
+ = 5.4.35 =
377
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
378
+ * Minor bug fixes
379
+
380
+ = 5.4.34 =
381
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
382
+ * New User Interface for easy setup
383
+ * Added developers logs
384
+ * Minor fixes
385
+
386
+ = 5.4.33 =
387
+ * Google Authenticator – Two Factor Authentication (2FA, TFA) :
388
+ * New pricing page for two factor authentication
389
+ * Added Duo Authenticator push notification method.
390
+ * WooCommerce redirect issue fix.
391
+
392
+ = 5.4.32 =
393
+ * Google Authenticator Two Factor Authentication (2FA, TFA) :
394
+ * Replaced sessions with transient.
395
+
396
+ = 5.4.31 =
397
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
398
+ * OTP over Email as two factor fix
399
+ * Low Email transaction alert fix
400
+
401
+ = 5.4.30 =
402
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
403
+ * Feedback changes
404
+
405
+ = 5.4.29 =
406
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
407
+ * Session independent Google Authenticator
408
+ * Session independent KBA
409
+ * Feedback improvement for two factor authentication plugin
410
+
411
+ = 5.4.28 =
412
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
413
+ * New year sale update
414
+
415
+ = 5.4.27 =
416
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
417
+ * New year sale
418
+ * WordPress 5.6 compatibility fix
419
+ * WAF fixes
420
+ * Real time IP blocking
421
+ * IP based user login
422
+ * New feature release notification
423
+
424
+ = 5.4.26 =
425
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
426
+ * Christmas Offer
427
+
428
+ = 5.4.25 =
429
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
430
+ * OTP over Telegram Fixes
431
+
432
+ = 5.4.24 =
433
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
434
+ * OTP over Whatsapp
435
+ * OTP over Telegram
436
+ * Feedback form changes
437
+
438
+ = 5.4.23 =
439
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
440
+ * Call support with technical team
441
+ * Email and SMS transaction sync
442
+ * Feedback form on network deactivate
443
+ * Enable/Disable 2FA fix
444
+ * 2FA added for super admin role
445
+
446
+ = 5.4.22 =
447
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
448
+ * Backup Codes
449
+ * Sanitization and JS improvements
450
+ * SMS and Email Sync
451
+ * Whatsapp based Two factor in Premium plugin
452
+ * Telegram based Two factor in Premium plugin
453
+
454
+ = 5.4.21 =
455
+ * Google Authenticator - Two Factor Authentication (2FA, SMS) :
456
+ * Sanitization of some input values.
457
+
458
+ = 5.4.20 =
459
+ * Google Authenticator - Two Factor Authentication (2FA, SMS) :
460
+ * Google Authenticator Qr code fix.
461
+ * My theme login Login fix.
462
+
463
+ = 5.4.19 =
464
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) : Google Authenticator cloud fix.
465
+
466
+ = 5.4.18 =
467
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
468
+ * Added missing file
469
+
470
+ = 5.4.17 =
471
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
472
+ *Digimember Form Support
473
+ *Memberpress Form Support
474
+ *SMS Verification Support
475
+ *OTP Verification on WooCommerce Registration
476
+
477
+ = 5.4.16 =
478
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) : Quick form fix.
479
+
480
+ = 5.4.15 =
481
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) :
482
+ * Theme My Login plugin Support
483
+ * Ultimate Member Registration Support
484
+ * WooCommerce Registration Support
485
+ * Ultimate Member Redirect
486
+ * Restrict Content Pro Login and Registration
487
+
488
+ = 5.4.14 =
489
+ * Google Authenticator - Two Factor Authentication (2FA, MFA) : Performance improvement with fixes in Security Questions. And User Email verification and Phone Verification issues resolved.
490
+
491
+ = 5.4.13 =
492
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) : Support Form Improvement.
493
+
494
+ = 5.4.11 =
495
+ * Google Authenticator - Two Factor Authentication (2FA, MFA) : Feedback Issue fix.
496
+
497
+ = 5.4.9 =
498
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) : User Experience, new support form and Security disabled by default. Added New Methods for users to choose.
499
+
500
+ = 5.4.8 =
501
+ * Google Authenticator - Two Factor Authentication (2FA, OTP Verification) : Learning Management System support, Microsoft Authenticator and Duo Authenticator support and restrict account sharing add-on.
502
+
503
+ = 5.4.7 =
504
+ * Google Authenticator - Two Factor Authentication (2FA, SMS Verification) : Fixing warnings and adding minor changes in the plans.
505
+
506
+ = 5.4.6 =
507
+ * Google Authenticator - Two Factor Authentication (2FA) : Improving Google Authenticator and adding Payment options.
508
+
509
+ = 5.4.5 =
510
+ * Google Authenticator - Two Factor Authentication (2FA, OTP) : Security and MFA UI updates.
511
+
512
+ = 5.4.4 =
513
+ * Google Authenticator - Two Factor Authentication (2FA, TFA) : Two Factor : WooCommerce login page integration.
514
+
515
+ = 5.4.3 =
516
+ * Google Authenticator - Two Factor Authentication (2FA, MFA) : Session issue fix for customers using Two Factor.
517
+
518
+ = 5.4.2 =
519
+ * Google Authenticator - Two Factor Authentication (2FA, MFA) : Warning for cloud customer moving to on-premise Two factor
520
+
521
+ = 5.4.1 =
522
+ * Google Authenticator - Two Factor Authentication (2FA) : Headers sent issue is security firewall.
523
+
524
+ = 5.4.0 =
525
+ * Google Authenticator - Two Factor Authentication (2FA) : Two Factor FAQ Fix and OTP code convenience.
526
+
527
+ = 5.3.26 =
528
+ * Google Authenticator - Two Factor Authentication (2FA) : Two Factor On-premise FAQ update.
529
+
530
+ = 5.3.25 =
531
+ * Google Authenticator - Two Factor Authentication (2FA) : Two Factor On-premise support form.
532
+
533
+ = 5.3.24 =
534
+ * Google Authenticator - Two Factor Authentication (2FA) : On-premise two factor released with multiple user support for some authentication methods.
535
+
536
+ = 5.3.23 =
537
+ * Google Authenticator - Two Factor Authentication (2FA) : Scanner : Timing and caching issue fix.
538
+ * Disable 2fa on WooCommerce login.
539
+ * Login with Username only fix.
540
+
541
+ = 5.3.22 =
542
+ * Google Authenticator - Two Factor Authentication (2FA) : Antivirus : Fixing Cache issues and adding nonce.
543
+
544
+ = 5.3.21 =
545
+ * Google Authenticator - Two Factor Authentication (2FA) : Two Factor : Choice between Two factor and Security.
546
+
547
+ = 5.3.20 =
548
+ * Google Authenticator - Two Factor Authentication (2FA) : Anti Malware : Fixing issue faced by users during scan.
549
+
550
+ = 5.3.19 =
551
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : Giving users choice of two factor.
552
+
553
+ = 5.3.18 =
554
+ * Google Authenticator - Two Factor Authentication (2FA) : Antivirus and Firewall : Fix Scan.
555
+
556
+ = 5.3.17 =
557
+ * Google Authenticator - Two Factor Authentication (2FA) : Anti-Virus : Improved Stop Scan.
558
+
559
+ = 5.3.16 =
560
+ * Google Authenticator - Two Factor Authentication (2FA) : Anti-Virus : Stop Scan.
561
+
562
+ = 5.3.15 =
563
+ * Google Authenticator - Two Factor Authentication (2FA) : Anti-Malware : schedule scan.
564
+
565
+ = 5.3.14 =
566
+ * Google Authenticator - Two Factor Authentication (2FA) : Anti-Malware : Adding more signatures.
567
+
568
+ = 5.3.13 =
569
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : fix UI Issue and improving 2fa.
570
+
571
+ = 5.3.12 =
572
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : backup table fix.
573
+
574
+ = 5.3.11 =
575
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : Limiting Firewall, Malware, backup and login security for users not needing it.
576
+
577
+ = 5.3.10 =
578
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : Moved to Old WAF version minor issues..
579
+
580
+ = 5.3.9 =
581
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : Web application Firewall Sql Injections report and monitoring.
582
+
583
+ = 5.3.8 =
584
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : Malware Scanner Fix.
585
+
586
+ = 5.3.7 =
587
+ * Google Authenticator - Two Factor Authentication (2FA) : Security : Two factor login with username fix.
588
+
589
+ = 5.3.6 =
590
+ * Google Authenticator - Two Factor Authentication (2FA) : Anti virus zip file fix.
591
+
592
+ = 5.3.5 =
593
+ * Google Authenticator - Two Factor Authentication (2FA) : Backup URL Fix and space issue in google authenticator.
594
+
595
+ = 5.3.4 =
596
+ * Google Authenticator - Two Factor Authentication (2FA) : CSS fix for Malware Scanner, Security and firewall.
597
+
598
+ = 5.3.3 =
599
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor Malware Scanner issues fix.
600
+
601
+ = 5.3.2 =
602
+ * Google Authenticator - Two Factor Authentication (2FA) : File Changes.
603
+
604
+ = 5.3.1 =
605
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fix.
606
+
607
+ = 5.3.0 =
608
+ * Google Authenticator - Two Factor Authentication (2FA) : Releasing Firewall with Two Factor.
609
+
610
+ = 5.2.6 =
611
+ * Google Authenticator - Two Factor Authentication (2FA) : Fixed conflict and filter issues.
612
+
613
+ = 5.2.5 =
614
+ * Google Authenticator - Two Factor Authentication (2FA) : Some warnings in remote posts.
615
+
616
+ = 5.2.4 =
617
+ * Google Authenticator - Two Factor Authentication (2FA) : Removed curl calls and unnecessary files.
618
+
619
+ = 5.2.3 =
620
+ * Google Authenticator - Two Factor Authentication (2FA) : Fix for some users facing issues in api calls.
621
+
622
+ = 5.2.2 =
623
+ * Google Authenticator - Two Factor Authentication (2FA) : Adding File Protection and Strong Password feature.
624
+ :
625
+ = 5.2.1 =
626
+ * Google Authenticator - Two Factor Authentication (2FA) : UI changes for description.
627
+
628
+ = 5.2.0 =
629
+ * Google Authenticator - Two Factor Authentication (2FA) : UI changes with more description.
630
+
631
+ = 5.1.22 =
632
+ * Google Authenticator - Two Factor Authentication (2FA) : UI Fixes.
633
+
634
+ = 5.1.21 =
635
+ * Google Authenticator - Two Factor Authentication (2FA) : Login Redirect.
636
+
637
+ = 5.1.20 =
638
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor Bug fix.
639
+
640
+ = 5.1.19 =
641
+ * Google Authenticator - Two Factor Authentication (2FA) : Adding basic Security Features Monitoring, IP blocking and login transaction report.
642
+
643
+ = 5.1.18 =
644
+ * Google Authenticator - Two Factor Authentication (2FA) : Object access error for lower PHP versions.
645
+
646
+ = 5.1.17 =
647
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor Bug fix and Documentation changes.
648
+
649
+ = 5.1.16 =
650
+ * Google Authenticator - Two Factor Authentication (2FA) : Login redirect fix.
651
+
652
+ = 5.1.15 =
653
+ * Google Authenticator - Two Factor Authentication (2FA) : UI Fixes.
654
+
655
+ = 5.1.14 =
656
+ * Google Authenticator - Two Factor Authentication (2FA) : Database Error Fix and Custom Redirect.
657
+
658
+ = 5.1.12 =
659
+ * Google Authenticator - Two Factor Authentication (2FA) : Removing redundant code.
660
+
661
+ = 5.1.11 =
662
+ * Google Authenticator - Two Factor Authentication (2FA) : Password Pattern Fix.
663
+
664
+ = 5.1.10 =
665
+ * Google Authenticator - Two Factor Authentication (2FA) : Javascript Error fixes.
666
+
667
+ = 5.1.9 =
668
+ * Google Authenticator - Two Factor Authentication (2FA) : Added visual tour and security fixes.
669
+
670
+ = 5.1.8 =
671
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for Validation.
672
+
673
+ = 5.1.7 =
674
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for DB error after Update.
675
+
676
+ = 5.1.6 =
677
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for DB error.
678
+
679
+ = 5.1.5 =
680
+ * Google Authenticator - Two Factor Authentication (2FA) : UI changes.
681
+
682
+ = 5.1.4 =
683
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fixes for redirect to login page issues.
684
+
685
+ = 5.1.3 =
686
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor bug fixes.
687
+
688
+ = 5.1.2 =
689
+ * Google Authenticator - Two Factor Authentication (2FA) : Changes in registration flow.
690
+
691
+ = 5.1.1 =
692
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor changes.
693
+
694
+ = 5.1.0 =
695
+ * Google Authenticator - Two Factor Authentication (2FA) : Added new user plans
696
+
697
+ = 5.0.17 =
698
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor Bug fix.
699
+
700
+ = 5.0.16 =
701
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fixes.
702
+
703
+ = 5.0.15 =
704
+ * Google Authenticator - Two Factor Authentication (2FA) : Added Google Authenticator option in the WP login page itself.
705
+
706
+ = 5.0.14 =
707
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug Fixes.
708
+
709
+ = 5.0.13 =
710
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix and code optimization.
711
+
712
+ = 5.0.12 =
713
+ * Google Authenticator - Two Factor Authentication (2FA) : Added GDPR Compliance.
714
+
715
+ = 5.0.11 =
716
+ * Google Authenticator - Two Factor Authentication (2FA) : Readme Update.
717
+
718
+ = 5.0.10 =
719
+ * Google Authenticator - Two Factor Authentication (2FA) : Added Proxy Setup feature.
720
+
721
+ = 5.0.9 =
722
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix for "The loopback request to your site failed." error.
723
+
724
+ = 5.0.8 =
725
+ * Google Authenticator - Two Factor Authentication (2FA) : Changes for 2FA Free plugin for 1 user forever.
726
+
727
+ = 5.0.7 =
728
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix for User Registration and other plugin conflicts in Dashboard.
729
+
730
+ = 5.0.6 =
731
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug Fix for existing customers who upgraded from 4.5.x version to versions between 5.0.0 and 5.0.4 and are facing issues with the Account Setup Tab.
732
+
733
+ = 5.0.5 =
734
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fix for user entry during plugin update.
735
+
736
+ = 5.0.4 =
737
+ * Google Authenticator - Two Factor Authentication (2FA) : Workaround for errors during sending of OTP during registration.
738
+
739
+ = 5.0.3 =
740
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor fix for removing warings.
741
+
742
+ = 5.0.2 =
743
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fix.
744
+
745
+ = 5.0.1 =
746
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fix.
747
+
748
+ = 5.0.0 =
749
+ * Google Authenticator - Two Factor Authentication (2FA) : New UI Interface, 2-factor authentication for Unlimited Users.
750
+ * This is a major release.
751
+
752
+ = 4.6.2 =
753
+ * Google Authenticator - Two Factor Authentication (2FA) : Plugin registration fixes and minor warning fixes.
754
+
755
+ = 4.6.1 =
756
+ * Google Authenticator - Two Factor Authentication (2FA) : Login error fix. Please skip version 4.5.9 and update to version 4.6.1
757
+
758
+ = 4.5.9 =
759
+ * Google Authenticator - Two Factor Authentication (2FA) : Bug fixes for customers who were getting redirected to the login page after the two factor authentication.
760
+
761
+ = 4.5.8 =
762
+ * Google Authenticator - Two Factor Authentication (2FA) : Tested up to 4.9.4 and Removed External links.
763
+
764
+ = 4.5.7 =
765
+ * Google Authenticator - Two Factor Authentication (2FA) : Minor bug fixes.
766
+
767
+ = 4.5.6 =
768
+ * Google Authenticator - Two Factor Authentication (2FA) : Tested up to Wordpress 4.9.
769
+
770
+ = 4.5.5 =
771
+ * Google Authenticator - Two Factor Authentication (2FA) : 404 bug fixes.
772
+
773
+ = 4.5.4 =
774
+ * Google Authenticator - Two Factor Authentication (2FA) : Better UI of Login Pages, Fixed Redirection issue. Fixed the error in the last version (4.5.3) for the customers who were getting undefined action errors.
775
+
776
+ = 4.5.3 =
777
+ * Google Authenticator - Two Factor Authentication (2FA) : Changed UI of the Login Pages, Redirect to Login Page bug fixes.
778
+
779
+ = 4.5.2 =
780
+ * Google Authenticator - Two Factor Authentication (2FA) : Readme Update: Description Update
781
+
782
+ = 4.5.1 =
783
+ * Google Authenticator - Two Factor Authentication (2FA) : Updated the new Google Authenticator App's link and the 'How to Setup Tab' tab.
784
+
785
+ = 4.5.0 =
786
+ * Google Authenticator - Two Factor Authentication (2FA) : Fix Google Authenticator configuration issue.
787
+
788
+ = 4.4.9 =
789
+ * Google Authenticator - Two Factor Authentication (2FA) : Added Alert Message for SMS Transactions only when authentication method is OTP over SMS.
790
+
791
+ = 4.4.8 =
792
+ * Google Authenticator - Two Factor Authentication (2FA) : Added Alert Message for SMS Transactions. Fixed Remember Device flow and confliction with themes. Added support for multiple instances of wordpress.
793
+
794
+ = 4.4.7 =
795
+ * Google Authenticator - Two Factor Authentication (2FA) : Updated the error message for 2 factor configuration.
796
+
797
+ = 4.4.6 =
798
+ * Google Authenticator - Two Factor Authentication (2FA) : Instructions for login in case user get locked out.
799
+
800
+ = 4.4.5 =
801
+ * Google Authenticator - Two Factor Authentication (2FA) : Fixed the issue of session variable on the login with username page.
802
+
803
+ = 4.4.4 =
804
+ * Google Authenticator - Two Factor Authentication (2FA) : Added alert messages for OTP over SMS usages.
805
+
806
+ = 4.4.3 =
807
+ * Google Authenticator - Two Factor Authentication (2FA) : Fixed the login flow for third party Apps that supports XML-RPC.
808
+
809
+ = 4.4 =
810
+ * Google Authenticator - Two Factor Authentication (2FA):
811
+ * Note: This is a very important update having altogether a new UI and compatibility with Limit Login Attempts. After updating, please do not logout from your admin dashboard. Try to login from another browser and if you face any issue , please contact us at info@xecurify.com
812
+ * Compatibility with Limit Login Attempts.
813
+ * New User Interface for login.
814
+
815
+ = 4.3.2 =
816
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Revised licensing cost for users.
817
+
818
+ = 4.3.1 =
819
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Compatible upto 4.7
820
+
821
+ = 4.3.0 =
822
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Updated miniOrange APIs.
823
+
824
+ = 4.2.9 =
825
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Tested up to WordPress 4.6.
826
+
827
+ = 4.2.7 =
828
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Session Warning fix in the last version for some of the users.
829
+
830
+ = 4.2.6 =
831
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Compatible with wordpress caching.
832
+
833
+ = 4.2.5 =
834
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Improved the session handler.
835
+
836
+ = 4.2.4 =
837
+ * Google Authenticator - Two Factor Authentication (2FA, MFA): Updated faq for limit login attempt type of plugins.
838
+
839
+ = 4.2.3 =
840
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
841
+ * Improved Error handling during Account Creation.
842
+
843
+ = 4.2.2 =
844
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
845
+ * Registration Flow fixes
846
+
847
+ = 4.2.1 =
848
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
849
+ * Change of status during login with phone flow and tested with WP 4.5
850
+
851
+ = 4.2.0 =
852
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
853
+ * Mark as tested on Wordpress 4.5
854
+
855
+ = 4.1.8 =
856
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
857
+ * Changed the location of images used for the demo. Now being loaded from the site having SSL certificate.
858
+
859
+ = 4.1.7 =
860
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
861
+ * Improved Error Handling for Remember Device.
862
+
863
+ = 4.1.6 =
864
+ * Google Authenticator - Two Factor Authentication ( 2 Factor ):
865
+ * Licensing Plan Updated.
866
+
867
+ = 4.1.5 =
868
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
869
+ * Added Forgot Password functionality for miniOrange customer admin.
870
+ * Added warning message for the users who are using lower version of php.
871
+ * Added functionality to change the customer email.
872
+
873
+ = 4.1.4 =
874
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
875
+ * Added an option for admin to enable or disable login for XML-RPC supported applications.
876
+
877
+ = 4.1.3 =
878
+ * Google Authenticator - Two Factor Authentication ( 2FA ):
879
+ * Fixed CSS Conflict with the plugins in the admin dashboard.
880
+ * More intuitive UI for WooCommerce login.
881
+ * Tested front-end login with themes like wordpress default theme,
882
+ customize theme,zerif-lite theme,accesspress store theme,ishop theme and many more.
883
+
884
+ = 4.1.2 =
885
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Google Authenticator for Windows phone
886
+ * Fixed CSS conflict with front-end of site if WooCommerce is not enabled.
887
+
888
+ = 4.1.1 =
889
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Adding Validation in choosing Security Questions (KBA).
890
+
891
+ = 4.1.0 =
892
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Features added.
893
+ multisite support
894
+ Custom login redirection
895
+ Authy 2-Factor Authentication as separate authentication method
896
+
897
+ = 4.0.6 = Google Authenticator - Two Factor Authentication Added multisite support and custom redirection after login feature.
898
+
899
+ = 4.0.5 = Google Authenticator - Two Factor Authentication Login into third party apps which support XML-RPC.
900
+
901
+ = 4.0.4 = Google Authenticator - Two Factor Authentication Added a check of KBA configuration from mobile login.
902
+
903
+ = 4.0.3 = Google Authenticator - Two Factor Authentication Added Support for Authy 2-Factor Authentication App.
904
+
905
+ = 4.0.2 = Google Authenticator - Two Factor Authentication Added a check for selection of unique questions during KBA setup .
906
+
907
+ = 4.0.1 = Bug Fix Google Authenticator - 2 Factor
908
+
909
+ = 4.0 =
910
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Features added.
911
+ * KBA as backup method.
912
+ * mobile browser support.
913
+ * more intuitive UI for WooCommerce login.
914
+
915
+ = 3.8 =
916
+ * Google Authenticator - Two Factor Authentication ( 2 Factor ): Bug Fix for roles.
917
+
918
+ = 3.7 =
919
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Activation of two factor role wise.
920
+
921
+ = 3.6 =
922
+ * Google Authenticator - Two Factor Authentication ( 2FA ): email verification in inline registration flow for all users.
923
+ More descriptive setup messages and UI changes.
924
+
925
+ = 3.5 =
926
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Provided mobile login support.
927
+
928
+ = 3.4 =
929
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Features added
930
+ * Inline registration flow for users.
931
+ * Security Questions (KBA) as additional method
932
+ * Alternate way of user identification in customer creation.
933
+ * premium customizable features.
934
+
935
+ = 3.3 =
936
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Fix the issue of session for some versions of php.
937
+
938
+ = 3.2 =
939
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Fix for device-id compatibility.
940
+
941
+ = 3.1 =
942
+ * Google Authenticator - Two Factor Authentication ( 2 Factor ): Fix for 2FA ShortCode.
943
+
944
+ = 3.0 =
945
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Features added
946
+ * Google Authenticator.
947
+ * Device Id (Remember device).
948
+ * Choice given to admin to enable specific authentication methods for users.
949
+ * Two Factor support for WooCommerce theme.
950
+ * Short Code for various customized fronted login.
951
+ * More intuitive UI and descriptive instructions.
952
+
953
+ = 2.6 =
954
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Fix the compatibility issues of user session with other security plugins.
955
+
956
+ = 2.5 =
957
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Fix the compatibility issues with All In One WP Security & Firewall plugin.
958
+
959
+ = 2.4 =
960
+ * Google Authenticator - Two Factor Authentication ( 2FA ): UI fixes for admin media library dashboard.
961
+
962
+ = 2.3 =
963
+ * Google Authenticator - Two Factor Authentication ( 2FA ): More descriptive setup messages, more intuitive UI.
964
+
965
+ = 2.2 =
966
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Fixed css issues for existing users
967
+
968
+ = 2.1 =
969
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Added support for multiple Two Factor Choices like OTP Over SMS, Phone Call Verification, Push Notification, Soft Token (like Google Authenticator Code), Email Verification, etc.
970
+
971
+ = 2.0 =
972
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Added login with password plus second factor feature.
973
+
974
+ = 1.8 =
975
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Added feature of different login form choice,test authentication and help for configuration and setup.
976
+
977
+ = 1.7 =
978
+ * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): Modifying login screen adaptable to user's login form
979
+
980
+ = 1.6 =
981
+ * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): fetching 2 factor configuration when activating the plugin after deactivating it.
982
+
983
+ = 1.5 =
984
+ * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): Login issues and password save issues resolved
985
+
986
+ = 1.4 =
987
+ * Bug Fixes Google Authenticator - Two Factor Authentication ( 2FA ): Authentication was not working on some version of php.
988
+
989
+ = 1.3 =
990
+ * Google Authenticator - Two Factor Authentication Bug Fixes
991
+
992
+ = 1.2 =
993
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Added 2 factor for all users along with forgot phone functionality.
994
+
995
+ = 1.1 =
996
+ * Google Authenticator - Two Factor Authentication ( 2FA ): Added email ID verification during registration.
997
+
998
+ = 1.0.0 =
999
  * First version of Google Authenticator - Two Factor Authentication ( 2FA ) plugin supported with mobile authentication for admins only.
views/addons.php CHANGED
@@ -26,7 +26,7 @@
26
  <center>
27
  <div style="width: 92%;background-color: white;padding: 10px;border-top: 4px solid #2271b1">
28
  <div style="float: left;">
29
- <?php echo '<a class="button button-primary button-large" href="'.$two_fa.'">Back</a>';?>
30
  </div>
31
  <h1 style="margin-right: 8%;">AddOns</h1>
32
  </div>
@@ -237,7 +237,7 @@
237
  target="_blank" method="post">
238
  <input type="email" name="username" value="<?php echo get_option( 'mo2f_email' ); ?>"/>
239
  <input type="text" name="redirectUrl"
240
- value="<?php echo MO_HOST_NAME . '/moas/initializepayment'; ?>"/>
241
  <input type="text" name="requestOrigin" id="requestOrigin"/>
242
  </form>
243
 
26
  <center>
27
  <div style="width: 92%;background-color: white;padding: 10px;border-top: 4px solid #2271b1">
28
  <div style="float: left;">
29
+ <?php echo '<a class="button button-primary button-large" href="'.esc_url($two_fa).'">Back</a>';?>
30
  </div>
31
  <h1 style="margin-right: 8%;">AddOns</h1>
32
  </div>
237
  target="_blank" method="post">
238
  <input type="email" name="username" value="<?php echo get_option( 'mo2f_email' ); ?>"/>
239
  <input type="text" name="redirectUrl"
240
+ value="<?php echo esc_url(MO_HOST_NAME) . '/moas/initializepayment'; ?>"/>
241
  <input type="text" name="requestOrigin" id="requestOrigin"/>
242
  </form>
243
 
views/advanced-blocking.php CHANGED
@@ -14,7 +14,7 @@ include $setup_dirName;
14
 
15
  <div class="mo_wpns_divided_layout">
16
  <div class="mo_wpns_setting_layout" id="mo2f_manual_ip_blocking">
17
- <h2>Manual IP Blocking <a href='<?php echo $two_factor_premium_doc['Manual IP Blocking'];?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:30px;color:#413c69;float: right;"></span></a></h2>
18
 
19
  <h4 class="mo_wpns_setting_layout_inside">Manually block an IP address here:&emsp;&emsp;
20
  <input type="text" name="ManuallyBlockIP" id="ManuallyBlockIP" required placeholder='IP address'pattern="((^|\.)((25[0-5])|(2[0-4]\d)|(1\d\d)|([1-9]?\d))){4}" style="width: 35%; height: 41px" />&emsp;&emsp;
@@ -38,12 +38,12 @@ include $setup_dirName;
38
  global $mo2f_dirName;
39
  foreach($blockedips as $blockedip)
40
  {
41
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
42
  if(empty($blockedip->blocked_for_time))
43
  echo "<span class=redtext>Permanently</span>";
44
  else
45
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
46
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a ".$disabled." onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
47
  }
48
  ?>
49
  </tbody>
@@ -82,7 +82,7 @@ echo' </tbody>
82
 
83
 
84
  <div class="mo_wpns_setting_layout" id="mo2f_ip_lookup">
85
- <h2>IP LookUp<a href='<?php echo $two_factor_premium_doc['IP LookUp'];?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:30px;color:#413c69;float: right;"></span></a></h2>
86
  <h4 class="mo_wpns_setting_layout_inside">Enter IP address you Want to check:&emsp;&emsp;
87
  <input type="text" name="ipAddresslookup" id="ipAddresslookup" required placeholder='IP address'pattern="((^|\.)((25[0-5])|(2[0-4]\d)|(1\d\d)|([1-9]?\d))){4}" style="width: 40%; height: 41px"/>&emsp;&emsp;
88
  <input type="button" name="LookupIP" id="LookupIP" value="LookUp IP" class="button button-primary button-large" />
@@ -101,7 +101,7 @@ echo '<div id="mo2f_adv_block_div" class="tabcontent">';
101
  echo'<div class="mo_wpns_divided_layout">
102
  <div class="mo_wpns_setting_layout" id= "mo2f_ip_range_blocking">';
103
 
104
- echo' <h2>IP Address Range Blocking<a href='.$two_factor_premium_doc['IP Address Range Blocking'].' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h2>
105
  You can block range of IP addresses here ( Examples: 192.168.0.100 - 192.168.0.190 )
106
  <form name="f" method="post" action="" id="iprangeblockingform" >
107
  <input type="hidden" name="option" value="mo_wpns_block_ip_range" />
@@ -140,7 +140,7 @@ echo '
140
 
141
 
142
  <div class="mo_wpns_setting_layout" id="mo2f_browser_blocking">
143
- <h3>Browser Blocking<a href='.$two_factor_premium_doc['Browser Blocking'].' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:30px;color:#413c69;float: right;"></span></a></h3>
144
  <!-- <div class="mo_wpns_subheading">This protects your site from robots and other automated scripts.</div> -->
145
  <form id="mo_wpns_enable_user_agent_blocking" method="post" action="">
146
  <input type="hidden" name="option" value="mo_wpns_enable_user_agent_blocking">
@@ -375,7 +375,7 @@ jQuery('#LookupIP').click(function(){
375
  var ipAddress = jQuery('#ipAddresslookup').val();
376
  var nonce = '<?php echo wp_create_nonce("IPLookUPNonce");?>';
377
  jQuery("#resultsIPLookup").empty();
378
- jQuery("#resultsIPLookup").append("<img src='<?php if(isset($img_loader_url))echo $img_loader_url;?>'>");
379
  jQuery("#resultsIPLookup").slideDown(400);
380
  var data = {
381
  'action' : 'wpns_login_security',
14
 
15
  <div class="mo_wpns_divided_layout">
16
  <div class="mo_wpns_setting_layout" id="mo2f_manual_ip_blocking">
17
+ <h2>Manual IP Blocking <a href='<?php echo esc_url($two_factor_premium_doc['Manual IP Blocking']);?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:30px;color:#413c69;float: right;"></span></a></h2>
18
 
19
  <h4 class="mo_wpns_setting_layout_inside">Manually block an IP address here:&emsp;&emsp;
20
  <input type="text" name="ManuallyBlockIP" id="ManuallyBlockIP" required placeholder='IP address'pattern="((^|\.)((25[0-5])|(2[0-4]\d)|(1\d\d)|([1-9]?\d))){4}" style="width: 35%; height: 41px" />&emsp;&emsp;
38
  global $mo2f_dirName;
39
  foreach($blockedips as $blockedip)
40
  {
41
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
42
  if(empty($blockedip->blocked_for_time))
43
  echo "<span class=redtext>Permanently</span>";
44
  else
45
+ echo date("M j, Y, g:i:s a",esc_attr($blockedip->blocked_for_time));
46
+ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a ".$disabled." onclick=unblockip('".esc_attr($blockedip->id)."')>Unblock IP</a></td></tr>";
47
  }
48
  ?>
49
  </tbody>
82
 
83
 
84
  <div class="mo_wpns_setting_layout" id="mo2f_ip_lookup">
85
+ <h2>IP LookUp<a href='<?php echo esc_url($two_factor_premium_doc['IP LookUp']);?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:30px;color:#413c69;float: right;"></span></a></h2>
86
  <h4 class="mo_wpns_setting_layout_inside">Enter IP address you Want to check:&emsp;&emsp;
87
  <input type="text" name="ipAddresslookup" id="ipAddresslookup" required placeholder='IP address'pattern="((^|\.)((25[0-5])|(2[0-4]\d)|(1\d\d)|([1-9]?\d))){4}" style="width: 40%; height: 41px"/>&emsp;&emsp;
88
  <input type="button" name="LookupIP" id="LookupIP" value="LookUp IP" class="button button-primary button-large" />
101
  echo'<div class="mo_wpns_divided_layout">
102
  <div class="mo_wpns_setting_layout" id= "mo2f_ip_range_blocking">';
103
 
104
+ echo' <h2>IP Address Range Blocking<a href='.esc_url($two_factor_premium_doc['IP Address Range Blocking']).' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h2>
105
  You can block range of IP addresses here ( Examples: 192.168.0.100 - 192.168.0.190 )
106
  <form name="f" method="post" action="" id="iprangeblockingform" >
107
  <input type="hidden" name="option" value="mo_wpns_block_ip_range" />
140
 
141
 
142
  <div class="mo_wpns_setting_layout" id="mo2f_browser_blocking">
143
+ <h3>Browser Blocking<a href='.esc_url($two_factor_premium_doc['Browser Blocking']).' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:30px;color:#413c69;float: right;"></span></a></h3>
144
  <!-- <div class="mo_wpns_subheading">This protects your site from robots and other automated scripts.</div> -->
145
  <form id="mo_wpns_enable_user_agent_blocking" method="post" action="">
146
  <input type="hidden" name="option" value="mo_wpns_enable_user_agent_blocking">
375
  var ipAddress = jQuery('#ipAddresslookup').val();
376
  var nonce = '<?php echo wp_create_nonce("IPLookUPNonce");?>';
377
  jQuery("#resultsIPLookup").empty();
378
+ jQuery("#resultsIPLookup").append("<img src='<?php if(isset($img_loader_url))echo esc_url($img_loader_url);?>'>");
379
  jQuery("#resultsIPLookup").slideDown(400);
380
  var data = {
381
  'action' : 'wpns_login_security',
views/backup/backup_created_report.php CHANGED
@@ -30,13 +30,13 @@
30
  echo "<td style=text-align:center>Local</td>";
31
  echo "<td><form action='' method='POST' enctype='multipart/form-data'>
32
  <input type='hidden' value='mo_wpns_backup_download' name='option' />
33
- <input type='hidden' value=".esc_attr($file_name)."/".$id." name='file_name' />
34
  <input type='hidden' value=".esc_attr($file_path)." name='file_path' />
35
  <input type='hidden' value=".$nonce." name='download_nonce'/>
36
  <input type='submit' value='Download' name='download' class='upload btn btn-info btn-xs'>
37
  </form>
38
  </td>";
39
- echo "<td><button type='button' onclick=\"backup_delete(this, '".addslashes($file_path)."','".$file_name."',".$id.")\" name='delete' id='delete' class='btn btn-info btn-xs delete'>Delete</button></td>";
40
  echo "</tr>";
41
  } ?>
42
  <script>
30
  echo "<td style=text-align:center>Local</td>";
31
  echo "<td><form action='' method='POST' enctype='multipart/form-data'>
32
  <input type='hidden' value='mo_wpns_backup_download' name='option' />
33
+ <input type='hidden' value=".esc_attr($file_name)."/".esc_attr($id)." name='file_name' />
34
  <input type='hidden' value=".esc_attr($file_path)." name='file_path' />
35
  <input type='hidden' value=".$nonce." name='download_nonce'/>
36
  <input type='submit' value='Download' name='download' class='upload btn btn-info btn-xs'>
37
  </form>
38
  </td>";
39
+ echo "<td><button type='button' onclick=\"backup_delete(this, '".addslashes($file_path)."','".esc_attr($file_name)."',".esc_attr($id).")\" name='delete' id='delete' class='btn btn-info btn-xs delete'>Delete</button></td>";
40
  echo "</tr>";
41
  } ?>
42
  <script>
views/backup/backup_schdule.php CHANGED
@@ -12,7 +12,7 @@ add_action('admin_footer','mo_wpns_schedule_backup');
12
  <tr>
13
  <th>Scheduled file backup </th>
14
  <th>Scheduled database backup </th>
15
- <th><a href='<?php echo $two_factor_premium_doc['Scheduled database'];?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;margin-top: 0.5em;float: right;"></span></a></th>
16
  </tr>
17
  <tr><td>&nbsp;</td><td></td></tr>
18
  <tr>
@@ -36,22 +36,22 @@ add_action('admin_footer','mo_wpns_schedule_backup');
36
 
37
  <tr>
38
  <td><b>Last Backup :</b><?php
39
- if($file_backup_time !== 0) echo $file_backup_time ;
40
  ?></td>
41
  <td><b>Last Backup :</b><?php
42
- if($db_eb_backup_time !== 0) echo $db_eb_backup_time ;
43
  ?></td>
44
 
45
  </tr>
46
  <tr>
47
  <td><b>Next Backup :</b><?php
48
  if($file_schedule_status == 0){ echo 'N/A';
49
- } else{ echo $file_day.' '.$file_date.' '.$file_time ;
50
  }
51
  ?></td>
52
  <td><b>Next Backup :</b>
53
  <?php if($db_backup_status == 0){ echo 'N/A';
54
- } else{ echo $db_day.' '.$db_date.' '.$db_time ;
55
  }
56
  ?></td>
57
 
12
  <tr>
13
  <th>Scheduled file backup </th>
14
  <th>Scheduled database backup </th>
15
+ <th><a href='<?php echo esc_url($two_factor_premium_doc['Scheduled database']);?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;margin-top: 0.5em;float: right;"></span></a></th>
16
  </tr>
17
  <tr><td>&nbsp;</td><td></td></tr>
18
  <tr>
36
 
37
  <tr>
38
  <td><b>Last Backup :</b><?php
39
+ if($file_backup_time !== 0) echo esc_attr($file_backup_time) ;
40
  ?></td>
41
  <td><b>Last Backup :</b><?php
42
+ if($db_eb_backup_time !== 0) echo esc_attr($db_eb_backup_time) ;
43
  ?></td>
44
 
45
  </tr>
46
  <tr>
47
  <td><b>Next Backup :</b><?php
48
  if($file_schedule_status == 0){ echo 'N/A';
49
+ } else{ echo esc_attr($file_day).' '.esc_attr($file_date).' '.esc_attr($file_time) ;
50
  }
51
  ?></td>
52
  <td><b>Next Backup :</b>
53
  <?php if($db_backup_status == 0){ echo 'N/A';
54
+ } else{ echo esc_attr($db_day).' '.esc_attr($db_date).' '.esc_attr($db_time) ;
55
  }
56
  ?></td>
57
 
views/backup/backup_setting_view.php CHANGED
@@ -42,7 +42,7 @@ function mo_backup_config_page_submit(){
42
  $backup='';
43
  if(get_site_option('mo_file_manual_backup_wp_files')|| get_site_option('mo_file_manual_backup_plugins') || get_site_option('mo_file_manual_backup_themes') )
44
  $backup = 'files';
45
- else if(get_site_option('mo_database_backup'))
46
  $backup = 'database';
47
  if($backup =='files' && (get_site_option('mo_database_backup')))
48
  $backup = 'files and database';
@@ -58,7 +58,7 @@ function mo_backup_config_page_submit(){
58
  jQuery(document).ready(function(){
59
  jQuery('#save_backup_settings').click(function(){
60
 
61
- var message = "<?php echo $filemessage; ?>";
62
  jQuery(".file_backup_desc").empty();
63
  jQuery(".file_backup_desc").append(message);
64
  jQuery(".file_backup_desc").slideDown(400);
42
  $backup='';
43
  if(get_site_option('mo_file_manual_backup_wp_files')|| get_site_option('mo_file_manual_backup_plugins') || get_site_option('mo_file_manual_backup_themes') )
44
  $backup = 'files';
45
+ elseif(get_site_option('mo_database_backup'))
46
  $backup = 'database';
47
  if($backup =='files' && (get_site_option('mo_database_backup')))
48
  $backup = 'files and database';
58
  jQuery(document).ready(function(){
59
  jQuery('#save_backup_settings').click(function(){
60
 
61
+ var message = "<?php echo $filemessage; ?>";
62
  jQuery(".file_backup_desc").empty();
63
  jQuery(".file_backup_desc").append(message);
64
  jQuery(".file_backup_desc").slideDown(400);
views/common-elements.php CHANGED
@@ -16,14 +16,14 @@
16
  {
17
  foreach($usertranscations as $usertranscation)
18
  {
19
- echo "<tr><td>".$usertranscation->ip_address."</td><td>".$usertranscation->username."</td><td>";
20
  if($usertranscation->status==MoWpnsConstants::FAILED || $usertranscation->status==MoWpnsConstants::PAST_FAILED)
21
  echo "<span style=color:red>".esc_attr(MoWpnsConstants::FAILED)."</span>";
22
  else if($usertranscation->status==MoWpnsConstants::SUCCESS)
23
  echo "<span style=color:green>".esc_attr(MoWpnsConstants::SUCCESS)."</span>";
24
  else
25
  echo "N/A";
26
- echo "</td><td>".date("M j, Y, g:i:s a",$usertranscation->created_timestamp)."</td></tr>";
27
  }
28
  }
29
 
@@ -49,7 +49,7 @@
49
  wp_register_script( 'mo2f_recaptcha','https://www.google.com/recaptcha/api.js?render='.get_option("mo_wpns_recaptcha_site_key_v3"));
50
  wp_enqueue_script('mo2f_recaptcha');
51
  echo'
52
- <div class="g-recaptcha-response" data-sitekey="'.$site_k.'"></div>
53
  <input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response">
54
  ';?>
55
 
@@ -57,7 +57,7 @@
57
 
58
  grecaptcha.ready(function() {
59
 
60
- var sitek = "<?php echo $site_k;?>";
61
  grecaptcha.execute( sitek, {action:"homepage"}).
62
  then(function(token) {
63
  document.getElementById("g-recaptcha-response").value=token;
@@ -119,7 +119,7 @@
119
  <div style="font-family:\'Open Sans\',sans-serif;margin:0px auto;width:303px;text-align:center;">
120
  <br><br><h2>Test google reCAPTCHA keys</h2>
121
  <form id="f1" method="post">
122
- <div class="g-recaptcha-response" data-sitekey="'.$site_k.'"></div>
123
  <input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response">
124
  <br><input class="mo2f_test_captcha_button" type="submit" value="Test Keys" class="button button-primary button-large">
125
  </form>
16
  {
17
  foreach($usertranscations as $usertranscation)
18
  {
19
+ echo "<tr><td>".esc_attr($usertranscation->ip_address)."</td><td>".esc_attr($usertranscation->username)."</td><td>";
20
  if($usertranscation->status==MoWpnsConstants::FAILED || $usertranscation->status==MoWpnsConstants::PAST_FAILED)
21
  echo "<span style=color:red>".esc_attr(MoWpnsConstants::FAILED)."</span>";
22
  else if($usertranscation->status==MoWpnsConstants::SUCCESS)
23
  echo "<span style=color:green>".esc_attr(MoWpnsConstants::SUCCESS)."</span>";
24
  else
25
  echo "N/A";
26
+ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($usertranscation->created_timestamp))."</td></tr>";
27
  }
28
  }
29
 
49
  wp_register_script( 'mo2f_recaptcha','https://www.google.com/recaptcha/api.js?render='.get_option("mo_wpns_recaptcha_site_key_v3"));
50
  wp_enqueue_script('mo2f_recaptcha');
51
  echo'
52
+ <div class="g-recaptcha-response" data-sitekey="'.esc_html($site_k).'"></div>
53
  <input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response">
54
  ';?>
55
 
57
 
58
  grecaptcha.ready(function() {
59
 
60
+ var sitek = "<?php echo esc_html($site_k);?>";
61
  grecaptcha.execute( sitek, {action:"homepage"}).
62
  then(function(token) {
63
  document.getElementById("g-recaptcha-response").value=token;
119
  <div style="font-family:\'Open Sans\',sans-serif;margin:0px auto;width:303px;text-align:center;">
120
  <br><br><h2>Test google reCAPTCHA keys</h2>
121
  <form id="f1" method="post">
122
+ <div class="g-recaptcha-response" data-sitekey="'.esc_html($site_k).'"></div>
123
  <input type="hidden" name="g-recaptcha-response" id="g-recaptcha-response">
124
  <br><input class="mo2f_test_captcha_button" type="submit" value="Test Keys" class="button button-primary button-large">
125
  </form>
views/content-protection.php CHANGED
@@ -6,21 +6,21 @@
6
  echo' <h3>Content Protection</h3>
7
  <form id="mo_wpns_content_protection" method="post" action="">
8
  <input type="hidden" name="option" value="mo_wpns_content_protection">
9
- <p><input type="checkbox" name="restrictAPI" '.$restAPI.'/><b>Restrict Public Access to WP REST API to get usernames of all your users.</b><span style="color:green;font-weight:bold;">&nbsp;&nbsp;(Recommended)</span> &nbsp;&nbsp; <a href="'.$restAPI_link.'" target="_blank" style="text-decoration:none">( Test it )</a></p>
10
  <p>On this website, the REST API root is <b> '.rest_url().'</b><br>
11
- This Prevents unauthorized access of usernames of your users by blocking the following API ('.$restAPI_link.') .<br> <b>Note:</b> If you are looking for blocking more WordPress Rest APIs please check out the following plugin - <a href="'.$restApiPlugin.'" target="_blank" style="text-decoration:none">WordPress REST API Authentication</a>
12
  </p>
13
  <hr>
14
- <p><input type="checkbox" name="protect_wp_config" '.$protect_wp_config.'> <b>Protect your wp-config.php file</b> &nbsp;&nbsp;<a href="'.$wp_config.'" target="_blank" style="text-decoration:none">( Test it )</a></p>
15
  <p>Your WordPress wp-config.php file contains your information like database username and password and it\'s very important to prevent anyone to access contents of your wp-config.php file.</p>
16
  <hr>
17
- <p><input type="checkbox" name="prevent_directory_browsing" '.$protect_wp_uploads.'> <b>Prevent Directory Browsing</b> &nbsp;&nbsp; <span style="color:green;font-weight:bold;">(Recommended)</span> &nbsp;&nbsp; <a href="'.$wp_uploads.'" target="_blank" style="text-decoration:none">( Test it )</a></p>
18
  <p>Prevent access to user from browsing directory contents like images, pdf\'s and other data from URL e.g. http://website-name.com/wp-content/uploads</p>
19
  <hr>
20
- <p><input type="checkbox" name="disable_file_editing" '.$disable_file_editing.'> <b>Disable File Editing from WP Dashboard (Themes and plugins)</b> &nbsp;&nbsp;<a href="'.$plugin_editor.'" target="_blank" style="text-decoration:none">( Test it )</a></p>
21
  <p>The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution.</p>
22
  <hr>
23
- <p><input type="checkbox" name="mo2f_htaccess_file" '.$htaccess_file.'> <b>Protect your .htaccess file</b> &nbsp;&nbsp;<span style="color:green;font-weight:bold;">(Recommended)</span></p>
24
  <p>.htaccess has the ability to control your whole website. It is important to first protect this file from unauthorized users.By enabling this you can restrict access to unauthorized users.</p>
25
 
26
  <br><input type="submit" name="submit" style="width:100px;" value="Save" class="button button-primary button-large">
@@ -34,11 +34,11 @@
34
  <p>This plugins prevents comment spam without requiring you to moderate any comments.</p>
35
  <form id="mo_wpns_enable_comment_spam_blocking" method="post" action="">
36
  <input type="hidden" name="option" value="mo_wpns_enable_comment_spam_blocking">
37
- <input type="checkbox" name="mo_wpns_enable_comment_spam_blocking" '.$comment_spam_protect.' onchange="document.getElementById(\'mo_wpns_enable_comment_spam_blocking\').submit();"> Enable comments SPAM blocking by robots or automated scripts. <span style="color:green;font-weight:bold;">(Recommended)</span>
38
  </form><br>
39
  <form id="mo_wpns_enable_comment_recaptcha" method="post" action="">
40
  <input type="hidden" name="option" value="mo_wpns_enable_comment_recaptcha">
41
- <input type="checkbox" name="mo_wpns_enable_comment_recaptcha" '.$enable_recaptcha.' onchange="document.getElementById(\'mo_wpns_enable_comment_recaptcha\').submit();"> Add google reCAPTCHA verification for comments <span style="color:green;font-weight:bold;">(Recommended)</span>
42
  </form>';
43
 
44
  if($enable_recaptcha)
6
  echo' <h3>Content Protection</h3>
7
  <form id="mo_wpns_content_protection" method="post" action="">
8
  <input type="hidden" name="option" value="mo_wpns_content_protection">
9
+ <p><input type="checkbox" name="restrictAPI" '.esc_html($restAPI).'/><b>Restrict Public Access to WP REST API to get usernames of all your users.</b><span style="color:green;font-weight:bold;">&nbsp;&nbsp;(Recommended)</span> &nbsp;&nbsp; <a href="'.esc_url($restAPI_link).'" target="_blank" style="text-decoration:none">( Test it )</a></p>
10
  <p>On this website, the REST API root is <b> '.rest_url().'</b><br>
11
+ This Prevents unauthorized access of usernames of your users by blocking the following API ('.esc_url($restAPI_link).') .<br> <b>Note:</b> If you are looking for blocking more WordPress Rest APIs please check out the following plugin - <a href="'.esc_url($restApiPlugin).'" target="_blank" style="text-decoration:none">WordPress REST API Authentication</a>
12
  </p>
13
  <hr>
14
+ <p><input type="checkbox" name="protect_wp_config" '.esc_html($protect_wp_config).'> <b>Protect your wp-config.php file</b> &nbsp;&nbsp;<a href="'.esc_url($wp_config).'" target="_blank" style="text-decoration:none">( Test it )</a></p>
15
  <p>Your WordPress wp-config.php file contains your information like database username and password and it\'s very important to prevent anyone to access contents of your wp-config.php file.</p>
16
  <hr>
17
+ <p><input type="checkbox" name="prevent_directory_browsing" '.esc_html($protect_wp_uploads).'> <b>Prevent Directory Browsing</b> &nbsp;&nbsp; <span style="color:green;font-weight:bold;">(Recommended)</span> &nbsp;&nbsp; <a href="'.esc_url($wp_uploads).'" target="_blank" style="text-decoration:none">( Test it )</a></p>
18
  <p>Prevent access to user from browsing directory contents like images, pdf\'s and other data from URL e.g. http://website-name.com/wp-content/uploads</p>
19
  <hr>
20
+ <p><input type="checkbox" name="disable_file_editing" '.esc_html($disable_file_editing).'> <b>Disable File Editing from WP Dashboard (Themes and plugins)</b> &nbsp;&nbsp;<a href="'.esc_url($plugin_editor).'" target="_blank" style="text-decoration:none">( Test it )</a></p>
21
  <p>The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution.</p>
22
  <hr>
23
+ <p><input type="checkbox" name="mo2f_htaccess_file" '.esc_html($htaccess_file).'> <b>Protect your .htaccess file</b> &nbsp;&nbsp;<span style="color:green;font-weight:bold;">(Recommended)</span></p>
24
  <p>.htaccess has the ability to control your whole website. It is important to first protect this file from unauthorized users.By enabling this you can restrict access to unauthorized users.</p>
25
 
26
  <br><input type="submit" name="submit" style="width:100px;" value="Save" class="button button-primary button-large">
34
  <p>This plugins prevents comment spam without requiring you to moderate any comments.</p>
35
  <form id="mo_wpns_enable_comment_spam_blocking" method="post" action="">
36
  <input type="hidden" name="option" value="mo_wpns_enable_comment_spam_blocking">
37
+ <input type="checkbox" name="mo_wpns_enable_comment_spam_blocking" '.esc_html($comment_spam_protect).' onchange="document.getElementById(\'mo_wpns_enable_comment_spam_blocking\').submit();"> Enable comments SPAM blocking by robots or automated scripts. <span style="color:green;font-weight:bold;">(Recommended)</span>
38
  </form><br>
39
  <form id="mo_wpns_enable_comment_recaptcha" method="post" action="">
40
  <input type="hidden" name="option" value="mo_wpns_enable_comment_recaptcha">
41
+ <input type="checkbox" name="mo_wpns_enable_comment_recaptcha" '.esc_html($enable_recaptcha).' onchange="document.getElementById(\'mo_wpns_enable_comment_recaptcha\').submit();"> Add google reCAPTCHA verification for comments <span style="color:green;font-weight:bold;">(Recommended)</span>
42
  </form>';
43
 
44
  if($enable_recaptcha)
views/dashboard.php CHANGED
@@ -15,20 +15,20 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
15
 
16
  <div class="mo_wpns_dashboard_layout" >
17
  <center>
18
- <div class ="mo_wpns_inside_dashboard_layout "><p style="font-weight: bold;">Failed Login</p><p class ="wpns_font_size mo_wpns_dashboard_text" >'.$wpns_attacks_blocked.'</p>
19
  <a class="mo_wpns_button_info_tab" onclick="clear_Local_storage()" style="color:white;" href="admin.php?page=mo_2fa_reports&tab=default&view">Details</a>
20
 
21
  </div>
22
 
23
 
24
- <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">Attacks Blocked </p><p class ="wpns_font_size mo_wpns_dashboard_text">'.$totalAttacks.'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_waf">Details</a></div>
25
 
26
 
27
- <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">Blocked IPs</p><p class ="wpns_font_size mo_wpns_dashboard_text">'.$wpns_count_ips_blocked.'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_advancedblocking">Details</a></div>
28
 
29
- <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">Infected Files</p><p class ="wpns_font_size mo_wpns_dashboard_text" >'.$total_malicious.'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_malwarescan">Details</a></div>
30
 
31
- <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">White-listed IPs</p><p class ="wpns_font_size mo_wpns_dashboard_text">'.$wpns_count_ips_whitelisted.'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_advancedblocking">Details</a></div>
32
 
33
 
34
  </center>
@@ -67,7 +67,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
67
  Two Factor Authentication adds an extra security layer for verification that involve <b>google authenticator, other application based authentication, Soft Token, Push Notification, USB based Hardware token, Security Questions, One time passcodes (OTP) over SMS, OTP over Email </b> etc.
68
  </div>
69
  <br>
70
- <a class="button button-primary button-large" href="'.$two_fa.'">Settings</a>
71
 
72
 
73
  </div>
@@ -86,7 +86,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
86
  Web Application Firewall protects your website from several website attacks such as <b>SQL Injection(SQLI), Cross Site Scripting(XSS), Remote File Inclusion</b> and many more cyber attacks.It also protects your website from <b>critical attacks</b> such as <b>Dos and DDos attacks.</b><br>
87
  </div>
88
  <br><br>
89
- <a class="button button-primary button-large" href="'.$waf.'">Settings</a>
90
  </div>
91
 
92
  <div class="mo_wpns_small_layout">
@@ -106,7 +106,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
106
  We have features such as <b> Brute Force,Enforcing Strong Password,Custom Login Page URL,Recaptcha </b> etc.
107
  <br><br>
108
  </div>
109
- <a class="button button-primary button-large" href="'.$login_and_spam.'">Settings</a>
110
  </div>
111
  </div>
112
  <div style="display:flex;justify-content:center">
@@ -125,7 +125,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
125
  Creating regular backups for your website is essential. By Creating backup you can <b>restore your website back to normal</b> within a few minutes. miniOrange creates <b>database and file Backup</b> which is stored locally in your system.
126
  <br><br>
127
  </div>
128
- <a class="button button-primary button-large" href="'.$backup.'">Settings</a>
129
  </div>
130
  <div class="mo_wpns_small_layout">
131
  <form name="tab_malware" id="tab_malware" method="post">
@@ -142,7 +142,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
142
  A malware scanner / detector or virus scanner is a <b>software that detects the malware</b> into the system. It detects different kinds of malware and categories based on the <b>strength of vulnerability or harmfulness.</b>
143
  <br><br>
144
  </div>
145
- <a class="button button-primary button-large" href="'.$scan_url.'">Settings</a>
146
  </div>
147
 
148
  <div class="mo_wpns_small_layout">
@@ -160,7 +160,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
160
  In IP blocking we have features like <b> Country Blocking, IP range Blocking , Browser blocking </b> and other options you can set up specifically according to your needs
161
  <br><br><br>
162
  </div>
163
- <a class="button button-primary button-large" href="'.$advance_block.'">Settings</a>
164
  </div>
165
  </div>
166
  <div style="display:flex;justify-content:center">
@@ -174,7 +174,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
174
  <div style="text-align:justify;">
175
  Track users <b>login activity</b> on your website. You can also <b>track 404 error</b> so that if anyone tries to access it too many times you can take action.<br>
176
  </div><br>
177
- <a class="button button-primary button-large" href="'.$reports_url.'">Settings</a>
178
  </div>
179
 
180
  <div class="mo_wpns_small_layout">
@@ -187,7 +187,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
187
  <div style="text-align:justify;">
188
  Get <b>Notified realtime</b> about any <b>IP getting Blocked.</b> With that, also get informed about any <b>unusual activities</b> detected by miniOrange.<br><br>
189
  </div><br>
190
- <a class="button button-primary button-large" href="'.$notif_url.'">Settings</a>
191
 
192
  </div>
193
  </div>
15
 
16
  <div class="mo_wpns_dashboard_layout" >
17
  <center>
18
+ <div class ="mo_wpns_inside_dashboard_layout "><p style="font-weight: bold;">Failed Login</p><p class ="wpns_font_size mo_wpns_dashboard_text" >'.esc_attr($wpns_attacks_blocked).'</p>
19
  <a class="mo_wpns_button_info_tab" onclick="clear_Local_storage()" style="color:white;" href="admin.php?page=mo_2fa_reports&tab=default&view">Details</a>
20
 
21
  </div>
22
 
23
 
24
+ <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">Attacks Blocked </p><p class ="wpns_font_size mo_wpns_dashboard_text">'.esc_attr($totalAttacks).'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_waf">Details</a></div>
25
 
26
 
27
+ <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">Blocked IPs</p><p class ="wpns_font_size mo_wpns_dashboard_text">'.esc_attr($wpns_count_ips_blocked).'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_advancedblocking">Details</a></div>
28
 
29
+ <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">Infected Files</p><p class ="wpns_font_size mo_wpns_dashboard_text" >'.esc_attr($total_malicious).'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_malwarescan">Details</a></div>
30
 
31
+ <div class ="mo_wpns_inside_dashboard_layout"><p style="font-weight: bold;">White-listed IPs</p><p class ="wpns_font_size mo_wpns_dashboard_text">'.esc_attr($wpns_count_ips_whitelisted).'</p><a class="mo_wpns_button_info_tab" style="color:white;" onclick="clear_Local_storage()" href="admin.php?page=mo_2fa_advancedblocking">Details</a></div>
32
 
33
 
34
  </center>
67
  Two Factor Authentication adds an extra security layer for verification that involve <b>google authenticator, other application based authentication, Soft Token, Push Notification, USB based Hardware token, Security Questions, One time passcodes (OTP) over SMS, OTP over Email </b> etc.
68
  </div>
69
  <br>
70
+ <a class="button button-primary button-large" href="'.esc_url($two_fa).'">Settings</a>
71
 
72
 
73
  </div>
86
  Web Application Firewall protects your website from several website attacks such as <b>SQL Injection(SQLI), Cross Site Scripting(XSS), Remote File Inclusion</b> and many more cyber attacks.It also protects your website from <b>critical attacks</b> such as <b>Dos and DDos attacks.</b><br>
87
  </div>
88
  <br><br>
89
+ <a class="button button-primary button-large" href="'.esc_url($waf).'">Settings</a>
90
  </div>
91
 
92
  <div class="mo_wpns_small_layout">
106
  We have features such as <b> Brute Force,Enforcing Strong Password,Custom Login Page URL,Recaptcha </b> etc.
107
  <br><br>
108
  </div>
109
+ <a class="button button-primary button-large" href="'.esc_url($login_and_spam).'">Settings</a>
110
  </div>
111
  </div>
112
  <div style="display:flex;justify-content:center">
125
  Creating regular backups for your website is essential. By Creating backup you can <b>restore your website back to normal</b> within a few minutes. miniOrange creates <b>database and file Backup</b> which is stored locally in your system.
126
  <br><br>
127
  </div>
128
+ <a class="button button-primary button-large" href="'.esc_url($backup).'">Settings</a>
129
  </div>
130
  <div class="mo_wpns_small_layout">
131
  <form name="tab_malware" id="tab_malware" method="post">
142
  A malware scanner / detector or virus scanner is a <b>software that detects the malware</b> into the system. It detects different kinds of malware and categories based on the <b>strength of vulnerability or harmfulness.</b>
143
  <br><br>
144
  </div>
145
+ <a class="button button-primary button-large" href="'.esc_url($scan_url).'">Settings</a>
146
  </div>
147
 
148
  <div class="mo_wpns_small_layout">
160
  In IP blocking we have features like <b> Country Blocking, IP range Blocking , Browser blocking </b> and other options you can set up specifically according to your needs
161
  <br><br><br>
162
  </div>
163
+ <a class="button button-primary button-large" href="'.esc_url($advance_block).'">Settings</a>
164
  </div>
165
  </div>
166
  <div style="display:flex;justify-content:center">
174
  <div style="text-align:justify;">
175
  Track users <b>login activity</b> on your website. You can also <b>track 404 error</b> so that if anyone tries to access it too many times you can take action.<br>
176
  </div><br>
177
+ <a class="button button-primary button-large" href="'.esc_url($reports_url).'">Settings</a>
178
  </div>
179
 
180
  <div class="mo_wpns_small_layout">
187
  <div style="text-align:justify;">
188
  Get <b>Notified realtime</b> about any <b>IP getting Blocked.</b> With that, also get informed about any <b>unusual activities</b> detected by miniOrange.<br><br>
189
  </div><br>
190
+ <a class="button button-primary button-large" href="'.esc_url($notif_url).'">Settings</a>
191
 
192
  </div>
193
  </div>
views/feedback_footer.php CHANGED
@@ -3,7 +3,7 @@ global $mo2f_dirName;
3
 
4
  echo' <div class="mo_twofa_footer">
5
  <div class="mo-2fa-mail-button">
6
- <img id= "mo_wpns_support_layout_tour" src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/mo_support_icon.png" class="show_support_form" onclick="openForm()">
7
  </div>
8
  <button type="button" class="mo-2fa-help-button-text" onclick="openForm()"">24x7 Support<br>Need Help? Drop us an Email</button>
9
  </div>';
@@ -18,7 +18,7 @@ echo' <div class="mo_twofa_footer">
18
  <center>
19
  <?php
20
  echo '
21
- <img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/minirange-logo.png" style="width: 46%;">';
22
  ?>
23
  <h1 style=" font-family: 'Roboto',sans-serif !important;">Contact Information</h1>
24
  </center><br>
@@ -68,11 +68,11 @@ echo' <div class="mo_twofa_footer">
68
  echo '
69
  <table class="mo2f_new_support_form_table">
70
  <tr><td>
71
- <input type="email" class="mo2f_new_support_form_input" id="query_email" name="query_email" value="'.$email.'" placeholder="Enter your email" required />
72
  </td>
73
  </tr>
74
  <tr><td>
75
- <input type="text" class="mo2f_new_support_form_input" name="query_phone" id="query_phone" value="'.$phone.'" placeholder="Enter your Phone number"/>
76
  </td>
77
  </tr>
78
  <tr>
3
 
4
  echo' <div class="mo_twofa_footer">
5
  <div class="mo-2fa-mail-button">
6
+ <img id= "mo_wpns_support_layout_tour" src="'.esc_url(dirname(plugin_dir_url(__FILE__))).'/includes/images/mo_support_icon.png" class="show_support_form" onclick="openForm()">
7
  </div>
8
  <button type="button" class="mo-2fa-help-button-text" onclick="openForm()"">24x7 Support<br>Need Help? Drop us an Email</button>
9
  </div>';
18
  <center>
19
  <?php
20
  echo '
21
+ <img src="'.esc_url(dirname(plugin_dir_url(__FILE__))).'/includes/images/minirange-logo.png" style="width: 46%;">';
22
  ?>
23
  <h1 style=" font-family: 'Roboto',sans-serif !important;">Contact Information</h1>
24
  </center><br>
68
  echo '
69
  <table class="mo2f_new_support_form_table">
70
  <tr><td>
71
+ <input type="email" class="mo2f_new_support_form_input" id="query_email" name="query_email" value="'.esc_attr($email).'" placeholder="Enter your email" required />
72
  </td>
73
  </tr>
74
  <tr><td>
75
+ <input type="text" class="mo2f_new_support_form_input" name="query_phone" id="query_phone" value="'.esc_attr($phone).'" placeholder="Enter your Phone number"/>
76
  </td>
77
  </tr>
78
  <tr>
views/feedback_form.php CHANGED
@@ -24,25 +24,25 @@
24
 
25
  <div id="smi_rate" style="text-align:center">
26
  <input type="radio" name="rate" id="angry" value="1"/>
27
- <label for="angry"><img class="sm" src="<?php echo $imagepath . 'angry.png'; ?>" />
28
  </label>
29
 
30
  <input type="radio" name="rate" id="sad" value="2"/>
31
- <label for="sad"><img class="sm" src="<?php echo $imagepath . 'sad.png'; ?>" />
32
  </label>
33
 
34
 
35
  <input type="radio" name="rate" id="neutral" value="3"/>
36
- <label for="neutral"><img class="sm" src="<?php echo $imagepath. 'normal1.png'; ?>" />
37
  </label>
38
 
39
  <input type="radio" name="rate" id="smile" value="4"/>
40
  <label for="smile">
41
- <img class="sm" src="<?php echo $imagepath . 'smile.png'; ?>" />
42
  </label>
43
 
44
  <input type="radio" name="rate" id="happy" value="5" checked/>
45
- <label for="happy"><img class="sm" src="<?php echo $imagepath . 'happy.png'; ?>" />
46
  </label>
47
 
48
  <div id="outer" style="visibility:visible"><span id="result">Thank you for appreciating our work</span></div>
@@ -53,10 +53,10 @@
53
 
54
  <div style="display:inline-block; width:60%;">
55
  <input type="email" id="query_mail" name="query_mail" style="text-align:center; border:0px solid black; border-style:solid; background:#f0f3f7; width:20vw;border-radius: 6px;"
56
- placeholder="your email address" required value="<?php echo $email; ?>" readonly="readonly"/>
57
 
58
  <input type="radio" name="edit" id="edit" onclick="editName()" value=""/>
59
- <label for="edit"><img class="editable" src="<?php echo $imagepath . '61456.png'; ?>" />
60
  </label>
61
 
62
  </div>
24
 
25
  <div id="smi_rate" style="text-align:center">
26
  <input type="radio" name="rate" id="angry" value="1"/>
27
+ <label for="angry"><img class="sm" src="<?php echo esc_url($imagepath) . 'angry.png'; ?>" />
28
  </label>
29
 
30
  <input type="radio" name="rate" id="sad" value="2"/>
31
+ <label for="sad"><img class="sm" src="<?php echo esc_url($imagepath) . 'sad.png'; ?>" />
32
  </label>
33
 
34
 
35
  <input type="radio" name="rate" id="neutral" value="3"/>
36
+ <label for="neutral"><img class="sm" src="<?php echo esc_url($imagepath). 'normal1.png'; ?>" />
37
  </label>
38
 
39
  <input type="radio" name="rate" id="smile" value="4"/>
40
  <label for="smile">
41
+ <img class="sm" src="<?php echo esc_url($imagepath) . 'smile.png'; ?>" />
42
  </label>
43
 
44
  <input type="radio" name="rate" id="happy" value="5" checked/>
45
+ <label for="happy"><img class="sm" src="<?php echo esc_url($imagepath) . 'happy.png'; ?>" />
46
  </label>
47
 
48
  <div id="outer" style="visibility:visible"><span id="result">Thank you for appreciating our work</span></div>
53
 
54
  <div style="display:inline-block; width:60%;">
55
  <input type="email" id="query_mail" name="query_mail" style="text-align:center; border:0px solid black; border-style:solid; background:#f0f3f7; width:20vw;border-radius: 6px;"
56
+ placeholder="your email address" required value="<?php echo esc_attr($email); ?>" readonly="readonly"/>
57
 
58
  <input type="radio" name="edit" id="edit" onclick="editName()" value=""/>
59
+ <label for="edit"><img class="editable" src="<?php echo esc_url($imagepath) . '61456.png'; ?>" />
60
  </label>
61
 
62
  </div>
views/ip-blocking.php CHANGED
@@ -36,12 +36,12 @@ echo' <h2>Manual Block IP\'s</h2>
36
 
37
  foreach($blockedips as $blockedip)
38
  {
39
- echo "<tr><td>".$blockedip->ip_address."</td><td>".$blockedip->reason."</td><td>";
40
  if(empty($blockedip->blocked_for_time))
41
  echo "<span class=redtext>Permanently</span>";
42
  else
43
- echo date("M j, Y, g:i:s a",$blockedip->blocked_for_time);
44
- echo "</td><td>".date("M j, Y, g:i:s a",$blockedip->created_timestamp)."</td><td><a onclick=unblockip('".$blockedip->id."')>Unblock IP</a></td></tr>";
45
  }
46
 
47
  echo' </tbody>
36
 
37
  foreach($blockedips as $blockedip)
38
  {
39
+ echo "<tr><td>".esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
40
  if(empty($blockedip->blocked_for_time))
41
  echo "<span class=redtext>Permanently</span>";
42
  else
43
+ echo date("M j, Y, g:i:s a",esc_attr($blockedip->blocked_for_time));
44
+ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_attr($blockedip->id)."')>Unblock IP</a></td></tr>";
45
  }
46
 
47
  echo' </tbody>
views/licensing.php CHANGED
@@ -3,7 +3,7 @@
3
  echo' <div class="mo_wpns_table_layout">
4
  <table class="mo_wpns_local_pricing_table">
5
  <h2>Licensing Plans
6
- <span style="float:right"><input type="button" name="ok_btn" id="ok_btn" class="button button-primary button-large" value="OK, Got It" onclick="window.location.href=\''. $default_url .'\'" /></span>
7
  </h2><hr>
8
  <tr style="vertical-align:top;">
9
 
@@ -15,13 +15,13 @@ echo' <div class="mo_wpns_table_layout">
15
 
16
 
17
  <hr>
18
- <p class="mo_wpns_pricing_text" >'.$basic_plan_price.'<br>+ <br>
19
  <span style="font-size:12px">( Additional Discounts available for <br>multiple instances and years)</span><br></p>
20
  <p><a class="button button-primary button-large" onclick="upgradeform(\'wp_security_pro_basic_plan\')">Click here to upgrade</a></p>
21
  <hr>
22
  <p class="mo_wpns_pricing_text" >';
23
  foreach($basic_plan_features as $feature)
24
- echo $feature . '<br/><br/>';
25
  echo' <hr>
26
  </p>
27
 
@@ -35,7 +35,7 @@ echo' <hr>
35
 
36
 
37
  <hr>
38
- <p class="mo_wpns_pricing_text">'.$premium_plan_price.'<br>
39
  ( $60 per hour )<br>
40
  <span style="font-size:12px">( Additional Discounts available for <br>multiple instances and years)</span><br></p>
41
  <p><a class="button button-primary button-large" onclick="upgradeform(\'wp_security_pro_premium_plan\')">Click here to upgrade</a></p>
@@ -43,7 +43,7 @@ echo' <hr>
43
 
44
  <p class="mo_wpns_pricing_text">';
45
  foreach($premium_plan_features as $feature)
46
- echo $feature . '<br/><br/>';
47
  echo' <hr>
48
  </p>
49
 
@@ -55,10 +55,10 @@ echo' <hr>
55
 
56
  </tr>
57
  </table>
58
- <form style="display:none;" id="loginform" action="'.$form_action.'"
59
  target="_blank" method="post">
60
- <input type="email" name="username" value="'.$admin_email.'" />
61
- <input type="text" name="redirectUrl" value="'.$redirect_url.'" />
62
  <input type="text" name="requestOrigin" id="requestOrigin" />
63
  </form>
64
  <script>
3
  echo' <div class="mo_wpns_table_layout">
4
  <table class="mo_wpns_local_pricing_table">
5
  <h2>Licensing Plans
6
+ <span style="float:right"><input type="button" name="ok_btn" id="ok_btn" class="button button-primary button-large" value="OK, Got It" onclick="window.location.href=\''. esc_url($default_url) .'\'" /></span>
7
  </h2><hr>
8
  <tr style="vertical-align:top;">
9
 
15
 
16
 
17
  <hr>
18
+ <p class="mo_wpns_pricing_text" >'.esc_attr($basic_plan_price).'<br>+ <br>
19
  <span style="font-size:12px">( Additional Discounts available for <br>multiple instances and years)</span><br></p>
20
  <p><a class="button button-primary button-large" onclick="upgradeform(\'wp_security_pro_basic_plan\')">Click here to upgrade</a></p>
21
  <hr>
22
  <p class="mo_wpns_pricing_text" >';
23
  foreach($basic_plan_features as $feature)
24
+ echo esc_attr($feature) . '<br/><br/>';
25
  echo' <hr>
26
  </p>
27
 
35
 
36
 
37
  <hr>
38
+ <p class="mo_wpns_pricing_text">'.esc_attr($premium_plan_price).'<br>
39
  ( $60 per hour )<br>
40
  <span style="font-size:12px">( Additional Discounts available for <br>multiple instances and years)</span><br></p>
41
  <p><a class="button button-primary button-large" onclick="upgradeform(\'wp_security_pro_premium_plan\')">Click here to upgrade</a></p>
43
 
44
  <p class="mo_wpns_pricing_text">';
45
  foreach($premium_plan_features as $feature)
46
+ echo esc_attr($feature) . '<br/><br/>';
47
  echo' <hr>
48
  </p>
49
 
55
 
56
  </tr>
57
  </table>
58
+ <form style="display:none;" id="loginform" action="'.esc_html($form_action).'"
59
  target="_blank" method="post">
60
+ <input type="email" name="username" value="'.esc_html($admin_email).'" />
61
+ <input type="text" name="redirectUrl" value="'.esc_url($redirect_url).'" />
62
  <input type="text" name="requestOrigin" id="requestOrigin" />
63
  </form>
64
  <script>
views/login-security.php CHANGED
@@ -10,10 +10,10 @@ echo '
10
  <div class="mo_wpns_setting_layout" id ="mo2f_bruteforce">';
11
 
12
 
13
- echo ' <h3>Brute Force Protection ( Login Protection )<a href='.$two_factor_premium_doc['Brute Force Protection'].' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h3>
14
  <div class="mo_wpns_subheading">This protects your site from attacks which tries to gain access / login to a site with random usernames and passwords.</div>
15
 
16
- <input id="mo_bf_button" type="checkbox" name="enable_brute_force_protection" '.$brute_force_enabled.'> Enable Brute force protection
17
  <br>';
18
 
19
 
@@ -23,7 +23,7 @@ echo' <form id="mo_wpns_enable_brute_force_form" method="post" action="">
23
  <table class="mo_wpns_settings_table">
24
  <tr>
25
  <td style="width:40%">Allowed login attempts before blocking an IP : </td>
26
- <td><input class="mo_wpns_table_textbox" type="number" id="allwed_login_attempts" name="allwed_login_attempts" required placeholder="Enter no of login attempts" value="'.$allwed_login_attempts.'" /></td>
27
  <td></td>
28
  </tr>
29
  <tr>
@@ -40,7 +40,7 @@ echo' <form id="mo_wpns_enable_brute_force_form" method="post" action="">
40
  </tr>
41
  <tr>
42
  <td>Show remaining login attempts to user : </td>
43
- <td><input type="checkbox" id="rem_attempt" name="show_remaining_attempts" '.$remaining_attempts.' ></td>
44
  <td></td>
45
  </tr>
46
  <tr>
@@ -58,7 +58,7 @@ echo' <form id="mo_wpns_enable_brute_force_form" method="post" action="">
58
  echo'
59
  </div>
60
  <div class="mo_wpns_setting_layout" id="mo2f_google_recaptcha">
61
- <h3>Google reCAPTCHA<a href='.$two_factor_premium_doc['Google reCAPTCHA'].' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h3>
62
  <div class="mo_wpns_subheading">Google reCAPTCHA protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.</div>
63
 
64
  <form id="mo_wpns_activate_recaptcha" method="post" action="">
@@ -79,7 +79,7 @@ echo' <form id="mo_wpns_recaptcha_settings" method="post" action="">
79
 
80
 
81
  echo' <p>Before you can use reCAPTCHA, you need to register your domain/website
82
- <a href="'.$captcha_url_v2.'" target="blank" title="guide">here</a>.</p><br>
83
  <p>Enter Site key and Secret key that you get after registration.</p>
84
 
85
 
@@ -95,8 +95,8 @@ echo' <p>Before you can use reCAPTCHA, you need to register your domai
95
  </tr>
96
  <tr>
97
  <td style="vertical-align:top;">Enable reCAPTCHA for :</td>
98
- <td><input id="login_captcha" type="checkbox" name="mo_wpns_activate_recaptcha_for_login" '.$captcha_login.'> Login form
99
- <input id="reg_captcha" style="margin-left:10px" type="checkbox" name="mo_wpns_activate_recaptcha_for_registration" '.$captcha_reg.' > Registration form</td>
100
  </tr>
101
  </table><br/>
102
  <input type="hidden" id="captcha_nonce" value = "'.wp_create_nonce("wpns-captcha").'">
@@ -132,7 +132,7 @@ echo '<br>
132
  </div>
133
 
134
  <div class="mo_wpns_setting_layout" id="mo2f_enforce_strong_password_div">
135
- <h3>Enforce Strong Passwords <a href='.$two_factor_premium_doc['Enforce Strong Passwords'].' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h3>
136
  <span style="color:red">To enforce strong password you need to have miniOrange Password Policy Manager plugin installed.</span><br>
137
  <div class="mo2fa-ppm-ad">
138
  <div class="mo2fa-ppm-logo"></div>
@@ -155,9 +155,9 @@ echo '<br>
155
  function testcaptchaConfiguration(){
156
  var gradioVal = jQuery("input[name=gcaptchatype]:checked").val();
157
  if(gradioVal=="reCAPTCHA_v3"){
158
- var myWindow = window.open("'.$test_recaptcha_url_v3.'", "Test Google reCAPTCHA_v3 Configuration", "width=600, height=600");}
159
  else if(gradioVal=="reCAPTCHA_v2"){
160
- var myWindow = window.open("'.$test_recaptcha_url.'", "Test Google reCAPTCHA_v2 Configuration", "width=600, height=600");}
161
  }
162
 
163
  </script>';
10
  <div class="mo_wpns_setting_layout" id ="mo2f_bruteforce">';
11
 
12
 
13
+ echo ' <h3>Brute Force Protection ( Login Protection )<a href='.esc_url($two_factor_premium_doc['Brute Force Protection']).' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h3>
14
  <div class="mo_wpns_subheading">This protects your site from attacks which tries to gain access / login to a site with random usernames and passwords.</div>
15
 
16
+ <input id="mo_bf_button" type="checkbox" name="enable_brute_force_protection" '.esc_html($brute_force_enabled).'> Enable Brute force protection
17
  <br>';
18
 
19
 
23
  <table class="mo_wpns_settings_table">
24
  <tr>
25
  <td style="width:40%">Allowed login attempts before blocking an IP : </td>
26
+ <td><input class="mo_wpns_table_textbox" type="number" id="allwed_login_attempts" name="allwed_login_attempts" required placeholder="Enter no of login attempts" value="'.esc_html($allwed_login_attempts).'" /></td>
27
  <td></td>
28
  </tr>
29
  <tr>
40
  </tr>
41
  <tr>
42
  <td>Show remaining login attempts to user : </td>
43
+ <td><input type="checkbox" id="rem_attempt" name="show_remaining_attempts" '.esc_html($remaining_attempts).' ></td>
44
  <td></td>
45
  </tr>
46
  <tr>
58
  echo'
59
  </div>
60
  <div class="mo_wpns_setting_layout" id="mo2f_google_recaptcha">
61
+ <h3>Google reCAPTCHA<a href='.esc_url($two_factor_premium_doc['Google reCAPTCHA']).' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h3>
62
  <div class="mo_wpns_subheading">Google reCAPTCHA protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.</div>
63
 
64
  <form id="mo_wpns_activate_recaptcha" method="post" action="">
79
 
80
 
81
  echo' <p>Before you can use reCAPTCHA, you need to register your domain/website
82
+ <a href="'.esc_url($captcha_url_v2).'" target="blank" title="guide">here</a>.</p><br>
83
  <p>Enter Site key and Secret key that you get after registration.</p>
84
 
85
 
95
  </tr>
96
  <tr>
97
  <td style="vertical-align:top;">Enable reCAPTCHA for :</td>
98
+ <td><input id="login_captcha" type="checkbox" name="mo_wpns_activate_recaptcha_for_login" '.esc_html($captcha_login).'> Login form
99
+ <input id="reg_captcha" style="margin-left:10px" type="checkbox" name="mo_wpns_activate_recaptcha_for_registration" '.esc_html($captcha_reg).' > Registration form</td>
100
  </tr>
101
  </table><br/>
102
  <input type="hidden" id="captcha_nonce" value = "'.wp_create_nonce("wpns-captcha").'">
132
  </div>
133
 
134
  <div class="mo_wpns_setting_layout" id="mo2f_enforce_strong_password_div">
135
+ <h3>Enforce Strong Passwords <a href='.esc_url($two_factor_premium_doc['Enforce Strong Passwords']).' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></h3>
136
  <span style="color:red">To enforce strong password you need to have miniOrange Password Policy Manager plugin installed.</span><br>
137
  <div class="mo2fa-ppm-ad">
138
  <div class="mo2fa-ppm-logo"></div>
155
  function testcaptchaConfiguration(){
156
  var gradioVal = jQuery("input[name=gcaptchatype]:checked").val();
157
  if(gradioVal=="reCAPTCHA_v3"){
158
+ var myWindow = window.open("'.esc_url($test_recaptcha_url_v3).'", "Test Google reCAPTCHA_v3 Configuration", "width=600, height=600");}
159
  else if(gradioVal=="reCAPTCHA_v2"){
160
+ var myWindow = window.open("'.esc_url($test_recaptcha_url).'", "Test Google reCAPTCHA_v2 Configuration", "width=600, height=600");}
161
  }
162
 
163
  </script>';
views/malware_scanner/scan_report_view.php CHANGED
@@ -3,7 +3,7 @@
3
  <h2>Malware Scan Report</h2>
4
  <?php }else{ ?>
5
  <h2>Detail Report Of Scan
6
- <a href="<?php echo $currenturl ?>"><b style="float: right; padding-right: 4%">Back To Reports</b></a>
7
  </h2>
8
  <?php } ?>
9
  <hr>
@@ -20,8 +20,8 @@ function show_scan_details($detailreport, $result, $ignorefiles, $last_scan){
20
  $record = $result[0];
21
  $repo_status_code = MoWpnsConstants::$repo_status_code;
22
  ?>
23
- <div style="float: left;"><b>Total files scanned:</b> <?php echo $last_scan; ?><br><b>Malicious files found:</b> <?php echo count($detailreport); ?></div>
24
- <div style=float:right><b>Scan Time :</b> <?php echo date("M j, Y, g:i:s a",$record->start_timestamp); ?><br><b>Completion Time :</b> <?php echo date("M j, Y, g:i:s a",$record->completed_timestamp); ?></div><br><br><hr><br>
25
  <div width="100%">
26
  <?php
27
  $malwarecount = 0;
@@ -246,7 +246,7 @@ function show_scan_report($currenturl, $result){
246
  }
247
  echo "<span style=color:orange id=warning_files>".esc_html($repo_count+$report->malicious_links)." warnings found</span>";
248
  echo "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
249
- echo "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), esc_url($currenturl) )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
250
  echo "</tr>";
251
 
252
  }
3
  <h2>Malware Scan Report</h2>
4
  <?php }else{ ?>
5
  <h2>Detail Report Of Scan
6
+ <a href="<?php echo esc_url($currenturl) ?>"><b style="float: right; padding-right: 4%">Back To Reports</b></a>
7
  </h2>
8
  <?php } ?>
9
  <hr>
20
  $record = $result[0];
21
  $repo_status_code = MoWpnsConstants::$repo_status_code;
22
  ?>
23
+ <div style="float: left;"><b>Total files scanned:</b> <?php echo esc_attr($last_scan); ?><br><b>Malicious files found:</b> <?php echo count(esc_attr($detailreport)); ?></div>
24
+ <div style=float:right><b>Scan Time :</b> <?php echo date("M j, Y, g:i:s a", esc_attr($record->start_timestamp)); ?><br><b>Completion Time :</b> <?php echo date("M j, Y, g:i:s a", esc_attr($record->completed_timestamp)); ?></div><br><br><hr><br>
25
  <div width="100%">
26
  <?php
27
  $malwarecount = 0;
246
  }
247
  echo "<span style=color:orange id=warning_files>".esc_html($repo_count+$report->malicious_links)." warnings found</span>";
248
  echo "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
249
+ echo "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), esc_url($currenturl) )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), esc_url($currenturl) )."'>Delete</a></td>";
250
  echo "</tr>";
251
 
252
  }
views/malware_scanner/scan_settings_view.php CHANGED
@@ -4,7 +4,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
4
  include $setup_dirName; ?>
5
  <div class="mo_wpns_setting_layout" id= "mo2f_select_scanning_files">
6
  <div class="mo_wpns_subheading"></div>
7
- <h3>Custom Scan Settings<span style="text-align: right;"><a href='<?php echo $two_factor_premium_doc['Custom Scan Settings'];?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></span></h3>
8
  <hr>
9
  <form id="" method="post" action="">
10
  <input type="hidden" name="option" value="mo_wpns_scan_configuration">
@@ -52,7 +52,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
52
  <td>
53
  <table style="width:100%" id="skip_folders">
54
  <?php for($i=0;$i<count($mo_wpns_skip_folders_array);$i++){ ?>
55
- <tr><td><input type="text" name="mo_wpns_skip_folders_<?php echo $i;?>" id="mo_wpns_skip_scan_folder_<?php echo $i;?>" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="<?php echo $mo_wpns_skip_folders_array[$i];?>" /></td></tr>
56
  <?php }
57
  if($i==0){ ?>
58
  <tr><td><input type="text" name="mo_wpns_skip_folders_0" id="mo_wpns_skip_scan_folder_0" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="" /></td></tr>
@@ -68,7 +68,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
68
  <td>
69
  <table style="width:100%" id="white_url">
70
  <?php for($i=0;$i<count($mo_wpns_white_urls_array);$i++){ ?>
71
- <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="<?php echo $mo_wpns_white_urls_array[$i];?>" disabled /></td></tr>
72
  <?php }
73
  if($i==0){ ?>
74
  <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="" disabled /></td></tr>
@@ -84,7 +84,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
84
  <td>
85
  <table style="width:100%" id="sign_custom">
86
  <?php for($i=0;$i<count($mo_wpns_custom_sign_array);$i++){ ?>
87
- <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="<?php echo $mo_wpns_custom_sign_array[$i];?>" disabled /></td></tr>
88
  <?php }
89
  if($i==0){ ?>
90
  <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="" disabled /></td></tr>
4
  include $setup_dirName; ?>
5
  <div class="mo_wpns_setting_layout" id= "mo2f_select_scanning_files">
6
  <div class="mo_wpns_subheading"></div>
7
+ <h3>Custom Scan Settings<span style="text-align: right;"><a href='<?php echo esc_url($two_factor_premium_doc['Custom Scan Settings']);?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></span></h3>
8
  <hr>
9
  <form id="" method="post" action="">
10
  <input type="hidden" name="option" value="mo_wpns_scan_configuration">
52
  <td>
53
  <table style="width:100%" id="skip_folders">
54
  <?php for($i=0;$i<count($mo_wpns_skip_folders_array);$i++){ ?>
55
+ <tr><td><input type="text" name="mo_wpns_skip_folders_<?php echo $i;?>" id="mo_wpns_skip_scan_folder_<?php echo $i;?>" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="<?php echo esc_html($mo_wpns_skip_folders_array[$i]);?>" /></td></tr>
56
  <?php }
57
  if($i==0){ ?>
58
  <tr><td><input type="text" name="mo_wpns_skip_folders_0" id="mo_wpns_skip_scan_folder_0" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="" /></td></tr>
68
  <td>
69
  <table style="width:100%" id="white_url">
70
  <?php for($i=0;$i<count($mo_wpns_white_urls_array);$i++){ ?>
71
+ <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="<?php echo esc_html($mo_wpns_white_urls_array[$i]);?>" disabled /></td></tr>
72
  <?php }
73
  if($i==0){ ?>
74
  <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="" disabled /></td></tr>
84
  <td>
85
  <table style="width:100%" id="sign_custom">
86
  <?php for($i=0;$i<count($mo_wpns_custom_sign_array);$i++){ ?>
87
+ <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="<?php echo esc_html($mo_wpns_custom_sign_array[$i]);?>" disabled /></td></tr>
88
  <?php }
89
  if($i==0){ ?>
90
  <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="" disabled /></td></tr>
views/malware_scanner/scan_summary_view.php CHANGED
@@ -143,7 +143,7 @@ function mo_wpns_start_scan(){
143
 
144
  var newURL = location.href.split("&")[0];
145
  window.history.pushState('object', document.title, newURL);
146
- scan_progress= "<?php echo $status; ?>";
147
  stop_scan_progress= "<?php echo get_site_option('mo_stop_scan'); ?>";
148
  if(scan_progress=="IN PROGRESS"){
149
  status_progress();
@@ -515,27 +515,27 @@ function show_summary(){
515
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivl" id="summary_all_scan">
516
  <div class="title_hdiv"><b>Total Files Scanned</b></div>
517
  <hr class="line">
518
- <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_all_scan_text"> <?php echo $total_scan ?> </p>
519
  </div>
520
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivr mo_wpns_msdivl" id="summary_all_infect">
521
  <div class="title_hdiv"><b>Total Infected Files</b></div>
522
  <hr class="line">
523
- <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_all_infect_text"> <?php echo $total_malicious ?> </p>
524
  </div>
525
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivl mo_wpns_msdivr" id="summary_current_scan">
526
  <div class="title_hdiv"><b>Files scanned in last scan</b></div>
527
  <hr class="line">
528
- <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_scan_text"> <?php echo $last_scan ?> </p>
529
  </div>
530
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivl mo_wpns_msdivr" id="summary_current_infect">
531
  <div class="title_hdiv"><b>Infections in last scan</b></div>
532
  <hr class="line">
533
- <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_infect_text"> <?php echo $malicious_last_scan ?> </p>
534
  </div>
535
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivr" id="summary_current_warning">
536
  <div class="title_hdiv"><b>Warnings in last scan</b></div>
537
  <hr class="line">
538
- <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_warning_text"> <?php echo $warning_last_scan ?> </p>
539
  </div>
540
 
541
  <?php
143
 
144
  var newURL = location.href.split("&")[0];
145
  window.history.pushState('object', document.title, newURL);
146
+ scan_progress= "<?php echo esc_html($status);?>";
147
  stop_scan_progress= "<?php echo get_site_option('mo_stop_scan'); ?>";
148
  if(scan_progress=="IN PROGRESS"){
149
  status_progress();
515
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivl" id="summary_all_scan">
516
  <div class="title_hdiv"><b>Total Files Scanned</b></div>
517
  <hr class="line">
518
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_all_scan_text"> <?php echo esc_html($total_scan) ?> </p>
519
  </div>
520
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivr mo_wpns_msdivl" id="summary_all_infect">
521
  <div class="title_hdiv"><b>Total Infected Files</b></div>
522
  <hr class="line">
523
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_all_infect_text"> <?php echo esc_html($total_malicious) ?> </p>
524
  </div>
525
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivl mo_wpns_msdivr" id="summary_current_scan">
526
  <div class="title_hdiv"><b>Files scanned in last scan</b></div>
527
  <hr class="line">
528
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_scan_text"> <?php echo esc_html($last_scan) ?> </p>
529
  </div>
530
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivl mo_wpns_msdivr" id="summary_current_infect">
531
  <div class="title_hdiv"><b>Infections in last scan</b></div>
532
  <hr class="line">
533
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_infect_text"> <?php echo esc_html($malicious_last_scan) ?> </p>
534
  </div>
535
  <div class="mo_wpns_sub_scansummary mo_wpns_msdivr" id="summary_current_warning">
536
  <div class="title_hdiv"><b>Warnings in last scan</b></div>
537
  <hr class="line">
538
+ <p class="wpns_font_size mo_wpns_scan_summary_text" id="summary_current_warning_text"> <?php echo esc_html($warning_last_scan) ?> </p>
539
  </div>
540
 
541
  <?php
views/navbar.php CHANGED
@@ -57,11 +57,11 @@ if( isset( $_GET[ 'page' ]) && $_GET['page'] != 'mo_2fa_upgrade')
57
  <p class="mo2f_offer_valid">Offer valid for limited period only!</p>
58
  </div>
59
 
60
- <div id="mo2f_offer_last_section" class="mo2f_offer_last_section"><button class="mo2f_banner_never_show_again mo2f_close">CLOSE <span class=" mo2f_cross">X</span></button><a class="mo2f_offer_contact_us" href="'.$request_offer_url.'">Contact Us</a></p></div>
61
 
62
  </div><br><br>';
63
  }
64
- echo' <div class="mo2f-admin-options"> <div> <img width="50" height="50" src="'.$logo_url.'"></div>';
65
 
66
  if(!current_user_can('administrator')){
67
  echo' <div><h3 style="padding:0">miniOrange 2 Factor Authentication</h3></div>';
@@ -69,9 +69,9 @@ if( isset( $_GET[ 'page' ]) && $_GET['page'] != 'mo_2fa_upgrade')
69
 
70
  if(current_user_can('administrator')){
71
  echo'
72
- <a class="add-new-h2" href="'.$profile_url.'">My Account</a>
73
- <a class="add-new-h2" href="'.$help_url.'">FAQs</a>
74
- <a class="add-new-h2" href="'.$addons_url.'">AddOns Plans</a>
75
  <a class="add-new-h2"
76
  style="background-color:#ffcc44"
77
  id ="mo_2fa_upgrade_tour" href="'.$upgrade_url.'">See Plans and Pricing</a>
@@ -87,7 +87,7 @@ if( isset( $_GET[ 'page' ]) && $_GET['page'] != 'mo_2fa_upgrade')
87
  <div>2FA + Website Security
88
  <span>
89
  <label class="mo_wpns_switch">
90
- <input type="checkbox" name="mo_wpns_2fa_with_network_security" '.$network_security_features.' onchange="document.getElementById(\'mo_wpns_2fa_with_network_security\').submit();">
91
  <span class="mo_wpns_slider mo_wpns_round"></span>
92
  </label>
93
  </span>
@@ -109,19 +109,19 @@ if( isset( $_GET[ 'page' ]) && $_GET['page'] != 'mo_2fa_upgrade')
109
  <?php if($_GET['page'] != 'mo_2fa_troubleshooting' && $_GET['page'] != 'mo_2fa_addons' && $_GET['page'] != 'mo_2fa_account'){ ?>
110
  <div class="nav-tab-wrapper">
111
  <?php
112
- echo '<a id="mo_2fa_dashboard" class="nav-tab" href="'.$dashboard_url.'" >Dashboard</a>';
113
 
114
- echo '<a id="mo_2fa_2fa" class="nav-tab" href="'.$two_fa.'" >Two Factor</a>';
115
 
116
- echo '<a id="mo_2fa_waf" class="nav-tab" href="'.$waf.'" >Firewall</a>';
117
 
118
- echo '<a id="login_spam_tab" class="nav-tab" href="'.$login_and_spam.'" >Login and Spam</a>';
119
 
120
- echo '<a id="backup_tab" class="nav-tab" href="'.$backup.'" >Encrypted Backup</a>';
121
 
122
- echo '<a id="malware_tab" class="nav-tab" href="'.$scan_url.'">Malware Scan</a>';
123
 
124
- echo '<a id="adv_block_tab" class="nav-tab" href="'.$advance_block.'">IP Blocking</a>';
125
  ?>
126
  </div>
127
  <?php
57
  <p class="mo2f_offer_valid">Offer valid for limited period only!</p>
58
  </div>
59
 
60
+ <div id="mo2f_offer_last_section" class="mo2f_offer_last_section"><button class="mo2f_banner_never_show_again mo2f_close">CLOSE <span class=" mo2f_cross">X</span></button><a class="mo2f_offer_contact_us" href="'.esc_url($request_offer_url).'">Contact Us</a></p></div>
61
 
62
  </div><br><br>';
63
  }
64
+ echo' <div class="mo2f-admin-options"> <div> <img width="50" height="50" src="'.esc_url($logo_url).'"></div>';
65
 
66
  if(!current_user_can('administrator')){
67
  echo' <div><h3 style="padding:0">miniOrange 2 Factor Authentication</h3></div>';
69
 
70
  if(current_user_can('administrator')){
71
  echo'
72
+ <a class="add-new-h2" href="'.esc_url($profile_url).'">My Account</a>
73
+ <a class="add-new-h2" href="'.esc_url($help_url).'">FAQs</a>
74
+ <a class="add-new-h2" href="'.esc_url($addons_url).'">AddOns Plans</a>
75
  <a class="add-new-h2"
76
  style="background-color:#ffcc44"
77
  id ="mo_2fa_upgrade_tour" href="'.$upgrade_url.'">See Plans and Pricing</a>
87
  <div>2FA + Website Security
88
  <span>
89
  <label class="mo_wpns_switch">
90
+ <input type="checkbox" name="mo_wpns_2fa_with_network_security" '.esc_html($network_security_features).' onchange="document.getElementById(\'mo_wpns_2fa_with_network_security\').submit();">
91
  <span class="mo_wpns_slider mo_wpns_round"></span>
92
  </label>
93
  </span>
109
  <?php if($_GET['page'] != 'mo_2fa_troubleshooting' && $_GET['page'] != 'mo_2fa_addons' && $_GET['page'] != 'mo_2fa_account'){ ?>
110
  <div class="nav-tab-wrapper">
111
  <?php
112
+ echo '<a id="mo_2fa_dashboard" class="nav-tab" href="'.esc_url($dashboard_url).'" >Dashboard</a>';
113
 
114
+ echo '<a id="mo_2fa_2fa" class="nav-tab" href="'.esc_url($two_fa).'" >Two Factor</a>';
115
 
116
+ echo '<a id="mo_2fa_waf" class="nav-tab" href="'.esc_url($waf).'" >Firewall</a>';
117
 
118
+ echo '<a id="login_spam_tab" class="nav-tab" href="'.esc_url($login_and_spam).'" >Login and Spam</a>';
119
 
120
+ echo '<a id="backup_tab" class="nav-tab" href="'.esc_url($backup).'" >Encrypted Backup</a>';
121
 
122
+ echo '<a id="malware_tab" class="nav-tab" href="'.esc_url($scan_url).'">Malware Scan</a>';
123
 
124
+ echo '<a id="adv_block_tab" class="nav-tab" href="'.esc_url($advance_block).'">IP Blocking</a>';
125
  ?>
126
  </div>
127
  <?php
views/notification-settings.php CHANGED
@@ -4,20 +4,20 @@ echo'<div class="mo_wpns_divided_layout">
4
  <div class="mo_wpns_setting_layout">';
5
 
6
  $email= get_option("admin_email_address_status")?get_option("admin_email_address"):'';
7
- $dash_url =MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')?$dashboard_url :$two_fa ;
8
  echo'
9
 
10
- <h3>Email Notifications<span style="float:right"><a class="button button-primary button-large" href="'.$dash_url.'">Back</a></span></h3>
11
  <p>If you want to get notification over email, Please enter email address below!</p>
12
  <form id="mo_wpns_get_manual_email" method="post" action="">
13
  <input type="hidden" name="option" value="mo_wpns_get_manual_email">
14
- Enter your E-mail :<input type= "email" name="admin_email_address" placeholder="miniorange@gmail.com" value="'.$email.'">
15
  <input type="submit" name="submit" style="width:100px" value="Save" class="button button-primary button-large"/>
16
  </form>
17
  <br>
18
  <form id="mo_wpns_enable_ip_blocked_email_to_admin" method="post" action="">
19
  <input type="hidden" name="option" value="mo_wpns_enable_ip_blocked_email_to_admin">
20
- <input type="checkbox" name="enable_ip_blocked_email_to_admin" '.$notify_admin_on_ip_block.' onchange="document.getElementById(\'mo_wpns_enable_ip_blocked_email_to_admin\').submit();"'; if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){echo "disabled";}
21
  echo '>Notify Administrator if IP address is blocked.
22
  <a style="cursor:pointer" id="custom_admin_template_expand">Customize Email Template</a>
23
  </form>
@@ -32,7 +32,7 @@ echo' </form>
32
  <br>
33
  <form id="mo_wpns_enable_unusual_activity_email_to_user" method="post" action="">
34
  <input type="hidden" name="option" value="mo_wpns_enable_unusual_activity_email_to_user">
35
- <input type="checkbox" name="enable_unusual_activity_email_to_user" '.$notify_admin_unusual_activity.' onchange="document.getElementById(\'mo_wpns_enable_unusual_activity_email_to_user\').submit();"';if(!get_option("admin_email_address_status") || get_option("admin_email_address") ==''){echo "disabled";}
36
  echo ' > Notify users for unusual activity with their account.
37
  <a style="cursor:pointer" id="custom_user_template_expand">Customize Email Template</a>
38
  </form>
@@ -118,7 +118,7 @@ echo' </form>
118
  });
119
  </script>
120
  <script>
121
- var Smail = "<?php echo get_site_option('mo2f_mail_notify');?>";
122
  if(Smail == 'on')
123
  {
124
  jQuery('#Smail').prop("checked",true);
4
  <div class="mo_wpns_setting_layout">';
5
 
6
  $email= get_option("admin_email_address_status")?get_option("admin_email_address"):'';
7
+ $dash_url =MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')? esc_url($dashboard_url) :$two_fa ;
8
  echo'
9
 
10
+ <h3>Email Notifications<span style="float:right"><a class="button button-primary button-large" href="'. esc_url($dash_url).'">Back</a></span></h3>
11
  <p>If you want to get notification over email, Please enter email address below!</p>
12
  <form id="mo_wpns_get_manual_email" method="post" action="">
13
  <input type="hidden" name="option" value="mo_wpns_get_manual_email">
14
+ Enter your E-mail :<input type= "email" name="admin_email_address" placeholder="miniorange@gmail.com" value="'.esc_html($email).'">
15
  <input type="submit" name="submit" style="width:100px" value="Save" class="button button-primary button-large"/>
16
  </form>
17
  <br>
18
  <form id="mo_wpns_enable_ip_blocked_email_to_admin" method="post" action="">
19
  <input type="hidden" name="option" value="mo_wpns_enable_ip_blocked_email_to_admin">
20
+ <input type="checkbox" name="enable_ip_blocked_email_to_admin" '.esc_html($notify_admin_on_ip_block).' onchange="document.getElementById(\'mo_wpns_enable_ip_blocked_email_to_admin\').submit();"'; if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){echo "disabled";}
21
  echo '>Notify Administrator if IP address is blocked.
22
  <a style="cursor:pointer" id="custom_admin_template_expand">Customize Email Template</a>
23
  </form>
32
  <br>
33
  <form id="mo_wpns_enable_unusual_activity_email_to_user" method="post" action="">
34
  <input type="hidden" name="option" value="mo_wpns_enable_unusual_activity_email_to_user">
35
+ <input type="checkbox" name="enable_unusual_activity_email_to_user" '.esc_html($notify_admin_unusual_activity).' onchange="document.getElementById(\'mo_wpns_enable_unusual_activity_email_to_user\').submit();"';if(!get_option("admin_email_address_status") || get_option("admin_email_address") ==''){echo "disabled";}
36
  echo ' > Notify users for unusual activity with their account.
37
  <a style="cursor:pointer" id="custom_user_template_expand">Customize Email Template</a>
38
  </form>
118
  });
119
  </script>
120
  <script>
121
+ var Smail = "<?php echo esc_html(get_site_option('mo2f_mail_notify'));?>";
122
  if(Smail == 'on')
123
  {
124
  jQuery('#Smail').prop("checked",true);
views/registration-security.php CHANGED
@@ -10,7 +10,7 @@ echo' <h3>Block Registerations from fake users</h3>
10
 
11
  <form id="mo_wpns_enable_fake_domain_blocking" method="post" action="">
12
  <input type="hidden" name="option" value="mo_wpns_enable_fake_domain_blocking">
13
- <input type="checkbox" name="mo_wpns_enable_fake_domain_blocking" '.$domain_blocking.' onchange="document.getElementById(\'mo_wpns_enable_fake_domain_blocking\').submit();"> Enable blocking registrations from fake users.
14
  </form>
15
  </div>
16
 
@@ -32,7 +32,7 @@ echo'
32
 
33
  <form id="mo_wpns_social_integration" method="post" action="">
34
  <input type="hidden" name="option" value="mo_wpns_social_integration">
35
- <input type="checkbox" name="mo_wpns_enable_social_integration" '.$social_login.' onchange="document.getElementById(\'mo_wpns_social_integration\').submit();"> Enable login and registrations with social networks.<br>
36
 
37
  </form>';
38
 
10
 
11
  <form id="mo_wpns_enable_fake_domain_blocking" method="post" action="">
12
  <input type="hidden" name="option" value="mo_wpns_enable_fake_domain_blocking">
13
+ <input type="checkbox" name="mo_wpns_enable_fake_domain_blocking" '.esc_html($domain_blocking).' onchange="document.getElementById(\'mo_wpns_enable_fake_domain_blocking\').submit();"> Enable blocking registrations from fake users.
14
  </form>
15
  </div>
16
 
32
 
33
  <form id="mo_wpns_social_integration" method="post" action="">
34
  <input type="hidden" name="option" value="mo_wpns_social_integration">
35
+ <input type="checkbox" name="mo_wpns_enable_social_integration" '.esc_html($social_login).' onchange="document.getElementById(\'mo_wpns_social_integration\').submit();"> Enable login and registrations with social networks.<br>
36
 
37
  </form>';
38
 
views/request_christmas_offer.php CHANGED
@@ -2,7 +2,7 @@
2
  <div class="mo_wpns_setting_layout mo2f_christmas_contact_us_layout">
3
  <h3> Request For Christmas Offer : <div style="float: right;">
4
  <?php
5
- echo '<a class="mo_wpns_button mo_wpns_button1 mo2f_christmas_contact_us_button" href="'.$two_fa.'">Back</a>';
6
  ?>
7
  </div></h3>
8
  <form method="post">
2
  <div class="mo_wpns_setting_layout mo2f_christmas_contact_us_layout">
3
  <h3> Request For Christmas Offer : <div style="float: right;">
4
  <?php
5
+ echo '<a class="mo_wpns_button mo_wpns_button1 mo2f_christmas_contact_us_button" href="'.esc_url($two_fa).'">Back</a>';
6
  ?>
7
  </div></h3>
8
  <form method="post">
views/request_demo.php CHANGED
@@ -2,7 +2,7 @@
2
  <div class="mo_wpns_setting_layout">
3
  <h3> Demo Request Form : <div style="float: right;">
4
  <?php
5
- echo '<a class="mo_wpns_button mo_wpns_button1" href="'.$two_fa.'">Back</a>';
6
  ?>
7
  </div></h3>
8
  <form method="post">
2
  <div class="mo_wpns_setting_layout">
3
  <h3> Demo Request Form : <div style="float: right;">
4
  <?php
5
+ echo '<a class="mo_wpns_button mo_wpns_button1" href="'.esc_url($two_fa).'">Back</a>';
6
  ?>
7
  </div></h3>
8
  <form method="post">
views/request_offer.php CHANGED
@@ -2,7 +2,7 @@
2
  <div class="mo_wpns_setting_layout mo2f_offer_contact_us_layout">
3
  <h3 > Request For Offer :<div style="float: right;">
4
  <?php
5
- echo '<a class="mo_wpns_button mo_wpns_button1 mo2f_offer_contact_us_button" href="'.$two_fa.'">Back</a>';
6
  ?>
7
  </div>
8
  </h3>
2
  <div class="mo_wpns_setting_layout mo2f_offer_contact_us_layout">
3
  <h3 > Request For Offer :<div style="float: right;">
4
  <?php
5
+ echo '<a class="mo_wpns_button mo_wpns_button1 mo2f_offer_contact_us_button" href="'.esc_html($two_fa).'">Back</a>';
6
  ?>
7
  </div>
8
  </h3>
views/test/test_twofa_email_verification.php CHANGED
@@ -45,7 +45,7 @@
45
 
46
  pollMobileValidation();
47
  function pollMobileValidation() {
48
- var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
49
  var jsonString = "{\"txId\":\"" + transId + "\"}";
50
  var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
51
 
45
 
46
  pollMobileValidation();
47
  function pollMobileValidation() {
48
+ var transId = "<?php echo esc_html($_SESSION['mo2f_transactionId']); ?>";
49
  var jsonString = "{\"txId\":\"" + transId + "\"}";
50
  var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
51
 
views/test/test_twofa_miniorange_push_notification.php CHANGED
@@ -8,7 +8,7 @@
8
  <h4><?php echo mo2f_lt( 'A Push Notification has been sent to your phone.' ); ?>
9
  <br><?php echo mo2f_lt( 'We are waiting for your approval...' ); ?>
10
  </h4>
11
- <img src="<?php echo plugins_url( '/../includes/images/ajax-loader-login.gif', __FILE__); ?>"/>
12
  </center>
13
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
14
  value="<?php echo mo2f_lt( 'Back' ); ?>" style="margin-top:100px;margin-left:10px;"/>
@@ -40,9 +40,9 @@
40
  pollMobileValidation();
41
 
42
  function pollMobileValidation() {
43
- var transId = "<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>";
44
  var jsonString = "{\"txId\":\"" + transId + "\"}";
45
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
46
 
47
  jQuery.ajax({
48
  url: postUrl,
8
  <h4><?php echo mo2f_lt( 'A Push Notification has been sent to your phone.' ); ?>
9
  <br><?php echo mo2f_lt( 'We are waiting for your approval...' ); ?>
10
  </h4>
11
+ <img src="<?php echo esc_urL(plugins_url( '/../includes/images/ajax-loader-login.gif', __FILE__)); ?>"/>
12
  </center>
13
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
14
  value="<?php echo mo2f_lt( 'Back' ); ?>" style="margin-top:100px;margin-left:10px;"/>
40
  pollMobileValidation();
41
 
42
  function pollMobileValidation() {
43
+ var transId = "<?php echo esc_html(get_user_meta($user->ID, 'mo2f_transactionId', true)); ?>";
44
  var jsonString = "{\"txId\":\"" + transId + "\"}";
45
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
46
 
47
  jQuery.ajax({
48
  url: postUrl,
views/test/test_twofa_miniorange_qrcode_authentication.php CHANGED
@@ -57,7 +57,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
57
  pollMobileValidation();
58
 
59
  function pollMobileValidation() {
60
- var transId = "<?php echo $_SESSION['mo2f_transactionId']; ?>";
61
  var jsonString = "{\"txId\":\"" + transId + "\"}";
62
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
63
 
57
  pollMobileValidation();
58
 
59
  function pollMobileValidation() {
60
+ var transId = "<?php echo esc_html($_SESSION['mo2f_transactionId']); ?>";
61
  var jsonString = "{\"txId\":\"" + transId + "\"}";
62
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
63
 
views/tour-model.php CHANGED
@@ -21,14 +21,14 @@
21
  ?>
22
  <div id="getting-started" class="modal">
23
  <!-- Modal content -->
24
- <div class="modal-content" style="width: <?php echo $tour_box_size; ?>">
25
  <!-- <span class="close">&times;</span> -->
26
  <div class="modal-header">
27
  <h3 class="modal-title" style="text-align: center; font-size: 30px; color: #2980b9">Let's Get Started</h3><span id="tour-model" class="modal-span-close">X</span>
28
  </div>
29
  <div class="modal-body" style="height: 310px;">
30
  <?php
31
- echo $tour_body;
32
  ?>
33
  </div>
34
  <div class="modal-footer">
@@ -43,7 +43,7 @@
43
  var current_pointer = 0;
44
  var site_type = '';
45
  var site_elmt = '';
46
- var display = '<?php echo $display; ?>';
47
  var getting_started_modal = document.getElementById("getting-started");
48
 
49
  jQuery('#getting-started').css('display', display);
@@ -115,7 +115,7 @@
115
  getting_started_modal.style.display = "none";
116
  });
117
 
118
- var url = '<?php echo $_REQUEST["page"]; ?>';
119
  switch(url){
120
  case 'mo_2fa_two_fa':
121
  document.getElementById("setup_2fa").click();
21
  ?>
22
  <div id="getting-started" class="modal">
23
  <!-- Modal content -->
24
+ <div class="modal-content" style="width: <?php echo esc_attr($tour_box_size); ?>">
25
  <!-- <span class="close">&times;</span> -->
26
  <div class="modal-header">
27
  <h3 class="modal-title" style="text-align: center; font-size: 30px; color: #2980b9">Let's Get Started</h3><span id="tour-model" class="modal-span-close">X</span>
28
  </div>
29
  <div class="modal-body" style="height: 310px;">
30
  <?php
31
+ echo esc_attr($tour_body);
32
  ?>
33
  </div>
34
  <div class="modal-footer">
43
  var current_pointer = 0;
44
  var site_type = '';
45
  var site_elmt = '';
46
+ var display = '<?php echo esc_html($display); ?>';
47
  var getting_started_modal = document.getElementById("getting-started");
48
 
49
  jQuery('#getting-started').css('display', display);
115
  getting_started_modal.style.display = "none";
116
  });
117
 
118
+ var url = '<?php echo esc_html($_REQUEST["page"]); ?>';
119
  switch(url){
120
  case 'mo_2fa_two_fa':
121
  document.getElementById("setup_2fa").click();
views/trial.php CHANGED
@@ -2,7 +2,7 @@
2
  <div class="mo2f_table_layout mo2f_table_layout1">
3
  <h3> Trial Request Form : <div style="float: right;">
4
  <?php
5
- echo '<a class="mo_wpns_button mo_wpns_button1 mo2f_offer_contact_us_button" href="'.$two_fa.'">Back</a>';
6
  ?>
7
  </div></h3>
8
  <form method="post">
@@ -11,11 +11,11 @@
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Email ID : </strong></td>
14
- <td><input required type="email" name="mo2f_trial_email" style="width: 100%;" value="<?php echo get_option('mo2f_email');?>" placeholder="Email id" /></td>
15
  </tr>
16
  <tr>
17
  <td><strong>Phone No. : </strong></td>
18
- <td><input required type="tel" name="mo2f_trial_phone" style="width: 100%;" id= "mo2f_phone" value="<?php echo $user_phone; ?>" /></td>
19
  </tr>
20
  <tr>
21
  <td valign=top ><strong>Request a Trial for : </strong></td>
@@ -25,7 +25,7 @@
25
  </p>
26
  <p><input type= 'radio' name= 'mo2f_trial_plan' value="Enterprise" required >Enterprise(Unlimited sites)<br></p>
27
  <p><input type= 'radio' name= 'mo2f_trial_plan' value="notSure" required >I am confused!!<br></p>
28
- <a href="<?php echo $upgrade_url; ?>" target="_blank">Checkout our Plans</a>
29
 
30
  </td>
31
  </tr>
@@ -42,7 +42,7 @@
42
  jQuery("#mo2f_phone").intlTelInput();
43
 
44
  jQuery(document).ready(function(){
45
- var mo2f_trial_query_sent = "<?php echo get_site_option('mo2f_trial_query_sent') ?>"
46
  if(mo2f_trial_query_sent == 1){
47
  jQuery(':input[type="submit"]').prop('disabled', true);
48
  jQuery(':input[type="submit"]').attr('title','You have already sent a trial request for premium plugin. We will get back to you on your email soon.' );
2
  <div class="mo2f_table_layout mo2f_table_layout1">
3
  <h3> Trial Request Form : <div style="float: right;">
4
  <?php
5
+ echo '<a class="mo_wpns_button mo_wpns_button1 mo2f_offer_contact_us_button" href="'.esc_url($two_fa).'">Back</a>';
6
  ?>
7
  </div></h3>
8
  <form method="post">
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Email ID : </strong></td>
14
+ <td><input required type="email" name="mo2f_trial_email" style="width: 100%;" value="<?php echo esc_html(get_option('mo2f_email'));?>" placeholder="Email id" /></td>
15
  </tr>
16
  <tr>
17
  <td><strong>Phone No. : </strong></td>
18
+ <td><input required type="tel" name="mo2f_trial_phone" style="width: 100%;" id= "mo2f_phone" value="<?php echo esc_html($user_phone); ?>" /></td>
19
  </tr>
20
  <tr>
21
  <td valign=top ><strong>Request a Trial for : </strong></td>
25
  </p>
26
  <p><input type= 'radio' name= 'mo2f_trial_plan' value="Enterprise" required >Enterprise(Unlimited sites)<br></p>
27
  <p><input type= 'radio' name= 'mo2f_trial_plan' value="notSure" required >I am confused!!<br></p>
28
+ <a href="<?php echo esc_url($upgrade_url); ?>" target="_blank">Checkout our Plans</a>
29
 
30
  </td>
31
  </tr>
42
  jQuery("#mo2f_phone").intlTelInput();
43
 
44
  jQuery(document).ready(function(){
45
+ var mo2f_trial_query_sent = "<?php echo esc_html(get_site_option('mo2f_trial_query_sent')) ?>"
46
  if(mo2f_trial_query_sent == 1){
47
  jQuery(':input[type="submit"]').prop('disabled', true);
48
  jQuery(':input[type="submit"]').attr('title','You have already sent a trial request for premium plugin. We will get back to you on your email soon.' );
views/twofa/setup/setup_duo_authenticator.php CHANGED
@@ -174,7 +174,7 @@ function go_for_user_enroll_on_duo($user,$session_id){
174
 
175
  <form name="f" method="post" id="duo_mobile_send_push_notification_for_inline_form" action="" >
176
  <input type="hidden" name="option" value="duo_mobile_send_push_notification_for_inline_form" />
177
- <input type="hidden" name="session_id" value="<?php echo $session_id ?>" />
178
  <input type="hidden" name="duo_mobile_send_push_notification_inline_form_nonce"
179
  value="<?php echo wp_create_nonce( "mo2f-send-duo-push-notification-inline-nonce" ) ?>"/>
180
  <p style = " font-size: 17px;"><b>Step : B </b></p>
@@ -281,7 +281,7 @@ function mo2f_download_instruction_for_duo_mobile_app(){
281
  </li>
282
  </ol>
283
  <br>
284
- <a style="margin-left:10%" target="_blank" href="https://play.google.com/store/apps/details?id=com.miniorange.android.authenticator&hl=en"><img src="<?php echo plugins_url( 'includes/images/playStore.png' , dirname(dirname(dirname(__FILE__))) );?>" style="width:120px; height:=45px; margin-left:6px;"></a>
285
  </td>
286
  </tr>
287
  </table>
174
 
175
  <form name="f" method="post" id="duo_mobile_send_push_notification_for_inline_form" action="" >
176
  <input type="hidden" name="option" value="duo_mobile_send_push_notification_for_inline_form" />
177
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id) ?>" />
178
  <input type="hidden" name="duo_mobile_send_push_notification_inline_form_nonce"
179
  value="<?php echo wp_create_nonce( "mo2f-send-duo-push-notification-inline-nonce" ) ?>"/>
180
  <p style = " font-size: 17px;"><b>Step : B </b></p>
281
  </li>
282
  </ol>
283
  <br>
284
+ <a style="margin-left:10%" target="_blank" href="https://play.google.com/store/apps/details?id=com.miniorange.android.authenticator&hl=en"><img src="<?php echo esc_url(plugins_url( 'includes/images/playStore.png' , dirname(dirname(dirname(__FILE__))) ));?>" style="width:120px; height:=45px; margin-left:6px;"></a>
285
  </td>
286
  </tr>
287
  </table>
views/twofa/setup/setup_google_authenticator.php CHANGED
@@ -83,7 +83,7 @@ function mo2f_configure_google_authenticator( $user ) {
83
 
84
  <div class="mo2f_google_authy_secret_outer_div">
85
  <div class="mo2f_google_authy_secret_inner_div">
86
- <?php echo $ga_secret; ?>
87
  </div>
88
  <div class="mo2f_google_authy_secret">
89
  <?php echo mo2f_lt( 'Spaces do not matter' ); ?>.
83
 
84
  <div class="mo2f_google_authy_secret_outer_div">
85
  <div class="mo2f_google_authy_secret_inner_div">
86
+ <?php echo esc_html($ga_secret)?>
87
  </div>
88
  <div class="mo2f_google_authy_secret">
89
  <?php echo mo2f_lt( 'Spaces do not matter' ); ?>.
views/twofa/setup/setup_google_authenticator_onpremise.php CHANGED
@@ -77,7 +77,7 @@ function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode,
77
  <div id="mo2f_entergoogle_auth_code">
78
 
79
  <b><h3>2. Enter the code generated in your Authenticator app <input style="padding: 5px" class ='mo_input_text_box_size' type="text" id="mo2f_google_auth_code" name="mo2f_google_auth_code" placeholder="Enter OTP" /> </h3></b>
80
- <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo $session_id_encrypt ?>">
81
 
82
  </div>
83
  <script type="text/javascript">
@@ -221,7 +221,7 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
221
  style="width:95%;"/></span><br><br>
222
 
223
  <input type="hidden" name="option" value="mo2f_configure_google_authenticator_validate"/>
224
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>">
225
  <input type="hidden" name="mo2f_configure_google_authenticator_validate_nonce"
226
  value="<?php echo wp_create_nonce( "mo2f-configure-google-authenticator-validate-nonce" ) ?>"/>
227
  <input type="submit" name="validate" id="SaveOTPGATour" class="button button-primary button-large"
77
  <div id="mo2f_entergoogle_auth_code">
78
 
79
  <b><h3>2. Enter the code generated in your Authenticator app <input style="padding: 5px" class ='mo_input_text_box_size' type="text" id="mo2f_google_auth_code" name="mo2f_google_auth_code" placeholder="Enter OTP" /> </h3></b>
80
+ <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>">
81
 
82
  </div>
83
  <script type="text/javascript">
221
  style="width:95%;"/></span><br><br>
222
 
223
  <input type="hidden" name="option" value="mo2f_configure_google_authenticator_validate"/>
224
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>">
225
  <input type="hidden" name="mo2f_configure_google_authenticator_validate_nonce"
226
  value="<?php echo wp_create_nonce( "mo2f-configure-google-authenticator-validate-nonce" ) ?>"/>
227
  <input type="submit" name="validate" id="SaveOTPGATour" class="button button-primary button-large"
views/twofa/setup/setup_miniorange_authenticator.php CHANGED
@@ -33,7 +33,7 @@ function mo2f_configure_miniorange_authenticator($user){
33
  </div>
34
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
35
  <input type="hidden" name="mo2f_method" id="mo2f_method_mo" value="<?php echo $mo2f_method; ?>">
36
- <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo $session_id_encrypt; ?>">
37
  <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce" value="<?php echo wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" ) ?>"/>
38
  <input type="button" style="float: right;" name="back" id="go_backlogin" class="button button-primary button-large" value="Back" />
39
  </form>
@@ -212,7 +212,7 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
212
  </form>
213
  <form name="f" method="post" id="mo2f_refresh_qr_form" action="" class="mo2f_display_none_forms">
214
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
215
- <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo $session_id_encrypt; ?>">
216
  <input type="hidden" name="mo2f_method" id="mo2f_ref_method"value="<?php echo sanitize_text_field($_POST['mo2f_method']) ;?>" />
217
  <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce"
218
  value="<?php echo wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" ) ?>"/>
@@ -247,7 +247,7 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
247
  function pollMobileRegistration() {
248
  var transId = "<?php echo MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId'); ?>";
249
  var jsonString = "{\"txId\":\"" + transId + "\"}";
250
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/registration-status";
251
  jQuery.ajax({
252
  url: postUrl,
253
  type: "POST",
@@ -257,14 +257,14 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
257
  success: function(result) {
258
  var status = JSON.parse(JSON.stringify(result)).status;
259
  if (status == 'SUCCESS') {
260
- var content = "<br><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(dirname(__FILE__))) );?>" + "' /></div>";
261
  jQuery("#displayQrCode").empty();
262
  jQuery("#displayQrCode").append(content);
263
  setTimeout(function() {
264
  jQuery("#mobile_register_form").submit();
265
  }, 1000);
266
  } else if (status == 'ERROR' || status == 'FAILED') {
267
- var content = "<br><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , dirname(dirname(dirname(__FILE__))) );?>" + "' /></div>";
268
  jQuery("#displayQrCode").empty();
269
  jQuery("#displayQrCode").append(content);
270
  jQuery("#messages").empty();
33
  </div>
34
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
35
  <input type="hidden" name="mo2f_method" id="mo2f_method_mo" value="<?php echo $mo2f_method; ?>">
36
+ <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt); ?>">
37
  <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce" value="<?php echo wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" ) ?>"/>
38
  <input type="button" style="float: right;" name="back" id="go_backlogin" class="button button-primary button-large" value="Back" />
39
  </form>
212
  </form>
213
  <form name="f" method="post" id="mo2f_refresh_qr_form" action="" class="mo2f_display_none_forms">
214
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
215
+ <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt); ?>">
216
  <input type="hidden" name="mo2f_method" id="mo2f_ref_method"value="<?php echo sanitize_text_field($_POST['mo2f_method']) ;?>" />
217
  <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce"
218
  value="<?php echo wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" ) ?>"/>
247
  function pollMobileRegistration() {
248
  var transId = "<?php echo MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId'); ?>";
249
  var jsonString = "{\"txId\":\"" + transId + "\"}";
250
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/registration-status";
251
  jQuery.ajax({
252
  url: postUrl,
253
  type: "POST",
257
  success: function(result) {
258
  var status = JSON.parse(JSON.stringify(result)).status;
259
  if (status == 'SUCCESS') {
260
+ var content = "<br><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo esc_url(plugins_url( 'includes/images/right.png' , dirname(dirname(dirname(__FILE__)))) );?>" + "' /></div>";
261
  jQuery("#displayQrCode").empty();
262
  jQuery("#displayQrCode").append(content);
263
  setTimeout(function() {
264
  jQuery("#mobile_register_form").submit();
265
  }, 1000);
266
  } else if (status == 'ERROR' || status == 'FAILED') {
267
+ var content = "<br><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo esc_url(plugins_url( 'includes/images/wrong.png' , dirname(dirname(dirname(__FILE__)))));?>" + "' /></div>";
268
  jQuery("#displayQrCode").empty();
269
  jQuery("#displayQrCode").append(content);
270
  jQuery("#messages").empty();
views/twofa/setup/setup_otp_over_sms.php CHANGED
@@ -23,7 +23,7 @@ function mo2f_configure_otp_over_sms( $user ) {
23
  <?php } ?>
24
  <form name="f" method="post" action="" id="mo2f_verifyphone_form">
25
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
26
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
27
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
28
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
29
 
@@ -37,7 +37,7 @@ function mo2f_configure_otp_over_sms( $user ) {
37
  </form>
38
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
39
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
40
- <input type="hidden" name="mo2f_session_id" value="<?php echo $session_id_encrypt ?>"/>
41
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
42
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
43
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
23
  <?php } ?>
24
  <form name="f" method="post" action="" id="mo2f_verifyphone_form">
25
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
26
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
27
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
28
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
29
 
37
  </form>
38
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
39
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
40
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
41
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
42
  value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
43
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
views/twofa/setup/setup_otp_over_whatsapp.php CHANGED
@@ -35,7 +35,7 @@ function mo2f_configure_otp_over_Whatsapp( $user ) {
35
  </th>
36
  <th>
37
  <input class="mo2f_table_textbox" style="width:200px;" type="text" name="verify_whatsappID" required id="phone"
38
- value="<?php echo $whatsapp_id ?>" pattern="[0-9]+"
39
  title="<?php echo mo2f_lt( 'Enter API Key recieved on your Whatsapp without any space or dashes' ); ?>"/><br>
40
  </th>
41
  </tr>
35
  </th>
36
  <th>
37
  <input class="mo2f_table_textbox" style="width:200px;" type="text" name="verify_whatsappID" required id="phone"
38
+ value="<?php echo esc_html($whatsapp_id) ?>" pattern="[0-9]+"
39
  title="<?php echo mo2f_lt( 'Enter API Key recieved on your Whatsapp without any space or dashes' ); ?>"/><br>
40
  </th>
41
  </tr>
views/twofa/setup_twofa.php CHANGED
@@ -16,7 +16,7 @@
16
 
17
  if ( $app_type == 'Google Authenticator' ) {
18
  $selectedMethod = 'Google Authenticator';
19
- } else if ( $app_type == 'Authy Authenticator' ) {
20
  $selectedMethod = 'Authy Authenticator';
21
  } else {
22
  $selectedMethod = 'Google Authenticator';
@@ -55,13 +55,13 @@
55
 
56
  mo2f_show_2FA_configuration_screen( $user, $current_selected_method );
57
  // echo '</div>';
58
- } else if ( get_user_meta( $user->ID, 'test_2FA', true ) ) {
59
  $current_selected_method = get_user_meta( $user->ID, 'mo2f_2FA_method_to_test', true );
60
 
61
  echo '<div class="mo2f_table_layout">';
62
  mo2f_show_2FA_test_screen( $user, $current_selected_method );
63
  echo '</div>';
64
- }else if ( get_user_meta( $user->ID, 'register_account_popup', true ) && $can_display_admin_features ) {
65
  display_customer_registration_forms( $user );
66
  } else {
67
  $is_NC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
@@ -204,8 +204,8 @@
204
  ?>
205
  <button onclick="window.open('https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan')" class="mo2f-test-button">Add SMS</button>
206
  <?php } ?>
207
- <button class="mo2f-test-button" id="test" onclick="testAuthenticationMethod('<?php echo $selectedMethod; ?>');"
208
- <?php echo $is_customer_registered && ( $selectedMethod != 'NONE' ) ? "" : " disabled "; ?>>Test - <strong> <?php echo $selectedMethod; ?> </strong>
209
  </button>
210
  </div>
211
 
@@ -265,7 +265,7 @@
265
  </div>
266
  <div class="modal-body" style="height: auto">
267
  <h2 style="color: red;">The email associated with your account is already registered in miniOrange. Please Choose another email.</h2>
268
- <h2><i>Enter your Email:&nbsp;&nbsp;&nbsp; <input type ='email' id='emailEnteredCloud' name='emailEnteredCloud' size= '40' required value="<?php echo $email;?>"/></i></h2>
269
  </div>
270
  <div class="modal-footer">
271
  <button type="button" class="button button-primary button-large modal-button" id="save_entered_email_cloud">Save</button>
@@ -280,7 +280,7 @@
280
  <h3 class="modal-title" style="text-align: center; font-size: 20px; color: #2271b1">Email Address for OTP</h3><span id="closeEnterEmail" class="modal-span-close">X</span>
281
  </div>
282
  <div class="modal-body" style="height: auto">
283
- <h2><i>Enter your Email:&nbsp;&nbsp;&nbsp; <input type ='email' id='emailEntered' name='emailEntered' size= '40' required value="<?php echo $email;?>"/></i></h2>
284
  </div>
285
  <div class="modal-footer">
286
  <input type="text" id="current_method" hidden value="">
@@ -430,7 +430,7 @@
430
  configureOrSet2ndFactor_free_plan(authMethod,'select2factor');
431
  }
432
  function configureOrSet2ndFactor_free_plan(authMethod, action, cloudswitch=null,allowed=null) {
433
- var is_onprem = '<?php echo MO2F_IS_ONPREM;?>';
434
  if(authMethod == 'miniOrangeAuthenticator')
435
  authMethod = jQuery("#miniOrangeAuthenticator").val();
436
  <?php
@@ -439,7 +439,7 @@
439
  $is_user_registered = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID ) ? true : false;
440
 
441
  ?>
442
- var is_user_registered = '<?php echo $is_user_registered; ?>';
443
 
444
 
445
  if((is_onprem == 0 || authMethod=='miniOrangeSoftToken'|| authMethod=='miniOrangeQRCodeAuthentication'|| authMethod=='miniOrangePushNotification') && is_user_registered == 0)
@@ -515,7 +515,7 @@
515
  {
516
  if(authMethod == 'EmailVerification' || authMethod == 'OTPOverEmail')
517
  {
518
- var is_registered = '<?php echo $email_registered;?>';
519
  jQuery('#current_method').val(authMethod);
520
 
521
  if(is_onprem == 1 && is_registered!=0 && action != 'select2factor')
16
 
17
  if ( $app_type == 'Google Authenticator' ) {
18
  $selectedMethod = 'Google Authenticator';
19
+ } elseif ( $app_type == 'Authy Authenticator' ) {
20
  $selectedMethod = 'Authy Authenticator';
21
  } else {
22
  $selectedMethod = 'Google Authenticator';
55
 
56
  mo2f_show_2FA_configuration_screen( $user, $current_selected_method );
57
  // echo '</div>';
58
+ } elseif ( get_user_meta( $user->ID, 'test_2FA', true ) ) {
59
  $current_selected_method = get_user_meta( $user->ID, 'mo2f_2FA_method_to_test', true );
60
 
61
  echo '<div class="mo2f_table_layout">';
62
  mo2f_show_2FA_test_screen( $user, $current_selected_method );
63
  echo '</div>';
64
+ }elseif ( get_user_meta( $user->ID, 'register_account_popup', true ) && $can_display_admin_features ) {
65
  display_customer_registration_forms( $user );
66
  } else {
67
  $is_NC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
204
  ?>
205
  <button onclick="window.open('https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan')" class="mo2f-test-button">Add SMS</button>
206
  <?php } ?>
207
+ <button class="mo2f-test-button" id="test" onclick="testAuthenticationMethod('<?php echo esc_attr($selectedMethod); ?>');"
208
+ <?php echo $is_customer_registered && ( $selectedMethod != 'NONE' ) ? "" : " disabled "; ?>>Test - <strong> <?php echo esc_attr($selectedMethod); ?> </strong>
209
  </button>
210
  </div>
211
 
265
  </div>
266
  <div class="modal-body" style="height: auto">
267
  <h2 style="color: red;">The email associated with your account is already registered in miniOrange. Please Choose another email.</h2>
268
+ <h2><i>Enter your Email:&nbsp;&nbsp;&nbsp; <input type ='email' id='emailEnteredCloud' name='emailEnteredCloud' size= '40' required value="<?php echo esc_html($email);?>"/></i></h2>
269
  </div>
270
  <div class="modal-footer">
271
  <button type="button" class="button button-primary button-large modal-button" id="save_entered_email_cloud">Save</button>
280
  <h3 class="modal-title" style="text-align: center; font-size: 20px; color: #2271b1">Email Address for OTP</h3><span id="closeEnterEmail" class="modal-span-close">X</span>
281
  </div>
282
  <div class="modal-body" style="height: auto">
283
+ <h2><i>Enter your Email:&nbsp;&nbsp;&nbsp; <input type ='email' id='emailEntered' name='emailEntered' size= '40' required value="<?php echo esc_html($email);?>"/></i></h2>
284
  </div>
285
  <div class="modal-footer">
286
  <input type="text" id="current_method" hidden value="">
430
  configureOrSet2ndFactor_free_plan(authMethod,'select2factor');
431
  }
432
  function configureOrSet2ndFactor_free_plan(authMethod, action, cloudswitch=null,allowed=null) {
433
+ var is_onprem = '<?php echo esc_html(MO2F_IS_ONPREM);?>';
434
  if(authMethod == 'miniOrangeAuthenticator')
435
  authMethod = jQuery("#miniOrangeAuthenticator").val();
436
  <?php
439
  $is_user_registered = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID ) ? true : false;
440
 
441
  ?>
442
+ var is_user_registered = '<?php echo esc_html($is_user_registered); ?>';
443
 
444
 
445
  if((is_onprem == 0 || authMethod=='miniOrangeSoftToken'|| authMethod=='miniOrangeQRCodeAuthentication'|| authMethod=='miniOrangePushNotification') && is_user_registered == 0)
515
  {
516
  if(authMethod == 'EmailVerification' || authMethod == 'OTPOverEmail')
517
  {
518
+ var is_registered = '<?php echo esc_html($email_registered);?>';
519
  jQuery('#current_method').val(authMethod);
520
 
521
  if(is_onprem == 1 && is_registered!=0 && action != 'select2factor')
views/twofa/test/test_twofa_email_verification.php CHANGED
@@ -92,7 +92,7 @@
92
  function pollMobileValidation() {
93
  var transId = "<?php echo $mo2f_transactionId; ?>";
94
  var jsonString = "{\"txId\":\"" + transId + "\"}";
95
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
96
 
97
  jQuery.ajax({
98
  url: postUrl,
92
  function pollMobileValidation() {
93
  var transId = "<?php echo $mo2f_transactionId; ?>";
94
  var jsonString = "{\"txId\":\"" + transId + "\"}";
95
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
96
 
97
  jQuery.ajax({
98
  url: postUrl,
views/twofa/test/test_twofa_kba_questions.php CHANGED
@@ -14,7 +14,7 @@
14
 
15
  <div id="mo2f_kba_content">
16
  <?php if ( isset( $questions ) ) {
17
- echo $questions[0]['question'];
18
  ?>
19
  <br>
20
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1"
@@ -23,7 +23,7 @@
23
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
24
  autocomplete="off"><br><br>
25
  <?php
26
- echo $questions[1]['question'];
27
  ?>
28
  <br>
29
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2"
14
 
15
  <div id="mo2f_kba_content">
16
  <?php if ( isset( $questions ) ) {
17
+ echo esc_html($questions[0]['question']);
18
  ?>
19
  <br>
20
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1"
23
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
24
  autocomplete="off"><br><br>
25
  <?php
26
+ echo esc_html($questions[1]['question']);
27
  ?>
28
  <br>
29
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2"
views/twofa/test/test_twofa_miniorange_push_notification.php CHANGED
@@ -8,7 +8,7 @@
8
  <h4><?php echo mo2f_lt( 'A Push Notification has been sent to your phone.' ); ?>
9
  <br><?php echo mo2f_lt( 'We are waiting for your approval...' ); ?>
10
  </h4>
11
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__)))); ?>"/>
12
  </center>
13
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
14
  value="<?php echo mo2f_lt( 'Back' ); ?>" style="margin-top:100px;margin-left:10px;"/>
@@ -42,7 +42,7 @@
42
  function pollMobileValidation() {
43
  var transId = "<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>";
44
  var jsonString = "{\"txId\":\"" + transId + "\"}";
45
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
46
 
47
  jQuery.ajax({
48
  url: postUrl,
8
  <h4><?php echo mo2f_lt( 'A Push Notification has been sent to your phone.' ); ?>
9
  <br><?php echo mo2f_lt( 'We are waiting for your approval...' ); ?>
10
  </h4>
11
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))))); ?>"/>
12
  </center>
13
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
14
  value="<?php echo mo2f_lt( 'Back' ); ?>" style="margin-top:100px;margin-left:10px;"/>
42
  function pollMobileValidation() {
43
  var transId = "<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>";
44
  var jsonString = "{\"txId\":\"" + transId + "\"}";
45
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
46
 
47
  jQuery.ajax({
48
  url: postUrl,
views/twofa/test/test_twofa_miniorange_qrcode_authentication.php CHANGED
@@ -59,7 +59,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
59
  function pollMobileValidation() {
60
  var transId = "<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>";
61
  var jsonString = "{\"txId\":\"" + transId + "\"}";
62
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
63
 
64
  jQuery.ajax({
65
  url: postUrl,
@@ -70,7 +70,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
70
  success: function (result) {
71
  var status = JSON.parse(JSON.stringify(result)).status;
72
  if (status == 'SUCCESS') {
73
- var content = "<br><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png', dirname(dirname(dirname(__FILE__))) );?>" + "' /></div>";
74
  jQuery("#displayQrCode").empty();
75
  jQuery("#displayQrCode").append(content);
76
  setTimeout(function () {
@@ -78,7 +78,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
78
  }, 1000);
79
 
80
  } else if (status == 'ERROR' || status == 'FAILED') {
81
- var content = "<br><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png', dirname(dirname(dirname(__FILE__))) );?>" + "' /></div>";
82
  jQuery("#displayQrCode").empty();
83
  jQuery("#displayQrCode").append(content);
84
  setTimeout(function () {
59
  function pollMobileValidation() {
60
  var transId = "<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>";
61
  var jsonString = "{\"txId\":\"" + transId + "\"}";
62
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
63
 
64
  jQuery.ajax({
65
  url: postUrl,
70
  success: function (result) {
71
  var status = JSON.parse(JSON.stringify(result)).status;
72
  if (status == 'SUCCESS') {
73
+ var content = "<br><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo esc_url(plugins_url( 'includes/images/right.png', dirname(dirname(dirname(__FILE__))) ));?>" + "' /></div>";
74
  jQuery("#displayQrCode").empty();
75
  jQuery("#displayQrCode").append(content);
76
  setTimeout(function () {
78
  }, 1000);
79
 
80
  } else if (status == 'ERROR' || status == 'FAILED') {
81
+ var content = "<br><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo esc_url(plugins_url( 'includes/images/wrong.png', dirname(dirname(dirname(__FILE__)))) );?>" + "' /></div>";
82
  jQuery("#displayQrCode").empty();
83
  jQuery("#displayQrCode").append(content);
84
  setTimeout(function () {
views/twofa/two_fa_custom_form.php CHANGED
@@ -26,7 +26,7 @@ include $setup_dirName;
26
  </tr>
27
  <tr>
28
  <td>
29
- <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/woocommerce.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit; padding-right: 50px;">Woocommerce</h3>
30
  </td>
31
  <td style="align-items: right;">
32
  <form id="woocommerce_login_prompt_form" method="post">
@@ -45,7 +45,7 @@ include $setup_dirName;
45
  </tr>
46
  <tr>
47
  <td>
48
- <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/ultimate_member.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Ultimate Member</h3>
49
  </td>
50
  <td style="text-align: center;">
51
  <input type="checkbox" name="" checked>
@@ -55,7 +55,7 @@ include $setup_dirName;
55
  </tr>
56
  <tr>
57
  <td>
58
- <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/restrict_content_pro.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Restrict Content Pro</h3>
59
  </td>
60
  <td style="text-align: center;">
61
  <input type="checkbox" name="" checked>
@@ -65,7 +65,7 @@ include $setup_dirName;
65
  </tr>
66
  <tr>
67
  <td >
68
- <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/theme_my_login.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">My Theme Login</h3>
69
  </td>
70
  <td style="text-align: center;">
71
  <input type="checkbox" name="" checked>
@@ -75,7 +75,7 @@ include $setup_dirName;
75
  </tr>
76
  <tr>
77
  <td>
78
- <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/user_registration.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">User Registration</h3>
79
  </td>
80
  <td style="text-align: center;">
81
  <input type="checkbox" name="" checked>
@@ -85,7 +85,7 @@ include $setup_dirName;
85
  </tr>
86
  <tr>
87
  <td>
88
- <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/Custom_Login_Page_Customizer_LoginPress.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Custom Login Page Customizer | LoginPress</h3>
89
  </td>
90
  <td style="text-align: center;">
91
  <input type="checkbox" name="" checked>
@@ -95,7 +95,7 @@ include $setup_dirName;
95
  </tr>
96
  <tr>
97
  <td>
98
- <?php echo '<img style="width:30px; height:30px;display: inline;float: left;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/Admin_Custom_Login.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Admin Custom Login</h3>
99
  </td>
100
  <td style="text-align: center;">
101
  <input type="checkbox" name="" checked>
@@ -105,7 +105,7 @@ include $setup_dirName;
105
  </tr>
106
  <tr>
107
  <td>
108
- <?php echo '<img style="width:30px; height:30px;display: inline;float: left;" src="'.dirname(plugin_dir_url(dirname(__FILE__))).'/includes/images/RegistrationMagic_Custom_Registration_Forms_and_User_Login.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">RegistrationMagic – Custom Registration Forms and User Login</h3>
109
  </td>
110
  <td style="text-align: center; ">
111
  <input type="checkbox" name="" checked>
26
  </tr>
27
  <tr>
28
  <td>
29
+ <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/woocommerce.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit; padding-right: 50px;">Woocommerce</h3>
30
  </td>
31
  <td style="align-items: right;">
32
  <form id="woocommerce_login_prompt_form" method="post">
45
  </tr>
46
  <tr>
47
  <td>
48
+ <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/ultimate_member.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Ultimate Member</h3>
49
  </td>
50
  <td style="text-align: center;">
51
  <input type="checkbox" name="" checked>
55
  </tr>
56
  <tr>
57
  <td>
58
+ <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/restrict_content_pro.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Restrict Content Pro</h3>
59
  </td>
60
  <td style="text-align: center;">
61
  <input type="checkbox" name="" checked>
65
  </tr>
66
  <tr>
67
  <td >
68
+ <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/theme_my_login.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">My Theme Login</h3>
69
  </td>
70
  <td style="text-align: center;">
71
  <input type="checkbox" name="" checked>
75
  </tr>
76
  <tr>
77
  <td>
78
+ <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/user_registration.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">User Registration</h3>
79
  </td>
80
  <td style="text-align: center;">
81
  <input type="checkbox" name="" checked>
85
  </tr>
86
  <tr>
87
  <td>
88
+ <?php echo '<img style="width:30px; height:30px;display: inline;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/Custom_Login_Page_Customizer_LoginPress.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Custom Login Page Customizer | LoginPress</h3>
89
  </td>
90
  <td style="text-align: center;">
91
  <input type="checkbox" name="" checked>
95
  </tr>
96
  <tr>
97
  <td>
98
+ <?php echo '<img style="width:30px; height:30px;display: inline;float: left;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/Admin_Custom_Login.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">Admin Custom Login</h3>
99
  </td>
100
  <td style="text-align: center;">
101
  <input type="checkbox" name="" checked>
105
  </tr>
106
  <tr>
107
  <td>
108
+ <?php echo '<img style="width:30px; height:30px;display: inline;float: left;" src="'.esc_url(dirname(plugin_dir_url(dirname(__FILE__)))).'/includes/images/RegistrationMagic_Custom_Registration_Forms_and_User_Login.png">';?><h3 style="margin-left: 15px; font-size: large; display: inline; float: inherit;">RegistrationMagic – Custom Registration Forms and User Login</h3>
109
  </td>
110
  <td style="text-align: center; ">
111
  <input type="checkbox" name="" checked>
views/twofa/two_fa_premium_feature.php CHANGED
@@ -12,8 +12,8 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
12
 
13
  <div id = "premium_feature_phone_lost">
14
  <h3>What happens if my phone is lost, discharged or not with me
15
- <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[0]); ?>
16
- <a href='<?php echo $two_factor_premium_doc['What happens if my phone is lost, discharged or not with me'];?>' target="_blank">
17
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#413c69;float: right;"></span>
18
 
19
  </a></h3>
@@ -32,8 +32,8 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
32
  $opt='OUT OF BAND EMAIL';
33
  ?>
34
  <h3><?php echo mo2f_lt('Select the specific set of authentication methods for your users');?>
35
- <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[1]); ?>
36
- <a href='<?php echo $two_factor_premium_doc['Specific set of authentication methods'];?>' target="_blank"><span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#413c69;float: right;"></span></a></h3>
37
  <p>
38
  <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="1" checked="checked" />
39
  <?php echo __('For all Users','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
@@ -99,7 +99,7 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
99
  if(empty($copt[$id])){
100
  $copt[$id]=array("No Two Factor Selected");
101
  }?>
102
- <span class="mo2f_display_tab mo2f_btn_premium_features" style="padding: 7px 25px;" ID="mo2f_role_<?php echo $id ?>" onclick="displayTab('<?php echo $id ?>');" value="<?php echo $id ?>" <?php if(get_site_option('mo2f_all_users_method')){echo 'hidden';}?>> <?php echo $name ?></span>
103
 
104
  <?php
105
  }
@@ -112,46 +112,46 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
112
  $setting = get_site_option('mo2fa_'.$id);
113
  $newcopt=$copt[$id];
114
  ?>
115
- <table class="mo2f_for_all_roles" id="mo2f_for_all_<?php echo $id ?>" hidden><tbody>
116
  <tr>
117
  <td>
118
- <input type='checkbox' name="<?php echo $id ?>[]" value='OUT OF BAND EMAIL' <?php echo (in_array("OUT OF BAND EMAIL", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Email Verification','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
119
  </td>
120
  <td>
121
- <input type='checkbox' name="<?php echo $id ?>[]" value='SMS' <?php echo (in_array("SMS", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('OTP Over SMS','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
122
  </td>
123
  <td>
124
- <input type='checkbox' name="<?php echo $id ?>[]" value='PHONE VERIFICATION' <?php echo (in_array("PHONE VERIFICATION", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Phone Call Verification','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
125
  </td>
126
  </tr>
127
  <tr>
128
  <td>
129
- <input type='checkbox' name="<?php echo $id ?>[]" value='SOFT TOKEN' <?php echo (in_array("SOFT TOKEN", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Soft Token','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
130
  </td>
131
  <td>
132
- <input type='checkbox' name="<?php echo $id ?>[]" value='MOBILE AUTHENTICATION' <?php echo (in_array("MOBILE AUTHENTICATION", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('QR Code Authentication','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
133
  </td>
134
  <td>
135
- <input type='checkbox' name="<?php echo $id ?>[]" value='PUSH NOTIFICATIONS' <?php echo (in_array("PUSH NOTIFICATIONS", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Push Notifications','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
136
  </td>
137
  </tr>
138
  <tr>
139
  <td>
140
- <input type='checkbox' name="<?php echo $id ?>[]" value='GOOGLE AUTHENTICATOR' <?php echo (in_array("GOOGLE AUTHENTICATOR", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Google Authenticator','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
141
  </td>
142
  <td>
143
- <input type='checkbox' name="<?php echo $id ?>[]" value='AUTHY 2-FACTOR AUTHENTICATION' <?php echo (in_array("AUTHY 2-FACTOR AUTHENTICATION", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('AUTHY 2-FACTOR AUTHENTICATION','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
144
  </td>
145
  <td>
146
- <input type='checkbox' name="<?php echo $id ?>[]" value='KBA' <?php echo (in_array("KBA", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Security Questions (KBA)','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
147
  </td>
148
  </tr>
149
  <tr>
150
  <td>
151
- <input type='checkbox' name="<?php echo $id ?>[]" value='SMS AND EMAIL' <?php echo (in_array("SMS AND EMAIL", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('OTP Over SMS And Email','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
152
  </td>
153
  <td>
154
- <input type='checkbox' name="<?php echo $id ?>[]" value='OTP_OVER_EMAIL' <?php echo (in_array("OTP_OVER_EMAIL", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('OTP Over Email','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
155
  </td>
156
  </tr>
157
  </tbody>
@@ -190,15 +190,15 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
190
  <hr>
191
 
192
  <h3>Skip Option for Users During User Enrollment
193
- <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[2]); ?></h3>
194
  <p>
195
  <input type="checkbox" class="option_for_auth" name=" Skip Option for users." value="1" checked="checked" disabled> Skip Option for users.
196
  </p>
197
  </br><hr>
198
 
199
  <h3>Email verification of Users during User Enrollment
200
- <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[3]); ?>
201
- <a href='<?php echo $two_factor_premium_doc['Email verification of Users during Inline Registration'];?>' target="_blank">
202
  <span class="dashicons dashicons-text-page"title="More Information" style="font-size:19px;color:#413c69;float: right;"></span>
203
  </a></h3>
204
  <p>
@@ -209,19 +209,19 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
209
  </br><hr>
210
 
211
  <h3>Select Login Screen Options
212
- <a href='<?php echo $two_factor_premium_doc['Select login screen option'];?>' target="_blank">
213
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#413c69;float: right;"></span>
214
  </a></h3>
215
 
216
  <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="1" checked="checked" disabled> Login with password + 2nd Factor <span style="color: red">(Recommended)</span>
217
- <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[4]); ?>
218
 
219
  </br>
220
  </br>
221
  <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="0" disabled>
222
  Login with 2nd Factor only <span style="color: red">(No password required)
223
  <a onclick="mo2f_login_with_username_only()">&nbsp;&nbsp;See Preview</a></span>
224
- <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[5]); ?>
225
  </br>
226
 
227
  <div id="mo2f_login_with_username_only" style="display: none;">
@@ -234,7 +234,7 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
234
  <input type="checkbox" class="option_for_auth" value="0" disabled>I want to hide default login form.
235
  <a onclick="mo2f_hide_login_form()">&nbsp;&nbsp;See Preview</a>
236
 
237
- <?php echo mo2f_tooltip_array($premium_feature_tooltip_array[6]); ?>
238
  <div id="mo2f_hide_login" style="display: none;">
239
  <?php
240
  echo '<div style="text-align:center;"><img style="margin-top:5px;" src="'.$hide_login_form_url.'"></div><br>';?>
@@ -256,9 +256,9 @@ $premium_feature_tooltip_array = array ('This option will provide users an alter
256
 
257
  <?php
258
  function mo2f_tooltip_array($mo2f_addon_feature){
259
- return '<div class="mo2f_tooltip_addon">
260
  <span class="dashicons dashicons-info mo2f_info_tab"></span>
261
- <span class="mo2f_tooltiptext_addon" >'. $mo2f_addon_feature .'
262
  </span>
263
  </div>';
264
  }
12
 
13
  <div id = "premium_feature_phone_lost">
14
  <h3>What happens if my phone is lost, discharged or not with me
15
+ <?php mo2f_tooltip_array($premium_feature_tooltip_array[0]); ?>
16
+ <a href='<?php echo esc_url($two_factor_premium_doc['What happens if my phone is lost, discharged or not with me']);?>' target="_blank">
17
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#413c69;float: right;"></span>
18
 
19
  </a></h3>
32
  $opt='OUT OF BAND EMAIL';
33
  ?>
34
  <h3><?php echo mo2f_lt('Select the specific set of authentication methods for your users');?>
35
+ <?php mo2f_tooltip_array($premium_feature_tooltip_array[1]); ?>
36
+ <a href='<?php echo esc_url($two_factor_premium_doc['Specific set of authentication methods']);?>' target="_blank"><span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#413c69;float: right;"></span></a></h3>
37
  <p>
38
  <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="1" checked="checked" />
39
  <?php echo __('For all Users','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
99
  if(empty($copt[$id])){
100
  $copt[$id]=array("No Two Factor Selected");
101
  }?>
102
+ <span class="mo2f_display_tab mo2f_btn_premium_features" style="padding: 7px 25px;" ID="mo2f_role_<?php echo esc_html($id) ?>" onclick="displayTab('<?php echo esc_html($id) ?>');" value="<?php echo esc_html($id) ?>" <?php if(get_site_option('mo2f_all_users_method')){echo 'hidden';}?>> <?php echo esc_html($name) ?></span>
103
 
104
  <?php
105
  }
112
  $setting = get_site_option('mo2fa_'.$id);
113
  $newcopt=$copt[$id];
114
  ?>
115
+ <table class="mo2f_for_all_roles" id="mo2f_for_all_<?php echo esc_html($id) ?>" hidden><tbody>
116
  <tr>
117
  <td>
118
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='OUT OF BAND EMAIL' <?php echo (in_array("OUT OF BAND EMAIL", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Email Verification','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
119
  </td>
120
  <td>
121
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='SMS' <?php echo (in_array("SMS", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('OTP Over SMS','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
122
  </td>
123
  <td>
124
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='PHONE VERIFICATION' <?php echo (in_array("PHONE VERIFICATION", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Phone Call Verification','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
125
  </td>
126
  </tr>
127
  <tr>
128
  <td>
129
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='SOFT TOKEN' <?php echo (in_array("SOFT TOKEN", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Soft Token','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
130
  </td>
131
  <td>
132
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='MOBILE AUTHENTICATION' <?php echo (in_array("MOBILE AUTHENTICATION", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('QR Code Authentication','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
133
  </td>
134
  <td>
135
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='PUSH NOTIFICATIONS' <?php echo (in_array("PUSH NOTIFICATIONS", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Push Notifications','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
136
  </td>
137
  </tr>
138
  <tr>
139
  <td>
140
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='GOOGLE AUTHENTICATOR' <?php echo (in_array("GOOGLE AUTHENTICATOR", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Google Authenticator','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
141
  </td>
142
  <td>
143
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='AUTHY 2-FACTOR AUTHENTICATION' <?php echo (in_array("AUTHY 2-FACTOR AUTHENTICATION", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('AUTHY 2-FACTOR AUTHENTICATION','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
144
  </td>
145
  <td>
146
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='KBA' <?php echo (in_array("KBA", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('Security Questions (KBA)','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
147
  </td>
148
  </tr>
149
  <tr>
150
  <td>
151
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='SMS AND EMAIL' <?php echo (in_array("SMS AND EMAIL", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('OTP Over SMS And Email','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
152
  </td>
153
  <td>
154
+ <input type='checkbox' name="<?php echo esc_html($id) ?>[]" value='OTP_OVER_EMAIL' <?php echo (in_array("OTP_OVER_EMAIL", $newcopt)) ? 'checked="checked"' : ''; ?> disabled /><?php echo __('OTP Over Email','miniorange-2-factor-authentication');?>&nbsp;&nbsp;
155
  </td>
156
  </tr>
157
  </tbody>
190
  <hr>
191
 
192
  <h3>Skip Option for Users During User Enrollment
193
+ <?php mo2f_tooltip_array($premium_feature_tooltip_array[2]); ?></h3>
194
  <p>
195
  <input type="checkbox" class="option_for_auth" name=" Skip Option for users." value="1" checked="checked" disabled> Skip Option for users.
196
  </p>
197
  </br><hr>
198
 
199
  <h3>Email verification of Users during User Enrollment
200
+ <?php mo2f_tooltip_array($premium_feature_tooltip_array[3]); ?>
201
+ <a href='<?php echo esc_url($two_factor_premium_doc['Email verification of Users during Inline Registration']);?>' target="_blank">
202
  <span class="dashicons dashicons-text-page"title="More Information" style="font-size:19px;color:#413c69;float: right;"></span>
203
  </a></h3>
204
  <p>
209
  </br><hr>
210
 
211
  <h3>Select Login Screen Options
212
+ <a href='<?php echo esc_url($two_factor_premium_doc['Select login screen option']);?>' target="_blank">
213
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#413c69;float: right;"></span>
214
  </a></h3>
215
 
216
  <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="1" checked="checked" disabled> Login with password + 2nd Factor <span style="color: red">(Recommended)</span>
217
+ <?php mo2f_tooltip_array($premium_feature_tooltip_array[4]); ?>
218
 
219
  </br>
220
  </br>
221
  <input type="radio" class="option_for_auth" name="mo2f_all_users_method" value="0" disabled>
222
  Login with 2nd Factor only <span style="color: red">(No password required)
223
  <a onclick="mo2f_login_with_username_only()">&nbsp;&nbsp;See Preview</a></span>
224
+ <?php mo2f_tooltip_array($premium_feature_tooltip_array[5]); ?>
225
  </br>
226
 
227
  <div id="mo2f_login_with_username_only" style="display: none;">
234
  <input type="checkbox" class="option_for_auth" value="0" disabled>I want to hide default login form.
235
  <a onclick="mo2f_hide_login_form()">&nbsp;&nbsp;See Preview</a>
236
 
237
+ <?php mo2f_tooltip_array($premium_feature_tooltip_array[6]); ?>
238
  <div id="mo2f_hide_login" style="display: none;">
239
  <?php
240
  echo '<div style="text-align:center;"><img style="margin-top:5px;" src="'.$hide_login_form_url.'"></div><br>';?>
256
 
257
  <?php
258
  function mo2f_tooltip_array($mo2f_addon_feature){
259
+ echo '<div class="mo2f_tooltip_addon">
260
  <span class="dashicons dashicons-info mo2f_info_tab"></span>
261
+ <span class="mo2f_tooltiptext_addon" >'. esc_html($mo2f_addon_feature) .'
262
  </span>
263
  </div>';
264
  }
views/twofa/two_fa_rba.php CHANGED
@@ -7,7 +7,7 @@ include $setup_dirName;
7
  <form id="settings_from_addon" method="post" action="">
8
  <input type="hidden" name="option" value="mo_auth_addon_settings_save"/>
9
  <h2><?php echo mo2f_lt( '1. Remember Device' ); ?>
10
- <span style="text-align: right;font-size: medium;"><?php echo ' <a href="'.$addons_url .'" style="color: red">'; ?>[ PREMIUM ]</a></span><a href='<?php echo $two_factor_premium_doc['Remember Device'];?>'
11
  target="_blank">
12
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
13
  </a>
7
  <form id="settings_from_addon" method="post" action="">
8
  <input type="hidden" name="option" value="mo_auth_addon_settings_save"/>
9
  <h2><?php echo mo2f_lt( '1. Remember Device' ); ?>
10
+ <span style="text-align: right;font-size: medium;"><?php echo ' <a href="'.esc_url($addons_url) .'" style="color: red">'; ?>[ PREMIUM ]</a></span><a href='<?php echo esc_url($two_factor_premium_doc['Remember Device']);?>'
11
  target="_blank">
12
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
13
  </a>
views/twofa/two_fa_session_control.php CHANGED
@@ -1,7 +1,7 @@
1
  <div>
2
  <div class="mo2f_table_divide_border">
3
  <h2>4. Session Control
4
- <span style="text-align: right;font-size: large;"><?php echo '<a href="'.$addons_url .'" style="color: red">'; ?>[ PREMIUM ]</a></span>
5
  </h2><hr>
6
  <table style="width:100%">
7
  <tr>
1
  <div>
2
  <div class="mo2f_table_divide_border">
3
  <h2>4. Session Control
4
+ <span style="text-align: right;font-size: large;"><?php echo '<a href="'.esc_url($addons_url) .'" style="color: red">'; ?>[ PREMIUM ]</a></span>
5
  </h2><hr>
6
  <table style="width:100%">
7
  <tr>
views/twofa/two_fa_setup_notification.php CHANGED
@@ -33,12 +33,12 @@ function mo2f_display_test_2fa_notification( $user ) {
33
  <span type="button" id="test-methods" class="modal-span-close" data-dismiss="modal">&times;</span>
34
  </div>
35
  <div class="mo2f_modal-body">
36
- <p style="font-size:14px;"><b><?php echo $mo2f_configured_2FA_method; ?> </b> has been set as your 2-factor authentication method.
37
  <br>
38
  <?php if($mo2f_configured_2FA_method == 'Google Authenticator' && MO2F_IS_ONPREM){ ?>
39
  <p><b>Current valid OTPs for Google Authenticator</b></p>
40
  <table cellspacing="10">
41
- <tr><td><?php echo $code_array[0]; ?></td><td><?php echo $code_array[1]; ?></td><td><?php echo $code_array[2]; ?></td><td><?php echo $code_array[3]; ?></td><td><?php echo $code_array[4]; ?></td></tr>
42
  </table>
43
  <?php } ?>
44
  <br>Please test the login flow once with 2nd factor in another browser or in an incognito window of the same browser to ensure you don't get locked out of your site.</p>
@@ -59,7 +59,7 @@ function mo2f_display_test_2fa_notification( $user ) {
59
  });
60
  jQuery('#test-methods-button').click(function(){
61
  jQuery('#twoFAtestAlertModal').css('display', 'none');
62
- testAuthenticationMethod('<?php echo $mo2f_configured_2FA_method; ?>');
63
  });
64
  </script>
65
  <?php }
33
  <span type="button" id="test-methods" class="modal-span-close" data-dismiss="modal">&times;</span>
34
  </div>
35
  <div class="mo2f_modal-body">
36
+ <p style="font-size:14px;"><b><?php echo esc_attr($mo2f_configured_2FA_method); ?> </b> has been set as your 2-factor authentication method.
37
  <br>
38
  <?php if($mo2f_configured_2FA_method == 'Google Authenticator' && MO2F_IS_ONPREM){ ?>
39
  <p><b>Current valid OTPs for Google Authenticator</b></p>
40
  <table cellspacing="10">
41
+ <tr><td><?php echo esc_attr($code_array[0]); ?></td><td><?php echo esc_attr($code_array[1]); ?></td><td><?php echo esc_attr($code_array[2]); ?></td><td><?php echo esc_attr($code_array[3]); ?></td><td><?php echo esc_attr($code_array[4]); ?></td></tr>
42
  </table>
43
  <?php } ?>
44
  <br>Please test the login flow once with 2nd factor in another browser or in an incognito window of the same browser to ensure you don't get locked out of your site.</p>
59
  });
60
  jQuery('#test-methods-button').click(function(){
61
  jQuery('#twoFAtestAlertModal').css('display', 'none');
62
+ testAuthenticationMethod('<?php echo esc_html($mo2f_configured_2FA_method); ?>');
63
  });
64
  </script>
65
  <?php }
views/twofa/two_fa_shortcode.php CHANGED
@@ -9,9 +9,9 @@ $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'
9
 
10
  <div id="mo2f_hide_shortcode_content" >
11
  <h2>3. Shortcode
12
- <span style="text-align: right;font-size: large;"><?php echo '<a href="'.$addons_url .'" style="color: red">'; ?>[ PREMIUM ]</a></span>
13
  </h2><hr>
14
- <h3><?php echo __( 'List of Shortcodes', 'miniorange-2-factor-authentication' ); ?><a href='<?php echo $two_factor_premium_doc['Shortcode'];?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span></a> <a class="mo2fa-addons-preview-alignment" onclick="mo2f_login_with_shortcode()">&nbsp;&nbsp;See Preview</a></h3>
15
  <ol style="margin-left:2%">
16
  <li>
17
  <b><?php echo __( 'Enable Two Factor: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to turn on/off 2-factor by user.', 'miniorange-2-factor-authentication' ); ?>
9
 
10
  <div id="mo2f_hide_shortcode_content" >
11
  <h2>3. Shortcode
12
+ <span style="text-align: right;font-size: large;"><?php echo '<a href="'.esc_url($addons_url) .'" style="color: red">'; ?>[ PREMIUM ]</a></span>
13
  </h2><hr>
14
+ <h3><?php echo __( 'List of Shortcodes', 'miniorange-2-factor-authentication' ); ?><a href='<?php echo esc_url($two_factor_premium_doc['Shortcode']);?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span></a> <a class="mo2fa-addons-preview-alignment" onclick="mo2f_login_with_shortcode()">&nbsp;&nbsp;See Preview</a></h3>
15
  <ol style="margin-left:2%">
16
  <li>
17
  <b><?php echo __( 'Enable Two Factor: ', 'miniorange-2-factor-authentication' ); ?></b> <?php echo __( 'This shortcode provides an option to turn on/off 2-factor by user.', 'miniorange-2-factor-authentication' ); ?>
views/twofa/two_fa_unlimittedUser.php CHANGED
@@ -10,7 +10,7 @@ function miniorange_2_factor_user_roles($current_user) {
10
  $wp_roles = new WP_Roles();
11
  $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI']);?>
12
 
13
- <div><span style="font-size:16px;">Roles<div style="float:right;">Custom Redirection URL <a href="<?php echo $upgrade_url; ?>" style="color: red">[ PREMIUM ]</a>&nbsp;&nbsp;&nbsp;
14
  </span></a>
15
  </div></span><br /><br />
16
  <?php
@@ -31,9 +31,9 @@ function miniorange_2_factor_user_roles($current_user) {
31
  echo 'unchecked';
32
  ?>/>
33
  <?php
34
- echo $name;
35
  ?>
36
- <input type="text" class="mo2f_table_textbox" style="width:50% !important;float:right;" id="<?php echo 'mo2fa_'.$id; ?>_login_url" value="<?php echo site_url(); ?>"
37
  <?php
38
  echo 'disabled' ;
39
  ?>
@@ -59,8 +59,8 @@ if(current_user_can('administrator')){
59
  <div id="disable_two_factor_tour">
60
 
61
 
62
- <h2>Enable 2FA for Users<?php echo mo2f_setting_tooltip_array($settings_tab_tooltip_array[0]); ?>
63
- <a href='<?php echo $two_factor_premium_doc['Enable/disable 2-factor Authentication'];?>' target="_blank">
64
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#4a47a3;float: right;"></span>
65
 
66
  </a></h2>
@@ -85,7 +85,7 @@ if(current_user_can('administrator')){
85
  </br> <hr>
86
  <?php
87
  echo mo2f_lt( 'Enable plugin log ' );
88
- echo mo2f_setting_tooltip_array($settings_tab_tooltip_array[4]);
89
  ?>
90
  </h3>
91
  </hr>
@@ -123,11 +123,11 @@ if(current_user_can('administrator')){
123
  </br>
124
  <h2>2FA Prompt on Wordpress Login Page
125
  <a class=" btn-link" data-toggle="collapse" id="showpreviewwploginpage" href="#previewwploginpage" aria-expanded="false"><?php echo __('See preview','miniorange-2-factor-authentication');?></a>
126
- <?php echo mo2f_setting_tooltip_array($settings_tab_tooltip_array[1]); ?>
127
  </h2>
128
  <div class="mo2f_collapse" id="previewwploginpage" style="height:300px;">
129
  <center><br>
130
- <img style="height:300px;" src="<?php echo $imagepath.'2fa-on-login-page.png';?>" >
131
  </center>
132
  </div>
133
  <div>
@@ -148,7 +148,7 @@ if(current_user_can('administrator')){
148
  </div>
149
  </br><hr>
150
  <h2>On the Fly 2FA Configuration
151
- <?php echo mo2f_setting_tooltip_array($settings_tab_tooltip_array[2]); ?>
152
  </h2>
153
 
154
  <div>
@@ -166,7 +166,7 @@ if(current_user_can('administrator')){
166
  </div>
167
  </br><hr>
168
  <h2>Enable the login with all configured methods
169
- <?php echo mo2f_setting_tooltip_array($settings_tab_tooltip_array[2]); ?>
170
  </h2>
171
  <div>
172
  <form name="f" method="post" action="" >
@@ -327,7 +327,7 @@ if(current_user_can('administrator'))
327
  <input type="hidden" name="option" value="" />
328
  <span>
329
  <h2>Select User Roles to enable 2-Factor for <b style="font-size: 70%;color: red;">(Upto 3 users in Free version)</b>
330
- <?php echo mo2f_setting_tooltip_array($settings_tab_tooltip_array[3]); ?>
331
  <a href= '<?php echo $two_factor_premium_doc['Enable 2FA Role Based'];?>' target="_blank">
332
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#4a47a3;float: right;"></span>
333
  </a></h2>
@@ -546,9 +546,9 @@ if(current_user_can('administrator'))
546
  }
547
 
548
  function mo2f_setting_tooltip_array($mo2f_addon_feature){
549
- return '<div class="mo2f_tooltip_addon">
550
  <span class="dashicons dashicons-info mo2f_info_tab"></span>
551
- <span class="mo2f_tooltiptext_addon" >'. $mo2f_addon_feature .'
552
  </span>
553
  </div>';
554
  }
10
  $wp_roles = new WP_Roles();
11
  $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI']);?>
12
 
13
+ <div><span style="font-size:16px;">Roles<div style="float:right;">Custom Redirection URL <a href="<?php echo esc_url($upgrade_url); ?>" style="color: red">[ PREMIUM ]</a>&nbsp;&nbsp;&nbsp;
14
  </span></a>
15
  </div></span><br /><br />
16
  <?php
31
  echo 'unchecked';
32
  ?>/>
33
  <?php
34
+ echo esc_html($name);
35
  ?>
36
+ <input type="text" class="mo2f_table_textbox" style="width:50% !important;float:right;" id="<?php echo 'mo2fa_'.$id; ?>_login_url" value="<?php echo esc_url(site_url()); ?>"
37
  <?php
38
  echo 'disabled' ;
39
  ?>
59
  <div id="disable_two_factor_tour">
60
 
61
 
62
+ <h2>Enable 2FA for Users<?php mo2f_setting_tooltip_array($settings_tab_tooltip_array[0]); ?>
63
+ <a href='<?php echo esc_url($two_factor_premium_doc['Enable/disable 2-factor Authentication']);?>' target="_blank">
64
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#4a47a3;float: right;"></span>
65
 
66
  </a></h2>
85
  </br> <hr>
86
  <?php
87
  echo mo2f_lt( 'Enable plugin log ' );
88
+ mo2f_setting_tooltip_array($settings_tab_tooltip_array[4]);
89
  ?>
90
  </h3>
91
  </hr>
123
  </br>
124
  <h2>2FA Prompt on Wordpress Login Page
125
  <a class=" btn-link" data-toggle="collapse" id="showpreviewwploginpage" href="#previewwploginpage" aria-expanded="false"><?php echo __('See preview','miniorange-2-factor-authentication');?></a>
126
+ <?php mo2f_setting_tooltip_array($settings_tab_tooltip_array[1]); ?>
127
  </h2>
128
  <div class="mo2f_collapse" id="previewwploginpage" style="height:300px;">
129
  <center><br>
130
+ <img style="height:300px;" src="<?php echo esc_url($imagepath).'2fa-on-login-page.png';?>" >
131
  </center>
132
  </div>
133
  <div>
148
  </div>
149
  </br><hr>
150
  <h2>On the Fly 2FA Configuration
151
+ <?php mo2f_setting_tooltip_array($settings_tab_tooltip_array[2]); ?>
152
  </h2>
153
 
154
  <div>
166
  </div>
167
  </br><hr>
168
  <h2>Enable the login with all configured methods
169
+ <?php mo2f_setting_tooltip_array($settings_tab_tooltip_array[2]); ?>
170
  </h2>
171
  <div>
172
  <form name="f" method="post" action="" >
327
  <input type="hidden" name="option" value="" />
328
  <span>
329
  <h2>Select User Roles to enable 2-Factor for <b style="font-size: 70%;color: red;">(Upto 3 users in Free version)</b>
330
+ <?php mo2f_setting_tooltip_array($settings_tab_tooltip_array[3]); ?>
331
  <a href= '<?php echo $two_factor_premium_doc['Enable 2FA Role Based'];?>' target="_blank">
332
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#4a47a3;float: right;"></span>
333
  </a></h2>
546
  }
547
 
548
  function mo2f_setting_tooltip_array($mo2f_addon_feature){
549
+ echo '<div class="mo2f_tooltip_addon">
550
  <span class="dashicons dashicons-info mo2f_info_tab"></span>
551
+ <span class="mo2f_tooltiptext_addon" >'. esc_html($mo2f_addon_feature) .'
552
  </span>
553
  </div>';
554
  }
views/upgrade.php CHANGED
@@ -166,7 +166,7 @@ if ($_GET['page'] == 'mo_2fa_upgrade') {
166
  ?><br><br><?php
167
  }
168
  echo '
169
- <a class="mo2f_back_button" style="font-size: 16px; color: #000;" href="'.$two_fa.'"><span class="dashicons dashicons-arrow-left-alt" style="vertical-align: bottom;"></span> Back To Plugin Configuration</a>';
170
  ?>
171
  <br><br>
172
 
@@ -589,7 +589,7 @@ Addons
589
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
590
  <h1 class="mo_wpns_upgrade_pade_pricing">$50</h1>
591
 
592
- <?php echo mo2f_waf_yearly_standard_pricing(); ?>
593
 
594
 
595
  </center>
@@ -634,7 +634,7 @@ Addons
634
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
635
  <h1 class="mo_wpns_upgrade_pade_pricing">$15</h1>
636
 
637
- <?php echo mo2f_login_yearly_standard_pricing(); ?>
638
 
639
 
640
  </center>
@@ -676,7 +676,7 @@ Addons
676
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
677
  <h1 class="mo_wpns_upgrade_pade_pricing">$15</h1>
678
 
679
- <?php echo mo2f_scanner_yearly_standard_pricing(); ?>
680
 
681
 
682
  </center>
@@ -718,7 +718,7 @@ Addons
718
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
719
  <h1 class="mo_wpns_upgrade_pade_pricing">$30</h1>
720
 
721
- <?php echo mo2f_backup_yearly_standard_pricing(); ?>
722
 
723
 
724
  </center>
@@ -1200,7 +1200,7 @@ Addons
1200
  <div class="mo_2fa_card mo_2fa_animation">
1201
  <div class="mo_2fa_Card-header">
1202
  <?php
1203
- echo'<img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/bank-transfer.png" class="mo2fa_card mo2fa_bank_transfer">';?>
1204
 
1205
  </div>
1206
  <hr class="mo2fa_hr">
166
  ?><br><br><?php
167
  }
168
  echo '
169
+ <a class="mo2f_back_button" style="font-size: 16px; color: #000;" href="'.esc_url($two_fa).'"><span class="dashicons dashicons-arrow-left-alt" style="vertical-align: bottom;"></span> Back To Plugin Configuration</a>';
170
  ?>
171
  <br><br>
172
 
589
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
590
  <h1 class="mo_wpns_upgrade_pade_pricing">$50</h1>
591
 
592
+ <?php echo esc_html(mo2f_waf_yearly_standard_pricing()); ?>
593
 
594
 
595
  </center>
634
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
635
  <h1 class="mo_wpns_upgrade_pade_pricing">$15</h1>
636
 
637
+ <?php echo esc_html(mo2f_login_yearly_standard_pricing()); ?>
638
 
639
 
640
  </center>
676
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
677
  <h1 class="mo_wpns_upgrade_pade_pricing">$15</h1>
678
 
679
+ <?php echo esc_html(mo2f_scanner_yearly_standard_pricing()); ?>
680
 
681
 
682
  </center>
718
  <h4 class="mo_wpns_upgrade_page_starting_price">Starting From</h4>
719
  <h1 class="mo_wpns_upgrade_pade_pricing">$30</h1>
720
 
721
+ <?php echo esc_html(mo2f_backup_yearly_standard_pricing()); ?>
722
 
723
 
724
  </center>
1200
  <div class="mo_2fa_card mo_2fa_animation">
1201
  <div class="mo_2fa_Card-header">
1202
  <?php
1203
+ echo'<img src="'.esc_url(dirname(plugin_dir_url(__FILE__))).'/includes/images/bank-transfer.png" class="mo2fa_card mo2fa_bank_transfer">';?>
1204
 
1205
  </div>
1206
  <hr class="mo2fa_hr">
views/upgrade_2fa_lite.php CHANGED
@@ -510,7 +510,7 @@
510
 
511
  }
512
  ?>
513
- <div style="float: left;"><?php echo $mo2f_addons_feature_set; ?></div>
514
  </td>
515
 
516
  <td class="mo2f_black_background"></td>
@@ -522,7 +522,7 @@
522
 
523
  }
524
  ?>
525
- <div style="float: left;"><?php echo $mo2f_addons_feature_set; ?></div>
526
  </td>
527
  <td class="mo2f_black_background"></td>
528
  <td>
@@ -533,7 +533,7 @@
533
 
534
  }
535
  ?>
536
- <div style="float: left;"><?php echo $mo2f_addons_feature_set; ?></div>
537
  </td>
538
  <td class="mo2f_black_background"></td>
539
  <td>
@@ -544,7 +544,7 @@
544
 
545
  }
546
  ?>
547
- <div style="float: left;"><?php echo $mo2f_addons_feature_set; ?></div>
548
  </td>
549
  </tr>
550
  <?php } ?>
510
 
511
  }
512
  ?>
513
+ <div style="float: left;"><?php echo esc_html($mo2f_addons_feature_set); ?></div>
514
  </td>
515
 
516
  <td class="mo2f_black_background"></td>
522
 
523
  }
524
  ?>
525
+ <div style="float: left;"><?php echo esc_html($mo2f_addons_feature_set); ?></div>
526
  </td>
527
  <td class="mo2f_black_background"></td>
528
  <td>
533
 
534
  }
535
  ?>
536
+ <div style="float: left;"><?php echo esc_html($mo2f_addons_feature_set); ?></div>
537
  </td>
538
  <td class="mo2f_black_background"></td>
539
  <td>
544
 
545
  }
546
  ?>
547
+ <div style="float: left;"><?php echo esc_html($mo2f_addons_feature_set); ?></div>
548
  </td>
549
  </tr>
550
  <?php } ?>
views/waf-settings.php CHANGED
@@ -51,7 +51,7 @@
51
  Rename the file as '.htaccess' [without name just extension] and use it as backup.
52
  </h4>
53
  <?php
54
- echo "<a href='". $url."' download='".$nameDownload."'>";?>
55
  <input type='button' name='CDhtaccess' id='CDhtaccess' value='Confirm & Download'/>
56
  </a>
57
 
@@ -199,7 +199,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
199
 
200
  jQuery('#SQL').click(function(){
201
  var SQL = jQuery("input[name='SQL']:checked").val();
202
- var url = '<?php echo $save_waf_sql; ?>';
203
  jQuery.ajax({
204
  url:url,
205
  method: "post",
@@ -218,7 +218,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
218
 
219
  jQuery('#saveLimitAttacks').click(function(){
220
  var limitAttack = jQuery("#limitAttack").val();
221
- var url = '<?php echo $save_limit_attack; ?>';
222
  if(limitAttack != '')
223
  {
224
  jQuery.ajax({
@@ -238,7 +238,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
238
 
239
  jQuery('#RCE').click(function(){
240
  var RCE = jQuery("input[name='RCE']:checked").val();
241
- var url = '<?php echo $save_waf_rce; ?>';
242
  jQuery.ajax({
243
  url:url,
244
  method: "post",
@@ -255,7 +255,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
255
 
256
  jQuery('#XSS').click(function(){
257
  var XSS = jQuery("input[name='XSS']:checked").val();
258
- var url = '<?php echo $save_waf_xss; ?>';
259
  jQuery.ajax({
260
  url:url,
261
  method: "post",
@@ -273,7 +273,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
273
  });
274
  jQuery('#LFI').click(function(){
275
  var LFI = jQuery("input[name='LFI']:checked").val();
276
- var url = '<?php echo $save_waf_lfi; ?>';
277
  jQuery.ajax({
278
  url:url,
279
  method: "post",
@@ -290,7 +290,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
290
  });
291
  jQuery('#RFI').click(function(){
292
  var RFI = jQuery("input[name='RFI']:checked").val();
293
- var url = '<?php echo $save_waf_rfi; ?>';
294
  jQuery.ajax({
295
  url:url,
296
  method: "post",
@@ -309,7 +309,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
309
  jQuery('#pluginWAF').click(function(){
310
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
311
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
312
- var url = '<?php echo $save_waf_url; ?>';
313
  jQuery.ajax({
314
  url:url,
315
  method: "post",
@@ -352,7 +352,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
352
  }
353
 
354
  });
355
- var url = '<?php echo $save_Hwaf_url; ?>';
356
  if(htaccessWAF=='on' && pluginWAF=='on')
357
  {
358
 
@@ -397,7 +397,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
397
  }
398
  else
399
  {
400
- var url = '<?php echo $backup_htaccess; ?>';
401
  jQuery.ajax({
402
  url:url,
403
  method:"post",
@@ -430,7 +430,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
430
  });
431
  jQuery('#CDhtaccess').click(function(){
432
 
433
- var url = '<?php echo $save_Hwaf_url; ?>';
434
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
435
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
436
 
51
  Rename the file as '.htaccess' [without name just extension] and use it as backup.
52
  </h4>
53
  <?php
54
+ echo "<a href='". esc_url($url)."' download='".esc_html($nameDownload)."'>";?>
55
  <input type='button' name='CDhtaccess' id='CDhtaccess' value='Confirm & Download'/>
56
  </a>
57
 
199
 
200
  jQuery('#SQL').click(function(){
201
  var SQL = jQuery("input[name='SQL']:checked").val();
202
+ var url = '<?php echo esc_html($save_waf_sql); ?>';
203
  jQuery.ajax({
204
  url:url,
205
  method: "post",
218
 
219
  jQuery('#saveLimitAttacks').click(function(){
220
  var limitAttack = jQuery("#limitAttack").val();
221
+ var url = '<?php echo esc_html($save_limit_attack); ?>';
222
  if(limitAttack != '')
223
  {
224
  jQuery.ajax({
238
 
239
  jQuery('#RCE').click(function(){
240
  var RCE = jQuery("input[name='RCE']:checked").val();
241
+ var url = '<?php echo esc_html($save_waf_rce); ?>';
242
  jQuery.ajax({
243
  url:url,
244
  method: "post",
255
 
256
  jQuery('#XSS').click(function(){
257
  var XSS = jQuery("input[name='XSS']:checked").val();
258
+ var url = '<?php echo esc_html($save_waf_xss); ?>';
259
  jQuery.ajax({
260
  url:url,
261
  method: "post",
273
  });
274
  jQuery('#LFI').click(function(){
275
  var LFI = jQuery("input[name='LFI']:checked").val();
276
+ var url = '<?php echo esc_html($save_waf_lfi); ?>';
277
  jQuery.ajax({
278
  url:url,
279
  method: "post",
290
  });
291
  jQuery('#RFI').click(function(){
292
  var RFI = jQuery("input[name='RFI']:checked").val();
293
+ var url = '<?php echo esc_html($save_waf_rfi); ?>';
294
  jQuery.ajax({
295
  url:url,
296
  method: "post",
309
  jQuery('#pluginWAF').click(function(){
310
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
311
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
312
+ var url = '<?php echo esc_url($save_waf_url); ?>';
313
  jQuery.ajax({
314
  url:url,
315
  method: "post",
352
  }
353
 
354
  });
355
+ var url = '<?php echo esc_html($save_Hwaf_url); ?>';
356
  if(htaccessWAF=='on' && pluginWAF=='on')
357
  {
358
 
397
  }
398
  else
399
  {
400
+ var url = '<?php echo esc_html($backup_htaccess); ?>';
401
  jQuery.ajax({
402
  url:url,
403
  method:"post",
430
  });
431
  jQuery('#CDhtaccess').click(function(){
432
 
433
+ var url = '<?php echo esc_url($save_Hwaf_url); ?>';
434
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
435
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
436
 
views/waf.php CHANGED
@@ -19,21 +19,21 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
19
  <div class="mo_wpns_divided_layout">
20
  <div class="mo_wpns_waf_divided_layout_tab" id ="mo2f_firewall_attack_dash_div">
21
  <div class="mo_wpns_small_2_layout">
22
- <div class ="mo_wpns_sub_dashboards_layout">Attacks Blocked<hr><div class="wpns_font_shown" ><?php echo $totalAttacks; ?></div></div>
23
  <div class="mo_wpns_small_3_layout">
24
- <div class ="mo_wpns_sub_sub_dashboard_layout">Injections<hr class="line"><?php echo $sqlC; ?></></div>
25
- <div class ="mo_wpns_sub_sub_dashboard_layout">RCE<hr class="line"><?php echo $rceC; ?></div>
26
  <div class ="mo_wpns_sub_sub_dashboard_layout">RFI/LFI<hr class="line"><?php echo $rfiC + $lfiC; ?></div>
27
- <div class ="mo_wpns_sub_sub_dashboard_layout">XSS<hr class="line"><?php echo $xssC; ?></div>
28
  </div>
29
  </div>
30
  <div class="mo_wpns_small_2_layout">
31
- <div class ="mo_wpns_sub_dashboards_layout">Blocked IPs<hr class="line"><div class="wpns_font_shown"><?php echo $totalIPBlocked; ?></div></div>
32
  <div class="mo_wpns_small_3_layout">
33
- <div class ="mo_wpns_sub_sub_dashboard_layout">Manual<hr class="line"><?php echo $manualBlocks; ?></div>
34
- <div class ="mo_wpns_sub_sub_dashboard_layout">Real Time<hr class="line"><?php echo $realTime; ?></div>
35
- <div class ="mo_wpns_sub_sub_dashboard_layout">Country Blocked<hr class="line"><?php echo $countryBlocked; ?></div>
36
- <div class ="mo_wpns_sub_sub_dashboard_layout">IP Blocked by WAF<hr class="line"><?php echo $IPblockedByWAF ?></div>
37
  </div>
38
  </div>
39
  </div>
@@ -85,9 +85,9 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
85
  global $mo2f_dirName;
86
  foreach($blockedattacks as $blockedattack)
87
  {
88
- echo "<tr class='mo_wpns_not_bold'><td>".$blockedattack->ip."</td><td>".retrivefullname($blockedattack->type)."</td>";
89
 
90
- echo "<td>".date("M j, Y, g:i:s a",$blockedattack->time)."</td><td>".$blockedattack->input."</td></tr>";
91
  }
92
  ?>
93
  </tbody>
@@ -128,7 +128,7 @@ echo "<td>".date("M j, Y, g:i:s a",$blockedattack->time)."</td><td>".$blocked
128
  <table style="width:100%">
129
  <tr>
130
  <th align="left">
131
- <h3>Rate Limiting : <a href='<?php echo $two_factor_premium_doc['Rate Limiting'];?>' target="_blank"><span class=" dashicons dashicons-text-page" style="font-size:23px;color:#413c69;"></span></a>
132
  <br>
133
  <p><i class="mo_wpns_not_bold">This will protect your Website from Dos attack and block request after a limit exceed.</i></p>
134
  </th>
@@ -399,7 +399,7 @@ echo "<td>".date("M j, Y, g:i:s a",$blockedattack->time)."</td><td>".$blocked
399
  </tr></th>
400
  </h3>
401
  <tr><th align="left">
402
- <h3>Website Firewall on .htaccess Level <strong style="color: #2271b1">[Recommended] </strong>: <a href='<?php echo $two_factor_premium_doc['htaccess level waf'];?>' target="_blank">
403
  <span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;"></span></a>
404
  <p><i class="mo_wpns_not_bold">This will activate WAF before the WordPress load. This will block illegitimate request before any connection to WordPress. This level doesnot allow illegal requests to before any page gets loaded.</i></p>
405
  </th><th align="right">
19
  <div class="mo_wpns_divided_layout">
20
  <div class="mo_wpns_waf_divided_layout_tab" id ="mo2f_firewall_attack_dash_div">
21
  <div class="mo_wpns_small_2_layout">
22
+ <div class ="mo_wpns_sub_dashboards_layout">Attacks Blocked<hr><div class="wpns_font_shown" ><?php echo esc_attr($totalAttacks); ?></div></div>
23
  <div class="mo_wpns_small_3_layout">
24
+ <div class ="mo_wpns_sub_sub_dashboard_layout">Injections<hr class="line"><?php echo esc_attr($sqlC); ?></></div>
25
+ <div class ="mo_wpns_sub_sub_dashboard_layout">RCE<hr class="line"><?php echo esc_attr($rceC); ?></div>
26
  <div class ="mo_wpns_sub_sub_dashboard_layout">RFI/LFI<hr class="line"><?php echo $rfiC + $lfiC; ?></div>
27
+ <div class ="mo_wpns_sub_sub_dashboard_layout">XSS<hr class="line"><?php echo esc_attr($xssC); ?></div>
28
  </div>
29
  </div>
30
  <div class="mo_wpns_small_2_layout">
31
+ <div class ="mo_wpns_sub_dashboards_layout">Blocked IPs<hr class="line"><div class="wpns_font_shown"><?php echo esc_attr($totalIPBlocked); ?></div></div>
32
  <div class="mo_wpns_small_3_layout">
33
+ <div class ="mo_wpns_sub_sub_dashboard_layout">Manual<hr class="line"><?php echo esc_attr($manualBlocks); ?></div>
34
+ <div class ="mo_wpns_sub_sub_dashboard_layout">Real Time<hr class="line"><?php echo esc_attr($realTime); ?></div>
35
+ <div class ="mo_wpns_sub_sub_dashboard_layout">Country Blocked<hr class="line"><?php echo esc_attr($countryBlocked); ?></div>
36
+ <div class ="mo_wpns_sub_sub_dashboard_layout">IP Blocked by WAF<hr class="line"><?php echo esc_attr($IPblockedByWAF); ?></div>
37
  </div>
38
  </div>
39
  </div>
85
  global $mo2f_dirName;
86
  foreach($blockedattacks as $blockedattack)
87
  {
88
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedattack->ip)."</td><td>".retrivefullname(esc_attr($blockedattack->type))."</td>";
89
 
90
+ echo "<td>".date("M j, Y, g:i:s a",esc_attr($blockedattack->time))."</td><td>".esc_attr($blockedattack->input)."</td></tr>";
91
  }
92
  ?>
93
  </tbody>
128
  <table style="width:100%">
129
  <tr>
130
  <th align="left">
131
+ <h3>Rate Limiting : <a href='<?php echo esc_url($two_factor_premium_doc['Rate Limiting']);?>' target="_blank"><span class=" dashicons dashicons-text-page" style="font-size:23px;color:#413c69;"></span></a>
132
  <br>
133
  <p><i class="mo_wpns_not_bold">This will protect your Website from Dos attack and block request after a limit exceed.</i></p>
134
  </th>
399
  </tr></th>
400
  </h3>
401
  <tr><th align="left">
402
+ <h3>Website Firewall on .htaccess Level <strong style="color: #2271b1">[Recommended] </strong>: <a href='<?php echo esc_attr($two_factor_premium_doc['htaccess level waf']);?>' target="_blank">
403
  <span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;"></span></a>
404
  <p><i class="mo_wpns_not_bold">This will activate WAF before the WordPress load. This will block illegitimate request before any connection to WordPress. This level doesnot allow illegal requests to before any page gets loaded.</i></p>
405
  </th><th align="right">