Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.5.77

Version Description

  • Google Authenticator - Two factor Authentication (2FA, OTP) :
  • Bug Fixes and Code Improvements
Download this release

Release Info

Developer prashantbhivsane
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.5.77
Comparing to
See all releases

Code changes from version 5.5.76 to 5.5.77

Files changed (90) hide show
  1. api/class-customer-common-setup.php +5 -5
  2. controllers/advanced-blocking.php +2 -0
  3. controllers/dashboard_ajax.php +1 -1
  4. controllers/malware_scanner/malware_scan_result.php +1 -1
  5. controllers/two-fa-intro.php +2 -2
  6. controllers/twofa/mo2fa_common_login.php +59 -59
  7. controllers/twofa/mo2fa_inline_registration.php +42 -42
  8. controllers/twofa/two_factor_ajax.php +7 -7
  9. controllers/wpns-loginsecurity-ajax.php +9 -1
  10. handler/feedback_form.php +2 -1
  11. handler/login.php +11 -10
  12. handler/malware_scanner.php +1 -1
  13. handler/recaptcha.php +4 -4
  14. handler/twofa/class_miniorange_2fa_strong_password.php +4 -4
  15. handler/twofa/setup_twofa.php +8 -8
  16. handler/twofa/two_fa_login.php +6 -6
  17. handler/twofa/two_fa_pass2login.php +8 -3
  18. handler/twofa/two_fa_settings.php +7 -7
  19. handler/twofa/two_fa_utility.php +1 -1
  20. handler/user-profile-2fa.php +5 -5
  21. helper/curl.php +21 -10
  22. helper/dashboard_security_notification.php +1 -1
  23. helper/pluginUtility.php +1 -1
  24. miniorange_2_factor_settings.php +4 -4
  25. readme.txt +5 -1
  26. views/account/login.php +2 -2
  27. views/account/register.php +1 -1
  28. views/account/verify.php +1 -1
  29. views/addons.php +4 -4
  30. views/advanced-blocking.php +19 -19
  31. views/backup/backup_created_report.php +4 -4
  32. views/backup/backup_schdule.php +1 -1
  33. views/backup/backup_setting_view.php +1 -1
  34. views/change-password.php +3 -3
  35. views/common-elements.php +4 -4
  36. views/content-protection.php +1 -1
  37. views/dashboard.php +7 -7
  38. views/email-IPaddress.php +9 -3
  39. views/login-security.php +9 -9
  40. views/malware_scanner/malware_scan.php +1 -1
  41. views/malware_scanner/scan_report_view.php +4 -4
  42. views/malware_scanner/scan_settings_view.php +6 -6
  43. views/malware_scanner/scan_summary_view.php +5 -5
  44. views/navbar.php +2 -2
  45. views/network_security_features.php +1 -1
  46. views/notification-settings.php +3 -3
  47. views/reports.php +1 -1
  48. views/request_christmas_offer.php +1 -1
  49. views/request_demo.php +1 -1
  50. views/request_offer.php +2 -2
  51. views/support.php +1 -1
  52. views/test/test_twofa_email_verification.php +5 -5
  53. views/test/test_twofa_google_authy_authenticator.php +2 -2
  54. views/test/test_twofa_kba_questions.php +4 -4
  55. views/test/test_twofa_miniorange_push_notification.php +4 -4
  56. views/test/test_twofa_miniorange_qrcode_authentication.php +4 -4
  57. views/test/test_twofa_miniorange_soft_token.php +1 -1
  58. views/test/test_twofa_otp_over_Telegram.php +3 -3
  59. views/test/test_twofa_otp_over_sms.php +3 -3
  60. views/trial.php +1 -1
  61. views/troubleshooting.php +1 -1
  62. views/twofa/setup/setup_authy_authenticator.php +6 -6
  63. views/twofa/setup/setup_duo_authenticator.php +23 -23
  64. views/twofa/setup/setup_google_authenticator.php +7 -7
  65. views/twofa/setup/setup_google_authenticator_onpremise.php +13 -14
  66. views/twofa/setup/setup_kba_questions.php +2 -2
  67. views/twofa/setup/setup_miniorange_authenticator.php +12 -12
  68. views/twofa/setup/setup_otp_over_sms.php +4 -4
  69. views/twofa/setup/setup_otp_over_telegram.php +3 -3
  70. views/twofa/setup/setup_otp_over_whatsapp.php +0 -88
  71. views/twofa/setup_twofa.php +7 -7
  72. views/twofa/test/test_twofa_duo_authenticator.php +5 -5
  73. views/twofa/test/test_twofa_email_verification.php +7 -7
  74. views/twofa/test/test_twofa_google_authy_authenticator.php +5 -5
  75. views/twofa/test/test_twofa_kba_questions.php +2 -2
  76. views/twofa/test/test_twofa_miniorange_push_notification.php +4 -4
  77. views/twofa/test/test_twofa_miniorange_qrcode_authentication.php +5 -5
  78. views/twofa/test/test_twofa_miniorange_soft_token.php +2 -2
  79. views/twofa/test/test_twofa_otp_over_Telegram.php +3 -3
  80. views/twofa/test/test_twofa_otp_over_Whatsapp.php +0 -54
  81. views/twofa/test/test_twofa_otp_over_sms.php +3 -3
  82. views/twofa/two_fa.php +2 -2
  83. views/twofa/two_fa_custom_form.php +9 -9
  84. views/twofa/two_fa_custom_login.php +5 -5
  85. views/twofa/two_fa_login_option.php +1 -1
  86. views/twofa/two_fa_unlimittedUser.php +15 -15
  87. views/upgrade.php +5 -5
  88. views/upgrade_2fa_lite.php +5 -5
  89. views/waf-settings.php +18 -18
  90. views/waf.php +42 -42
api/class-customer-common-setup.php CHANGED
@@ -112,13 +112,13 @@ class Customer_Cloud_Setup {
112
 
113
  if ( $is_ec_with_1_user ) {
114
  $customer_feature = "V1";
115
- }else if ( $is_nc_with_1_user ) {
116
  $customer_feature = "V3";
117
  }
118
 
119
  $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
 
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . sanitize_text_field($_SERVER['SERVER_NAME']) . '" target="_blank" >' . sanitize_text_field($_SERVER['SERVER_NAME']) . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
 
123
  $fields = array(
124
  'customerKey' => $customerKey,
@@ -236,7 +236,7 @@ class Customer_Cloud_Setup {
236
  'authType' => $authType,
237
  'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
  );
239
- } else if ( $authType == 'SMS' ) {
240
  $authType = "SMS";
241
  $fields = array(
242
  'customerKey' => $customerKey,
@@ -395,7 +395,7 @@ class Customer_Cloud_Setup {
395
  'token' => $otpToken,
396
  'authType' => $authType
397
  );
398
- } else if ( $authType == 'KBA' ) {
399
  $fields = array(
400
  'txId' => $transactionId,
401
  'answers' => array(
@@ -442,7 +442,7 @@ class Customer_Cloud_Setup {
442
 
443
  if ( $is_ec_with_1_user ) {
444
  $customer_feature = "V1";
445
- } else if ( $is_nc_with_1_user ) {
446
  $customer_feature = "V3";
447
  }
448
  global $moWpnsUtility;
112
 
113
  if ( $is_ec_with_1_user ) {
114
  $customer_feature = "V1";
115
+ }elseif ( $is_nc_with_1_user ) {
116
  $customer_feature = "V3";
117
  }
118
 
119
  $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
 
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . sanitize_url($_SERVER['SERVER_NAME']) . '" target="_blank" >' . sanitize_text_field($_SERVER['SERVER_NAME']) . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
 
123
  $fields = array(
124
  'customerKey' => $customerKey,
236
  'authType' => $authType,
237
  'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
  );
239
+ } elseif ( $authType == 'SMS' ) {
240
  $authType = "SMS";
241
  $fields = array(
242
  'customerKey' => $customerKey,
395
  'token' => $otpToken,
396
  'authType' => $authType
397
  );
398
+ } elseif ( $authType == 'KBA' ) {
399
  $fields = array(
400
  'txId' => $transactionId,
401
  'answers' => array(
442
 
443
  if ( $is_ec_with_1_user ) {
444
  $customer_feature = "V1";
445
+ } elseif ( $is_nc_with_1_user ) {
446
  $customer_feature = "V3";
447
  }
448
  global $moWpnsUtility;
controllers/advanced-blocking.php CHANGED
@@ -80,6 +80,7 @@
80
  //Function to save range of ips
81
  function wpns_handle_range_blocking($postedValue)
82
  {
 
83
  $flag=0;
84
  $max_allowed_ranges = 100;
85
  $added_mappings_ranges = 0 ;
@@ -89,6 +90,7 @@
89
  $postedValue['start_'.$i] = sanitize_text_field($postedValue['start_'.$i]);
90
  $postedValue['end_'.$i] = sanitize_text_field($postedValue['end_'.$i]);
91
 
 
92
  if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
93
  $range = '';
94
  $range = $postedValue['start_'.$i];
80
  //Function to save range of ips
81
  function wpns_handle_range_blocking($postedValue)
82
  {
83
+
84
  $flag=0;
85
  $max_allowed_ranges = 100;
86
  $added_mappings_ranges = 0 ;
90
  $postedValue['start_'.$i] = sanitize_text_field($postedValue['start_'.$i]);
91
  $postedValue['end_'.$i] = sanitize_text_field($postedValue['end_'.$i]);
92
 
93
+
94
  if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
95
  $range = '';
96
  $range = $postedValue['start_'.$i];
controllers/dashboard_ajax.php CHANGED
@@ -10,7 +10,7 @@ class Mo2f_ajax_dashboard
10
  $tab_count= get_site_option('mo2f_tab_count', 0);
11
  if($tab_count == 5)
12
  update_site_option('mo_2f_switch_all', 1);
13
- else if($tab_count == 0)
14
  update_site_option('mo_2f_switch_all', 0);
15
  $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
  switch(sanitize_text_field($_POST['option']))
10
  $tab_count= get_site_option('mo2f_tab_count', 0);
11
  if($tab_count == 5)
12
  update_site_option('mo_2f_switch_all', 1);
13
+ elseif($tab_count == 0)
14
  update_site_option('mo_2f_switch_all', 0);
15
  $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
  switch(sanitize_text_field($_POST['option']))
controllers/malware_scanner/malware_scan_result.php CHANGED
@@ -6,7 +6,7 @@
6
  if(isset($_GET['trust'])){
7
  $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
  }
9
- else if(isset($_GET['trustchanged'])){
10
  $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
  }
12
  $last_id=$mo_wpns_db_handler->get_last_id();
6
  if(isset($_GET['trust'])){
7
  $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
  }
9
+ elseif(isset($_GET['trustchanged'])){
10
  $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
  }
12
  $last_id=$mo_wpns_db_handler->get_last_id();
controllers/two-fa-intro.php CHANGED
@@ -40,11 +40,11 @@
40
  </div>
41
  </div>
42
  <form name="f" id="mo2f_skiploginform" method="post" action="">
43
- <input type="hidden" name="mo2f_skiplogin_nonce" value="<?php echo wp_create_nonce( 'miniorange-2-factor-skiplogin-failed-nonce' ); ?>"/>
44
  <input type="hidden" name="option" value="mo2f_skiplogin"/>
45
  </form>
46
  <form name="f" id="mo2f_userlogoutform" method="post" action="">
47
- <input type="hidden" name="mo2f_userlogout_nonce" value="<?php echo wp_create_nonce( 'miniorange-2-factor-userlogout-failed-nonce' ); ?>"/>
48
  <input type="hidden" name="option" value="mo2f_userlogout"/>
49
  </form>
50
 
40
  </div>
41
  </div>
42
  <form name="f" id="mo2f_skiploginform" method="post" action="">
43
+ <input type="hidden" name="mo2f_skiplogin_nonce" value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-skiplogin-failed-nonce' )); ?>"/>
44
  <input type="hidden" name="option" value="mo2f_skiplogin"/>
45
  </form>
46
  <form name="f" id="mo2f_userlogoutform" method="post" action="">
47
+ <input type="hidden" name="mo2f_userlogout_nonce" value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-userlogout-failed-nonce' )); ?>"/>
48
  <input type="hidden" name="option" value="mo2f_userlogout"/>
49
  </form>
50
 
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -13,7 +13,7 @@ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_t
13
  <div>
14
  <form id="morba_loginform" method="post">
15
  <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
17
  <?php
18
  if ( get_option( 'mo2f_remember_device' ) ) {
19
  ?>
@@ -41,7 +41,7 @@ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_t
41
  }
42
  ?>
43
  <input type="hidden" name="miniorange_attribute_collection_nonce"
44
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' ); ?>"/>
45
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
46
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
47
  </form>
@@ -95,14 +95,14 @@ function mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encr
95
  </div>
96
  </div>
97
  </div>
98
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
99
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
100
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
101
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
102
  </form>
103
  <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
104
  <input type="hidden" name="mo2f_selected_mfactor_method" />
105
- <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo wp_create_nonce('mo2f_miniorange-2factor-method-nonce'); ?>" />
106
  <input type="hidden" name="option" value="miniorange_mfactor_method" />
107
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
108
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -310,14 +310,14 @@ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to,
310
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
311
  class="mo2f_display_none_forms">
312
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
313
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
314
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
315
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
316
  </form>
317
  <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
318
  <input type="hidden" name="mo2f_configured_2FA_method"/>
319
  <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
320
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' ); ?>"/>
321
  <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
322
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
323
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -406,7 +406,7 @@ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redi
406
  class="miniorange_kba_validate" style="float:left;"
407
  value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
408
  <input type="hidden" name="miniorange_kba_nonce"
409
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-kba-nonce' ); ?>"/>
410
  <input type="hidden" name="option"
411
  value="miniorange_kba_validate"/>
412
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
@@ -445,7 +445,7 @@ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redi
445
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
446
  class="mo2f_display_none_forms">
447
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
448
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
449
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
450
  </form>
451
 
@@ -540,7 +540,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
540
  </p>
541
  </div>
542
  <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
543
- <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-validate-backup-nonce'); ?>" />
544
  <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
545
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
546
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
@@ -554,7 +554,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
554
  </div>
555
  </div>
556
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
557
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
558
  </form>
559
  </body>
560
  <script>
@@ -676,7 +676,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
676
  <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
677
  class="mo2f_display_none_forms">
678
  <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
679
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' ); ?>"/>
680
  <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
681
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
682
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -685,7 +685,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
685
  </form>
686
  <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
687
  <input type="hidden" name="miniorange_duo_push_validation_nonce"
688
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' ); ?>"/>
689
  <input type="hidden" name="option" value="miniorange_duo_push_validation">
690
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
691
  <input type="hidden" name="tx_type"/>
@@ -697,14 +697,14 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
697
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
698
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
699
  <input type="hidden" name="miniorange_forgotphone"
700
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
701
  <input type="hidden" name="option" value="miniorange_forgotphone">
702
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
703
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
704
  </form>
705
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
706
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
707
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
708
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
709
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
710
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -716,8 +716,8 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
716
  pollPushValidation();
717
  function pollPushValidation()
718
  {
719
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
720
- var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
721
  var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
722
  var data={
723
  'action':'mo2f_duo_ajax_request',
@@ -877,7 +877,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
877
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
878
  class="mo2f_display_none_forms">
879
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
880
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
881
  <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
882
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
883
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -886,7 +886,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
886
  </form>
887
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
888
  <input type="hidden" name="miniorange_mobile_validation_nonce"
889
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
890
  <input type="hidden" name="option" value="miniorange_mobile_validation">
891
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
892
  <input type="hidden" name="tx_type"/>
@@ -896,7 +896,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
896
  </form>
897
  <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
898
  <input type="hidden" name="miniorange_softtoken"
899
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
900
  <input type="hidden" name="option" value="miniorange_softtoken">
901
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
902
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -904,14 +904,14 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
904
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
905
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
906
  <input type="hidden" name="miniorange_forgotphone"
907
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
908
  <input type="hidden" name="option" value="miniorange_forgotphone">
909
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
910
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
911
  </form>
912
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
913
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
914
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' ); ?>"/>
915
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
916
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
917
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -921,7 +921,7 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
921
  var timeout;
922
  var login_status = '<?php echo esc_html($login_status);?>';
923
  var calls = 0;
924
- var onprem = '<?php echo MO2F_IS_ONPREM; ?>';
925
 
926
  if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
927
  {
@@ -961,9 +961,9 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
961
  {
962
  pollPushValidation();
963
  function pollPushValidation() {
964
- var transId = "<?php echo $cookievalue;// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
965
  var jsonString = "{\"txId\":\"" + transId + "\"}";
966
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
967
 
968
  jQuery.ajax({
969
  url: postUrl,
@@ -1053,7 +1053,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1053
  </center>
1054
  </div>
1055
  <div id="showQrCode" style="margin-bottom:10%;">
1056
- <center><?php echo '<img src="data:image/jpg;base64,' . $qrCode . '" />'; ?></center>
1057
  </div>
1058
  <span style="padding-right:2%;">
1059
  <center>
@@ -1098,23 +1098,23 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1098
  </div>
1099
  </div>
1100
  </div>
1101
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1102
  class="mo2f_display_none_forms">
1103
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1104
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1105
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1106
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1107
  </form>
1108
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1109
  <input type="hidden" name="miniorange_mobile_validation_nonce"
1110
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' ); ?>"/>
1111
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1112
  <input type="hidden" name="option" value="miniorange_mobile_validation">
1113
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1114
  </form>
1115
  <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1116
  <input type="hidden" name="miniorange_softtoken"
1117
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-softtoken' ); ?>"/>
1118
  <input type="hidden" name="option" value="miniorange_softtoken">
1119
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1120
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -1122,7 +1122,7 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1122
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1123
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1124
  <input type="hidden" name="miniorange_forgotphone"
1125
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1126
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1127
  <input type="hidden" name="option" value="miniorange_forgotphone">
1128
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -1133,9 +1133,9 @@ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $
1133
  pollMobileValidation();
1134
 
1135
  function pollMobileValidation() {
1136
- var transId = "<?php echo $cookievalue;//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1137
  var jsonString = "{\"txId\":\"" + transId + "\"}";
1138
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
1139
  jQuery.ajax({
1140
  url: postUrl,
1141
  type: "POST",
@@ -1228,7 +1228,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1228
  </div>
1229
  <?php } ?><br><?php
1230
  ?>
1231
- <span><b>Attempts left</b>:</span> <?php echo $attempts;?><br>
1232
  <?php if($attempts==1){?>
1233
  <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1234
  <?php }?>
@@ -1260,12 +1260,12 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1260
  ?>
1261
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1262
  <input type="hidden" name="miniorange_soft_token_nonce"
1263
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' ); ?>"/>
1264
  <input type="hidden" name="option" value="miniorange_soft_token">
1265
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1266
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1267
  <?php if($mo2fa_transaction_id!=null){ ?>
1268
- <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo $mo2fa_transaction_id; ?>"/>
1269
  <?php }?>
1270
  </form>
1271
  <?php
@@ -1311,20 +1311,20 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1311
  </div>
1312
  </div>
1313
 
1314
- <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo wp_login_url(); ?>"
1315
  class="mo2f_display_none_forms">
1316
  <input type="hidden" name="miniorange_back_inline_reg_nonce"
1317
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' ); ?>"/>
1318
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1319
  <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1320
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1321
 
1322
  </form>
1323
 
1324
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1325
  class="mo2f_display_none_forms">
1326
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1327
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1328
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1329
  </form>
1330
 
@@ -1332,7 +1332,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1332
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1333
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1334
  <input type="hidden" name="miniorange_forgotphone"
1335
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-forgotphone' ); ?>"/>
1336
  <input type="hidden" name="option" value="miniorange_forgotphone">
1337
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1338
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -1358,7 +1358,7 @@ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $re
1358
  function mologinforgotphone() {
1359
  jQuery('#mo2f_show_forgotphone_loginform').submit();
1360
  }
1361
- var is_ajax = '<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>';
1362
  if(is_ajax){
1363
  jQuery('#mo2fa_softtoken').keypress(function (e) {
1364
  if (e.which == 13) {//Enter key pressed
@@ -1436,7 +1436,7 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1436
  </div>
1437
  <div id="showLoadingBar" hidden>
1438
  <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1439
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
1440
  </div>
1441
  <br><br>
1442
  <span>
@@ -1451,23 +1451,23 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1451
  </div>
1452
  </div>
1453
  </div>
1454
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
1455
  class="mo2f_display_none_forms">
1456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1457
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
1458
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1459
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1460
  </form>
1461
  <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1462
  <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1463
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' ); ?>"/>
1464
  <input type="hidden" name="option" value="miniorange_rba_validate">
1465
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1466
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1467
  </form>
1468
  <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1469
  <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1470
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' ); ?>"/>
1471
  <input type="hidden" name="option" value="miniorange_rba_cancle">
1472
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1473
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
@@ -1496,7 +1496,7 @@ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1496
  function mo2f_customize_logo() { ?>
1497
  <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1498
  alt="logo"
1499
- src="<?php echo plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__))); ?>"/></a></div>
1500
 
1501
  <?php }
1502
 
@@ -1596,7 +1596,7 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1596
  <?php
1597
  for ($x = 0; $x < sizeof($codes); $x++) {
1598
  $str = $codes[$x];
1599
- echo("<br>".$str." <br>");
1600
  }
1601
 
1602
  $str1="";
@@ -1612,17 +1612,17 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1612
  <div style="width: 50%;float: right;">
1613
  <form name="f" method="post" id="mo2f_users_backup1" action="">
1614
  <input type="hidden" name="option" value="mo2f_users_backup1" />
1615
- <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo $str1; ?>" />
1616
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1617
- <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-backup-nonce'); ?>" />
1618
 
1619
  <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1620
  </form>
1621
  </div>
1622
 
1623
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1624
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1625
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1626
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1627
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1628
  <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
@@ -1635,9 +1635,9 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1635
  </div>
1636
  <?php } else { ?>
1637
  <div style="text-align:center;">
1638
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url();?>" >
1639
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1640
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce'); ?>" />
1641
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1642
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1643
  <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
@@ -1647,8 +1647,8 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1647
  </div>
1648
  </div>
1649
  </div>
1650
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1651
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1652
  </form>
1653
  </body>
1654
  <script>
@@ -1665,13 +1665,13 @@ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1665
  function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1666
  ?>
1667
  <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1668
- <input type="hidden" name="miniorange_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-backup-nonce'); ?>" />
1669
  <input type="hidden" name="option" value="miniorange_backup_nonce">
1670
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1671
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1672
  </form>
1673
  <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1674
- <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-generate-backup-nonce'); ?>" />
1675
  <input type="hidden" name="option" value="miniorange_create_backup_codes">
1676
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1677
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
13
  <div>
14
  <form id="morba_loginform" method="post">
15
  <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__)))) ); ?>"/>
17
  <?php
18
  if ( get_option( 'mo2f_remember_device' ) ) {
19
  ?>
41
  }
42
  ?>
43
  <input type="hidden" name="miniorange_attribute_collection_nonce"
44
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' )); ?>"/>
45
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
46
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
47
  </form>
95
  </div>
96
  </div>
97
  </div>
98
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
99
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
100
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
101
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
102
  </form>
103
  <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
104
  <input type="hidden" name="mo2f_selected_mfactor_method" />
105
+ <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('mo2f_miniorange-2factor-method-nonce')); ?>" />
106
  <input type="hidden" name="option" value="miniorange_mfactor_method" />
107
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
108
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
310
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
311
  class="mo2f_display_none_forms">
312
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
313
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
314
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
315
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
316
  </form>
317
  <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
318
  <input type="hidden" name="mo2f_configured_2FA_method"/>
319
  <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
320
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' )); ?>"/>
321
  <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
322
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
323
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
406
  class="miniorange_kba_validate" style="float:left;"
407
  value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
408
  <input type="hidden" name="miniorange_kba_nonce"
409
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-kba-nonce' )); ?>"/>
410
  <input type="hidden" name="option"
411
  value="miniorange_kba_validate"/>
412
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
445
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
446
  class="mo2f_display_none_forms">
447
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
448
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
449
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
450
  </form>
451
 
540
  </p>
541
  </div>
542
  <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
543
+ <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-validate-backup-nonce')); ?>" />
544
  <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
545
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
546
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
554
  </div>
555
  </div>
556
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
557
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
558
  </form>
559
  </body>
560
  <script>
676
  <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
677
  class="mo2f_display_none_forms">
678
  <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
679
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' )); ?>"/>
680
  <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
681
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
682
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
685
  </form>
686
  <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
687
  <input type="hidden" name="miniorange_duo_push_validation_nonce"
688
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' )); ?>"/>
689
  <input type="hidden" name="option" value="miniorange_duo_push_validation">
690
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
691
  <input type="hidden" name="tx_type"/>
697
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
698
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
699
  <input type="hidden" name="miniorange_forgotphone"
700
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
701
  <input type="hidden" name="option" value="miniorange_forgotphone">
702
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
703
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
704
  </form>
705
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
706
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
707
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce') ); ?>"/>
708
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
709
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
710
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
716
  pollPushValidation();
717
  function pollPushValidation()
718
  {
719
+ var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
720
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
721
  var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
722
  var data={
723
  'action':'mo2f_duo_ajax_request',
877
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
878
  class="mo2f_display_none_forms">
879
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
880
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
881
  <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
882
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
883
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
886
  </form>
887
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
888
  <input type="hidden" name="miniorange_mobile_validation_nonce"
889
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' )); ?>"/>
890
  <input type="hidden" name="option" value="miniorange_mobile_validation">
891
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
892
  <input type="hidden" name="tx_type"/>
896
  </form>
897
  <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
898
  <input type="hidden" name="miniorange_softtoken"
899
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-softtoken' )); ?>"/>
900
  <input type="hidden" name="option" value="miniorange_softtoken">
901
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
902
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
904
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
905
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
906
  <input type="hidden" name="miniorange_forgotphone"
907
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
908
  <input type="hidden" name="option" value="miniorange_forgotphone">
909
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
910
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
911
  </form>
912
  <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
913
  <input type="hidden" name="miniorange_alternate_login_kba_nonce"
914
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' )); ?>"/>
915
  <input type="hidden" name="option" value="miniorange_alternate_login_kba">
916
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
917
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
921
  var timeout;
922
  var login_status = '<?php echo esc_html($login_status);?>';
923
  var calls = 0;
924
+ var onprem = '<?php echo esc_html(MO2F_IS_ONPREM); ?>';
925
 
926
  if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
927
  {
961
  {
962
  pollPushValidation();
963
  function pollPushValidation() {
964
+ var transId = "<?php echo esc_html($cookievalue);// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
965
  var jsonString = "{\"txId\":\"" + transId + "\"}";
966
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
967
 
968
  jQuery.ajax({
969
  url: postUrl,
1053
  </center>
1054
  </div>
1055
  <div id="showQrCode" style="margin-bottom:10%;">
1056
+ <center><?php echo '<img src="data:image/jpg;base64,' . esc_html($qrCode) . '" />'; ?></center>
1057
  </div>
1058
  <span style="padding-right:2%;">
1059
  <center>
1098
  </div>
1099
  </div>
1100
  </div>
1101
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1102
  class="mo2f_display_none_forms">
1103
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1104
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce') ); ?>"/>
1105
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1106
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1107
  </form>
1108
  <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1109
  <input type="hidden" name="miniorange_mobile_validation_nonce"
1110
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' )); ?>"/>
1111
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1112
  <input type="hidden" name="option" value="miniorange_mobile_validation">
1113
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1114
  </form>
1115
  <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1116
  <input type="hidden" name="miniorange_softtoken"
1117
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-softtoken' )); ?>"/>
1118
  <input type="hidden" name="option" value="miniorange_softtoken">
1119
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1120
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1122
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1123
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1124
  <input type="hidden" name="miniorange_forgotphone"
1125
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
1126
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1127
  <input type="hidden" name="option" value="miniorange_forgotphone">
1128
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1133
  pollMobileValidation();
1134
 
1135
  function pollMobileValidation() {
1136
+ var transId = "<?php echo esc_html($cookievalue);//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1137
  var jsonString = "{\"txId\":\"" + transId + "\"}";
1138
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
1139
  jQuery.ajax({
1140
  url: postUrl,
1141
  type: "POST",
1228
  </div>
1229
  <?php } ?><br><?php
1230
  ?>
1231
+ <span><b>Attempts left</b>:</span> <?php echo esc_html($attempts);?><br>
1232
  <?php if($attempts==1){?>
1233
  <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1234
  <?php }?>
1260
  ?>
1261
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1262
  <input type="hidden" name="miniorange_soft_token_nonce"
1263
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' )); ?>"/>
1264
  <input type="hidden" name="option" value="miniorange_soft_token">
1265
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1266
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1267
  <?php if($mo2fa_transaction_id!=null){ ?>
1268
+ <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo esc_html($mo2fa_transaction_id); ?>"/>
1269
  <?php }?>
1270
  </form>
1271
  <?php
1311
  </div>
1312
  </div>
1313
 
1314
+ <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1315
  class="mo2f_display_none_forms">
1316
  <input type="hidden" name="miniorange_back_inline_reg_nonce"
1317
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' )); ?>"/>
1318
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1319
  <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1320
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1321
 
1322
  </form>
1323
 
1324
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1325
  class="mo2f_display_none_forms">
1326
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1327
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
1328
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1329
  </form>
1330
 
1332
  <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1333
  <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1334
  <input type="hidden" name="miniorange_forgotphone"
1335
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
1336
  <input type="hidden" name="option" value="miniorange_forgotphone">
1337
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1338
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1358
  function mologinforgotphone() {
1359
  jQuery('#mo2f_show_forgotphone_loginform').submit();
1360
  }
1361
+ var is_ajax = '<?php echo esc_html(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'));?>';
1362
  if(is_ajax){
1363
  jQuery('#mo2fa_softtoken').keypress(function (e) {
1364
  if (e.which == 13) {//Enter key pressed
1436
  </div>
1437
  <div id="showLoadingBar" hidden>
1438
  <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1439
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__))) ); ?>"/>
1440
  </div>
1441
  <br><br>
1442
  <span>
1451
  </div>
1452
  </div>
1453
  </div>
1454
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1455
  class="mo2f_display_none_forms">
1456
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1457
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
1458
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1459
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1460
  </form>
1461
  <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1462
  <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1463
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' )); ?>"/>
1464
  <input type="hidden" name="option" value="miniorange_rba_validate">
1465
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1466
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1467
  </form>
1468
  <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1469
  <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1470
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' )); ?>"/>
1471
  <input type="hidden" name="option" value="miniorange_rba_cancle">
1472
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1473
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1496
  function mo2f_customize_logo() { ?>
1497
  <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1498
  alt="logo"
1499
+ src="<?php echo esc_url(plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__)))); ?>"/></a></div>
1500
 
1501
  <?php }
1502
 
1596
  <?php
1597
  for ($x = 0; $x < sizeof($codes); $x++) {
1598
  $str = $codes[$x];
1599
+ echo("<br>".esc_html($str)." <br>");
1600
  }
1601
 
1602
  $str1="";
1612
  <div style="width: 50%;float: right;">
1613
  <form name="f" method="post" id="mo2f_users_backup1" action="">
1614
  <input type="hidden" name="option" value="mo2f_users_backup1" />
1615
+ <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo esc_html($str1); ?>" />
1616
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1617
+ <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-backup-nonce')); ?>" />
1618
 
1619
  <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1620
  </form>
1621
  </div>
1622
 
1623
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url());?>" >
1624
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1625
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce')); ?>" />
1626
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1627
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1628
  <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1635
  </div>
1636
  <?php } else { ?>
1637
  <div style="text-align:center;">
1638
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url());?>" >
1639
  <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1640
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce')); ?>" />
1641
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1642
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1643
  <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1647
  </div>
1648
  </div>
1649
  </div>
1650
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1651
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1652
  </form>
1653
  </body>
1654
  <script>
1665
  function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1666
  ?>
1667
  <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1668
+ <input type="hidden" name="miniorange_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-backup-nonce')); ?>" />
1669
  <input type="hidden" name="option" value="miniorange_backup_nonce">
1670
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1671
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1672
  </form>
1673
  <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1674
+ <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-generate-backup-nonce')); ?>" />
1675
  <input type="hidden" name="option" value="miniorange_create_backup_codes">
1676
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1677
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -202,14 +202,14 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
202
  </div>
203
  </div>
204
  </div>
205
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
206
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
207
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
208
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
209
  </form>
210
  <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
  <input type="hidden" name="mo2f_selected_2factor_method" />
212
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
213
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
215
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
@@ -217,7 +217,7 @@ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_sta
217
 
218
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
  <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
- <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
221
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
222
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
223
  </form>
@@ -333,7 +333,7 @@ function mo2f_inline_email_form($email,$current_user_id)
333
  <br>
334
  <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
  <br>
336
- <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-email-change-nonce'); ?>" />
337
  <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
  <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
@@ -346,18 +346,18 @@ function mo2f_inline_email_form($email,$current_user_id)
346
  </div>
347
  </div>
348
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
350
  </form>
351
  <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
  <input type="hidden" name="mo2f_selected_2factor_method" />
353
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce'); ?>" />
354
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
356
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
357
  </form>
358
  <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
- <input type="hidden" name="miniorange_skip_2fa" value="<?php echo wp_create_nonce('miniorange-2-factor-skip-nonce'); ?>" />
361
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
362
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
363
  </form>
@@ -366,7 +366,7 @@ function mo2f_inline_email_form($email,$current_user_id)
366
  <script type="text/javascript">
367
  jQuery('#save_entered_email_inlinecloud1').click(function(){
368
  var email = jQuery('#emailInlineCloud').val();
369
- var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
370
  var data = {
371
  'action' : 'mo_two_factor_ajax',
372
  'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
@@ -462,7 +462,7 @@ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $
462
  </div>
463
  </div>
464
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
466
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
467
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
468
  </form>
@@ -470,18 +470,18 @@ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $
470
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
472
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
473
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
474
  </form>
475
  <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
  <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
478
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
479
- <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce'); ?>" />
480
  </form>
481
  <?php if (sizeof($opt) > 1) { ?>
482
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
  <input type="hidden" name="option" value="miniorange_back_inline"/>
484
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
485
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
486
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
487
  </form>
@@ -570,8 +570,8 @@ function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status
570
  </div>
571
  </div>
572
  </div>
573
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
574
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
575
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
576
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
577
  </form>
@@ -579,18 +579,18 @@ function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status
579
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
581
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
582
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce'); ?>" />
583
  </form>
584
  <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
  <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
587
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
588
- <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce'); ?>" />
589
  </form>
590
  <?php if (sizeof($opt) > 1) { ?>
591
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
  <input type="hidden" name="option" value="miniorange_back_inline"/>
593
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
594
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
595
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
596
  </form>
@@ -767,14 +767,14 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
767
  </div>
768
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
769
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
770
- <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce'); ?>" />
771
  </form>
772
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
  <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
  <input type="hidden" name="option" value="miniorange_back_inline"/>
775
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
776
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
777
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
778
  </form>
779
  </div>
780
  <br>
@@ -785,7 +785,7 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
785
  </div>
786
  </div>
787
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
789
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
790
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
791
  </form>
@@ -793,7 +793,7 @@ function prompt_user_for_google_authenticator_setup($current_user_id, $login_sta
793
  <input type="hidden" name="google_phone_type" />
794
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
795
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
796
- <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce'); ?>" />
797
  </form>
798
 
799
  <script>
@@ -979,19 +979,19 @@ function initialize_inline_duo_auth_registration($current_user,$session_id_encry
979
  <form name="f" method="post" action="" id="mo2f_go_back_form">
980
  <input type="hidden" name="option" value="mo2f_go_back"/>
981
  <input type="hidden" name="mo2f_go_back_nonce"
982
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
983
  </form>
984
  <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
987
  <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
- value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-success-nonce" ) ?>"/>
989
  </form>
990
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
993
  <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
- value="<?php echo wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" ) ?>"/>
995
  </form>
996
 
997
  <script>
@@ -1006,8 +1006,8 @@ function initialize_inline_duo_auth_registration($current_user,$session_id_encry
1006
 
1007
  pollMobileValidation();
1008
  function pollMobileValidation() {
1009
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1010
- var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
1011
  var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
1012
 
1013
  var data={
@@ -1081,7 +1081,7 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1081
  </div>
1082
  </div>
1083
  <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1085
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1086
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1087
  </form>
@@ -1092,7 +1092,7 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1092
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1093
  </div>
1094
  </div>
1095
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1096
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1097
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1098
  </form>
@@ -1104,7 +1104,7 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1104
  </div>
1105
  </div>
1106
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1108
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1109
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1110
  </form>
@@ -1215,12 +1215,12 @@ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_messa
1215
  </div>
1216
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1219
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1220
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1221
  </form>
1222
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1223
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1224
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1225
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1226
  </form>
@@ -1317,7 +1317,7 @@ function prompt_user_for_setup_success($id, $login_status, $login_message,$redir
1317
  <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1318
  </center>
1319
  <input type="hidden" name="mo2f_inline_kba_option" />
1320
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce'); ?>" />
1321
  <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo esc_html($login_status); ?>" />
1322
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1323
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
@@ -1347,7 +1347,7 @@ function prompt_user_for_setup_success($id, $login_status, $login_message,$redir
1347
  </center>
1348
  <?php
1349
  }else{
1350
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? $_POST[ 'redirect_to' ] : null;
1351
  $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1352
  mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1353
  }
@@ -1357,8 +1357,8 @@ function prompt_user_for_setup_success($id, $login_status, $login_message,$redir
1357
  </div>
1358
  </div>
1359
  </div>
1360
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1361
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1362
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1363
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1364
  </form>
@@ -1474,7 +1474,7 @@ $current_user = get_userdata($current_user_id);
1474
  <?php } ?>
1475
  <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
  <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
- <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce'); ?>" />
1478
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1479
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1480
  </form>
@@ -1508,7 +1508,7 @@ $current_user = get_userdata($current_user_id);
1508
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1509
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1510
  <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
- <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce'); ?>" />
1512
  </form>
1513
  <?php mo2f_customize_logo() ?>
1514
  </div>
@@ -1516,19 +1516,19 @@ $current_user = get_userdata($current_user_id);
1516
  </div>
1517
  </div>
1518
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce'); ?>" />
1520
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1521
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1522
  </form>
1523
  <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
- <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce'); ?>" />
1525
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1526
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1527
  </form>
1528
  <?php if (sizeof($opt) > 1) { ?>
1529
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo wp_create_nonce('miniorange-2-factor-inline-setup-nonce'); ?>" />
1532
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1533
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1534
  </form>
202
  </div>
203
  </div>
204
  </div>
205
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
206
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
207
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
208
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
209
  </form>
210
  <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
  <input type="hidden" name="mo2f_selected_2factor_method" />
212
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
213
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
215
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
217
 
218
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
  <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
+ <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
221
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
222
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
223
  </form>
333
  <br>
334
  <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
  <br>
336
+ <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-email-change-nonce')); ?>" />
337
  <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
  <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
346
  </div>
347
  </div>
348
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
350
  </form>
351
  <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
  <input type="hidden" name="mo2f_selected_2factor_method" />
353
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
354
  <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
356
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
357
  </form>
358
  <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
  <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
+ <input type="hidden" name="miniorange_skip_2fa" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
361
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
362
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
363
  </form>
366
  <script type="text/javascript">
367
  jQuery('#save_entered_email_inlinecloud1').click(function(){
368
  var email = jQuery('#emailInlineCloud').val();
369
+ var nonce = '<?php echo esc_html(wp_create_nonce("checkuserinminiOrangeNonce"));?>';
370
  var data = {
371
  'action' : 'mo_two_factor_ajax',
372
  'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
462
  </div>
463
  </div>
464
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
466
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
467
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
468
  </form>
470
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
472
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
473
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
474
  </form>
475
  <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
  <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
478
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
479
+ <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce')); ?>" />
480
  </form>
481
  <?php if (sizeof($opt) > 1) { ?>
482
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
  <input type="hidden" name="option" value="miniorange_back_inline"/>
484
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
485
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
486
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
487
  </form>
570
  </div>
571
  </div>
572
  </div>
573
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
574
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
575
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
576
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
577
  </form>
579
  <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
581
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
582
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
583
  </form>
584
  <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
  <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
587
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
588
+ <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce')); ?>" />
589
  </form>
590
  <?php if (sizeof($opt) > 1) { ?>
591
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
  <input type="hidden" name="option" value="miniorange_back_inline"/>
593
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
594
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
595
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
596
  </form>
767
  </div>
768
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
769
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
770
+ <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce')); ?>" />
771
  </form>
772
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
  <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
  <input type="hidden" name="option" value="miniorange_back_inline"/>
775
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
776
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
777
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
778
  </form>
779
  </div>
780
  <br>
785
  </div>
786
  </div>
787
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
789
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
790
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
791
  </form>
793
  <input type="hidden" name="google_phone_type" />
794
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
795
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
796
+ <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce')); ?>" />
797
  </form>
798
 
799
  <script>
979
  <form name="f" method="post" action="" id="mo2f_go_back_form">
980
  <input type="hidden" name="option" value="mo2f_go_back"/>
981
  <input type="hidden" name="mo2f_go_back_nonce"
982
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
983
  </form>
984
  <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
987
  <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-success-nonce" )) ?>"/>
989
  </form>
990
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
  <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
993
  <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" )) ?>"/>
995
  </form>
996
 
997
  <script>
1006
 
1007
  pollMobileValidation();
1008
  function pollMobileValidation() {
1009
+ var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1010
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
1011
  var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
1012
 
1013
  var data={
1081
  </div>
1082
  </div>
1083
  <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1085
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1086
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1087
  </form>
1092
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1093
  </div>
1094
  </div>
1095
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1096
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1097
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1098
  </form>
1104
  </div>
1105
  </div>
1106
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1108
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1109
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1110
  </form>
1215
  </div>
1216
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1219
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1220
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1221
  </form>
1222
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1223
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1224
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1225
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1226
  </form>
1317
  <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1318
  </center>
1319
  <input type="hidden" name="mo2f_inline_kba_option" />
1320
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1321
  <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo esc_html($login_status); ?>" />
1322
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1323
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1347
  </center>
1348
  <?php
1349
  }else{
1350
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? sanitize_url($_POST[ 'redirect_to' ]) : null;
1351
  $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1352
  mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1353
  }
1357
  </div>
1358
  </div>
1359
  </div>
1360
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1361
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1362
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1363
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1364
  </form>
1474
  <?php } ?>
1475
  <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
  <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
+ <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce')); ?>" />
1478
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1479
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1480
  </form>
1508
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1509
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1510
  <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
+ <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce')); ?>" />
1512
  </form>
1513
  <?php mo2f_customize_logo() ?>
1514
  </div>
1516
  </div>
1517
  </div>
1518
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1520
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1521
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1522
  </form>
1523
  <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
+ <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce')); ?>" />
1525
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1526
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1527
  </form>
1528
  <?php if (sizeof($opt) > 1) { ?>
1529
  <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
  <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1532
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1533
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1534
  </form>
controllers/twofa/two_factor_ajax.php CHANGED
@@ -288,16 +288,16 @@ class mo_2f_ajax
288
  $session_id_encrypt = MO2f_Utility::random_str(20);
289
 
290
  ?>
291
- <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');?> </b></h4>
292
  <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
295
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
297
 
298
  <div style="display:inline;">
299
  <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px;" type="text" name="phone" id="phone"
300
- value="<?php echo $user_phone ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
301
  title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/><br>
302
  <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
303
  value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
@@ -308,7 +308,7 @@ class mo_2f_ajax
308
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
310
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
312
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
313
  <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px" autofocus="true" type="text" name="mo2f_otp_token" id="mo2f_otp_token"
314
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -323,12 +323,12 @@ class mo_2f_ajax
323
  $session_id_encrypt = MO2f_Utility::random_str(20);
324
  $user_email = wp_get_current_user()->user_email;
325
  ?>
326
- <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo get_site_option('cmVtYWluaW5nT1RQ');?> </b></h4>
327
  <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
  <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
330
  <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" ) ?>"/>
332
 
333
  <div style="display:inline;">
334
  <b>Email Address: </b>
@@ -344,7 +344,7 @@ class mo_2f_ajax
344
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
346
  <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" ) ?>"/>
348
  <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
349
  <input class="mo2f_table_textbox" style="width:200px;height: 30px;" autofocus="true" type="text" name="mo2f_otp_token" id ="mo2f_otp_token"
350
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/></b>
288
  $session_id_encrypt = MO2f_Utility::random_str(20);
289
 
290
  ?>
291
+ <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo intval(esc_html(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')));?> </b></h4>
292
  <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
295
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" )) ?>"/>
297
 
298
  <div style="display:inline;">
299
  <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px;" type="text" name="phone" id="phone"
300
+ value="<?php echo esc_html($user_phone) ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
301
  title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/><br>
302
  <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
303
  value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
308
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
310
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" )) ?>"/>
312
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
313
  <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px" autofocus="true" type="text" name="mo2f_otp_token" id="mo2f_otp_token"
314
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
323
  $session_id_encrypt = MO2f_Utility::random_str(20);
324
  $user_email = wp_get_current_user()->user_email;
325
  ?>
326
+ <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo intval(esc_html(get_site_option('cmVtYWluaW5nT1RQ')));?> </b></h4>
327
  <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
  <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
330
  <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" )) ?>"/>
332
 
333
  <div style="display:inline;">
334
  <b>Email Address: </b>
344
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
346
  <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" )) ?>"/>
348
  <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
349
  <input class="mo2f_table_textbox" style="width:200px;height: 30px;" autofocus="true" type="text" name="mo2f_otp_token" id ="mo2f_otp_token"
350
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/></b>
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -294,6 +294,8 @@ class wpns_ajax
294
  function wpns_ip_lookup()
295
  {
296
 
 
 
297
  if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
298
  {
299
  echo "NonceDidNotMatch";
@@ -301,6 +303,8 @@ class wpns_ajax
301
  }
302
  else
303
  {
 
 
304
  $ip = $_POST['IP'];
305
  if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
306
  {
@@ -313,10 +317,14 @@ class wpns_ajax
313
  }
314
  $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$ip);
315
 
 
 
 
316
  if( !is_wp_error( $result ) ) {
317
- $result=wp_remote_retrieve_body( $result);
318
  }
319
 
 
320
  try{
321
  $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
322
  $timeoffset = $timeoffset/3600;
294
  function wpns_ip_lookup()
295
  {
296
 
297
+
298
+
299
  if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
300
  {
301
  echo "NonceDidNotMatch";
303
  }
304
  else
305
  {
306
+
307
+
308
  $ip = $_POST['IP'];
309
  if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
310
  {
317
  }
318
  $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$ip);
319
 
320
+
321
+
322
+
323
  if( !is_wp_error( $result ) ) {
324
+ $result=json_decode(wp_remote_retrieve_body( $result), true);
325
  }
326
 
327
+
328
  try{
329
  $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
330
  $timeoffset = $timeoffset/3600;
handler/feedback_form.php CHANGED
@@ -107,7 +107,8 @@ class FeedbackHandler
107
  if (!is_null($feedback_reasons)) {
108
  if (!$moWpnsUtility->is_curl_installed()) {
109
  deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
- wp_redirect('plugins.php');
 
111
  } else {
112
  $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
113
 
107
  if (!is_null($feedback_reasons)) {
108
  if (!$moWpnsUtility->is_curl_installed()) {
109
  deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
+ wp_safe_redirect('plugins.php');
111
+ exit();
112
  } else {
113
  $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
114
 
handler/login.php CHANGED
@@ -75,8 +75,8 @@ class LoginHandler
75
  $option = false;
76
  if (is_user_logged_in()) { //chr?
77
  if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
- wp_redirect(site_url());
79
- die;
80
  }
81
  } else {
82
  $option = get_option('mo_wpns_enable_rename_login_url');
@@ -84,18 +84,19 @@ class LoginHandler
84
  if ($option) {
85
  if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
  $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
- wp_redirect($requested_uri);
88
- die;
89
- } else if (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
  $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
- wp_redirect($requested_uri);
92
- die;
93
  }
94
 
95
  if (strpos($requested_uri, '/wp-login.php') !== false) {
96
- wp_redirect(site_url());
 
97
  }
98
- else if (strpos($requested_uri, get_option('login_page_url')) !== false ) {
99
  @require_once ABSPATH . 'wp-login.php';
100
  die;
101
  }
@@ -107,7 +108,7 @@ class LoginHandler
107
  {
108
  case "mo_wpns_change_password":
109
  $this->handle_change_password(sanitize_user($_POST['username'])
110
- ,sanitize_text_field($_POST['new_password']),sanitize_text_field($_POST['confirm_password']));
111
  break;
112
  }
113
  }
75
  $option = false;
76
  if (is_user_logged_in()) { //chr?
77
  if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
+ wp_safe_redirect(site_url());
79
+ exit;
80
  }
81
  } else {
82
  $option = get_option('mo_wpns_enable_rename_login_url');
84
  if ($option) {
85
  if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
  $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
+ wp_safe_redirect($requested_uri);
88
+ exit;
89
+ } elseif (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
  $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
+ wp_safe_redirect($requested_uri);
92
+ exit;
93
  }
94
 
95
  if (strpos($requested_uri, '/wp-login.php') !== false) {
96
+ wp_safe_redirect(site_url());
97
+ exit;
98
  }
99
+ elseif (strpos($requested_uri, get_option('login_page_url')) !== false ) {
100
  @require_once ABSPATH . 'wp-login.php';
101
  die;
102
  }
108
  {
109
  case "mo_wpns_change_password":
110
  $this->handle_change_password(sanitize_user($_POST['username'])
111
+ ,sanitize_text_field($_POST['new_password']), sanitize_text_field($_POST['confirm_password']));
112
  break;
113
  }
114
  }
handler/malware_scanner.php CHANGED
@@ -167,7 +167,7 @@ class Mo_wpns_Scan_Handler{
167
  $result= $this->download_repo($key, $data, $path, $type);
168
  if($result === -99){
169
  return -99;
170
- }else if(!$result){
171
  return false;
172
  }
173
  }
167
  $result= $this->download_repo($key, $data, $path, $type);
168
  if($result === -99){
169
  return -99;
170
+ }elseif(!$result){
171
  return false;
172
  }
173
  }
handler/recaptcha.php CHANGED
@@ -84,7 +84,7 @@
84
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
85
  wp_enqueue_script( 'mo2f_catpcha_js' );
86
 
87
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
88
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
89
  }
90
  }
@@ -107,7 +107,7 @@
107
  {
108
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
109
  wp_enqueue_script( 'mo2f_catpcha_js' );
110
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
111
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
112
  }
113
  }
@@ -118,7 +118,7 @@
118
 
119
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
120
  wp_enqueue_script( 'mo2f_catpcha_js' );
121
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
122
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
123
  }
124
  }
@@ -130,7 +130,7 @@
130
  {
131
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
132
  wp_enqueue_script( 'mo2f_catpcha_js' );
133
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
134
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
135
  }
136
  }
84
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
85
  wp_enqueue_script( 'mo2f_catpcha_js' );
86
 
87
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
88
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
89
  }
90
  }
107
  {
108
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
109
  wp_enqueue_script( 'mo2f_catpcha_js' );
110
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
111
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
112
  }
113
  }
118
 
119
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
120
  wp_enqueue_script( 'mo2f_catpcha_js' );
121
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
122
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
123
  }
124
  }
130
  {
131
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
132
  wp_enqueue_script( 'mo2f_catpcha_js' );
133
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
134
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
135
  }
136
  }
handler/twofa/class_miniorange_2fa_strong_password.php CHANGED
@@ -28,10 +28,10 @@ class class_miniorange_2fa_strong_password {
28
 
29
  if($Users == 'all' or ($Users == 'admin' and $UserRole == 'administrator') or ($Users == 'user' and $UserRole != 'administrator' ) or ($Users == 'admin' and is_null($UserRole)))
30
  {
31
- $password = (isset($_POST['pass1']) && trim($_POST['pass1'])) ? $_POST['pass1'] : false;
32
  $password=($password==false)?(isset($_POST['password_1'])?$_POST['password_1']:false):$password ;
33
  $user_id = isset($userData->ID) ? $userData->ID : false;
34
- $username = isset($_POST["user_login"]) ? $_POST["user_login"] : (isset($userData->user_login) ? sanitize_user($userData->user_login) : sanitize_email($userData->user_email));
35
 
36
  if ($password == false) { return $errors; }
37
  if ($errors->get_error_data("pass")) { return $errors; }
@@ -50,12 +50,12 @@ class class_miniorange_2fa_strong_password {
50
  public static function woocommerce_password_registration_protection($errors, $username, $email) {
51
  if(get_option( 'woocommerce_registration_generate_password' )=='yes')
52
  return $errors;
53
- $password=$_POST['account_password'];
54
  return class_miniorange_2fa_strong_password::is_validPassword($errors, $username, $password);
55
  }
56
 
57
  public static function woocommerce_password_edit_account($errors, $user) {
58
- $password=$_POST['password_1'];
59
  $user =get_userdata($user->ID);
60
  $username=$user->user_login;
61
  $enforceStrongPasswds = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option');
28
 
29
  if($Users == 'all' or ($Users == 'admin' and $UserRole == 'administrator') or ($Users == 'user' and $UserRole != 'administrator' ) or ($Users == 'admin' and is_null($UserRole)))
30
  {
31
+ $password = (isset($_POST['pass1']) && trim($_POST['pass1'])) ? sanitize_text_field($_POST['pass1']) : false;
32
  $password=($password==false)?(isset($_POST['password_1'])?$_POST['password_1']:false):$password ;
33
  $user_id = isset($userData->ID) ? $userData->ID : false;
34
+ $username = isset($_POST["user_login"]) ? sanitize_text_field($_POST["user_login"]) : (isset($userData->user_login) ? sanitize_user($userData->user_login) : sanitize_email($userData->user_email));
35
 
36
  if ($password == false) { return $errors; }
37
  if ($errors->get_error_data("pass")) { return $errors; }
50
  public static function woocommerce_password_registration_protection($errors, $username, $email) {
51
  if(get_option( 'woocommerce_registration_generate_password' )=='yes')
52
  return $errors;
53
+ $password= sanitize_text_field($_POST['account_password']);
54
  return class_miniorange_2fa_strong_password::is_validPassword($errors, $username, $password);
55
  }
56
 
57
  public static function woocommerce_password_edit_account($errors, $user) {
58
+ $password= sanitize_text_field($_POST['password_1']);
59
  $user =get_userdata($user->ID);
60
  $username=$user->user_login;
61
  $enforceStrongPasswds = MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option');
handler/twofa/setup_twofa.php CHANGED
@@ -537,14 +537,14 @@
537
  }
538
  $configured_auth_method_abr = str_replace(' ', '',$configured_auth_method);
539
  $form .= '</div> <input type="hidden" name="miniorange_save_form_auth_methods_nonce"
540
- value="'. wp_create_nonce( "miniorange-save-form-auth-methods-nonce" ) .'"/>
541
- <input type="hidden" name="option" value="mo2f_save_' . $category . '_auth_methods" />
542
- <input type="hidden" name="mo2f_configured_2FA_method_' . $category . '" id="mo2f_configured_2FA_method_' . $category . '" />
543
- <input type="hidden" name="mo2f_selected_action_' . $category . '" id="mo2f_selected_action_' . $category . '" />
544
  </form><script>
545
- var selected_miniorange_method = "'.$selected_miniorange_method.'";
546
  if(selected_miniorange_method)
547
- jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "'.$configured_auth_method_abr.'"}).appendTo("form");
548
  else
549
  jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "miniOrangeSoftToken"}).appendTo("form");
550
  </script>';
@@ -674,7 +674,7 @@ function display_customer_registration_forms($user){
674
  <?php if ( $mo2f_message ) { ?>
675
  <div style="padding:5px;">
676
  <div class="alert alert-info" style="margin-bottom:0px;padding:3px;">
677
- <p style="font-size:15px;margin-left: 2%;"><?php echo $mo2f_message; ?></p>
678
  </div>
679
  </div>
680
  <?php }
@@ -687,7 +687,7 @@ function display_customer_registration_forms($user){
687
  </div>
688
  <form name="f" method="post" action="" class="mo2f_registration_closed_form">
689
  <input type="hidden" name="mo2f_registration_closed_nonce"
690
- value="<?php echo wp_create_nonce( "mo2f-registration-closed-nonce" ) ?>"/>
691
  <input type="hidden" name="option" value="mo2f_registration_closed"/>
692
  </form>
693
  </div>
537
  }
538
  $configured_auth_method_abr = str_replace(' ', '',$configured_auth_method);
539
  $form .= '</div> <input type="hidden" name="miniorange_save_form_auth_methods_nonce"
540
+ value="'. esc_html(wp_create_nonce( "miniorange-save-form-auth-methods-nonce" )) .'"/>
541
+ <input type="hidden" name="option" value="mo2f_save_' . esc_html($category) . '_auth_methods" />
542
+ <input type="hidden" name="mo2f_configured_2FA_method_' . esc_html($category ). '" id="mo2f_configured_2FA_method_' . esc_html($category) . '" />
543
+ <input type="hidden" name="mo2f_selected_action_' . esc_html($category) . '" id="mo2f_selected_action_' . esc_html($category) . '" />
544
  </form><script>
545
+ var selected_miniorange_method = "'.esc_html($selected_miniorange_method).'";
546
  if(selected_miniorange_method)
547
+ jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "'.esc_html($configured_auth_method_abr).'"}).appendTo("form");
548
  else
549
  jQuery("<input>").attr({type: "hidden",id: "miniOrangeAuthenticator",value: "miniOrangeSoftToken"}).appendTo("form");
550
  </script>';
674
  <?php if ( $mo2f_message ) { ?>
675
  <div style="padding:5px;">
676
  <div class="alert alert-info" style="margin-bottom:0px;padding:3px;">
677
+ <p style="font-size:15px;margin-left: 2%;"><?php wp_kses($mo2f_message, array('b'=>array())); ?></p>
678
  </div>
679
  </div>
680
  <?php }
687
  </div>
688
  <form name="f" method="post" action="" class="mo2f_registration_closed_form">
689
  <input type="hidden" name="mo2f_registration_closed_nonce"
690
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-registration-closed-nonce" )) ?>"/>
691
  <input type="hidden" name="option" value="mo2f_registration_closed"/>
692
  </form>
693
  </div>
handler/twofa/two_fa_login.php CHANGED
@@ -40,7 +40,7 @@ class Miniorange_Mobile_Login {
40
  } else {
41
  if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
  {
43
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
44
  $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
  $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
  $handleSecondFactor = new Miniorange_Password_2Factor_Login();
@@ -252,7 +252,7 @@ class Miniorange_Mobile_Login {
252
  if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_login_nonce']), 'miniorange-2-factor-login-nonce' ) ) {
253
  $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
  $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
- $user = isset( $_SESSION['mo2f_current_user'] ) ? unserialize( $_SESSION['mo2f_current_user'] ) : null;
256
  $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
  ?>
258
  <script>
@@ -370,10 +370,10 @@ class Miniorange_Mobile_Login {
370
 
371
  ?>
372
  <input type="hidden" name="miniorange_login_nonce"
373
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
374
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" hidden>
375
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' ); ?>"/>
377
  <input type="hidden" id="sessids" name="session_id"
378
  value="<?php echo esc_html($session_id_encrypt); ?>"/>
379
  </form>
@@ -381,7 +381,7 @@ class Miniorange_Mobile_Login {
381
  <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
  <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
  <input type="hidden" name="miniorange_login_nonce"
384
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
385
  <input type="hidden" id="sessid" name="session_id"
386
  value="<?php echo esc_html($session_id_encrypt); ?>"/>
387
  </form>
@@ -389,7 +389,7 @@ class Miniorange_Mobile_Login {
389
  jQuery(document).ready(function () {
390
  var session_ids="<?php echo esc_html($session_id_encrypt); ?>";
391
  if (document.getElementById('loginform') != null) {
392
- jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+session_ids+"'/>");
393
  jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
 
395
  }
40
  } else {
41
  if(MO2F_IS_ONPREM and (!MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') or get_option('mo2f_enable_login_with_2nd_factor')))
42
  {
43
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? sanitize_text_field($_POST['miniorange_rba_attribures']) : null;
44
  $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
45
  $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
46
  $handleSecondFactor = new Miniorange_Password_2Factor_Login();
252
  if ( $login_status_phone_enable == 'MO_2_FACTOR_LOGIN_WHEN_PHONELOGIN_ENABLED' && isset( $_POST['miniorange_login_nonce'] ) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_login_nonce']), 'miniorange-2-factor-login-nonce' ) ) {
253
  $this->mo_2_factor_show_login_with_password_when_phonelogin_enabled();
254
  $this->mo_2_factor_show_wp_login_form_when_phonelogin_enabled();
255
+ $user = isset( $_SESSION['mo2f_current_user'] ) ? sanitize_text_field(unserialize( $_SESSION['mo2f_current_user']) ) : null;
256
  $mo2f_user_login = is_null( $user ) ? null : $user->user_login;
257
  ?>
258
  <script>
370
 
371
  ?>
372
  <input type="hidden" name="miniorange_login_nonce"
373
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-nonce' )); ?>"/>
374
  <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" hidden>
375
  <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
376
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
377
  <input type="hidden" id="sessids" name="session_id"
378
  value="<?php echo esc_html($session_id_encrypt); ?>"/>
379
  </form>
381
  <input type="text" name="mo2fa_username" id="mo2fa_username" hidden/>
382
  <input type="text" name="g-recaptcha-response" id = 'g-recaptcha-response' hidden/>
383
  <input type="hidden" name="miniorange_login_nonce"
384
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-nonce' )); ?>"/>
385
  <input type="hidden" id="sessid" name="session_id"
386
  value="<?php echo esc_html($session_id_encrypt); ?>"/>
387
  </form>
389
  jQuery(document).ready(function () {
390
  var session_ids="<?php echo esc_html($session_id_encrypt); ?>";
391
  if (document.getElementById('loginform') != null) {
392
+ jQuery("#user_pass").after( "<input type='hidden' id='sessid' name='session_id' value='"+esc_html(session_ids)+"'/>");
393
  jQuery(".wp-hide-pw").addClass('mo2fa_visible');
394
 
395
  }
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1856,6 +1856,11 @@ function check_miniorange_duo_push_validation_failed($POSTED){
1856
  }
1857
  else
1858
  {
 
 
 
 
 
1859
  MO2f_Utility::mo2f_debug_file('OTP over Telegram - Invalid OTP'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1860
  update_option('mo2f_attempts_before_redirect', $attempts-1);
1861
  $message = 'Invalid OTP please enter again.';
@@ -2122,14 +2127,14 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2122
  if( $accessTokenGet == $otpToken)
2123
  {
2124
  update_site_option($txIdGet,1);
2125
- $body = "Transaction has been successfully validated.<br><br>Please continue with the transaction.";
2126
  $head = "TRANSACTION SUCCESSFUL";
2127
  $color = "green";
2128
  }
2129
  else if($accessTokenGet==$otpTokenD)
2130
  {
2131
  update_site_option($txIdGet,0);
2132
- $body = "Transaction has been Canceled.<br><br>Please Try Again.";
2133
  $head = "TRANSACTION DENIED";
2134
  }
2135
  }
@@ -2711,7 +2716,7 @@ function check_miniorange_duo_push_validation_failed($POSTED){
2711
  }
2712
  ?>
2713
  <p><input type="hidden" name="miniorange_login_nonce"
2714
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
2715
 
2716
  <input type="hidden" id="sessid" name="session_id"
2717
  value="<?php echo esc_html($session_id_encrypt); ?>"/>
1856
  }
1857
  else
1858
  {
1859
+ if($attempts<=1){
1860
+ $this->remove_current_activity($session_id_encrypt);
1861
+ update_option('mo2f_attempts_before_redirect', 3);
1862
+ return new WP_Error( 'attempts failed try again ', __( '<strong>ERROR</strong>: maximum attempts.' ) );
1863
+ }
1864
  MO2f_Utility::mo2f_debug_file('OTP over Telegram - Invalid OTP'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1865
  update_option('mo2f_attempts_before_redirect', $attempts-1);
1866
  $message = 'Invalid OTP please enter again.';
2127
  if( $accessTokenGet == $otpToken)
2128
  {
2129
  update_site_option($txIdGet,1);
2130
+ $body = "Transaction has been successfully validated. Please continue with the transaction.";
2131
  $head = "TRANSACTION SUCCESSFUL";
2132
  $color = "green";
2133
  }
2134
  else if($accessTokenGet==$otpTokenD)
2135
  {
2136
  update_site_option($txIdGet,0);
2137
+ $body = "Transaction has been Canceled. Please Try Again.";
2138
  $head = "TRANSACTION DENIED";
2139
  }
2140
  }
2716
  }
2717
  ?>
2718
  <p><input type="hidden" name="miniorange_login_nonce"
2719
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-nonce' )); ?>"/>
2720
 
2721
  <input type="hidden" id="sessid" name="session_id"
2722
  value="<?php echo esc_html($session_id_encrypt); ?>"/>
handler/twofa/two_fa_settings.php CHANGED
@@ -1760,8 +1760,8 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
1760
 
1761
  localStorage.setItem("last_tab", 'setup_2fa');
1762
  var selectedMethod = jQuery(this).val();
1763
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1764
- var nonce = "<?php echo wp_create_nonce( 'miniorange-select-method-setup-wizard' ); ?>";
1765
 
1766
  if(selectedMethod == 'Duo Authenticator' || selectedMethod =='OTP Over Telegram')
1767
  {
@@ -1771,7 +1771,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
1771
  'nonce': nonce };
1772
 
1773
  jQuery.post(ajax_url, data, function(response){
1774
- window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1775
  });
1776
  }
1777
 
@@ -1779,7 +1779,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
1779
 
1780
  jQuery('a[href="#skiptwofactor"]').click(function(e){
1781
  localStorage.setItem("last_tab", 'setup_2fa');
1782
- window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1783
  });
1784
 
1785
 
@@ -1814,7 +1814,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
1814
  public function setup_wizard_content() {
1815
  $admin_url = is_network_admin() ? network_admin_url() : admin_url();
1816
 
1817
- $this->settings_error_page( 'mo2f-setup-vue-setup-wizard', '<a href="' . $admin_url.'admin.php?page=mo_2fa_two_fa">' . esc_html__( 'Go back to the Dashboard', 'mo2f-setup' ) . '</a>' );
1818
  $this->settings_inline_js();
1819
  }
1820
 
@@ -4022,7 +4022,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
4022
  'user_registration_with_miniorange' =>'SUCCESS',
4023
  'mo2f_user_email' =>$email
4024
  ) );
4025
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
4026
 
4027
  }
4028
  else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
@@ -4030,7 +4030,7 @@ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $foo
4030
  $content = json_decode($enduser->mo_create_user($user,$email), true);
4031
  if(json_last_error() == JSON_ERROR_NONE) {
4032
  if(strcasecmp($content['status'], 'SUCCESS') == 0) {
4033
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
4034
  $Mo2fdbQueries->update_user_details( $user->ID, array(
4035
  'user_registration_with_miniorange' =>'SUCCESS',
4036
  'mo2f_user_email' =>$email
1760
 
1761
  localStorage.setItem("last_tab", 'setup_2fa');
1762
  var selectedMethod = jQuery(this).val();
1763
+ var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1764
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-select-method-setup-wizard' )); ?>";
1765
 
1766
  if(selectedMethod == 'Duo Authenticator' || selectedMethod =='OTP Over Telegram')
1767
  {
1771
  'nonce': nonce };
1772
 
1773
  jQuery.post(ajax_url, data, function(response){
1774
+ window.location.href = '<?php echo esc_url(admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1775
  });
1776
  }
1777
 
1779
 
1780
  jQuery('a[href="#skiptwofactor"]').click(function(e){
1781
  localStorage.setItem("last_tab", 'setup_2fa');
1782
+ window.location.href = '<?php echo esc_url(admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1783
  });
1784
 
1785
 
1814
  public function setup_wizard_content() {
1815
  $admin_url = is_network_admin() ? network_admin_url() : admin_url();
1816
 
1817
+ $this->settings_error_page( 'mo2f-setup-vue-setup-wizard', '<a href="' . esc_url($admin_url).'admin.php?page=mo_2fa_two_fa">' . esc_html__( 'Go back to the Dashboard', 'mo2f-setup' ) . '</a>' );
1818
  $this->settings_inline_js();
1819
  }
1820
 
4022
  'user_registration_with_miniorange' =>'SUCCESS',
4023
  'mo2f_user_email' =>$email
4024
  ) );
4025
+ update_site_option(base64_encode("totalUsersCloud"), intval(get_site_option(base64_encode("totalUsersCloud"))) +1);
4026
 
4027
  }
4028
  else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
4030
  $content = json_decode($enduser->mo_create_user($user,$email), true);
4031
  if(json_last_error() == JSON_ERROR_NONE) {
4032
  if(strcasecmp($content['status'], 'SUCCESS') == 0) {
4033
+ update_site_option(base64_encode("totalUsersCloud"), intval(get_site_option(base64_encode("totalUsersCloud"))) +1);
4034
  $Mo2fdbQueries->update_user_details( $user->ID, array(
4035
  'user_registration_with_miniorange' =>'SUCCESS',
4036
  'mo2f_user_email' =>$email
handler/twofa/two_fa_utility.php CHANGED
@@ -734,7 +734,7 @@ class MO2f_Utility {
734
  echo "These are the codes that can be used in case you lose your phone or cannot access your email. Please reconfigure your authentication method after login.".PHP_EOL."Please use this carefully as each code can only be used once. Please do not share these codes with anyone..".PHP_EOL.PHP_EOL;
735
  for ($x = 0; $x < sizeof($codes); $x++){
736
  $str1= $codes[$x];
737
- echo(($x+1).". ".$str1." ");
738
  }
739
 
740
  exit;
734
  echo "These are the codes that can be used in case you lose your phone or cannot access your email. Please reconfigure your authentication method after login.".PHP_EOL."Please use this carefully as each code can only be used once. Please do not share these codes with anyone..".PHP_EOL.PHP_EOL;
735
  for ($x = 0; $x < sizeof($codes); $x++){
736
  $str1= $codes[$x];
737
+ echo(intval($x+1).". ".esc_html($str1)." ");
738
  }
739
 
740
  exit;
handler/user-profile-2fa.php CHANGED
@@ -96,7 +96,7 @@ wp_enqueue_style( 'mo2f_user-profile_style', $mainDir.'/includes/css/user-profi
96
  <input type="hidden" name="MO2F_IS_ONPREM" value="<?php echo esc_attr(MO2F_IS_ONPREM);?>">
97
  <input type="hidden" name="same_user" value="<?php echo esc_attr($same_user); ?>">
98
  <input type="hidden" name="is_registered" value="<?php echo esc_attr($is_registered); ?>">
99
- <input type="hidden" name="mo2f-update-mobile-nonce" value="<?php echo wp_create_nonce("mo2f-update-mobile-nonce");?>">
100
  <input type="hidden" name="mo2fa_count" id="mo2fa_count" value="1">
101
  <input type="hidden" name="transient_id" value="<?php echo esc_attr($transient_id) ;?>">
102
  <input type="hidden" name='method' id="method" value="NONE">
@@ -202,7 +202,7 @@ wp_enqueue_style( 'mo2f_user-profile_style', $mainDir.'/includes/css/user-profi
202
  wp_enqueue_script( 'mo_wpns_qrcode_script', $mainDir.'/includes/jquery-qrcode/jquery-qrcode.js' );
203
  wp_enqueue_script( 'mo_wpns_min_qrcode_script', $mainDir.'/includes/jquery-qrcode/jquery-qrcode.min.js');
204
  echo '<div class="mo2f_gauth_column mo2f_gauth_left" >';
205
- echo '<div class="mo2f_gauth" data-qrcode='.$data.'></div>';
206
  echo '</div>';
207
  }else{
208
  if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
@@ -212,7 +212,7 @@ wp_enqueue_style( 'mo2f_user-profile_style', $mainDir.'/includes/css/user-profi
212
  $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
213
  $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
214
  echo '<br><div id="displayQrCode">
215
- <img id="mo2f_gauth" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />
216
  </div>';
217
  }
218
  ?>
@@ -246,11 +246,11 @@ wp_enqueue_style( 'mo2f_user-profile_style', $mainDir.'/includes/css/user-profi
246
  $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
247
  $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
248
  ?>
249
- <form name="f" method="post" action="" id="<?php echo 'mo2f_verify_form-'.mo2f_lt($trimmed_method); ?>">
250
 
251
  <table id="mo2f_setup_sms">
252
  <td class="bg-none"><?php echo mo2f_lt( 'Authentication codes will be sent to ' )?></td>
253
- <td><input type="text" class="mo2f_table_textbox" style="margin-left: 1%; margin-right: 1%; width:200px;" name="verify_phone" id="<?php echo 'textbox-'.mo2f_lt($trimmed_method); ?>" value="<?php echo $user_phone ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/></td>
254
  <td><a id="<?php echo 'save-'.mo2f_lt($trimmed_method); ?>" name="save" class="button button1" ><?php echo mo2f_lt( 'Save' ); ?></a></td>
255
  </table>
256
 
96
  <input type="hidden" name="MO2F_IS_ONPREM" value="<?php echo esc_attr(MO2F_IS_ONPREM);?>">
97
  <input type="hidden" name="same_user" value="<?php echo esc_attr($same_user); ?>">
98
  <input type="hidden" name="is_registered" value="<?php echo esc_attr($is_registered); ?>">
99
+ <input type="hidden" name="mo2f-update-mobile-nonce" value="<?php echo esc_html(wp_create_nonce("mo2f-update-mobile-nonce"));?>">
100
  <input type="hidden" name="mo2fa_count" id="mo2fa_count" value="1">
101
  <input type="hidden" name="transient_id" value="<?php echo esc_attr($transient_id) ;?>">
102
  <input type="hidden" name='method' id="method" value="NONE">
202
  wp_enqueue_script( 'mo_wpns_qrcode_script', $mainDir.'/includes/jquery-qrcode/jquery-qrcode.js' );
203
  wp_enqueue_script( 'mo_wpns_min_qrcode_script', $mainDir.'/includes/jquery-qrcode/jquery-qrcode.min.js');
204
  echo '<div class="mo2f_gauth_column mo2f_gauth_left" >';
205
+ echo '<div class="mo2f_gauth" data-qrcode='.esc_url($data).'></div>';
206
  echo '</div>';
207
  }else{
208
  if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
212
  $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
213
  $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
214
  echo '<br><div id="displayQrCode">
215
+ <img id="mo2f_gauth" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . esc_url($data) . '" />
216
  </div>';
217
  }
218
  ?>
246
  $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
247
  $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
248
  ?>
249
+ <form name="f" method="post" action="" id="<?php echo esc_html('mo2f_verify_form-'.mo2f_lt($trimmed_method)); ?>">
250
 
251
  <table id="mo2f_setup_sms">
252
  <td class="bg-none"><?php echo mo2f_lt( 'Authentication codes will be sent to ' )?></td>
253
+ <td><input type="text" class="mo2f_table_textbox" style="margin-left: 1%; margin-right: 1%; width:200px;" name="verify_phone" id="<?php echo 'textbox-'.mo2f_lt($trimmed_method); ?>" value="<?php echo esc_html($user_phone) ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/></td>
254
  <td><a id="<?php echo 'save-'.mo2f_lt($trimmed_method); ?>" name="save" class="button button1" ><?php echo mo2f_lt( 'Save' ); ?></a></td>
255
  </table>
256
 
helper/curl.php CHANGED
@@ -47,7 +47,7 @@ class MocURL
47
 
48
  if ( $is_ec_with_1_user ) {
49
  $customer_feature = "V1";
50
- }else if ( $is_nc_with_1_user ) {
51
  $customer_feature = "V3";
52
  }
53
  global $moWpnsUtility;
@@ -227,23 +227,34 @@ class MocURL
227
 
228
  $customer_feature = "";
229
 
230
-
231
  if ( $is_ec_with_1_user ) {
232
  $customer_feature = "V1";
233
- }else if ( $is_nc_with_1_user ) {
234
  $customer_feature = "V3";
235
  }
236
 
237
  $query = '[WordPress 2 Factor Authentication Plugin: ' .$onprem.$customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
238
 
239
-
240
- $content='<div >Hello, <br><br>Ticket ID:'.$moWpnsUtility->getFeatureStatus().'<br><br>First Name :'.$user->user_firstname.'<br><br>Last Name :'.$user->user_lastname.' <br><br>Company :<a href="'.sanitize_text_field(sanitize_text_field($_SERVER['SERVER_NAME'])).'" target="_blank" >'.sanitize_text_field($_SERVER['SERVER_NAME']).'</a><br><br>Phone Number :'.$phone.'<br><br>Email :<a href="mailto:'.$email.'" target="_blank">'.$email.'</a><br><br>Query :'.$query.'</div>';
241
-
242
- $headers = array('Content-Type: text/html; charset=UTF-8');
243
-
244
- $response = wp_mail( '2fasupport@xecurify.com', $subject, $content, $headers );
 
 
 
 
 
 
 
 
 
 
 
 
 
245
  return $response;
246
-
247
  }
248
 
249
 
47
 
48
  if ( $is_ec_with_1_user ) {
49
  $customer_feature = "V1";
50
+ }elseif ( $is_nc_with_1_user ) {
51
  $customer_feature = "V3";
52
  }
53
  global $moWpnsUtility;
227
 
228
  $customer_feature = "";
229
 
 
230
  if ( $is_ec_with_1_user ) {
231
  $customer_feature = "V1";
232
+ }elseif ( $is_nc_with_1_user ) {
233
  $customer_feature = "V3";
234
  }
235
 
236
  $query = '[WordPress 2 Factor Authentication Plugin: ' .$onprem.$customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
237
 
238
+ $content='<div >Hello, <br><br>Ticket ID:'.$moWpnsUtility->getFeatureStatus().'<br><br>First Name :'.$user->user_firstname.'<br><br>Last Name :'.$user->user_lastname.' <br><br>Company :<a href="'.esc_url($_SERVER['SERVER_NAME']).'" target="_blank" >'.esc_html($_SERVER['SERVER_NAME']).'</a><br><br>Phone Number :'.$phone.'<br><br>Email :<a href="mailto:'.esc_html($email).'" target="_blank">'.esc_html($email).'</a><br><br>Query :'.wp_kses_post($query).'</div>';
239
+
240
+ $fields = array(
241
+ 'customerKey' => $customerKey,
242
+ 'sendEmail' => true,
243
+ 'email' => array(
244
+ 'customerKey' => $customerKey,
245
+ 'fromEmail' => $fromEmail,
246
+ 'fromName' => 'Xecurify',
247
+ 'toEmail' => '2fasupport@xecurify.com',
248
+ 'toName' => '2fasupport@xecurify.com',
249
+ 'subject' => $subject,
250
+ 'content' => $content
251
+ ),
252
+ );
253
+ $field_string = json_encode($fields);
254
+ $authHeader = $this->createAuthHeader($customerKey,$apiKey);
255
+ $response = self::callAPI($url, $field_string,$authHeader);
256
+
257
  return $response;
 
258
  }
259
 
260
 
helper/dashboard_security_notification.php CHANGED
@@ -162,7 +162,7 @@ class miniorange_security_notification{
162
 
163
  ";
164
 
165
- echo '<a class="button button-primary" style="background-color:#f0a702;width:100%;text-align:center;" href="admin.php?page=mo_2fa_malwarescan&tab=default&view='.$latest_id.'"><h3 style="background-color:#f0a702">View Details</h3></a>';
166
 
167
  echo "<br><br><br>";
168
 
162
 
163
  ";
164
 
165
+ echo '<a class="button button-primary" style="background-color:#f0a702;width:100%;text-align:center;" href="admin.php?page=mo_2fa_malwarescan&tab=default&view='.esc_html($latest_id).'"><h3 style="background-color:#f0a702">View Details</h3></a>';
166
 
167
  echo "<br><br><br>";
168
 
helper/pluginUtility.php CHANGED
@@ -475,7 +475,7 @@ class MoWpnsHandler
475
  $ip_data=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$userIp);
476
 
477
  if( !is_wp_error( $ip_data ) ) {
478
- $ip_data=wp_remote_retrieve_body( $ip_data);
479
  }
480
  if($ip_data && $ip_data->geoplugin_countryName != null){
481
  $country_code = $ip_data->geoplugin_countryCode;
475
  $ip_data=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$userIp);
476
 
477
  if( !is_wp_error( $ip_data ) ) {
478
+ $ip_data=json_decode(wp_remote_retrieve_body( $ip_data), true);
479
  }
480
  if($ip_data && $ip_data->geoplugin_countryName != null){
481
  $country_code = $ip_data->geoplugin_countryCode;
miniorange_2_factor_settings.php CHANGED
@@ -3,7 +3,7 @@
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
- * Version: 5.5.76
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
@@ -14,7 +14,7 @@
14
  require dirname(__FILE__).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'email-IPaddress.php';
15
 
16
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17
- define( 'MO2F_VERSION', '5.5.76' );
18
  define( 'MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
19
  define( 'MO2F_TEST_MODE', false );
20
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
@@ -205,7 +205,7 @@
205
 
206
  if((!get_site_option($key) && !get_site_option('notice_dismiss_time') ) || ($dismissedExpired and !get_site_option($key))){
207
  if(!get_site_option('plugin_warning_never_show_again'))
208
- echo $value;
209
  break;
210
  }
211
  else{
@@ -426,7 +426,7 @@
426
  wp_localize_script( 'dmajax_script', 'my_ajax_object', array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ));
427
  ?>
428
  <input type="hidden" name="miniorange_login_nonce"
429
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-login-nonce' ); ?>"/>
430
  <?php
431
  if ( get_option( 'mo2f_remember_device' ) ) {
432
  ?>
3
  * Plugin Name: miniOrange 2 Factor Authentication
4
  * Plugin URI: https://miniorange.com
5
  * Description: This TFA plugin provides various two-factor authentication methods as an additional layer of security after the default wordpress login. We Support Google/Authy/LastPass Authenticator, QR Code, Push Notification, Soft Token and Security Questions(KBA) for 3 User in the free version of the plugin.
6
+ * Version: 5.5.77
7
  * Author: miniOrange
8
  * Author URI: https://miniorange.com
9
  * Text Domain: miniorange-2-factor-authentication
14
  require dirname(__FILE__).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'email-IPaddress.php';
15
 
16
  define( 'MO_HOST_NAME', 'https://login.xecurify.com' );
17
+ define( 'MO2F_VERSION', '5.5.77' );
18
  define( 'MO2F_PLUGIN_URL', (plugin_dir_url(__FILE__)));
19
  define( 'MO2F_TEST_MODE', false );
20
  define( 'MO2F_IS_ONPREM', get_option('is_onprem'));
205
 
206
  if((!get_site_option($key) && !get_site_option('notice_dismiss_time') ) || ($dismissedExpired and !get_site_option($key))){
207
  if(!get_site_option('plugin_warning_never_show_again'))
208
+ echo wp_kses_post($value);
209
  break;
210
  }
211
  else{
426
  wp_localize_script( 'dmajax_script', 'my_ajax_object', array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ));
427
  ?>
428
  <input type="hidden" name="miniorange_login_nonce"
429
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-nonce' )); ?>"/>
430
  <?php
431
  if ( get_option( 'mo2f_remember_device' ) ) {
432
  ?>
readme.txt CHANGED
@@ -6,7 +6,7 @@ Donate link: https://miniorange.com/
6
  Requires at least: 3.0.1
7
  Tested up to: 6.0
8
  Requires PHP: 5.3.0
9
- Stable tag: 5.5.76
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -241,6 +241,10 @@ You should go to <b>Setup Two Factor (2FA) </b> Tab and click on <b>Reconfigure<
241
 
242
  == Changelog ==
243
 
 
 
 
 
244
  = 5.5.76 =
245
  * Google Authenticator - Two factor Authentication (2FA, OTP) :
246
  * Bug Fixes and Code Improvements
6
  Requires at least: 3.0.1
7
  Tested up to: 6.0
8
  Requires PHP: 5.3.0
9
+ Stable tag: 5.5.77
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
241
 
242
  == Changelog ==
243
 
244
+ = 5.5.77 =
245
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
246
+ * Bug Fixes and Code Improvements
247
+
248
  = 5.5.76 =
249
  * Google Authenticator - Two factor Authentication (2FA, OTP) :
250
  * Bug Fixes and Code Improvements
views/account/login.php CHANGED
@@ -7,7 +7,7 @@ echo' <form name="f" method="post" action="">
7
  <h3>Login with miniOrange
8
  <div style="float: right;">';
9
  if (isset( $two_fa )) {
10
- echo '<a class="button button-primary button-large" href="'.$two_fa.'">Back</a> ';
11
  }
12
  echo '</div>
13
  </h3>
@@ -17,7 +17,7 @@ echo' <form name="f" method="post" action="">
17
  <td><b><font color="#FF0000">*</font>Email:</b></td>
18
  <td><input class="mo_wpns_table_textbox" type="email" name="email"
19
  required placeholder="person@example.com"
20
- value="'.$admin_email.'" /></td>
21
  </tr>
22
  <tr>
23
  <td><b><font color="#FF0000">*</font>Password:</b></td>
7
  <h3>Login with miniOrange
8
  <div style="float: right;">';
9
  if (isset( $two_fa )) {
10
+ echo '<a class="button button-primary button-large" href="'.esc_url($two_fa).'">Back</a> ';
11
  }
12
  echo '</div>
13
  </h3>
17
  <td><b><font color="#FF0000">*</font>Email:</b></td>
18
  <td><input class="mo_wpns_table_textbox" type="email" name="email"
19
  required placeholder="person@example.com"
20
+ value="'.esc_html($admin_email).'" /></td>
21
  </tr>
22
  <tr>
23
  <td><b><font color="#FF0000">*</font>Password:</b></td>
views/account/register.php CHANGED
@@ -47,7 +47,7 @@ echo'<!--Register with miniOrange-->
47
  <form name="f" method="post" action="" class="mo2f_verify_customerform">
48
  <input type="hidden" name="option" value="mo2f_goto_verifycustomer">
49
  <input type="hidden" name="mo2f_goto_verifycustomer_nonce"
50
- value='. wp_create_nonce( "mo2f-goto-verifycustomer-nonce" ).' >
51
  </form>';
52
  ?>
53
 
47
  <form name="f" method="post" action="" class="mo2f_verify_customerform">
48
  <input type="hidden" name="option" value="mo2f_goto_verifycustomer">
49
  <input type="hidden" name="mo2f_goto_verifycustomer_nonce"
50
+ value='.esc_html(wp_create_nonce( "mo2f-goto-verifycustomer-nonce" )).' >
51
  </form>';
52
  ?>
53
 
views/account/verify.php CHANGED
@@ -40,7 +40,7 @@ echo' <div class="mo_wpns_divided_layout">
40
  <input type="hidden" name="option" value="mo_wpns_phone_verification" />
41
  If you can\'t see the email from miniOrange in your mails, please check your <b>SPAM Folder</b>. If you don\'t see an email even in SPAM folder, verify your identity with our alternate method.
42
  <br><br>
43
- <b>Enter your valid phone number here and verify your identity using one time passcode sent to your phone.</b><br><br><input class="mo_wpns_table_textbox" required="true" pattern="[\+]\d{1,3}\d{10}" autofocus="true" type="text" name="phone_number" id="phone" placeholder="Enter Phone Number" style="width:40%;" value="'.$admin_phone.'" title="Enter phone number without any space or dashes."/>
44
  <br><input type="submit" value="Send OTP" class="button button-primary button-large" />
45
 
46
  </form>
40
  <input type="hidden" name="option" value="mo_wpns_phone_verification" />
41
  If you can\'t see the email from miniOrange in your mails, please check your <b>SPAM Folder</b>. If you don\'t see an email even in SPAM folder, verify your identity with our alternate method.
42
  <br><br>
43
+ <b>Enter your valid phone number here and verify your identity using one time passcode sent to your phone.</b><br><br><input class="mo_wpns_table_textbox" required="true" pattern="[\+]\d{1,3}\d{10}" autofocus="true" type="text" name="phone_number" id="phone" placeholder="Enter Phone Number" style="width:40%;" value="'.esc_html($admin_phone).'" title="Enter phone number without any space or dashes."/>
44
  <br><input type="submit" value="Send OTP" class="button button-primary button-large" />
45
 
46
  </form>
views/addons.php CHANGED
@@ -233,9 +233,9 @@
233
 
234
  </div>
235
  <form class="mo2f_display_none_forms" id="mo2fa_loginform"
236
- action="<?php echo MO_HOST_NAME . '/moas/login'; ?>"
237
  target="_blank" method="post">
238
- <input type="email" name="username" value="<?php echo get_option( 'mo2f_email' ); ?>"/>
239
  <input type="text" name="redirectUrl"
240
  value="<?php echo esc_url(MO_HOST_NAME) . '/moas/initializepayment'; ?>"/>
241
  <input type="text" name="requestOrigin" id="requestOrigin"/>
@@ -245,7 +245,7 @@
245
  method="post">
246
  <input type="hidden" name="requestOrigin" />
247
  <input type="hidden" name="mo2fa_register_to_upgrade_nonce"
248
- value="<?php echo wp_create_nonce( 'miniorange-2-factor-user-reg-to-upgrade-nonce' ); ?>"/>
249
  </form>
250
  <script type="text/javascript">
251
  function mo2f_upgradeform(planType,planname)
@@ -282,7 +282,7 @@ function mo2f_addon_features_on_hover($mo2f_addon_feature)
282
  {
283
  return '<div class="mo2f_tooltip_addon">
284
  <span class="dashicons dashicons-info mo2f_info_tab"></span>
285
- <span class="mo2f_tooltiptext_addon" >'. $mo2f_addon_feature .'
286
  </span>
287
  </div>';
288
  }
233
 
234
  </div>
235
  <form class="mo2f_display_none_forms" id="mo2fa_loginform"
236
+ action="<?php echo esc_url(MO_HOST_NAME . '/moas/login'); ?>"
237
  target="_blank" method="post">
238
+ <input type="email" name="username" value="<?php echo esc_html(get_option( 'mo2f_email' )); ?>"/>
239
  <input type="text" name="redirectUrl"
240
  value="<?php echo esc_url(MO_HOST_NAME) . '/moas/initializepayment'; ?>"/>
241
  <input type="text" name="requestOrigin" id="requestOrigin"/>
245
  method="post">
246
  <input type="hidden" name="requestOrigin" />
247
  <input type="hidden" name="mo2fa_register_to_upgrade_nonce"
248
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-user-reg-to-upgrade-nonce' )); ?>"/>
249
  </form>
250
  <script type="text/javascript">
251
  function mo2f_upgradeform(planType,planname)
282
  {
283
  return '<div class="mo2f_tooltip_addon">
284
  <span class="dashicons dashicons-info mo2f_info_tab"></span>
285
+ <span class="mo2f_tooltiptext_addon" >'. esc_html($mo2f_addon_feature) .'
286
  </span>
287
  </div>';
288
  }
views/advanced-blocking.php CHANGED
@@ -43,7 +43,7 @@ echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedip->ip_address)."</
43
  echo "<span class=redtext>Permanently</span>";
44
  else
45
  echo date("M j, Y, g:i:s a",esc_attr($blockedip->blocked_for_time));
46
- echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a ".$disabled." onclick=unblockip('".esc_attr($blockedip->id)."')>Unblock IP</a></td></tr>";
47
  }
48
  ?>
49
  </tbody>
@@ -69,7 +69,7 @@ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestam
69
  <?php
70
  foreach($whitelisted_ips as $whitelisted_ip)
71
  {
72
- echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($whitelisted_ip->ip_address)."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a ".$disabled." onclick=removefromwhitelist('".$whitelisted_ip->id."')>Remove</a></td></tr>";
73
  }
74
 
75
  echo' </tbody>
@@ -111,7 +111,7 @@ echo' <h2>IP Address Range Blocking<a href='.esc_url($two_factor_premium_doc['I
111
  ';
112
  for($i = 1 ; $i <= $range_count ; $i++)
113
  {
114
- echo '<tr><td>Start IP <input style="width :30%" type ="text" class="mo_wpns_table_textbox" name="start_'.$i.'" value ="'.$start[$i].'" placeholder=" e.g 192.168.0.100" />End IP <input style="width :30%" type ="text" placeholder=" e.g 192.168.0.190" class="mo_wpns_table_textbox" value="'.$end[$i].'" name="end_'.$i.'"/></td></tr>';
115
  }
116
  echo '
117
  </table>
@@ -131,7 +131,7 @@ echo '
131
  <input type="hidden" name="option" value="mo_wpns_enable_htaccess_blocking">
132
  <b style="padding-right:10px;">Enable htaccess level security</b>
133
  <label class="mo_wpns_switch_small">
134
- <input type="checkbox" name="mo_wpns_enable_htaccess_blocking" '.$htaccess_block.' onchange="document.getElementById(\'mo_wpns_enable_htaccess_blocking\').submit();">
135
  <span class="mo_wpns_slider_small mo_wpns_round_small"></span>
136
  </label>
137
  </form>
@@ -146,7 +146,7 @@ echo '
146
  <input type="hidden" name="option" value="mo_wpns_enable_user_agent_blocking">
147
  <b style="padding-right:10px;">Enable Browser Blocking</b>
148
  <label class="mo_wpns_switch_small">
149
- <input type="checkbox" name="mo_wpns_enable_user_agent_blocking" '.$user_agent.' onchange="document.getElementById(\'mo_wpns_enable_user_agent_blocking\').submit();">
150
  <span class="mo_wpns_slider_small mo_wpns_round_small"></span>
151
  </label>
152
  </form><br>
@@ -155,14 +155,14 @@ echo '
155
  <input type="hidden" name="option" value="mo_wpns_browser_blocking">
156
  <table style="width:100%">
157
  <tr>
158
- <td width="33%"><input type="checkbox" name="mo_wpns_block_chrome" '.$block_chrome.' > Google Chrome '.($current_browser=='chrome' ? MoWpnsConstants::CURRENT_BROWSER : "").'</td>
159
- <td width="33%"><input type="checkbox" name="mo_wpns_block_firefox" '.$block_firefox.' > Firefox '.($current_browser=='firefox' ? MoWpnsConstants::CURRENT_BROWSER : "").'</td>
160
- <td width="33%"><input type="checkbox" name="mo_wpns_block_ie" '.$block_ie.' > Internet Explorer '.($current_browser=='ie' ? MoWpnsConstants::CURRENT_BROWSER : "").'</td>
161
  </tr>
162
  <tr>
163
- <td width="33%"><input type="checkbox" name="mo_wpns_block_safari" '.$block_safari.' > Safari '.($current_browser=='safari' ? MoWpnsConstants::CURRENT_BROWSER : "").'</td>
164
- <td width="33%"><input type="checkbox" name="mo_wpns_block_opera" '.$block_opera.' > Opera '.($current_browser=='opera' ? MoWpnsConstants::CURRENT_BROWSER : "").'</td>
165
- <td width="33%"><input type="checkbox" name="mo_wpns_block_edge" '.$block_edge.' > Microsoft Edge '.($current_browser=='edge' ? MoWpnsConstants::CURRENT_BROWSER : "").'</td>
166
  </tr>
167
  </table>
168
  <br>
@@ -182,7 +182,7 @@ echo '
182
  $count=1;
183
  foreach($referrers as $referrer)
184
  {
185
- echo '<tr><td style="width:300px"><input style="padding:0px 10px" class="mo_wpns_table_textbox" type="text" name="referrer_'.$count.'"
186
  value="'.esc_url($referrer).'" placeholder=" e.g google.com" /></td></tr>';
187
  $count++;
188
  }
@@ -202,7 +202,7 @@ echo' </table>
202
  <table id="countryblockingtable" style="width:100%">';
203
 
204
  foreach($country as $key => $value)
205
- echo '<tr class="one-third"><td><input type="checkbox" name="'.$key.'"/ >'.$value.'</td></tr>';
206
 
207
  echo' </table><br>
208
  <input type="submit" class="button button-primary button-large" value="Save" />
@@ -212,7 +212,7 @@ echo' </table><br>
212
  </div>
213
  <script>
214
  jQuery( document ).ready(function() {
215
- var countrycodes = "'.$codes.'";
216
  var countrycodesarray = countrycodes.split(";");
217
  for (i = 0; i < countrycodesarray.length; i++) {
218
  if(countrycodesarray[i]!="")
@@ -282,7 +282,7 @@ jQuery('#BlockIP').click(function(){
282
 
283
  var ip = jQuery('#ManuallyBlockIP').val();
284
 
285
- var nonce = '<?php echo wp_create_nonce("manualIPBlockingNonce");?>';
286
  if(ip != '')
287
  {
288
  var data = {
@@ -327,7 +327,7 @@ jQuery('#WhiteListIP').click(function(){
327
 
328
  var ip = jQuery('#IPWhitelist').val();
329
 
330
- var nonce = '<?php echo wp_create_nonce("IPWhiteListingNonce");?>';
331
  if(ip != '')
332
  {
333
  var data = {
@@ -373,7 +373,7 @@ jQuery("#whitelistedips_table").DataTable({
373
  jQuery('#LookupIP').click(function(){
374
  jQuery('#resultsIPLookup').empty();
375
  var ipAddress = jQuery('#ipAddresslookup').val();
376
- var nonce = '<?php echo wp_create_nonce("IPLookUPNonce");?>';
377
  jQuery("#resultsIPLookup").empty();
378
  jQuery("#resultsIPLookup").append("<img src='<?php if(isset($img_loader_url))echo esc_url($img_loader_url);?>'>");
379
  jQuery("#resultsIPLookup").slideDown(400);
@@ -408,7 +408,7 @@ jQuery('#LookupIP').click(function(){
408
  });
409
 
410
  function unblockip(id) {
411
- var nonce = '<?php echo wp_create_nonce("manualIPBlockingNonce");?>';
412
  if(id != '')
413
  {
414
  var data = {
@@ -435,7 +435,7 @@ function unblockip(id) {
435
  }
436
  function removefromwhitelist(id)
437
  {
438
- var nonce = '<?php echo wp_create_nonce("IPWhiteListingNonce");?>';
439
  if(id != '')
440
  {
441
  var data = {
43
  echo "<span class=redtext>Permanently</span>";
44
  else
45
  echo date("M j, Y, g:i:s a",esc_attr($blockedip->blocked_for_time));
46
+ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a ".esc_html($disabled)." onclick=unblockip('".esc_attr($blockedip->id)."')>Unblock IP</a></td></tr>";
47
  }
48
  ?>
49
  </tbody>
69
  <?php
70
  foreach($whitelisted_ips as $whitelisted_ip)
71
  {
72
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($whitelisted_ip->ip_address)."</td><td>".date("M j, Y, g:i:s a",$whitelisted_ip->created_timestamp)."</td><td><a ".esc_html($disabled)." onclick=removefromwhitelist('".esc_html($whitelisted_ip->id)."')>Remove</a></td></tr>";
73
  }
74
 
75
  echo' </tbody>
111
  ';
112
  for($i = 1 ; $i <= $range_count ; $i++)
113
  {
114
+ echo '<tr><td>Start IP <input style="width :30%" type ="text" class="mo_wpns_table_textbox" name="start_'.intval(esc_html($i)).'" value ="'.esc_html($start[$i]).'" placeholder=" e.g 192.168.0.100" />End IP <input style="width :30%" type ="text" placeholder=" e.g 192.168.0.190" class="mo_wpns_table_textbox" value="'.esc_html($end[$i]).'" name="end_'.intval(esc_html($i)).'"/></td></tr>';
115
  }
116
  echo '
117
  </table>
131
  <input type="hidden" name="option" value="mo_wpns_enable_htaccess_blocking">
132
  <b style="padding-right:10px;">Enable htaccess level security</b>
133
  <label class="mo_wpns_switch_small">
134
+ <input type="checkbox" name="mo_wpns_enable_htaccess_blocking" '.esc_html($htaccess_block).' onchange="document.getElementById(\'mo_wpns_enable_htaccess_blocking\').submit();">
135
  <span class="mo_wpns_slider_small mo_wpns_round_small"></span>
136
  </label>
137
  </form>
146
  <input type="hidden" name="option" value="mo_wpns_enable_user_agent_blocking">
147
  <b style="padding-right:10px;">Enable Browser Blocking</b>
148
  <label class="mo_wpns_switch_small">
149
+ <input type="checkbox" name="mo_wpns_enable_user_agent_blocking" '.esc_html($user_agent).' onchange="document.getElementById(\'mo_wpns_enable_user_agent_blocking\').submit();">
150
  <span class="mo_wpns_slider_small mo_wpns_round_small"></span>
151
  </label>
152
  </form><br>
155
  <input type="hidden" name="option" value="mo_wpns_browser_blocking">
156
  <table style="width:100%">
157
  <tr>
158
+ <td width="33%"><input type="checkbox" name="mo_wpns_block_chrome" '.esc_html($block_chrome).' > Google Chrome '.($current_browser=='chrome' ? wp_kses_post(MoWpnsConstants::CURRENT_BROWSER) : "").'</td>
159
+ <td width="33%"><input type="checkbox" name="mo_wpns_block_firefox" '.esc_html($block_firefox).' > Firefox '.($current_browser=='firefox' ? wp_kses_post(MoWpnsConstants::CURRENT_BROWSER) : "").'</td>
160
+ <td width="33%"><input type="checkbox" name="mo_wpns_block_ie" '.esc_html($block_ie).' > Internet Explorer '.($current_browser=='ie' ? wp_kses_post(MoWpnsConstants::CURRENT_BROWSER) : "").'</td>
161
  </tr>
162
  <tr>
163
+ <td width="33%"><input type="checkbox" name="mo_wpns_block_safari" '.esc_html($block_safari).' > Safari '.($current_browser=='safari' ? wp_kses_post(MoWpnsConstants::CURRENT_BROWSER) : "").'</td>
164
+ <td width="33%"><input type="checkbox" name="mo_wpns_block_opera" '.esc_html($block_opera).' > Opera '.($current_browser=='opera' ? wp_kses_post(MoWpnsConstants::CURRENT_BROWSER) : "").'</td>
165
+ <td width="33%"><input type="checkbox" name="mo_wpns_block_edge" '.esc_html($block_edge).' > Microsoft Edge '.($current_browser=='edge' ? wp_kses_post(MoWpnsConstants::CURRENT_BROWSER) : "").'</td>
166
  </tr>
167
  </table>
168
  <br>
182
  $count=1;
183
  foreach($referrers as $referrer)
184
  {
185
+ echo '<tr><td style="width:300px"><input style="padding:0px 10px" class="mo_wpns_table_textbox" type="text" name="referrer_'.intval(esc_html($count)).'"
186
  value="'.esc_url($referrer).'" placeholder=" e.g google.com" /></td></tr>';
187
  $count++;
188
  }
202
  <table id="countryblockingtable" style="width:100%">';
203
 
204
  foreach($country as $key => $value)
205
+ echo '<tr class="one-third"><td><input type="checkbox" name="'.esc_html($key).'"/ >'.esc_html($value).'</td></tr>';
206
 
207
  echo' </table><br>
208
  <input type="submit" class="button button-primary button-large" value="Save" />
212
  </div>
213
  <script>
214
  jQuery( document ).ready(function() {
215
+ var countrycodes = "'.esc_html($codes).'";
216
  var countrycodesarray = countrycodes.split(";");
217
  for (i = 0; i < countrycodesarray.length; i++) {
218
  if(countrycodesarray[i]!="")
282
 
283
  var ip = jQuery('#ManuallyBlockIP').val();
284
 
285
+ var nonce = '<?php echo esc_html(wp_create_nonce("manualIPBlockingNonce"));?>';
286
  if(ip != '')
287
  {
288
  var data = {
327
 
328
  var ip = jQuery('#IPWhitelist').val();
329
 
330
+ var nonce = '<?php echo esc_html(wp_create_nonce("IPWhiteListingNonce"));?>';
331
  if(ip != '')
332
  {
333
  var data = {
373
  jQuery('#LookupIP').click(function(){
374
  jQuery('#resultsIPLookup').empty();
375
  var ipAddress = jQuery('#ipAddresslookup').val();
376
+ var nonce = '<?php echo esc_html(wp_create_nonce("IPLookUPNonce"));?>';
377
  jQuery("#resultsIPLookup").empty();
378
  jQuery("#resultsIPLookup").append("<img src='<?php if(isset($img_loader_url))echo esc_url($img_loader_url);?>'>");
379
  jQuery("#resultsIPLookup").slideDown(400);
408
  });
409
 
410
  function unblockip(id) {
411
+ var nonce = '<?php echo esc_html(wp_create_nonce("manualIPBlockingNonce"));?>';
412
  if(id != '')
413
  {
414
  var data = {
435
  }
436
  function removefromwhitelist(id)
437
  {
438
+ var nonce = '<?php echo esc_html(wp_create_nonce("IPWhiteListingNonce"));?>';
439
  if(id != '')
440
  {
441
  var data = {
views/backup/backup_created_report.php CHANGED
@@ -30,9 +30,9 @@
30
  echo "<td style=text-align:center>Local</td>";
31
  echo "<td><form action='' method='POST' enctype='multipart/form-data'>
32
  <input type='hidden' value='mo_wpns_backup_download' name='option' />
33
- <input type='hidden' value=".esc_attr($file_name)."/".esc_attr($id)." name='file_name' />
34
- <input type='hidden' value=".esc_attr($file_path)." name='file_path' />
35
- <input type='hidden' value=".$nonce." name='download_nonce'/>
36
  <input type='submit' value='Download' name='download' class='upload btn btn-info btn-xs'>
37
  </form>
38
  </td>";
@@ -52,7 +52,7 @@ function backup_delete(elmt, file_path,file_name,id){
52
  'file_name':file_name,
53
  'folder_name':file_path,
54
  'id' :id,
55
- 'nonce' : '<?php echo wp_create_nonce("delete_entry");?>',
56
 
57
  };
58
 
30
  echo "<td style=text-align:center>Local</td>";
31
  echo "<td><form action='' method='POST' enctype='multipart/form-data'>
32
  <input type='hidden' value='mo_wpns_backup_download' name='option' />
33
+ <input type='hidden' value=".esc_html($file_name)."/".esc_html($id)." name='file_name' />
34
+ <input type='hidden' value=".esc_html($file_path)." name='file_path' />
35
+ <input type='hidden' value=".esc_html($nonce)." name='download_nonce'/>
36
  <input type='submit' value='Download' name='download' class='upload btn btn-info btn-xs'>
37
  </form>
38
  </td>";
52
  'file_name':file_name,
53
  'folder_name':file_path,
54
  'id' :id,
55
+ 'nonce' : '<?php echo esc_html(wp_create_nonce("delete_entry"));?>',
56
 
57
  };
58
 
views/backup/backup_schdule.php CHANGED
@@ -114,7 +114,7 @@ add_action('admin_footer','mo_wpns_schedule_backup');
114
 
115
  <br>
116
  <p class="text_size">After checking the <b>enable backup schedule</b> checkbox, a backup will be created once you click on save setting and another backup will be created automatically after the scheduled time you select.</p>
117
- <input type = "hidden" id = "wpns_schedule_backup_url" value="<?php echo wp_create_nonce('wpns-schedule-backup') ?>" >
118
  <input type="button" class="mo_wpns_scan_button" name="save_schedule_settings" id="save_schedule_settings" value ="Save Settings" style="width:120px;" />
119
 
120
 
114
 
115
  <br>
116
  <p class="text_size">After checking the <b>enable backup schedule</b> checkbox, a backup will be created once you click on save setting and another backup will be created automatically after the scheduled time you select.</p>
117
+ <input type = "hidden" id = "wpns_schedule_backup_url" value="<?php echo esc_html(wp_create_nonce('wpns-schedule-backup')) ?>" >
118
  <input type="button" class="mo_wpns_scan_button" name="save_schedule_settings" id="save_schedule_settings" value ="Save Settings" style="width:120px;" />
119
 
120
 
views/backup/backup_setting_view.php CHANGED
@@ -26,7 +26,7 @@
26
  <tr>
27
  <td style="width: 30%"></td>
28
  <td>
29
- <input type = "hidden" id = "wpns_backup_settings_url" value="<?php echo wp_create_nonce('wpns-backup-settings') ?>" >
30
  <input type="button" name="save_backup_settings" id="save_backup_settings" value ="Take Backup" style="width:120px;" class="mo_wpns_scan_button" />
31
 
32
  </td>
26
  <tr>
27
  <td style="width: 30%"></td>
28
  <td>
29
+ <input type = "hidden" id = "wpns_backup_settings_url" value="<?php echo esc_html(wp_create_nonce('wpns-backup-settings')) ?>" >
30
  <input type="button" name="save_backup_settings" id="save_backup_settings" value ="Take Backup" style="width:120px;" class="mo_wpns_scan_button" />
31
 
32
  </td>
views/change-password.php CHANGED
@@ -21,7 +21,7 @@ echo' </head>
21
  <a class="close" href="#" onclick="window.location.href = window.location.protocol +\'//\'+ window.location.host + window.location.pathname;" >'.sprintf( __( "&larr; Go Back" )).'</a>
22
  </div>
23
  <div class="mo_wpns_modal_body center">
24
- <div class="modal_err_message" id="error_message">'.$message.'</div>
25
  A new security system has been enabled for you.
26
  It is recommended for you to use a stronger password. Please update your password.';
27
  if(!empty($username))
@@ -29,8 +29,8 @@ echo' </head>
29
  echo' <div class="mo_wpns_login_container">
30
  <form name="f" method="post" action="" id="change_password_form">
31
  <input type="hidden" name="option" value="mo_wpns_change_password" />
32
- <input type="hidden" name="username" value="'.$username.'" />
33
- <input type="hidden" name="password" value="'.$password.'" />
34
  <input type="password" name="new_password" id="new_password" class="mo_wpns_textbox" placeholder="New Password" />
35
  <input type="password" name="confirm_password" id="confirm_password" class="mo_wpns_textbox" placeholder="Confirm Password" />
36
  <input type="submit" name="change_password_btn" id="change_password_btn" class="btn" value="Update Password" />
21
  <a class="close" href="#" onclick="window.location.href = window.location.protocol +\'//\'+ window.location.host + window.location.pathname;" >'.sprintf( __( "&larr; Go Back" )).'</a>
22
  </div>
23
  <div class="mo_wpns_modal_body center">
24
+ <div class="modal_err_message" id="error_message">'.esc_attr($message).'</div>
25
  A new security system has been enabled for you.
26
  It is recommended for you to use a stronger password. Please update your password.';
27
  if(!empty($username))
29
  echo' <div class="mo_wpns_login_container">
30
  <form name="f" method="post" action="" id="change_password_form">
31
  <input type="hidden" name="option" value="mo_wpns_change_password" />
32
+ <input type="hidden" name="username" value="'.esc_html($username).'" />
33
+ <input type="hidden" name="password" value="'.esc_html($password).'" />
34
  <input type="password" name="new_password" id="new_password" class="mo_wpns_textbox" placeholder="New Password" />
35
  <input type="password" name="confirm_password" id="confirm_password" class="mo_wpns_textbox" placeholder="Confirm Password" />
36
  <input type="submit" name="change_password_btn" id="change_password_btn" class="btn" value="Update Password" />
views/common-elements.php CHANGED
@@ -19,7 +19,7 @@
19
  echo "<tr><td>".esc_attr($usertranscation->ip_address)."</td><td>".esc_attr($usertranscation->username)."</td><td>";
20
  if($usertranscation->status==MoWpnsConstants::FAILED || $usertranscation->status==MoWpnsConstants::PAST_FAILED)
21
  echo "<span style=color:red>".esc_attr(MoWpnsConstants::FAILED)."</span>";
22
- else if($usertranscation->status==MoWpnsConstants::SUCCESS)
23
  echo "<span style=color:green>".esc_attr(MoWpnsConstants::SUCCESS)."</span>";
24
  else
25
  echo "N/A";
@@ -74,7 +74,7 @@
74
  {
75
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
76
  wp_enqueue_script( 'mo2f_catpcha_js' );
77
- echo '<div class="g-recaptcha" data-sitekey="'.get_option("mo_wpns_recaptcha_site_key").'"></div>';
78
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
79
  }
80
 
@@ -93,7 +93,7 @@
93
  echo '<div style="font-family:\'Open Sans\',sans-serif;margin:0px auto;width:303px;text-align:center;">
94
  <br><br><h2>Test google reCAPTCHA keys</h2>
95
  <form method="post">
96
- <div class="g-recaptcha" data-sitekey="'.get_option('mo_wpns_recaptcha_site_key').'"></div>
97
  <br><input class="mo2f_test_captcha_button" type="submit" value="Test Keys" class="button button-primary button-large">
98
  </form>
99
  </div>';
@@ -130,7 +130,7 @@
130
  <script>
131
 
132
  grecaptcha.ready(function() {
133
- var sitek = ""+"<?php echo get_option("mo_wpns_recaptcha_site_key_v3");?>";
134
  grecaptcha.execute(sitek, {action:"homepage"}).
135
  then(function(token) {
136
  document.getElementById("g-recaptcha-response").value=token;
19
  echo "<tr><td>".esc_attr($usertranscation->ip_address)."</td><td>".esc_attr($usertranscation->username)."</td><td>";
20
  if($usertranscation->status==MoWpnsConstants::FAILED || $usertranscation->status==MoWpnsConstants::PAST_FAILED)
21
  echo "<span style=color:red>".esc_attr(MoWpnsConstants::FAILED)."</span>";
22
+ elseif($usertranscation->status==MoWpnsConstants::SUCCESS)
23
  echo "<span style=color:green>".esc_attr(MoWpnsConstants::SUCCESS)."</span>";
24
  else
25
  echo "N/A";
74
  {
75
  wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
76
  wp_enqueue_script( 'mo2f_catpcha_js' );
77
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
78
  echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
79
  }
80
 
93
  echo '<div style="font-family:\'Open Sans\',sans-serif;margin:0px auto;width:303px;text-align:center;">
94
  <br><br><h2>Test google reCAPTCHA keys</h2>
95
  <form method="post">
96
+ <div class="g-recaptcha" data-sitekey="'.esc_html(get_option('mo_wpns_recaptcha_site_key')).'"></div>
97
  <br><input class="mo2f_test_captcha_button" type="submit" value="Test Keys" class="button button-primary button-large">
98
  </form>
99
  </div>';
130
  <script>
131
 
132
  grecaptcha.ready(function() {
133
+ var sitek = ""+"<?php echo esc_html(get_option("mo_wpns_recaptcha_site_key_v3"));?>";
134
  grecaptcha.execute(sitek, {action:"homepage"}).
135
  then(function(token) {
136
  document.getElementById("g-recaptcha-response").value=token;
views/content-protection.php CHANGED
@@ -7,7 +7,7 @@
7
  <form id="mo_wpns_content_protection" method="post" action="">
8
  <input type="hidden" name="option" value="mo_wpns_content_protection">
9
  <p><input type="checkbox" name="restrictAPI" '.esc_html($restAPI).'/><b>Restrict Public Access to WP REST API to get usernames of all your users.</b><span style="color:green;font-weight:bold;">&nbsp;&nbsp;(Recommended)</span> &nbsp;&nbsp; <a href="'.esc_url($restAPI_link).'" target="_blank" style="text-decoration:none">( Test it )</a></p>
10
- <p>On this website, the REST API root is <b> '.rest_url().'</b><br>
11
  This Prevents unauthorized access of usernames of your users by blocking the following API ('.esc_url($restAPI_link).') .<br> <b>Note:</b> If you are looking for blocking more WordPress Rest APIs please check out the following plugin - <a href="'.esc_url($restApiPlugin).'" target="_blank" style="text-decoration:none">WordPress REST API Authentication</a>
12
  </p>
13
  <hr>
7
  <form id="mo_wpns_content_protection" method="post" action="">
8
  <input type="hidden" name="option" value="mo_wpns_content_protection">
9
  <p><input type="checkbox" name="restrictAPI" '.esc_html($restAPI).'/><b>Restrict Public Access to WP REST API to get usernames of all your users.</b><span style="color:green;font-weight:bold;">&nbsp;&nbsp;(Recommended)</span> &nbsp;&nbsp; <a href="'.esc_url($restAPI_link).'" target="_blank" style="text-decoration:none">( Test it )</a></p>
10
+ <p>On this website, the REST API root is <b> '.esc_url(rest_url()).'</b><br>
11
  This Prevents unauthorized access of usernames of your users by blocking the following API ('.esc_url($restAPI_link).') .<br> <b>Note:</b> If you are looking for blocking more WordPress Rest APIs please check out the following plugin - <a href="'.esc_url($restApiPlugin).'" target="_blank" style="text-decoration:none">WordPress REST API Authentication</a>
12
  </p>
13
  <hr>
views/dashboard.php CHANGED
@@ -40,7 +40,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
40
  <h3 style="text-align:center;margin-right:4.5%;">Enable All
41
  <label class="mo_wpns_switch">
42
  <input type="hidden" name="option" value="tab_all_switch"/>
43
- <input type=checkbox id="switch_all" name="switch_val" value="1" '.$all_on.' />
44
  <span class="mo_wpns_slider mo_wpns_round"></span>
45
  </label>
46
  </h3>
@@ -54,7 +54,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
54
  if($two_fa_toggle){
55
  echo ' <label class="mo_wpns_switch" style="float: right">
56
  <input type="hidden" name="option" value="tab_2fa_switch"/>
57
- <input type=checkbox id="switch_2fa" name="switch_val" value="1" '.$two_fa_on.' />
58
  <span class="mo_wpns_slider mo_wpns_round"></span>
59
  </label>';
60
  }else{
@@ -76,7 +76,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
76
  <h3 align="center">Web Application Firewall (WAF)
77
  <label class="mo_wpns_switch" style="float: right">
78
  <input type="hidden" name="option" value="tab_waf_switch"/>
79
- <input type=checkbox id="switch_WAF" name="switch_val" value="1" '.$waf_on.' />
80
  <span class="mo_wpns_slider mo_wpns_round"></span>
81
  </label>
82
  </h3>
@@ -94,7 +94,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
94
  <h3 align="center">Login and Spam
95
  <label class="mo_wpns_switch" style="float: right">
96
  <input type="hidden" name="option" value="tab_login_switch"/>
97
- <input type=checkbox id="switch_login_spam" name="switch_val" value="1" ' .$login_spam_on. ' />
98
  <span class="mo_wpns_slider mo_wpns_round"></span>
99
  </label>
100
  </h3>
@@ -115,7 +115,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
115
  <h3>Encrypted Backup
116
  <label class="mo_wpns_switch" style="float: right">
117
  <input type="hidden" name="option" value="tab_backup_switch"/>
118
- <input type=checkbox id="switch_backup" name="switch_val" value="1" ' .$backup_on. '/>
119
  <span class="mo_wpns_slider mo_wpns_round"></span>
120
  </label>
121
  </h3>
@@ -132,7 +132,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
132
  <h3>Malware Scan
133
  <label class="mo_wpns_switch" style="float: right">
134
  <input type="hidden" name="option" value="tab_malware_switch"/>
135
- <input type=checkbox id="switch_malware" name="switch_val" value="1" ' .$malware_on. ' />
136
  <span class="mo_wpns_slider mo_wpns_round"></span>
137
  </label>
138
  </h3>
@@ -150,7 +150,7 @@ echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximu
150
  <h3>IP Blocking
151
  <label class="mo_wpns_switch" style="float: right">
152
  <input type="hidden" name="option" value="tab_block_switch"/>
153
- <input type=checkbox id="switch_adv_block" name="switch_val" value="1" ' .$adv_block_on. '/>
154
  <span class="mo_wpns_slider mo_wpns_round"></span>
155
  </label>
156
  </h3>
40
  <h3 style="text-align:center;margin-right:4.5%;">Enable All
41
  <label class="mo_wpns_switch">
42
  <input type="hidden" name="option" value="tab_all_switch"/>
43
+ <input type=checkbox id="switch_all" name="switch_val" value="1" '.esc_html($all_on).' />
44
  <span class="mo_wpns_slider mo_wpns_round"></span>
45
  </label>
46
  </h3>
54
  if($two_fa_toggle){
55
  echo ' <label class="mo_wpns_switch" style="float: right">
56
  <input type="hidden" name="option" value="tab_2fa_switch"/>
57
+ <input type=checkbox id="switch_2fa" name="switch_val" value="1" '.esc_html($two_fa_on).' />
58
  <span class="mo_wpns_slider mo_wpns_round"></span>
59
  </label>';
60
  }else{
76
  <h3 align="center">Web Application Firewall (WAF)
77
  <label class="mo_wpns_switch" style="float: right">
78
  <input type="hidden" name="option" value="tab_waf_switch"/>
79
+ <input type=checkbox id="switch_WAF" name="switch_val" value="1" '.esc_html($waf_on).' />
80
  <span class="mo_wpns_slider mo_wpns_round"></span>
81
  </label>
82
  </h3>
94
  <h3 align="center">Login and Spam
95
  <label class="mo_wpns_switch" style="float: right">
96
  <input type="hidden" name="option" value="tab_login_switch"/>
97
+ <input type=checkbox id="switch_login_spam" name="switch_val" value="1" ' .esc_html($login_spam_on). ' />
98
  <span class="mo_wpns_slider mo_wpns_round"></span>
99
  </label>
100
  </h3>
115
  <h3>Encrypted Backup
116
  <label class="mo_wpns_switch" style="float: right">
117
  <input type="hidden" name="option" value="tab_backup_switch"/>
118
+ <input type=checkbox id="switch_backup" name="switch_val" value="1" ' .esc_html($backup_on). '/>
119
  <span class="mo_wpns_slider mo_wpns_round"></span>
120
  </label>
121
  </h3>
132
  <h3>Malware Scan
133
  <label class="mo_wpns_switch" style="float: right">
134
  <input type="hidden" name="option" value="tab_malware_switch"/>
135
+ <input type=checkbox id="switch_malware" name="switch_val" value="1" ' .esc_html($malware_on). ' />
136
  <span class="mo_wpns_slider mo_wpns_round"></span>
137
  </label>
138
  </h3>
150
  <h3>IP Blocking
151
  <label class="mo_wpns_switch" style="float: right">
152
  <input type="hidden" name="option" value="tab_block_switch"/>
153
+ <input type=checkbox id="switch_adv_block" name="switch_val" value="1" ' .esc_html($adv_block_on). '/>
154
  <span class="mo_wpns_slider mo_wpns_round"></span>
155
  </label>
156
  </h3>
views/email-IPaddress.php CHANGED
@@ -6,13 +6,19 @@ $IPaddress = $moWpnsUtility->get_client_ip();
6
  $IPaddress = sanitize_text_field( $IPaddress );
7
  $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$IPaddress);
8
 
 
 
9
 
10
  if( !is_wp_error( $result ) ) {
11
- $result=wp_remote_retrieve_body( $result);
 
 
 
 
 
 
12
  }
13
 
14
- $mo2f_cityName=isset($result["geoplugin_city"])?$result["geoplugin_city"]:'-';
15
- $mo2f_Country=isset($result["geoplugin_countryName"])?$result["geoplugin_countryName"]:'-';
16
 
17
  $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
18
  $hostname = get_site_url();
6
  $IPaddress = sanitize_text_field( $IPaddress );
7
  $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$IPaddress);
8
 
9
+ $mo2f_cityName='-';
10
+ $mo2f_Country='-';
11
 
12
  if( !is_wp_error( $result ) ) {
13
+ try{
14
+ $result=wp_remote_retrieve_body( $result);
15
+ $mo2f_cityName=isset($result["geoplugin_city"])?$result["geoplugin_city"]:'-';
16
+ $mo2f_Country=isset($result["geoplugin_countryName"])?$result["geoplugin_countryName"]:'-';
17
+ }catch(Exception $e){
18
+
19
+ }
20
  }
21
 
 
 
22
 
23
  $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
24
  $hostname = get_site_url();
views/login-security.php CHANGED
@@ -36,7 +36,7 @@ echo' <form id="mo_wpns_enable_brute_force_form" method="post" action="">
36
  <option value="hours" '.($time_of_blocking_type=="hours" ? "selected" : "").'>Hours</option>
37
  </select>
38
  </td>
39
- <td><input class="mo_wpns_table_textbox '.($time_of_blocking_type=="permanent" ? "hidden" : "").' type="number" id="time_of_blocking_val" name="time_of_blocking_val" value="'.$time_of_blocking_val.'" placeholder="How many?" /></td>
40
  </tr>
41
  <tr>
42
  <td>Show remaining login attempts to user : </td>
@@ -46,7 +46,7 @@ echo' <form id="mo_wpns_enable_brute_force_form" method="post" action="">
46
  <tr>
47
  <td></td>
48
  <td><br>
49
- <input type="hidden" id="brute_nonce" value ="'. wp_create_nonce("wpns-brute-force").'" />
50
  <input type="button" style="width:100px;" value="Save" class="button button-primary button-large" id="mo_bf_save_button">
51
  </td>
52
  <td></td>
@@ -68,7 +68,7 @@ echo'
68
 
69
  echo' <form id="mo_wpns_recaptcha_settings" method="post" action="">
70
  <div style="padding: 5px;">
71
- <input id="enable_captcha" type="checkbox" name="enable_captcha" '.$google_recaptcha.'>
72
  Enable reCAPTCHA</div>
73
  <p>Select your preferred version of the reCAPTCHA:</p>
74
  <div style="padding: 5px;">
@@ -99,13 +99,13 @@ echo' <p>Before you can use reCAPTCHA, you need to register your domai
99
  <input id="reg_captcha" style="margin-left:10px" type="checkbox" name="mo_wpns_activate_recaptcha_for_registration" '.esc_html($captcha_reg).' > Registration form</td>
100
  </tr>
101
  </table><br/>
102
- <input type="hidden" id="captcha_nonce" value = "'.wp_create_nonce("wpns-captcha").'">
103
  <input id="captcha_button" type="button" value="Save Settings" class="button button-primary button-large" />
104
  <input type="button" value="Test reCAPTCHA Configuration" onclick="testcaptchaConfiguration()" class="button button-primary button-large" />
105
 
106
  </form> </div>';?>
107
  <script>
108
- var recaptcha_version ="<?php echo get_option('mo_wpns_recaptcha_version');?>";
109
  if(recaptcha_version=='reCAPTCHA_v3')
110
  jQuery('input:radio[name="gcaptchatype"]').filter('[value="reCAPTCHA_v3"]').attr('checked', true);
111
  else if(recaptcha_version=='reCAPTCHA_v2')
@@ -114,13 +114,13 @@ echo' <p>Before you can use reCAPTCHA, you need to register your domai
114
  var captcha_version=jQuery("input[name='gcaptchatype']:checked").val();
115
 
116
  if(captcha_version=='reCAPTCHA_v3'){
117
- jQuery("#captcha_site_key").val("<?php echo get_option('mo_wpns_recaptcha_site_key_v3'); ?>");
118
- jQuery("#captcha_secret_key").val("<?php echo get_option('mo_wpns_recaptcha_secret_key_v3'); ?>");
119
  }
120
  else if(captcha_version=='reCAPTCHA_v2') {
121
 
122
- jQuery("#captcha_site_key").val("<?php echo get_option('mo_wpns_recaptcha_site_key'); ?>");
123
- jQuery("#captcha_secret_key").val("<?php echo get_option('mo_wpns_recaptcha_secret_key'); ?>");
124
  }
125
  })
126
  </script>
36
  <option value="hours" '.($time_of_blocking_type=="hours" ? "selected" : "").'>Hours</option>
37
  </select>
38
  </td>
39
+ <td><input class="mo_wpns_table_textbox '.($time_of_blocking_type=="permanent" ? "hidden" : "").' type="number" id="time_of_blocking_val" name="time_of_blocking_val" value="'.esc_html($time_of_blocking_val).'" placeholder="How many?" /></td>
40
  </tr>
41
  <tr>
42
  <td>Show remaining login attempts to user : </td>
46
  <tr>
47
  <td></td>
48
  <td><br>
49
+ <input type="hidden" id="brute_nonce" value ="'. esc_html(wp_create_nonce("wpns-brute-force")).'" />
50
  <input type="button" style="width:100px;" value="Save" class="button button-primary button-large" id="mo_bf_save_button">
51
  </td>
52
  <td></td>
68
 
69
  echo' <form id="mo_wpns_recaptcha_settings" method="post" action="">
70
  <div style="padding: 5px;">
71
+ <input id="enable_captcha" type="checkbox" name="enable_captcha" '.esc_html($google_recaptcha).'>
72
  Enable reCAPTCHA</div>
73
  <p>Select your preferred version of the reCAPTCHA:</p>
74
  <div style="padding: 5px;">
99
  <input id="reg_captcha" style="margin-left:10px" type="checkbox" name="mo_wpns_activate_recaptcha_for_registration" '.esc_html($captcha_reg).' > Registration form</td>
100
  </tr>
101
  </table><br/>
102
+ <input type="hidden" id="captcha_nonce" value = "'.esc_html(wp_create_nonce("wpns-captcha")).'">
103
  <input id="captcha_button" type="button" value="Save Settings" class="button button-primary button-large" />
104
  <input type="button" value="Test reCAPTCHA Configuration" onclick="testcaptchaConfiguration()" class="button button-primary button-large" />
105
 
106
  </form> </div>';?>
107
  <script>
108
+ var recaptcha_version ="<?php echo esc_html(get_option('mo_wpns_recaptcha_version'));?>";
109
  if(recaptcha_version=='reCAPTCHA_v3')
110
  jQuery('input:radio[name="gcaptchatype"]').filter('[value="reCAPTCHA_v3"]').attr('checked', true);
111
  else if(recaptcha_version=='reCAPTCHA_v2')
114
  var captcha_version=jQuery("input[name='gcaptchatype']:checked").val();
115
 
116
  if(captcha_version=='reCAPTCHA_v3'){
117
+ jQuery("#captcha_site_key").val("<?php echo esc_html(get_option('mo_wpns_recaptcha_site_key_v3')); ?>");
118
+ jQuery("#captcha_secret_key").val("<?php echo esc_html(get_option('mo_wpns_recaptcha_secret_key_v3')); ?>");
119
  }
120
  else if(captcha_version=='reCAPTCHA_v2') {
121
 
122
+ jQuery("#captcha_site_key").val("<?php echo esc_html(get_option('mo_wpns_recaptcha_site_key')); ?>");
123
+ jQuery("#captcha_secret_key").val("<?php echo esc_html(get_option('mo_wpns_recaptcha_secret_key')); ?>");
124
  }
125
  })
126
  </script>
views/malware_scanner/malware_scan.php CHANGED
@@ -11,7 +11,7 @@
11
  <button class="nav-tab" onclick="mo2f_wpns_openTabmalware(this)" id="mo2f_malware_view">Malware Scan Modes</button>
12
  <button class="nav-tab" onclick="mo2f_wpns_openTabmalware(this)" id="mo2f_scan_set">Custom Scan Settings</button>
13
  <button class="nav-tab" onclick="mo2f_wpns_openTabmalware(this)" id="mo2f_report_scan">Scan Reports</button>
14
- <input type = "hidden" id = "wpns_report_nonce" value="<?php echo wp_create_nonce('wpns-report-load') ?>" >
15
  </div>
16
 
17
  <div>
11
  <button class="nav-tab" onclick="mo2f_wpns_openTabmalware(this)" id="mo2f_malware_view">Malware Scan Modes</button>
12
  <button class="nav-tab" onclick="mo2f_wpns_openTabmalware(this)" id="mo2f_scan_set">Custom Scan Settings</button>
13
  <button class="nav-tab" onclick="mo2f_wpns_openTabmalware(this)" id="mo2f_report_scan">Scan Reports</button>
14
+ <input type = "hidden" id = "wpns_report_nonce" value="<?php echo esc_html(wp_create_nonce('wpns-report-load')) ?>" >
15
  </div>
16
 
17
  <div>
views/malware_scanner/scan_report_view.php CHANGED
@@ -20,7 +20,7 @@ function show_scan_details($detailreport, $result, $ignorefiles, $last_scan){
20
  $record = $result[0];
21
  $repo_status_code = MoWpnsConstants::$repo_status_code;
22
  ?>
23
- <div style="float: left;"><b>Total files scanned:</b> <?php echo esc_attr($last_scan); ?><br><b>Malicious files found:</b> <?php echo count(esc_attr($detailreport)); ?></div>
24
  <div style=float:right><b>Scan Time :</b> <?php echo date("M j, Y, g:i:s a", esc_attr($record->start_timestamp)); ?><br><b>Completion Time :</b> <?php echo date("M j, Y, g:i:s a", esc_attr($record->completed_timestamp)); ?></div><br><br><hr><br>
25
  <div width="100%">
26
  <?php
@@ -143,7 +143,7 @@ function show_scan_details($detailreport, $result, $ignorefiles, $last_scan){
143
  $issues = unserialize($report->report);
144
  $filename = $report->filename;
145
  if(isset($issues['extl'])){
146
- echo "<tr><td style=text-align:center>".$filename."</td><td>";
147
  $t='';
148
  for ($i=0; $i <sizeof($issues['extl']) ; $i++) {
149
  $t.= $issues['extl'][$i]['d'];
@@ -234,7 +234,7 @@ function show_scan_report($currenturl, $result){
234
  if(!empty($report->scanned_folders)){
235
  foreach(explode(";",$report->scanned_folders) as $folder){
236
  if(!empty($folder)){
237
- echo $folder."<br>";
238
  }
239
  }
240
  }
@@ -246,7 +246,7 @@ function show_scan_report($currenturl, $result){
246
  }
247
  echo "<span style=color:orange id=warning_files>".esc_html($repo_count+$report->malicious_links)." warnings found</span>";
248
  echo "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
249
- echo "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), esc_url($currenturl) )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), esc_url($currenturl) )."'>Delete</a></td>";
250
  echo "</tr>";
251
 
252
  }
20
  $record = $result[0];
21
  $repo_status_code = MoWpnsConstants::$repo_status_code;
22
  ?>
23
+ <div style="float: left;"><b>Total files scanned:</b> <?php echo esc_attr($last_scan); ?><br><b>Malicious files found:</b> <?php echo esc_html(count($detailreport)); ?></div>
24
  <div style=float:right><b>Scan Time :</b> <?php echo date("M j, Y, g:i:s a", esc_attr($record->start_timestamp)); ?><br><b>Completion Time :</b> <?php echo date("M j, Y, g:i:s a", esc_attr($record->completed_timestamp)); ?></div><br><br><hr><br>
25
  <div width="100%">
26
  <?php
143
  $issues = unserialize($report->report);
144
  $filename = $report->filename;
145
  if(isset($issues['extl'])){
146
+ echo "<tr><td style=text-align:center>".esc_attr($filename)."</td><td>";
147
  $t='';
148
  for ($i=0; $i <sizeof($issues['extl']) ; $i++) {
149
  $t.= $issues['extl'][$i]['d'];
234
  if(!empty($report->scanned_folders)){
235
  foreach(explode(";",$report->scanned_folders) as $folder){
236
  if(!empty($folder)){
237
+ echo esc_attr($folder)."<br>";
238
  }
239
  }
240
  }
246
  }
247
  echo "<span style=color:orange id=warning_files>".esc_html($repo_count+$report->malicious_links)." warnings found</span>";
248
  echo "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
249
+ echo "<td><a href='".esc_url(add_query_arg( array('tab' => 'default', 'view' => $report->id)), esc_url($currenturl) )."'>View Details</a> <a href='".esc_url(add_query_arg( array('tab' => 'default', 'delete' => $report->id), esc_url($currenturl)) )."'>Delete</a></td>";
250
  echo "</tr>";
251
 
252
  }
views/malware_scanner/scan_settings_view.php CHANGED
@@ -52,7 +52,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
52
  <td>
53
  <table style="width:100%" id="skip_folders">
54
  <?php for($i=0;$i<count($mo_wpns_skip_folders_array);$i++){ ?>
55
- <tr><td><input type="text" name="mo_wpns_skip_folders_<?php echo $i;?>" id="mo_wpns_skip_scan_folder_<?php echo $i;?>" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="<?php echo esc_html($mo_wpns_skip_folders_array[$i]);?>" /></td></tr>
56
  <?php }
57
  if($i==0){ ?>
58
  <tr><td><input type="text" name="mo_wpns_skip_folders_0" id="mo_wpns_skip_scan_folder_0" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="" /></td></tr>
@@ -68,10 +68,10 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
68
  <td>
69
  <table style="width:100%" id="white_url">
70
  <?php for($i=0;$i<count($mo_wpns_white_urls_array);$i++){ ?>
71
- <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="<?php echo esc_html($mo_wpns_white_urls_array[$i]);?>" disabled /></td></tr>
72
  <?php }
73
  if($i==0){ ?>
74
- <tr><td><input type="text" name="mo_wpns_white_url_<?php echo $i+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="" disabled /></td></tr>
75
  <?php }
76
  ?>
77
  </table>
@@ -84,10 +84,10 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
84
  <td>
85
  <table style="width:100%" id="sign_custom">
86
  <?php for($i=0;$i<count($mo_wpns_custom_sign_array);$i++){ ?>
87
- <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="<?php echo esc_html($mo_wpns_custom_sign_array[$i]);?>" disabled /></td></tr>
88
  <?php }
89
  if($i==0){ ?>
90
- <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo $i+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="" disabled /></td></tr>
91
  <?php }
92
  ?>
93
  </table>
@@ -96,7 +96,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
96
  </tr>
97
  <tr>
98
  <td></td>
99
- <input type = "hidden" id = "mo_wpns_scan_settings_url" value="<?php echo wp_create_nonce('mo-wpns-scan-settings') ?>" >
100
  <td><br><input type="button" name="Save_malware_config" id="Save_malware_config" style="width:100px;" value="Save" class="mo_wpns_scan_button"> </td>
101
  </tr>
102
  </table>
52
  <td>
53
  <table style="width:100%" id="skip_folders">
54
  <?php for($i=0;$i<count($mo_wpns_skip_folders_array);$i++){ ?>
55
+ <tr><td><input type="text" name="mo_wpns_skip_folders_<?php echo intval(esc_html($i));?>" id="mo_wpns_skip_scan_folder_<?php echo intval(esc_html($i));?>" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="<?php echo esc_html($mo_wpns_skip_folders_array[$i]);?>" /></td></tr>
56
  <?php }
57
  if($i==0){ ?>
58
  <tr><td><input type="text" name="mo_wpns_skip_folders_0" id="mo_wpns_skip_scan_folder_0" class="mo_wpns_table_textbox mo_wpns_count_box" placeholder="comma separated folders full path" style="width:100%;" value="" /></td></tr>
68
  <td>
69
  <table style="width:100%" id="white_url">
70
  <?php for($i=0;$i<count($mo_wpns_white_urls_array);$i++){ ?>
71
+ <tr><td><input type="text" name="mo_wpns_white_url_<?php echo intval(esc_html( $i))+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="<?php echo esc_html($mo_wpns_white_urls_array[$i]);?>" disabled /></td></tr>
72
  <?php }
73
  if($i==0){ ?>
74
+ <tr><td><input type="text" name="mo_wpns_white_url_<?php echo intval(esc_html($i))+1;?>" id="mo_wpns_url_white" class="mo_wpns_table_textbox" placeholder="Enter URLs to be whitelisted" style="width:100%;" value="" disabled /></td></tr>
75
  <?php }
76
  ?>
77
  </table>
84
  <td>
85
  <table style="width:100%" id="sign_custom">
86
  <?php for($i=0;$i<count($mo_wpns_custom_sign_array);$i++){ ?>
87
+ <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo intval(esc_html( $i))+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="<?php echo esc_html($mo_wpns_custom_sign_array[$i]);?>" disabled /></td></tr>
88
  <?php }
89
  if($i==0){ ?>
90
+ <tr><td><input type="text" name="mo_wpns_custom_sign_<?php echo intval(esc_html( $i))+1;?>" id="mo_wpns_sign_custom" class="mo_wpns_table_textbox" placeholder="Enter string or code to be added as custom signature" style="width:100%;" value="" disabled /></td></tr>
91
  <?php }
92
  ?>
93
  </table>
96
  </tr>
97
  <tr>
98
  <td></td>
99
+ <input type = "hidden" id = "mo_wpns_scan_settings_url" value="<?php echo esc_html(wp_create_nonce('mo-wpns-scan-settings')) ?>" >
100
  <td><br><input type="button" name="Save_malware_config" id="Save_malware_config" style="width:100px;" value="Save" class="mo_wpns_scan_button"> </td>
101
  </tr>
102
  </table>
views/malware_scanner/scan_summary_view.php CHANGED
@@ -11,7 +11,7 @@ add_action('admin_footer','mo_wpns_start_scan');
11
  </div>
12
  <div class="mo_wpns_setting_layout" id="scan_status_table">
13
  <div>
14
- <p class="hmdiv">Scan Modes<a href='<?php echo $two_factor_premium_doc['Scan Modes'];?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></p>
15
  </div>
16
  <div style="float: left;">
17
  <p id="scanstatus"></p>
@@ -21,7 +21,7 @@ add_action('admin_footer','mo_wpns_start_scan');
21
  <div class="hdiv"><b>Quick Scan</b></div>
22
  <hr class="line">
23
  <p class="mo_wpns_scan_desc">Quick Scan checks all Plugins, Themes and Core files for Vulnerable Code and SQL Injections using PHP malware signatures.</p>
24
- <input type = "hidden" id = "wpns_scan_nonce" value="<?php echo wp_create_nonce('wpns-scan-nonce') ?>" >
25
  <input id="quick_scan_button" type="button" name="quick_scan_button" class="mo_wpns_scan_button" value="Quick Scan">
26
  </div>
27
  <div class="mo_wpns_sub_scanmode mo_wpns_msdivr mo_wpns_msdivl">
@@ -139,18 +139,18 @@ function mo_wpns_start_scan(){
139
  }
140
 
141
  jQuery(document).ready(function(){
142
- var pop_up = "<?php echo get_site_option('mo_wpns_hide_malware_popup'); ?>";
143
 
144
  var newURL = location.href.split("&")[0];
145
  window.history.pushState('object', document.title, newURL);
146
  scan_progress= "<?php echo esc_html($status);?>";
147
- stop_scan_progress= "<?php echo get_site_option('mo_stop_scan'); ?>";
148
  if(scan_progress=="IN PROGRESS"){
149
  status_progress();
150
  jQuery('input[name="quick_scan_button"]').attr('disabled', true);
151
  jQuery('input[name="custom_scan_button"]').attr('disabled', true);
152
  jQuery('input[name="standard_scan_button"]').attr('disabled', true);
153
- var mode_scan="<?php echo $scan_mode; ?>";
154
  if(mode_scan=="quick_scan"){
155
  set_active_button_with_button_value(quickScanButtionID,customScanButtonID,standardScanButtonID);
156
  }
11
  </div>
12
  <div class="mo_wpns_setting_layout" id="scan_status_table">
13
  <div>
14
+ <p class="hmdiv">Scan Modes<a href='<?php echo esc_url($two_factor_premium_doc['Scan Modes']);?>' target="_blank"><span class="dashicons dashicons-text-page" style="font-size:23px;color:#413c69;float: right;"></span></a></p>
15
  </div>
16
  <div style="float: left;">
17
  <p id="scanstatus"></p>
21
  <div class="hdiv"><b>Quick Scan</b></div>
22
  <hr class="line">
23
  <p class="mo_wpns_scan_desc">Quick Scan checks all Plugins, Themes and Core files for Vulnerable Code and SQL Injections using PHP malware signatures.</p>
24
+ <input type = "hidden" id = "wpns_scan_nonce" value="<?php echo esc_html(wp_create_nonce('wpns-scan-nonce')) ?>" >
25
  <input id="quick_scan_button" type="button" name="quick_scan_button" class="mo_wpns_scan_button" value="Quick Scan">
26
  </div>
27
  <div class="mo_wpns_sub_scanmode mo_wpns_msdivr mo_wpns_msdivl">
139
  }
140
 
141
  jQuery(document).ready(function(){
142
+ var pop_up = "<?php echo esc_html(get_site_option('mo_wpns_hide_malware_popup')); ?>";
143
 
144
  var newURL = location.href.split("&")[0];
145
  window.history.pushState('object', document.title, newURL);
146
  scan_progress= "<?php echo esc_html($status);?>";
147
+ stop_scan_progress= "<?php echo esc_html(get_site_option('mo_stop_scan')); ?>";
148
  if(scan_progress=="IN PROGRESS"){
149
  status_progress();
150
  jQuery('input[name="quick_scan_button"]').attr('disabled', true);
151
  jQuery('input[name="custom_scan_button"]').attr('disabled', true);
152
  jQuery('input[name="standard_scan_button"]').attr('disabled', true);
153
+ var mode_scan="<?php echo esc_html($scan_mode); ?>";
154
  if(mode_scan=="quick_scan"){
155
  set_active_button_with_button_value(quickScanButtionID,customScanButtonID,standardScanButtonID);
156
  }
views/navbar.php CHANGED
@@ -74,14 +74,14 @@ if( isset( $_GET[ 'page' ]) && $_GET['page'] != 'mo_2fa_upgrade')
74
  <a class="add-new-h2" href="'.esc_url($addons_url).'">AddOns Plans</a>
75
  <a class="add-new-h2"
76
  style="background-color:#ffcc44"
77
- id ="mo_2fa_upgrade_tour" href="'.$upgrade_url.'">See Plans and Pricing</a>
78
 
79
  </div>';
80
  echo' <form id="mo_wpns_2fa_with_network_security" method="post" action="">
81
  <div class="mo2f-security-toggle">
82
 
83
 
84
- <input type="hidden" name="mo_security_features_nonce" value="'.$security_features_nonce.'"/>
85
 
86
  <input type="hidden" name="option" value="mo_wpns_2fa_with_network_security">
87
  <div>2FA + Website Security
74
  <a class="add-new-h2" href="'.esc_url($addons_url).'">AddOns Plans</a>
75
  <a class="add-new-h2"
76
  style="background-color:#ffcc44"
77
+ id ="mo_2fa_upgrade_tour" href="'.esc_url($upgrade_url).'">See Plans and Pricing</a>
78
 
79
  </div>';
80
  echo' <form id="mo_wpns_2fa_with_network_security" method="post" action="">
81
  <div class="mo2f-security-toggle">
82
 
83
 
84
+ <input type="hidden" name="mo_security_features_nonce" value="'.esc_html($security_features_nonce).'"/>
85
 
86
  <input type="hidden" name="option" value="mo_wpns_2fa_with_network_security">
87
  <div>2FA + Website Security
views/network_security_features.php CHANGED
@@ -16,7 +16,7 @@ if ( 'admin.php' == basename( $_SERVER['PHP_SELF'] ) )
16
  <form id="mo_wpns_2fa_with_network_security" method="post" action="">
17
  <div style="width: 100%;">
18
  <h3 style="margin-bottom: 0%;">
19
- <?php echo ' <input type="hidden" name="mo_security_features_nonce" value="'.$security_features_nonce.'"/>';?>
20
 
21
  <input type="hidden" name="mo_wpns_2fa_with_network_security" value="on">
22
  <div class="mo_popup" id="mo_popup_id">
16
  <form id="mo_wpns_2fa_with_network_security" method="post" action="">
17
  <div style="width: 100%;">
18
  <h3 style="margin-bottom: 0%;">
19
+ <?php echo ' <input type="hidden" name="mo_security_features_nonce" value="'.esc_html($security_features_nonce).'"/>';?>
20
 
21
  <input type="hidden" name="mo_wpns_2fa_with_network_security" value="on">
22
  <div class="mo_popup" id="mo_popup_id">
views/notification-settings.php CHANGED
@@ -90,7 +90,7 @@ echo' </form>
90
  </script>';
91
  ?>
92
  <script>
93
- var S_mail = "<?php echo get_site_option('mo2f_mail_notify_new_release');?>";
94
  if(S_mail == 'on')
95
  {
96
  jQuery('#S_mail').prop("checked",true);
@@ -100,7 +100,7 @@ echo' </form>
100
 
101
  var S_mail = jQuery("input[name='S_mail']:checked").val();
102
 
103
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
104
  if(S_mail != '')
105
  {
106
  var data = {
@@ -130,7 +130,7 @@ echo' </form>
130
  jQuery("#Smail").click(function()
131
  {
132
  var Smail = jQuery("input[name='Smail']:checked").val();
133
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
134
  if(Smail != '')
135
  {
136
  var data = {
90
  </script>';
91
  ?>
92
  <script>
93
+ var S_mail = "<?php echo esc_html(get_site_option('mo2f_mail_notify_new_release'));?>";
94
  if(S_mail == 'on')
95
  {
96
  jQuery('#S_mail').prop("checked",true);
100
 
101
  var S_mail = jQuery("input[name='S_mail']:checked").val();
102
 
103
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
104
  if(S_mail != '')
105
  {
106
  var data = {
130
  jQuery("#Smail").click(function()
131
  {
132
  var Smail = jQuery("input[name='Smail']:checked").val();
133
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
134
  if(Smail != '')
135
  {
136
  var data = {
views/reports.php CHANGED
@@ -10,7 +10,7 @@ echo' <div>
10
  <table>
11
  <tr>
12
  <td style="width: 100%">
13
- <a class="button button-primary button-large" href="'.$dashboard_url.'">Back</a>
14
 
15
  <h2>
16
  Login Transactions Report
10
  <table>
11
  <tr>
12
  <td style="width: 100%">
13
+ <a class="button button-primary button-large" href="'.esc_url($dashboard_url).'">Back</a>
14
 
15
  <h2>
16
  Login Transactions Report
views/request_christmas_offer.php CHANGED
@@ -7,7 +7,7 @@
7
  </div></h3>
8
  <form method="post">
9
  <input type="hidden" name="option" value="mo_2FA_christmas_request_form" />
10
- <input type="hidden" name="nonce" value="<?php echo wp_create_nonce('mo2f-Request-christmas')?>">
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Usecase : </strong></td>
7
  </div></h3>
8
  <form method="post">
9
  <input type="hidden" name="option" value="mo_2FA_christmas_request_form" />
10
+ <input type="hidden" name="nonce" value="<?php echo esc_html(wp_create_nonce('mo2f-Request-christmas'))?>">
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Usecase : </strong></td>
views/request_demo.php CHANGED
@@ -7,7 +7,7 @@
7
  </div></h3>
8
  <form method="post">
9
  <input type="hidden" name="option" value="mo_2FA_demo_request_form" />
10
- <input type="hidden" name="nonce" value="<?php echo wp_create_nonce('mo2f-Request-demo')?>">
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Usecase : </strong></td>
7
  </div></h3>
8
  <form method="post">
9
  <input type="hidden" name="option" value="mo_2FA_demo_request_form" />
10
+ <input type="hidden" name="nonce" value="<?php echo esc_html(wp_create_nonce('mo2f-Request-demo'))?>">
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Usecase : </strong></td>
views/request_offer.php CHANGED
@@ -8,7 +8,7 @@
8
  </h3>
9
  <form method="post">
10
  <input type="hidden" name="option" value="mo_2FA_offer_request_form" />
11
- <input type="hidden" name="nonce" value="<?php echo wp_create_nonce('mo2f-Request-offer')?>">
12
  <table cellpadding="4" cellspacing="4">
13
  <tr>
14
  <td><strong>Usecase : </strong></td>
@@ -25,7 +25,7 @@
25
  </tr>
26
  <tr>
27
  <td><strong>Email ID : </strong></td>
28
- <td><input required type="email" name="mo_2FA_offer_email" placeholder="Email id" value="<?php echo esc_attr(wp_get_current_user()->user_email); ?>" /></td>
29
  </tr>
30
 
31
  </table>
8
  </h3>
9
  <form method="post">
10
  <input type="hidden" name="option" value="mo_2FA_offer_request_form" />
11
+ <input type="hidden" name="nonce" value="<?php echo esc_html(wp_create_nonce('mo2f-Request-offer'))?>">
12
  <table cellpadding="4" cellspacing="4">
13
  <tr>
14
  <td><strong>Usecase : </strong></td>
25
  </tr>
26
  <tr>
27
  <td><strong>Email ID : </strong></td>
28
+ <td><input required type="email" name="mo_2FA_offer_email" placeholder="Email id" value="<?php echo esc_html(wp_get_current_user()->user_email); ?>" /></td>
29
  </tr>
30
 
31
  </table>
views/support.php CHANGED
@@ -49,7 +49,7 @@ echo '
49
  ';?>
50
  <div class='mo2f_firebase_adv_container'>
51
  <div class="mo2f_firebase_adv_img">
52
- <div><img src="<?php echo dirname(plugin_dir_url(__FILE__)).'/includes/images/firebase.png' ?>" height="40px" width="40px"></div>
53
  <div style="margin-left:5px"><span class='mo2f_firebase_adv_text'><h1>Firebase</h1></span></div>
54
  </div>
55
  <div class="mo2f_firebase_adv_content">
49
  ';?>
50
  <div class='mo2f_firebase_adv_container'>
51
  <div class="mo2f_firebase_adv_img">
52
+ <div><img src="<?php echo esc_url(dirname(plugin_dir_url(__FILE__)).'/includes/images/firebase.png') ?>" height="40px" width="40px"></div>
53
  <div style="margin-left:5px"><span class='mo2f_firebase_adv_text'><h1>Firebase</h1></span></div>
54
  </div>
55
  <div class="mo2f_firebase_adv_content">
views/test/test_twofa_email_verification.php CHANGED
@@ -9,7 +9,7 @@
9
  <h3><?php echo mo2f_lt( 'A verification email is sent to your registered email.' ); ?>
10
  <br>
11
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
12
- <img src="<?php echo plugins_url( '/../includes/images/ajax-loader-login.gif', __FILE__ ); ?>"/>
13
  </center>
14
 
15
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
@@ -20,18 +20,18 @@
20
  <form name="f" method="post" action="" id="mo2f_go_back_form">
21
  <input type="hidden" name="option" value="mo2f_go_back"/>
22
  <input type="hidden" name="mo2f_go_back_nonce"
23
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
24
  </form>
25
  <form name="f" method="post" id="mo2f_out_of_band_success_form" action="">
26
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
27
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
28
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-success-nonce" ) ?>"/>
29
  </form>
30
  <form name="f" method="post" id="mo2f_out_of_band_error_form" action="">
31
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
32
 
33
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
34
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-error-nonce" ) ?>"/>
35
  </form>
36
 
37
  <script>
@@ -47,7 +47,7 @@
47
  function pollMobileValidation() {
48
  var transId = "<?php echo esc_html($_SESSION['mo2f_transactionId']); ?>";
49
  var jsonString = "{\"txId\":\"" + transId + "\"}";
50
- var postUrl = "<?php echo MO_HOST_NAME; ?>" + "/moas/api/auth/auth-status";
51
 
52
  jQuery.ajax({
53
  url: postUrl,
9
  <h3><?php echo mo2f_lt( 'A verification email is sent to your registered email.' ); ?>
10
  <br>
11
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
12
+ <img src="<?php echo esc_url(plugins_url( '/../includes/images/ajax-loader-login.gif', __FILE__ )); ?>"/>
13
  </center>
14
 
15
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
20
  <form name="f" method="post" action="" id="mo2f_go_back_form">
21
  <input type="hidden" name="option" value="mo2f_go_back"/>
22
  <input type="hidden" name="mo2f_go_back_nonce"
23
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
24
  </form>
25
  <form name="f" method="post" id="mo2f_out_of_band_success_form" action="">
26
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
27
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
28
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-success-nonce" )) ?>"/>
29
  </form>
30
  <form name="f" method="post" id="mo2f_out_of_band_error_form" action="">
31
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
32
 
33
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
34
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-error-nonce" )) ?>"/>
35
  </form>
36
 
37
  <script>
47
  function pollMobileValidation() {
48
  var transId = "<?php echo esc_html($_SESSION['mo2f_transactionId']); ?>";
49
  var jsonString = "{\"txId\":\"" + transId + "\"}";
50
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
51
 
52
  jQuery.ajax({
53
  url: postUrl,
views/test/test_twofa_google_authy_authenticator.php CHANGED
@@ -9,7 +9,7 @@
9
  <form name="f" method="post" action="">
10
  <input type="hidden" name="option" value="mo2f_validate_google_authy_test"/>
11
  <input type="hidden" name="mo2f_validate_google_authy_test_nonce"
12
- value="<?php echo wp_create_nonce( "mo2f-validate-google-authy-test-nonce" ) ?>"/>
13
 
14
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
15
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -23,7 +23,7 @@
23
  <form name="f" method="post" action="" id="mo2f_go_back_form">
24
  <input type="hidden" name="option" value="mo2f_go_back"/>
25
  <input type="hidden" name="mo2f_go_back_nonce"
26
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
27
  </form>
28
  <script>
29
  jQuery('#go_back').click(function () {
9
  <form name="f" method="post" action="">
10
  <input type="hidden" name="option" value="mo2f_validate_google_authy_test"/>
11
  <input type="hidden" name="mo2f_validate_google_authy_test_nonce"
12
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-google-authy-test-nonce" )) ?>"/>
13
 
14
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
15
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
23
  <form name="f" method="post" action="" id="mo2f_go_back_form">
24
  <input type="hidden" name="option" value="mo2f_go_back"/>
25
  <input type="hidden" name="mo2f_go_back_nonce"
26
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
27
  </form>
28
  <script>
29
  jQuery('#go_back').click(function () {
views/test/test_twofa_kba_questions.php CHANGED
@@ -9,11 +9,11 @@
9
  <form name="f" method="post" action="" id="mo2f_test_kba_form">
10
  <input type="hidden" name="option" value="mo2f_validate_kba_details"/>
11
  <input type="hidden" name="mo2f_validate_kba_details_nonce"
12
- value="<?php echo wp_create_nonce( "mo2f-validate-kba-details-nonce" ) ?>"/>
13
 
14
  <div id="mo2f_kba_content">
15
  <?php if ( isset( $_SESSION['mo_2_factor_kba_questions'] ) ) {
16
- echo $_SESSION['mo_2_factor_kba_questions'][0];
17
  ?>
18
  <br>
19
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1"
@@ -22,7 +22,7 @@
22
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
23
  autocomplete="off"><br><br>
24
  <?php
25
- echo $_SESSION['mo_2_factor_kba_questions'][1];
26
  ?>
27
  <br>
28
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2"
@@ -41,7 +41,7 @@
41
  <form name="f" method="post" action="" id="mo2f_go_back_form">
42
  <input type="hidden" name="option" value="mo2f_go_back"/>
43
  <input type="hidden" name="mo2f_go_back_nonce"
44
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
45
  </form>
46
  <script>
47
  jQuery('#go_back').click(function () {
9
  <form name="f" method="post" action="" id="mo2f_test_kba_form">
10
  <input type="hidden" name="option" value="mo2f_validate_kba_details"/>
11
  <input type="hidden" name="mo2f_validate_kba_details_nonce"
12
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-kba-details-nonce" )) ?>"/>
13
 
14
  <div id="mo2f_kba_content">
15
  <?php if ( isset( $_SESSION['mo_2_factor_kba_questions'] ) ) {
16
+ echo esc_html($_SESSION['mo_2_factor_kba_questions'][0]);
17
  ?>
18
  <br>
19
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_1"
22
  title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
23
  autocomplete="off"><br><br>
24
  <?php
25
+ echo esc_html($_SESSION['mo_2_factor_kba_questions'][1]);
26
  ?>
27
  <br>
28
  <input class="mo2f_table_textbox" style="width:227px;" type="text" name="mo2f_answer_2"
41
  <form name="f" method="post" action="" id="mo2f_go_back_form">
42
  <input type="hidden" name="option" value="mo2f_go_back"/>
43
  <input type="hidden" name="mo2f_go_back_nonce"
44
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
45
  </form>
46
  <script>
47
  jQuery('#go_back').click(function () {
views/test/test_twofa_miniorange_push_notification.php CHANGED
@@ -8,7 +8,7 @@
8
  <h4><?php echo mo2f_lt( 'A Push Notification has been sent to your phone.' ); ?>
9
  <br><?php echo mo2f_lt( 'We are waiting for your approval...' ); ?>
10
  </h4>
11
- <img src="<?php echo esc_urL(plugins_url( '/../includes/images/ajax-loader-login.gif', __FILE__)); ?>"/>
12
  </center>
13
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
14
  value="<?php echo mo2f_lt( 'Back' ); ?>" style="margin-top:100px;margin-left:10px;"/>
@@ -18,17 +18,17 @@
18
  <form name="f" method="post" action="" id="mo2f_go_back_form">
19
  <input type="hidden" name="option" value="mo2f_go_back"/>
20
  <input type="hidden" name="mo2f_go_back_nonce"
21
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
22
  </form>
23
  <form name="f" method="post" id="mo2f_push_success_form" action="">
24
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
25
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
26
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-success-nonce" ) ?>"/>
27
  </form>
28
  <form name="f" method="post" id="mo2f_push_error_form" action="">
29
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
30
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
31
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-error-nonce" ) ?>"/>
32
  </form>
33
 
34
  <script>
8
  <h4><?php echo mo2f_lt( 'A Push Notification has been sent to your phone.' ); ?>
9
  <br><?php echo mo2f_lt( 'We are waiting for your approval...' ); ?>
10
  </h4>
11
+ <img src="<?php echo esc_url(plugins_url( '/../includes/images/ajax-loader-login.gif', __FILE__)); ?>"/>
12
  </center>
13
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
14
  value="<?php echo mo2f_lt( 'Back' ); ?>" style="margin-top:100px;margin-left:10px;"/>
18
  <form name="f" method="post" action="" id="mo2f_go_back_form">
19
  <input type="hidden" name="option" value="mo2f_go_back"/>
20
  <input type="hidden" name="mo2f_go_back_nonce"
21
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
22
  </form>
23
  <form name="f" method="post" id="mo2f_push_success_form" action="">
24
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
25
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
26
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-success-nonce" )) ?>"/>
27
  </form>
28
  <form name="f" method="post" id="mo2f_push_error_form" action="">
29
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
30
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
31
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-error-nonce" )) ?>"/>
32
  </form>
33
 
34
  <script>
views/test/test_twofa_miniorange_qrcode_authentication.php CHANGED
@@ -26,7 +26,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
26
  <table class="mo2f_settings_table">
27
  <div id="qr-success"></div>
28
  <div id="displayQrCode" >
29
- <br><?php echo '<img style="width:165px;" src="data:image/jpg;base64,' . $_SESSION['mo2f_qrCode'] . '" />'; ?>
30
  </div>
31
 
32
  </table>
@@ -35,17 +35,17 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
35
  <form name="f" method="post" id="mo2f_mobile_authenticate_success_form" action="">
36
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_success"/>
37
  <input type="hidden" name="mo2f_mobile_authenticate_success_nonce"
38
- value="<?php echo wp_create_nonce( "mo2f-mobile-authenticate-success-nonce" ) ?>"/>
39
  </form>
40
  <form name="f" method="post" id="mo2f_mobile_authenticate_error_form" action="">
41
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_error"/>
42
  <input type="hidden" name="mo2f_mobile_authenticate_error_nonce"
43
- value="<?php echo wp_create_nonce( "mo2f-mobile-authenticate-error-nonce" ) ?>"/>
44
  </form>
45
  <form name="f" method="post" action="" id="mo2f_go_back_form">
46
  <input type="hidden" name="option" value="mo2f_go_back"/>
47
  <input type="hidden" name="mo2f_go_back_nonce"
48
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
49
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
50
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
51
  </form>
26
  <table class="mo2f_settings_table">
27
  <div id="qr-success"></div>
28
  <div id="displayQrCode" >
29
+ <br><?php echo '<img style="width:165px;" src="data:image/jpg;base64,' . esc_html($_SESSION['mo2f_qrCode']) . '" />'; ?>
30
  </div>
31
 
32
  </table>
35
  <form name="f" method="post" id="mo2f_mobile_authenticate_success_form" action="">
36
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_success"/>
37
  <input type="hidden" name="mo2f_mobile_authenticate_success_nonce"
38
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-mobile-authenticate-success-nonce" )) ?>"/>
39
  </form>
40
  <form name="f" method="post" id="mo2f_mobile_authenticate_error_form" action="">
41
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_error"/>
42
  <input type="hidden" name="mo2f_mobile_authenticate_error_nonce"
43
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-mobile-authenticate-error-nonce" )) ?>"/>
44
  </form>
45
  <form name="f" method="post" action="" id="mo2f_go_back_form">
46
  <input type="hidden" name="option" value="mo2f_go_back"/>
47
  <input type="hidden" name="mo2f_go_back_nonce"
48
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
49
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
50
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
51
  </form>
views/test/test_twofa_miniorange_soft_token.php CHANGED
@@ -25,7 +25,7 @@
25
  <form name="f" method="post" action="" id="mo2f_go_back_form">
26
  <input type="hidden" name="option" value="mo2f_go_back"/>
27
  <input type="hidden" name="mo2f_go_back_nonce"
28
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
29
  </form>
30
  </div>
31
  <script>
25
  <form name="f" method="post" action="" id="mo2f_go_back_form">
26
  <input type="hidden" name="option" value="mo2f_go_back"/>
27
  <input type="hidden" name="mo2f_go_back_nonce"
28
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
29
  </form>
30
  </div>
31
  <script>
views/test/test_twofa_otp_over_Telegram.php CHANGED
@@ -11,7 +11,7 @@ function mo2f_test_otp_over_Telegram( $user ) {
11
  <form name="f" method="post" action="" id="mo2f_test_token_form">
12
  <input type="hidden" name="option" value="mo2f_validate_otp_over_Telegram"/>
13
  <input type="hidden" name="mo2f_validate_otp_over_Telegram_nonce"
14
- value="<?php echo wp_create_nonce( "mo2f-validate-otp-over-Telegram-nonce" ) ?>"/>
15
 
16
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
17
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -26,13 +26,13 @@ function mo2f_test_otp_over_Telegram( $user ) {
26
  <form name="f" method="post" action="" id="mo2f_go_back_form">
27
  <input type="hidden" name="option" value="mo2f_go_back"/>
28
  <input type="hidden" name="mo2f_go_back_nonce"
29
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
30
  </form>
31
 
32
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
33
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
34
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
35
- value="<?php echo wp_create_nonce( "mo-2factor-test-authentication-method-nonce" ) ?>"/>
36
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
37
  value="OTP Over Telegram"/>
38
  </form>
11
  <form name="f" method="post" action="" id="mo2f_test_token_form">
12
  <input type="hidden" name="option" value="mo2f_validate_otp_over_Telegram"/>
13
  <input type="hidden" name="mo2f_validate_otp_over_Telegram_nonce"
14
+ value="<?php echo esc_attr(wp_create_nonce( "mo2f-validate-otp-over-Telegram-nonce" )) ?>"/>
15
 
16
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
17
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
26
  <form name="f" method="post" action="" id="mo2f_go_back_form">
27
  <input type="hidden" name="option" value="mo2f_go_back"/>
28
  <input type="hidden" name="mo2f_go_back_nonce"
29
+ value="<?php echo esc_attr(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
30
  </form>
31
 
32
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
33
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
34
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
35
+ value="<?php echo esc_attr(wp_create_nonce( "mo-2factor-test-authentication-method-nonce" )) ?>"/>
36
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
37
  value="OTP Over Telegram"/>
38
  </form>
views/test/test_twofa_otp_over_sms.php CHANGED
@@ -11,7 +11,7 @@ function mo2f_test_otp_over_sms( $user ) {
11
  <form name="f" method="post" action="" id="mo2f_test_token_form">
12
  <input type="hidden" name="option" value="mo2f_validate_otp_over_sms"/>
13
  <input type="hidden" name="mo2f_validate_otp_over_sms_nonce"
14
- value="<?php echo wp_create_nonce( "mo2f-validate-otp-over-sms-nonce" ) ?>"/>
15
 
16
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
17
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -26,13 +26,13 @@ function mo2f_test_otp_over_sms( $user ) {
26
  <form name="f" method="post" action="" id="mo2f_go_back_form">
27
  <input type="hidden" name="option" value="mo2f_go_back"/>
28
  <input type="hidden" name="mo2f_go_back_nonce"
29
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
30
  </form>
31
 
32
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
33
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
34
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
35
- value="<?php echo wp_create_nonce( "mo-2factor-test-authentication-method-nonce" ) ?>"/>
36
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
37
  value="OTP Over SMS"/>
38
  </form>
11
  <form name="f" method="post" action="" id="mo2f_test_token_form">
12
  <input type="hidden" name="option" value="mo2f_validate_otp_over_sms"/>
13
  <input type="hidden" name="mo2f_validate_otp_over_sms_nonce"
14
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-otp-over-sms-nonce") ) ?>"/>
15
 
16
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
17
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
26
  <form name="f" method="post" action="" id="mo2f_go_back_form">
27
  <input type="hidden" name="option" value="mo2f_go_back"/>
28
  <input type="hidden" name="mo2f_go_back_nonce"
29
+ value="<?php echo esc_attr(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
30
  </form>
31
 
32
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
33
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
34
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
35
+ value="<?php echo esc_attr(wp_create_nonce( "mo-2factor-test-authentication-method-nonce" )) ?>"/>
36
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
37
  value="OTP Over SMS"/>
38
  </form>
views/trial.php CHANGED
@@ -7,7 +7,7 @@
7
  </div></h3>
8
  <form method="post">
9
  <input type="hidden" name="option" value="mo2f_trial_request_form" />
10
- <input type="hidden" name="nonce" value="<?php echo wp_create_nonce('mo2f_trial-nonce')?>">
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Email ID : </strong></td>
7
  </div></h3>
8
  <form method="post">
9
  <input type="hidden" name="option" value="mo2f_trial_request_form" />
10
+ <input type="hidden" name="nonce" value="<?php echo esc_html(wp_create_nonce('mo2f_trial-nonce'))?>">
11
  <table cellpadding="4" cellspacing="4">
12
  <tr>
13
  <td><strong>Email ID : </strong></td>
views/troubleshooting.php CHANGED
@@ -5,7 +5,7 @@
5
  <h3>
6
  Frequenty Asked Questions
7
  <div style="float: right;">
8
- <a class="button button-primary button-large" href="'.$two_fa.'">Back</a>
9
  </div>
10
  </h3><br><hr>
11
  <table class="mo_wpns_help">
5
  <h3>
6
  Frequenty Asked Questions
7
  <div style="float: right;">
8
+ <a class="button button-primary button-large" href="'.esc_url($two_fa).'">Back</a>
9
  </div>
10
  </h3><br><hr>
11
  <table class="mo_wpns_help">
views/twofa/setup/setup_authy_authenticator.php CHANGED
@@ -16,14 +16,14 @@ function mo2f_configure_authy_authenticator( $user ) {
16
  style="width:60%;"
17
  value="<?php echo mo2f_lt( 'Configure' ); ?> "/>
18
  <input type="hidden" name="mo2f_configure_authy_authenticator_nonce"
19
- value="<?php echo wp_create_nonce( "mo2f-configure-authy-authenticator-nonce" ) ?>"/>
20
  <br><br>
21
  <input type="hidden" name="option" value="mo2f_configure_authy_authenticator"/>
22
  </form>
23
  <form name="f" method="post" action="" id="mo2f_go_back_form">
24
  <input type="hidden" name="option" value="mo2f_go_back"/>
25
  <input type="hidden" name="mo2f_go_back_nonce"
26
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
27
  <input type="submit" name="back" id="go_back" class="button button-primary button-large"
28
  style="width:60%;"
29
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
@@ -39,7 +39,7 @@ function mo2f_configure_authy_authenticator( $user ) {
39
  <h4><?php echo mo2f_lt( 'Now open and configure Authy 2-Factor Authentication App.' ); ?></h4>
40
  <h4> <?php echo mo2f_lt( 'Tap on Add Account and then tap on SCAN QR CODE in your App and scan the qr code.' ); ?></h4>
41
  <center><br>
42
- <div id="displayQrCode"><?php echo '<img src="data:image/jpg;base64,' . $data . '" />'; ?></div>
43
  </center>
44
  <br>
45
  <div><a data-toggle="collapse" href="#mo2f_scanbarcode_a" aria-expanded="false">
@@ -52,7 +52,7 @@ function mo2f_configure_authy_authenticator( $user ) {
52
  <li><?php echo mo2f_lt( 'In the pop up "Adding New Account", type your secret key:' ); ?></li>
53
  <div class="mo2f_google_authy_secret_outer_div">
54
  <div class="mo2f_google_authy_secret_inner_div">
55
- <?php echo $authy_secret; ?>
56
  </div>
57
  <div class="mo2f_google_authy_secret_text">
58
  <?php echo mo2f_lt( 'Spaces don\'t matter.' ); ?>
@@ -82,10 +82,10 @@ function mo2f_configure_authy_authenticator( $user ) {
82
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
83
  style="margin-left:12%;"
84
  value="<?php echo mo2f_lt( 'Verify and Save' ); ?>"/>
85
- <input type="hidden" name="mo2f_authy_secret" value="<?php echo $authy_secret; ?>"/>
86
  <input type="hidden" name="option" value="mo2f_configure_authy_authenticator_validate"/>
87
  <input type="hidden" name="mo2f_configure_authy_authenticator_validate_nonce"
88
- value="<?php echo wp_create_nonce( "mo2f-configure-authy-authenticator-validate-nonce" ) ?>"/>
89
  </form>
90
  </div>
91
  </td>
16
  style="width:60%;"
17
  value="<?php echo mo2f_lt( 'Configure' ); ?> "/>
18
  <input type="hidden" name="mo2f_configure_authy_authenticator_nonce"
19
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-authy-authenticator-nonce" )) ?>"/>
20
  <br><br>
21
  <input type="hidden" name="option" value="mo2f_configure_authy_authenticator"/>
22
  </form>
23
  <form name="f" method="post" action="" id="mo2f_go_back_form">
24
  <input type="hidden" name="option" value="mo2f_go_back"/>
25
  <input type="hidden" name="mo2f_go_back_nonce"
26
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
27
  <input type="submit" name="back" id="go_back" class="button button-primary button-large"
28
  style="width:60%;"
29
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
39
  <h4><?php echo mo2f_lt( 'Now open and configure Authy 2-Factor Authentication App.' ); ?></h4>
40
  <h4> <?php echo mo2f_lt( 'Tap on Add Account and then tap on SCAN QR CODE in your App and scan the qr code.' ); ?></h4>
41
  <center><br>
42
+ <div id="displayQrCode"><?php echo '<img src="data:image/jpg;base64,' . esc_html($data) . '" />'; ?></div>
43
  </center>
44
  <br>
45
  <div><a data-toggle="collapse" href="#mo2f_scanbarcode_a" aria-expanded="false">
52
  <li><?php echo mo2f_lt( 'In the pop up "Adding New Account", type your secret key:' ); ?></li>
53
  <div class="mo2f_google_authy_secret_outer_div">
54
  <div class="mo2f_google_authy_secret_inner_div">
55
+ <?php echo esc_html($authy_secret); ?>
56
  </div>
57
  <div class="mo2f_google_authy_secret_text">
58
  <?php echo mo2f_lt( 'Spaces don\'t matter.' ); ?>
82
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
83
  style="margin-left:12%;"
84
  value="<?php echo mo2f_lt( 'Verify and Save' ); ?>"/>
85
+ <input type="hidden" name="mo2f_authy_secret" value="<?php echo esc_html($authy_secret); ?>"/>
86
  <input type="hidden" name="option" value="mo2f_configure_authy_authenticator_validate"/>
87
  <input type="hidden" name="mo2f_configure_authy_authenticator_validate_nonce"
88
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-authy-authenticator-validate-nonce" )) ?>"/>
89
  </form>
90
  </div>
91
  </td>
views/twofa/setup/setup_duo_authenticator.php CHANGED
@@ -9,9 +9,9 @@ function mo2f_configure_duo_authenticator( $user ) {
9
 
10
  <?php if(isset($_POST['option']) && sanitize_text_field(wp_unslash($_POST['option'])) == 'duo_mobile_send_push_notification_inside_plugin'){
11
  mo2f_setup_duo_authenticator(); //4
12
- }else if(get_user_meta($user->ID,'user_not_enroll')){
13
  mo2f_inside_plugin_go_for_user_enroll_on_duo($user);// 3 //initialize_duo_mobile_registration($user);
14
- }else if(get_site_option('duo_credentials_save_successfully') ) {
15
  mo2f_download_instruction_for_duo_mobile_app(); //2
16
  }else{
17
  if(current_user_can('administrator'))
@@ -37,7 +37,7 @@ function mo2f_setup_duo_authenticator(){
37
  <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
38
  <br>
39
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
40
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
41
  </center>
42
 
43
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
@@ -48,18 +48,18 @@ function mo2f_setup_duo_authenticator(){
48
  <form name="f" method="post" action="" id="mo2f_go_back_form">
49
  <input type="hidden" name="option" value="mo2f_go_back"/>
50
  <input type="hidden" name="mo2f_go_back_nonce"
51
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
52
  </form>
53
  <form name="f" method="post" id="duo_mobile_register_form" action="">
54
  <input type="hidden" name="option" value="mo2f_configure_duo_authenticator_validate_nonce"/>
55
  <input type="hidden" name="mo2f_configure_duo_authenticator_validate_nonce"
56
- value="<?php echo wp_create_nonce( "mo2f-configure-duo-authenticator-validate-nonce" ) ?>"/>
57
  </form>
58
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
59
  <input type="hidden" name="option" value="mo2f_duo_authenticator_error"/>
60
 
61
  <input type="hidden" name="mo2f_duo_authentcator_error_nonce"
62
- value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-error-nonce" ) ?>"/>
63
  </form>
64
 
65
  <script>
@@ -73,7 +73,7 @@ function mo2f_setup_duo_authenticator(){
73
 
74
  pollMobileValidation();
75
  function pollMobileValidation() {
76
- var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
77
  var data={
78
  'action':'mo2f_duo_authenticator_ajax',
79
  'call_type':'check_duo_push_auth_status',
@@ -113,14 +113,14 @@ function mo2f_inside_plugin_go_for_user_enroll_on_duo($user){
113
  <p style = " font-size: 17px;"><b>Step : 1 </b></p>
114
  <div style = " background-color: #d9eff6;" >
115
  <p style = " font-size: 17px;">
116
- <b> <a href="<?php echo $regis ;?>" target="_blank">Click Here</a></b> <?php echo mo2f_lt( 'to configure DUO Push Notification. Once done with registration click on ');?><b><?php echo mo2f_lt( 'Send Me Push Notification Button.');?></b>
117
  </p>
118
  </div>
119
  <br>
120
  <form name="f" method="post" id="duo_mobile_send_push_notification_inside_plugin" action="" >
121
  <input type="hidden" name="option" value="duo_mobile_send_push_notification_inside_plugin" />
122
  <input type="hidden" name="duo_mobile_send_push_notification_inside_plugin_nonce"
123
- value="<?php echo wp_create_nonce( "mo2f-send-duo-push-notification-inside-plugin-nonce" ) ?>"/>
124
  <p style = " font-size: 17px;"><b>Step : 2 </b></p>
125
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
126
  value="<?php echo mo2f_lt( 'Send Me Push Notification' ); ?>"/>
@@ -132,12 +132,12 @@ function mo2f_inside_plugin_go_for_user_enroll_on_duo($user){
132
  </form>
133
  <form name="f" method="post" action="" id="mo2f_go_back_form">
134
  <input type="hidden" name="option" value="mo2f_go_back" />
135
- <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
136
  </form>
137
  <form name="f" method="post" action="" id="mo2f_reset_duo_configuration">
138
  <input type="hidden" name="option" value="mo2f_reset_duo_configuration" />
139
  <input type="hidden" name="mo2f_duo_reset_configuration_nonce"
140
- value="<?php echo wp_create_nonce( "mo2f-duo-reset-configuration-nonce" ) ?>"/>
141
  </form>
142
  <script>
143
  jQuery('#go_back_form').click(function() {
@@ -168,7 +168,7 @@ function go_for_user_enroll_on_duo($user,$session_id){
168
  <p style = " font-size: 17px;"><b>Step : A </b></p>
169
  <div style = " background-color: #d9eff6;" >
170
  <p style = " font-size: 17px;">
171
- <a href="<?php echo $regis;?>" target="_blank">Click Here</a> <?php echo mo2f_lt( 'to configure DUO Push Notification. Once done with registration click on ');?><b><?php echo mo2f_lt( 'Send Me Push Notification.');?></b>
172
  </p>
173
  </div>
174
 
@@ -176,7 +176,7 @@ function go_for_user_enroll_on_duo($user,$session_id){
176
  <input type="hidden" name="option" value="duo_mobile_send_push_notification_for_inline_form" />
177
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id) ?>" />
178
  <input type="hidden" name="duo_mobile_send_push_notification_inline_form_nonce"
179
- value="<?php echo wp_create_nonce( "mo2f-send-duo-push-notification-inline-nonce" ) ?>"/>
180
  <p style = " font-size: 17px;"><b>Step : B </b></p>
181
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
182
  value="<?php echo mo2f_lt( 'Send Me Push Notification' ); ?>"/>
@@ -185,7 +185,7 @@ function go_for_user_enroll_on_duo($user,$session_id){
185
  </form>
186
  <form name="f" method="post" action="" id="mo2f_go_back_form">
187
  <input type="hidden" name="option" value="mo2f_go_back" />
188
- <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
189
  </form>
190
  <script>
191
  jQuery('#go_back_form').click(function() {
@@ -211,12 +211,12 @@ function mo2f_non_admin_notice(){
211
  <form name="f" method="post" id="duo_notice_for_non_admin" action="" >
212
  <input type="hidden" name="option" value="duo_notice_for_non_admin" />
213
  <input type="hidden" name="duo_notice_for_non_admin_nonce"
214
- value="<?php echo wp_create_nonce( "duo-notice-for-non-admin-nonce" ) ?>"/>
215
  <input type="button" name="back" id="go_back_form" class="button button-primary button-large" value="<?php echo mo2f_lt('Back');?>" />
216
  </form>
217
  <form name="f" method="post" action="" id="mo2f_go_back_form">
218
  <input type="hidden" name="option" value="mo2f_go_back" />
219
- <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
220
  </form>
221
  <script>
222
  jQuery('#go_back_form').click(function() {
@@ -237,7 +237,7 @@ function mo2f_download_instruction_for_duo_mobile_app(){
237
  <form name="f" method="post" id="duo_mobile_register_form" action="">
238
  <input type="hidden" name="option" value="mo2f_configure_duo_authenticator_abc"/>
239
  <input type="hidden" name="mo2f_configure_duo_authenticator_nonce"
240
- value="<?php echo wp_create_nonce( "mo2f-configure-duo-authenticator-nonce" ) ?>"/>
241
  <a class="mo_app_link" data-toggle="collapse" href="#mo2f_sub_header_app" aria-expanded="false">
242
  <h3 class="mo2f_authn_header"><?php echo mo2f_lt('Step-1 : Download the Duo');?> <span style="color: #F78701;"> <?php echo mo2f_lt('Authenticator');?></span> <?php echo mo2f_lt('App');?>
243
  </h3>
@@ -262,7 +262,7 @@ function mo2f_download_instruction_for_duo_mobile_app(){
262
  </li>
263
  </ol>
264
  <br>
265
- <a style="margin-left:10%" target="_blank" href="https://apps.apple.com/app/id1482362759"><img src="<?php echo plugins_url( 'includes/images/appstore.png' , dirname(dirname(dirname(__FILE__))) );?>" style="width:120px; height:45px; margin-left:6px;">
266
  </a>
267
  </td>
268
  <td style="padding:10px;">
@@ -293,7 +293,7 @@ function mo2f_download_instruction_for_duo_mobile_app(){
293
  </form>
294
  <form name="f" method="post" action="" id="mo2f_go_back_form">
295
  <input type="hidden" name="option" value="mo2f_go_back" />
296
- <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
297
  </form>
298
  <script>
299
  jQuery('#mo2f_inline_back_btn').click(function() {
@@ -336,7 +336,7 @@ function mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registratio
336
  </li>
337
  </ol>
338
  <br>
339
- <a style="margin-left:10%" target="_blank" href="https://apps.apple.com/app/id1482362759"><img src="<?php echo plugins_url( 'includes/images/appstore.png' , dirname(dirname(dirname(__FILE__))) );?>" style="width:120px; height:45px; margin-left:6px;">
340
  </a>
341
  </td>
342
  <td style="padding:10px;">
@@ -355,7 +355,7 @@ function mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registratio
355
  </li>
356
  </ol>
357
  <br>
358
- <a style="margin-left:10%" target="_blank" href="https://play.google.com/store/apps/details?id=com.miniorange.android.authenticator&hl=en"><img src="<?php echo plugins_url( 'includes/images/playStore.png' , dirname(dirname(dirname(__FILE__))) );?>" style="width:120px; height:=45px; margin-left:6px;"></a>
359
  </td>
360
  </tr>
361
  </table>
@@ -394,7 +394,7 @@ function mo2f_save_duo_configuration_credentials(){
394
  <form name="f" method="post" action="" id="mo2f_save_duo_configration">
395
  <input type="hidden" name="option" value="mo2f_configure_duo_authenticator"/>
396
  <input type="hidden" name="mo2f_configure_duo_authenticator_nonce"
397
- value="<?php echo wp_create_nonce( "mo2f-configure-duo-authenticator" ) ?>"/>
398
  <p><?php echo mo2f_lt( 'Integration key' ); ?>
399
  &nbsp &nbsp <input class="mo2f_table_textbox" style="width:400px;" autofocus="true" type="text" name="ikey"
400
  placeholder="<?php echo mo2f_lt( 'Integration key' ); ?>" style="width:95%;"/>
@@ -421,7 +421,7 @@ function mo2f_save_duo_configuration_credentials(){
421
  <form name="f" method="post" action="" id="mo2f_go_back_form">
422
  <input type="hidden" name="option" value="mo2f_go_back"/>
423
  <input type="hidden" name="mo2f_go_back_nonce"
424
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
425
  </form>
426
  <script>
427
  jQuery('#go_back').click(function() {
9
 
10
  <?php if(isset($_POST['option']) && sanitize_text_field(wp_unslash($_POST['option'])) == 'duo_mobile_send_push_notification_inside_plugin'){
11
  mo2f_setup_duo_authenticator(); //4
12
+ }elseif(get_user_meta($user->ID,'user_not_enroll')){
13
  mo2f_inside_plugin_go_for_user_enroll_on_duo($user);// 3 //initialize_duo_mobile_registration($user);
14
+ }elseif(get_site_option('duo_credentials_save_successfully') ) {
15
  mo2f_download_instruction_for_duo_mobile_app(); //2
16
  }else{
17
  if(current_user_can('administrator'))
37
  <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
38
  <br>
39
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
40
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))))); ?>"/>
41
  </center>
42
 
43
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
48
  <form name="f" method="post" action="" id="mo2f_go_back_form">
49
  <input type="hidden" name="option" value="mo2f_go_back"/>
50
  <input type="hidden" name="mo2f_go_back_nonce"
51
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
52
  </form>
53
  <form name="f" method="post" id="duo_mobile_register_form" action="">
54
  <input type="hidden" name="option" value="mo2f_configure_duo_authenticator_validate_nonce"/>
55
  <input type="hidden" name="mo2f_configure_duo_authenticator_validate_nonce"
56
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-duo-authenticator-validate-nonce" )) ?>"/>
57
  </form>
58
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
59
  <input type="hidden" name="option" value="mo2f_duo_authenticator_error"/>
60
 
61
  <input type="hidden" name="mo2f_duo_authentcator_error_nonce"
62
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-error-nonce" )) ?>"/>
63
  </form>
64
 
65
  <script>
73
 
74
  pollMobileValidation();
75
  function pollMobileValidation() {
76
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
77
  var data={
78
  'action':'mo2f_duo_authenticator_ajax',
79
  'call_type':'check_duo_push_auth_status',
113
  <p style = " font-size: 17px;"><b>Step : 1 </b></p>
114
  <div style = " background-color: #d9eff6;" >
115
  <p style = " font-size: 17px;">
116
+ <b> <a href="<?php echo esc_url($regis) ;?>" target="_blank">Click Here</a></b> <?php echo mo2f_lt( 'to configure DUO Push Notification. Once done with registration click on ');?><b><?php echo mo2f_lt( 'Send Me Push Notification Button.');?></b>
117
  </p>
118
  </div>
119
  <br>
120
  <form name="f" method="post" id="duo_mobile_send_push_notification_inside_plugin" action="" >
121
  <input type="hidden" name="option" value="duo_mobile_send_push_notification_inside_plugin" />
122
  <input type="hidden" name="duo_mobile_send_push_notification_inside_plugin_nonce"
123
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-send-duo-push-notification-inside-plugin-nonce" )) ?>"/>
124
  <p style = " font-size: 17px;"><b>Step : 2 </b></p>
125
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
126
  value="<?php echo mo2f_lt( 'Send Me Push Notification' ); ?>"/>
132
  </form>
133
  <form name="f" method="post" action="" id="mo2f_go_back_form">
134
  <input type="hidden" name="option" value="mo2f_go_back" />
135
+ <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
136
  </form>
137
  <form name="f" method="post" action="" id="mo2f_reset_duo_configuration">
138
  <input type="hidden" name="option" value="mo2f_reset_duo_configuration" />
139
  <input type="hidden" name="mo2f_duo_reset_configuration_nonce"
140
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-reset-configuration-nonce" )) ?>"/>
141
  </form>
142
  <script>
143
  jQuery('#go_back_form').click(function() {
168
  <p style = " font-size: 17px;"><b>Step : A </b></p>
169
  <div style = " background-color: #d9eff6;" >
170
  <p style = " font-size: 17px;">
171
+ <a href="<?php echo esc_url($regis);?>" target="_blank">Click Here</a> <?php echo mo2f_lt( 'to configure DUO Push Notification. Once done with registration click on ');?><b><?php echo mo2f_lt( 'Send Me Push Notification.');?></b>
172
  </p>
173
  </div>
174
 
176
  <input type="hidden" name="option" value="duo_mobile_send_push_notification_for_inline_form" />
177
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id) ?>" />
178
  <input type="hidden" name="duo_mobile_send_push_notification_inline_form_nonce"
179
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-send-duo-push-notification-inline-nonce" )) ?>"/>
180
  <p style = " font-size: 17px;"><b>Step : B </b></p>
181
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
182
  value="<?php echo mo2f_lt( 'Send Me Push Notification' ); ?>"/>
185
  </form>
186
  <form name="f" method="post" action="" id="mo2f_go_back_form">
187
  <input type="hidden" name="option" value="mo2f_go_back" />
188
+ <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
189
  </form>
190
  <script>
191
  jQuery('#go_back_form').click(function() {
211
  <form name="f" method="post" id="duo_notice_for_non_admin" action="" >
212
  <input type="hidden" name="option" value="duo_notice_for_non_admin" />
213
  <input type="hidden" name="duo_notice_for_non_admin_nonce"
214
+ value="<?php echo esc_html(wp_create_nonce( "duo-notice-for-non-admin-nonce" )) ?>"/>
215
  <input type="button" name="back" id="go_back_form" class="button button-primary button-large" value="<?php echo mo2f_lt('Back');?>" />
216
  </form>
217
  <form name="f" method="post" action="" id="mo2f_go_back_form">
218
  <input type="hidden" name="option" value="mo2f_go_back" />
219
+ <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
220
  </form>
221
  <script>
222
  jQuery('#go_back_form').click(function() {
237
  <form name="f" method="post" id="duo_mobile_register_form" action="">
238
  <input type="hidden" name="option" value="mo2f_configure_duo_authenticator_abc"/>
239
  <input type="hidden" name="mo2f_configure_duo_authenticator_nonce"
240
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-duo-authenticator-nonce" )) ?>"/>
241
  <a class="mo_app_link" data-toggle="collapse" href="#mo2f_sub_header_app" aria-expanded="false">
242
  <h3 class="mo2f_authn_header"><?php echo mo2f_lt('Step-1 : Download the Duo');?> <span style="color: #F78701;"> <?php echo mo2f_lt('Authenticator');?></span> <?php echo mo2f_lt('App');?>
243
  </h3>
262
  </li>
263
  </ol>
264
  <br>
265
+ <a style="margin-left:10%" target="_blank" href="https://apps.apple.com/app/id1482362759"><img src="<?php echo esc_url(plugins_url( 'includes/images/appstore.png' , dirname(dirname(dirname(__FILE__)))));?>" style="width:120px; height:45px; margin-left:6px;">
266
  </a>
267
  </td>
268
  <td style="padding:10px;">
293
  </form>
294
  <form name="f" method="post" action="" id="mo2f_go_back_form">
295
  <input type="hidden" name="option" value="mo2f_go_back" />
296
+ <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
297
  </form>
298
  <script>
299
  jQuery('#mo2f_inline_back_btn').click(function() {
336
  </li>
337
  </ol>
338
  <br>
339
+ <a style="margin-left:10%" target="_blank" href="https://apps.apple.com/app/id1482362759"><img src="<?php echo esc_url(plugins_url( 'includes/images/appstore.png' , dirname(dirname(dirname(__FILE__)))));?>" style="width:120px; height:45px; margin-left:6px;">
340
  </a>
341
  </td>
342
  <td style="padding:10px;">
355
  </li>
356
  </ol>
357
  <br>
358
+ <a style="margin-left:10%" target="_blank" href="https://play.google.com/store/apps/details?id=com.miniorange.android.authenticator&hl=en"><img src="<?php echo esc_url(plugins_url( 'includes/images/playStore.png' , dirname(dirname(dirname(__FILE__)))));?>" style="width:120px; height:=45px; margin-left:6px;"></a>
359
  </td>
360
  </tr>
361
  </table>
394
  <form name="f" method="post" action="" id="mo2f_save_duo_configration">
395
  <input type="hidden" name="option" value="mo2f_configure_duo_authenticator"/>
396
  <input type="hidden" name="mo2f_configure_duo_authenticator_nonce"
397
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-duo-authenticator" )) ?>"/>
398
  <p><?php echo mo2f_lt( 'Integration key' ); ?>
399
  &nbsp &nbsp <input class="mo2f_table_textbox" style="width:400px;" autofocus="true" type="text" name="ikey"
400
  placeholder="<?php echo mo2f_lt( 'Integration key' ); ?>" style="width:95%;"/>
421
  <form name="f" method="post" action="" id="mo2f_go_back_form">
422
  <input type="hidden" name="option" value="mo2f_go_back"/>
423
  <input type="hidden" name="mo2f_go_back_nonce"
424
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
425
  </form>
426
  <script>
427
  jQuery('#go_back').click(function() {
views/twofa/setup/setup_google_authenticator.php CHANGED
@@ -43,10 +43,10 @@ function mo2f_configure_google_authenticator( $user ) {
43
  <form name="f" id="login_settings_appname_form" method="post" action="">
44
  <input type="hidden" name="option" value="mo2f_google_appname" />
45
  <input type="hidden" name="mo2f_google_appname_nonce"
46
- value="<?php echo wp_create_nonce( "mo2f-google-appname-nonce" ) ?>"/>
47
  <div style="margin-left: 14%;">
48
  <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
49
- <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
50
  </div>
51
  </div>
52
  <div >
@@ -103,7 +103,7 @@ function mo2f_configure_google_authenticator( $user ) {
103
  </td>
104
  <td class="mo2f_vertical_line"></td>
105
  <td class="mo2f_google_authy_step3">
106
- <h4><?php echo '<' . $h_size . '>' . mo2f_lt( 'Step-2: Verify and Save' ) . '</' . $h_size . '>';; ?></h4>
107
  <hr>
108
  <div style="<?php echo isset( $mo2f_google_auth ) ? 'display:block' : 'display:none'; ?>">
109
  <div><?php echo mo2f_lt( 'After you have scanned the QR code and created an account, enter the verification code from the scanned account here.' ); ?></div>
@@ -113,10 +113,10 @@ function mo2f_configure_google_authenticator( $user ) {
113
  <input id="EnterOTPGATour" class="mo2f_table_textbox" style="width:200px;" autofocus="true" required="true"
114
  type="text" name="google_token" placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>"
115
  style="width:95%;"/></span><br><br>
116
- <input type="hidden" name="google_auth_secret" value="<?php echo $ga_secret ?>"/>
117
  <input type="hidden" name="option" value="mo2f_configure_google_authenticator_validate"/>
118
  <input type="hidden" name="mo2f_configure_google_authenticator_validate_nonce"
119
- value="<?php echo wp_create_nonce( "mo2f-configure-google-authenticator-validate-nonce" ) ?>"/>
120
  <input type="submit" name="validate" id="SaveOTPGATour" class="button button-primary button-large"
121
  style="float:left;" value="<?php echo mo2f_lt( 'Verify and Save' ); ?>"/>
122
  </form>
@@ -125,7 +125,7 @@ function mo2f_configure_google_authenticator( $user ) {
125
  <input type="submit" name="back" id="go_back" class="button button-primary button-large"
126
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
127
  <input type="hidden" name="mo2f_go_back_nonce"
128
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
129
  </form>
130
  </div><br>
131
  </td>
@@ -134,7 +134,7 @@ function mo2f_configure_google_authenticator( $user ) {
134
 
135
  <script>
136
  jQuery(document).ready(function(){
137
- jQuery(this).scrollTop(0);
138
  jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;margin-left:40px;width:65%">' +
139
  'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
140
  '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
43
  <form name="f" id="login_settings_appname_form" method="post" action="">
44
  <input type="hidden" name="option" value="mo2f_google_appname" />
45
  <input type="hidden" name="mo2f_google_appname_nonce"
46
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-google-appname-nonce" )) ?>"/>
47
  <div style="margin-left: 14%;">
48
  <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
49
+ <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . esc_html($data) . '" />'; ?></div>
50
  </div>
51
  </div>
52
  <div >
103
  </td>
104
  <td class="mo2f_vertical_line"></td>
105
  <td class="mo2f_google_authy_step3">
106
+ <h4><?php echo '<' . esc_html($h_size) . '>' . mo2f_lt( 'Step-2: Verify and Save' ) . '</' . esc_html($h_size) . '>';; ?></h4>
107
  <hr>
108
  <div style="<?php echo isset( $mo2f_google_auth ) ? 'display:block' : 'display:none'; ?>">
109
  <div><?php echo mo2f_lt( 'After you have scanned the QR code and created an account, enter the verification code from the scanned account here.' ); ?></div>
113
  <input id="EnterOTPGATour" class="mo2f_table_textbox" style="width:200px;" autofocus="true" required="true"
114
  type="text" name="google_token" placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>"
115
  style="width:95%;"/></span><br><br>
116
+ <input type="hidden" name="google_auth_secret" value="<?php echo esc_html($ga_secret) ?>"/>
117
  <input type="hidden" name="option" value="mo2f_configure_google_authenticator_validate"/>
118
  <input type="hidden" name="mo2f_configure_google_authenticator_validate_nonce"
119
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-google-authenticator-validate-nonce" )) ?>"/>
120
  <input type="submit" name="validate" id="SaveOTPGATour" class="button button-primary button-large"
121
  style="float:left;" value="<?php echo mo2f_lt( 'Verify and Save' ); ?>"/>
122
  </form>
125
  <input type="submit" name="back" id="go_back" class="button button-primary button-large"
126
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
127
  <input type="hidden" name="mo2f_go_back_nonce"
128
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
129
  </form>
130
  </div><br>
131
  </td>
134
 
135
  <script>
136
  jQuery(document).ready(function(){
137
+ jQuery(this).scrollTosp(0);
138
  jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;margin-left:40px;width:65%">' +
139
  'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
140
  '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
views/twofa/setup/setup_google_authenticator_onpremise.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode, $session_id_encrypt)
4
  {
5
- $gauth_name = $_SERVER['SERVER_NAME'];
6
  echo "<b><h3>1. Please scan the QR code below in your Authenticator App</h3></b>
7
  <table>
8
  <tbody>
@@ -23,11 +23,11 @@ function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode,
23
  <form name="f" id="login_settings_appname_form" method="post" action="">
24
  <input type="hidden" name="option" value="mo2f_google_appname" />
25
  <input type="hidden" name="mo2f_google_appname_nonce"
26
- value="<?php echo wp_create_nonce( "mo2f-google-appname-nonce" ) ?>"/>
27
  <div style="margin-left: 14%;">
28
  <div class="mo2f_gauth_column mo2f_gauth_left" >
29
 
30
- <div class="mo2f_gauth" style="background: white;" data-qrcode="<?php echo $url;?>" ></div>
31
  </div>
32
  </div>
33
 
@@ -58,7 +58,7 @@ function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode,
58
 
59
  <div class="mo2f_google_authy_secret_outer_div">
60
  <div class="mo2f_google_authy_secret_inner_div">
61
- <?php echo $secret; ?>
62
  </div>
63
  <div class="mo2f_google_authy_secret">
64
  <?php echo mo2f_lt( 'Spaces do not matter' ); ?>.
@@ -110,11 +110,11 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
110
  <table class="mo2f_configure_ga">
111
  <tr>
112
  <td class="mo2f_google_authy_step2">
113
- <?php echo '<' . $h_size . '>' . mo2f_lt( 'Step-1: Set up Google/Authy/LastPass Authenticator' ) . '<span style="float:right">
114
  <a href="https://developers.miniorange.com/docs/security/wordpress/wp-security/google-authenticator" target="_blank"><span class="dashicons dashicons-text-page" style="font-size:26px;color:#413c69;float: right;"></span></a>
115
 
116
  <a href="https://www.youtube.com/watch?v=vVGXjedIaGs" target="_blank"><span class="dashicons dashicons-video-alt3" style="font-size:30px;color:red;float: right; margin-right: 16px;margin-top: -3px;"></span></a>
117
- </span></' . $h_size . '>'; ?>
118
  <hr>
119
 
120
 
@@ -145,12 +145,11 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
145
  <form name="f" id="login_settings_appname_form" method="post" action="">
146
  <input type="hidden" name="option" value="mo2f_google_appname" />
147
  <input type="hidden" name="mo2f_google_appname_nonce"
148
- value="<?php echo wp_create_nonce( "mo2f-google-appname-nonce" ) ?>"/>
149
  <div class="mo2f_ga_qr_container">
150
  <div>
151
  <div class="mo2f_gauth_column mo2f_gauth_left" >
152
-
153
- <div class="mo2f_gauth" id= "displayGAQrCodeTour" style="background: white;" data-qrcode="<?php echo $url;?>" ></div>
154
  </div>
155
  </div>
156
  <br>
@@ -209,7 +208,7 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
209
  </td>
210
  <td class="mo2f_vertical_line" ></td>
211
  <td class="mo2f_google_authy_step3">
212
- <h4><?php echo '<' . $h_size . '>' . mo2f_lt( 'Step-2: Verify and Save' ) . '</' . $h_size . '>';; ?></h4>
213
  <hr>
214
  <div style="display: block;">
215
  <div><?php echo mo2f_lt( 'After you have scanned the QR code and created an account, enter the verification code from the scanned account here.' ); ?></div>
@@ -223,7 +222,7 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
223
  <input type="hidden" name="option" value="mo2f_configure_google_authenticator_validate"/>
224
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>">
225
  <input type="hidden" name="mo2f_configure_google_authenticator_validate_nonce"
226
- value="<?php echo wp_create_nonce( "mo2f-configure-google-authenticator-validate-nonce" ) ?>"/>
227
  <input type="submit" name="validate" id="SaveOTPGATour" class="button button-primary button-large"
228
  style="float:left;" value="<?php echo mo2f_lt( 'Verify and Save' ); ?>"/>
229
  </form>
@@ -232,7 +231,7 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
232
  <input style="margin-left: 5px;" type="submit" name="back" id="go_back" class="button button-primary button-large"
233
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
234
  <input type="hidden" name="mo2f_go_back_nonce"
235
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
236
  </form>
237
  </div><br><br>
238
  <div>
@@ -242,10 +241,10 @@ function mo2f_configure_google_authenticator_onprem( $secret,$url,$otpcode, $ses
242
  </tr>
243
  </table>
244
  <?php
245
- $q = $_SERVER['REQUEST_TIME']*1000;
246
  ?>
247
  <script>
248
- var d = new Date(<?php echo $q ?>);
249
  var server_time = d.toLocaleTimeString();
250
  document.getElementById("mo2f_server_time").innerHTML = server_time;
251
  </script>
2
 
3
  function mo2f_configure_google_authenticator_setupWizard($secret,$url,$otpcode, $session_id_encrypt)
4
  {
5
+ $gauth_name = sanitize_text_field($_SERVER['SERVER_NAME']);
6
  echo "<b><h3>1. Please scan the QR code below in your Authenticator App</h3></b>
7
  <table>
8
  <tbody>
23
  <form name="f" id="login_settings_appname_form" method="post" action="">
24
  <input type="hidden" name="option" value="mo2f_google_appname" />
25
  <input type="hidden" name="mo2f_google_appname_nonce"
26
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-google-appname-nonce" )) ?>"/>
27
  <div style="margin-left: 14%;">
28
  <div class="mo2f_gauth_column mo2f_gauth_left" >
29
 
30
+ <div class="mo2f_gauth" style="background: white;" data-qrcode="<?php echo esc_html($url);?>" ></div>
31
  </div>
32
  </div>
33
 
58
 
59
  <div class="mo2f_google_authy_secret_outer_div">
60
  <div class="mo2f_google_authy_secret_inner_div">
61
+ <?php echo esc_attr($secret); ?>
62
  </div>
63
  <div class="mo2f_google_authy_secret">
64
  <?php echo mo2f_lt( 'Spaces do not matter' ); ?>.
110
  <table class="mo2f_configure_ga">
111
  <tr>
112
  <td class="mo2f_google_authy_step2">
113
+ <?php echo '<' . esc_html($h_size) . '>' . mo2f_lt( 'Step-1: Set up Google/Authy/LastPass Authenticator' ) . '<span style="float:right">
114
  <a href="https://developers.miniorange.com/docs/security/wordpress/wp-security/google-authenticator" target="_blank"><span class="dashicons dashicons-text-page" style="font-size:26px;color:#413c69;float: right;"></span></a>
115
 
116
  <a href="https://www.youtube.com/watch?v=vVGXjedIaGs" target="_blank"><span class="dashicons dashicons-video-alt3" style="font-size:30px;color:red;float: right; margin-right: 16px;margin-top: -3px;"></span></a>
117
+ </span></' . esc_html($h_size) . '>'; ?>
118
  <hr>
119
 
120
 
145
  <form name="f" id="login_settings_appname_form" method="post" action="">
146
  <input type="hidden" name="option" value="mo2f_google_appname" />
147
  <input type="hidden" name="mo2f_google_appname_nonce"
148
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-google-appname-nonce" )) ?>"/>
149
  <div class="mo2f_ga_qr_container">
150
  <div>
151
  <div class="mo2f_gauth_column mo2f_gauth_left" >
152
+ <div class="mo2f_gauth" id= "displayGAQrCodeTour" style="background: white;" data-qrcode="<?php echo esc_html($url);?>" ></div>
 
153
  </div>
154
  </div>
155
  <br>
208
  </td>
209
  <td class="mo2f_vertical_line" ></td>
210
  <td class="mo2f_google_authy_step3">
211
+ <h4><?php echo '<' . esc_html($h_size) . '>' . mo2f_lt( 'Step-2: Verify and Save' ) . '</' . esc_html($h_size) . '>';; ?></h4>
212
  <hr>
213
  <div style="display: block;">
214
  <div><?php echo mo2f_lt( 'After you have scanned the QR code and created an account, enter the verification code from the scanned account here.' ); ?></div>
222
  <input type="hidden" name="option" value="mo2f_configure_google_authenticator_validate"/>
223
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>">
224
  <input type="hidden" name="mo2f_configure_google_authenticator_validate_nonce"
225
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-google-authenticator-validate-nonce" )) ?>"/>
226
  <input type="submit" name="validate" id="SaveOTPGATour" class="button button-primary button-large"
227
  style="float:left;" value="<?php echo mo2f_lt( 'Verify and Save' ); ?>"/>
228
  </form>
231
  <input style="margin-left: 5px;" type="submit" name="back" id="go_back" class="button button-primary button-large"
232
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
233
  <input type="hidden" name="mo2f_go_back_nonce"
234
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
235
  </form>
236
  </div><br><br>
237
  <div>
241
  </tr>
242
  </table>
243
  <?php
244
+ $q = sanitize_text_field($_SERVER['REQUEST_TIME'])*1000;
245
  ?>
246
  <script>
247
+ var d = new Date(<?php echo esc_html($q) ?>);
248
  var server_time = d.toLocaleTimeString();
249
  document.getElementById("mo2f_server_time").innerHTML = server_time;
250
  </script>
views/twofa/setup/setup_kba_questions.php CHANGED
@@ -166,7 +166,7 @@ function mo2f_configure_for_mobile_suppport_kba( $user ) {
166
  <br>
167
  <input type="hidden" name="option" value="mo2f_save_kba"/>
168
  <input type="hidden" name="mo2f_save_kba_nonce"
169
- value="<?php echo wp_create_nonce( "mo2f-save-kba-nonce" ) ?>"/>
170
  <center>
171
  <table>
172
  <tr>
@@ -182,7 +182,7 @@ function mo2f_configure_for_mobile_suppport_kba( $user ) {
182
  <form name="f" method="post" action="" id="mo2f_go_back_form">
183
  <input type="hidden" name="option" value="mo2f_go_back"/>
184
  <input type="hidden" name="mo2f_go_back_nonce"
185
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
186
  <input type="submit" name="back" id="go_back" class="button button-primary button-large"
187
  value="<?php echo mo2f_lt( 'Back' ); ?>"
188
  style="width:100px;line-height:30px;"/>
166
  <br>
167
  <input type="hidden" name="option" value="mo2f_save_kba"/>
168
  <input type="hidden" name="mo2f_save_kba_nonce"
169
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-save-kba-nonce" )) ?>"/>
170
  <center>
171
  <table>
172
  <tr>
182
  <form name="f" method="post" action="" id="mo2f_go_back_form">
183
  <input type="hidden" name="option" value="mo2f_go_back"/>
184
  <input type="hidden" name="mo2f_go_back_nonce"
185
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
186
  <input type="submit" name="back" id="go_back" class="button button-primary button-large"
187
  value="<?php echo mo2f_lt( 'Back' ); ?>"
188
  style="width:100px;line-height:30px;"/>
views/twofa/setup/setup_miniorange_authenticator.php CHANGED
@@ -32,9 +32,9 @@ function mo2f_configure_miniorange_authenticator($user){
32
  <input type="submit" name="mo2f_method" id="miniOrangePushNotificationButton" class="button button-primary button-large" value="Push Notification" />
33
  </div>
34
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
35
- <input type="hidden" name="mo2f_method" id="mo2f_method_mo" value="<?php echo $mo2f_method; ?>">
36
  <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt); ?>">
37
- <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce" value="<?php echo wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" ) ?>"/>
38
  <input type="button" style="float: right;" name="back" id="go_backlogin" class="button button-primary button-large" value="Back" />
39
  </form>
40
  <?php
@@ -55,7 +55,7 @@ function mo2f_configure_miniorange_authenticator($user){
55
 
56
  <form name="f" method="post" action="" id="mo2f_go_back_form">
57
  <input type="hidden" name="option" value="mo2f_go_back" />
58
- <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
59
  </form>
60
  <script>
61
  jQuery('#miniOrangeSoftTokenButton').click(function() {
@@ -100,7 +100,7 @@ function download_instruction_for_mobile_app( $mobile_reg_status){ ?>
100
  </li>
101
  </ol>
102
  <br>
103
- <a style="margin-left:10%" target="_blank" href="https://apps.apple.com/app/id1482362759"><img src="<?php echo plugins_url( 'includes/images/appstore.png' , dirname(dirname(dirname(__FILE__))) );?>" style="width:120px; height:45px; margin-left:-2.5em;">
104
  </a>
105
  </td>
106
  <td style="padding:10px;">
@@ -119,7 +119,7 @@ function download_instruction_for_mobile_app( $mobile_reg_status){ ?>
119
  </li>
120
  </ol>
121
  <br>
122
- <a style="margin-left:10%" target="_blank" href="https://play.google.com/store/apps/details?id=com.miniorange.android.authenticator&hl=en"><img src="<?php echo plugins_url( 'includes/images/playStore.png' , dirname(dirname(dirname(__FILE__))) );?>" style="width:120px; height:=45px; margin-left:-3.7em;"></a>
123
  </td>
124
  </tr>
125
  </table>
@@ -166,7 +166,7 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
166
  <br><br>
167
  <div id="displayQrCode" >
168
  <br>
169
- <?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
170
  </div>
171
 
172
  <table class="mo2f_settings_table" style="display: none;">
@@ -203,19 +203,19 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
203
  <input type="hidden" name="mo2f_method" id="mo2f_method" value="miniOrangeSoftToken" />
204
  <input type="hidden" name="option" value="mo2f_configure_miniorange_authenticator_validate" />
205
  <input type="hidden" name="mo2f_configure_miniorange_authenticator_validate_nonce"
206
- value="<?php echo wp_create_nonce( "mo2f-configure-miniorange-authenticator-validate-nonce" ) ?>"/>
207
  </form>
208
  </div>
209
  <form name="f" method="post" action="" id="mo2f_go_back_form">
210
  <input type="hidden" name="option" value="mo2f_go_back" />
211
- <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
212
  </form>
213
  <form name="f" method="post" id="mo2f_refresh_qr_form" action="" class="mo2f_display_none_forms">
214
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
215
  <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt); ?>">
216
- <input type="hidden" name="mo2f_method" id="mo2f_ref_method"value="<?php echo sanitize_text_field($_POST['mo2f_method']) ;?>" />
217
  <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce"
218
- value="<?php echo wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" ) ?>"/>
219
 
220
  </form>
221
 
@@ -226,7 +226,7 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
226
  jQuery('#go_backlogin').click(function () {
227
  jQuery('#mo2f_go_back_form').submit();
228
  });
229
- var method = "<?php echo $mo2f_method;?>";
230
  jQuery("#"+method).prop('checked',true);
231
  var method = jQuery('input[name="miniOrangeAuthenticator"]:checked').val();
232
  jQuery("#mo2f_method").val(method);
@@ -245,7 +245,7 @@ function initialize_mobile_registration($user,$session_id_encrypt = null) {
245
  pollMobileRegistration();
246
 
247
  function pollMobileRegistration() {
248
- var transId = "<?php echo MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId'); ?>";
249
  var jsonString = "{\"txId\":\"" + transId + "\"}";
250
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/registration-status";
251
  jQuery.ajax({
32
  <input type="submit" name="mo2f_method" id="miniOrangePushNotificationButton" class="button button-primary button-large" value="Push Notification" />
33
  </div>
34
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
35
+ <input type="hidden" name="mo2f_method" id="mo2f_method_mo" value="<?php echo esc_html($mo2f_method); ?>">
36
  <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt); ?>">
37
+ <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" )) ?>"/>
38
  <input type="button" style="float: right;" name="back" id="go_backlogin" class="button button-primary button-large" value="Back" />
39
  </form>
40
  <?php
55
 
56
  <form name="f" method="post" action="" id="mo2f_go_back_form">
57
  <input type="hidden" name="option" value="mo2f_go_back" />
58
+ <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
59
  </form>
60
  <script>
61
  jQuery('#miniOrangeSoftTokenButton').click(function() {
100
  </li>
101
  </ol>
102
  <br>
103
+ <a style="margin-left:10%" target="_blank" href="https://apps.apple.com/app/id1482362759"><img src="<?php echo esc_url(plugins_url( 'includes/images/appstore.png' , dirname(dirname(dirname(__FILE__)))) );?>" style="width:120px; height:45px; margin-left:-2.5em;">
104
  </a>
105
  </td>
106
  <td style="padding:10px;">
119
  </li>
120
  </ol>
121
  <br>
122
+ <a style="margin-left:10%" target="_blank" href="https://play.google.com/store/apps/details?id=com.miniorange.android.authenticator&hl=en"><img src="<?php echo esc_url(plugins_url( 'includes/images/playStore.png' , dirname(dirname(dirname(__FILE__)))) );?>" style="width:120px; height:=45px; margin-left:-3.7em;"></a>
123
  </td>
124
  </tr>
125
  </table>
166
  <br><br>
167
  <div id="displayQrCode" >
168
  <br>
169
+ <?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . esc_html($data) . '" />'; ?>
170
  </div>
171
 
172
  <table class="mo2f_settings_table" style="display: none;">
203
  <input type="hidden" name="mo2f_method" id="mo2f_method" value="miniOrangeSoftToken" />
204
  <input type="hidden" name="option" value="mo2f_configure_miniorange_authenticator_validate" />
205
  <input type="hidden" name="mo2f_configure_miniorange_authenticator_validate_nonce"
206
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-miniorange-authenticator-validate-nonce" )) ?>"/>
207
  </form>
208
  </div>
209
  <form name="f" method="post" action="" id="mo2f_go_back_form">
210
  <input type="hidden" name="option" value="mo2f_go_back" />
211
+ <input type="hidden" name="mo2f_go_back_nonce" value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
212
  </form>
213
  <form name="f" method="post" id="mo2f_refresh_qr_form" action="" class="mo2f_display_none_forms">
214
  <input type="hidden" name="option" value="mo_auth_refresh_mobile_qrcode" />
215
  <input type="hidden" name="mo2f_session_id" id="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt); ?>">
216
+ <input type="hidden" name="mo2f_method" id="mo2f_ref_method"value="<?php echo esc_html($_POST['mo2f_method']) ;?>" />
217
  <input type="hidden" name="mo_auth_refresh_mobile_qrcode_nonce"
218
+ value="<?php echo esc_html(wp_create_nonce( "mo-auth-refresh-mobile-qrcode-nonce" )) ?>"/>
219
 
220
  </form>
221
 
226
  jQuery('#go_backlogin').click(function () {
227
  jQuery('#mo2f_go_back_form').submit();
228
  });
229
+ var method = "<?php echo esc_html($mo2f_method);?>";
230
  jQuery("#"+method).prop('checked',true);
231
  var method = jQuery('input[name="miniOrangeAuthenticator"]:checked').val();
232
  jQuery("#mo2f_method").val(method);
245
  pollMobileRegistration();
246
 
247
  function pollMobileRegistration() {
248
+ var transId = "<?php echo esc_html(MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId')); ?>";
249
  var jsonString = "{\"txId\":\"" + transId + "\"}";
250
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/registration-status";
251
  jQuery.ajax({
views/twofa/setup/setup_otp_over_sms.php CHANGED
@@ -17,7 +17,7 @@ function mo2f_configure_otp_over_sms( $user ) {
17
  </h3>
18
  <hr>
19
  <?php if(current_user_can('administrator')) {?>
20
- <h3 style="padding:20px; background-color: #a7c5eb;border-radius:5px "> Remaining SMS Transactions: <b><i><?php echo get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');?> </i></b>
21
  <a id="mo2f_transactions_check" class="button button-primary mo2f_check_sms">Update Available SMS</a>
22
  </h3>
23
  <?php } ?>
@@ -25,7 +25,7 @@ function mo2f_configure_otp_over_sms( $user ) {
25
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
26
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
27
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
28
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" ) ?>"/>
29
 
30
  <div style="display:inline;">
31
  <input class="mo2f_table_textbox" style="width:200px;" type="text" name="verify_phone" id="phone"
@@ -39,7 +39,7 @@ function mo2f_configure_otp_over_sms( $user ) {
39
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
40
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
41
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
42
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" ) ?>"/>
43
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
44
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token"
45
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -53,7 +53,7 @@ function mo2f_configure_otp_over_sms( $user ) {
53
  <form name="f" method="post" action="" id="mo2f_go_back_form">
54
  <input type="hidden" name="option" value="mo2f_go_back"/>
55
  <input type="hidden" name="mo2f_go_back_nonce"
56
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
57
  </form>
58
  <script>
59
  jQuery("#mo2f_transactions_check").click(function()
17
  </h3>
18
  <hr>
19
  <?php if(current_user_can('administrator')) {?>
20
+ <h3 style="padding:20px; background-color: #a7c5eb;border-radius:5px "> Remaining SMS Transactions: <b><i><?php echo intval(esc_html(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')));?> </i></b>
21
  <a id="mo2f_transactions_check" class="button button-primary mo2f_check_sms">Update Available SMS</a>
22
  </h3>
23
  <?php } ?>
25
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
26
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
27
  <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
28
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" )) ?>"/>
29
 
30
  <div style="display:inline;">
31
  <input class="mo2f_table_textbox" style="width:200px;" type="text" name="verify_phone" id="phone"
39
  <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
40
  <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
41
  <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
42
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" )) ?>"/>
43
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
44
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token"
45
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
53
  <form name="f" method="post" action="" id="mo2f_go_back_form">
54
  <input type="hidden" name="option" value="mo2f_go_back"/>
55
  <input type="hidden" name="mo2f_go_back_nonce"
56
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
57
  </form>
58
  <script>
59
  jQuery("#mo2f_transactions_check").click(function()
views/twofa/setup/setup_otp_over_telegram.php CHANGED
@@ -18,7 +18,7 @@ function mo2f_configure_otp_over_Telegram( $user ) {
18
  <form name="f" method="post" action="" id="mo2f_verifychatID_form">
19
  <input type="hidden" name="option" value="mo2f_configure_otp_over_Telegram_send_otp"/>
20
  <input type="hidden" name="mo2f_configure_otp_over_Telegram_send_otp_nonce"
21
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-Telegram-send-otp-nonce" ) ?>"/>
22
 
23
  <h4 class='mo_wpns_not_bold'> 1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message.</h4>
24
  <div style="display:inline;">
@@ -34,7 +34,7 @@ function mo2f_configure_otp_over_Telegram( $user ) {
34
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
35
  <input type="hidden" name="option" value="mo2f_configure_otp_over_Telegram_validate"/>
36
  <input type="hidden" name="mo2f_configure_otp_over_Telegram_validate_nonce"
37
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-Telegram-validate-nonce" ) ?>"/>
38
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
39
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token"
40
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -47,7 +47,7 @@ function mo2f_configure_otp_over_Telegram( $user ) {
47
  <form name="f" method="post" action="" id="mo2f_go_back_form">
48
  <input type="hidden" name="option" value="mo2f_go_back"/>
49
  <input type="hidden" name="mo2f_go_back_nonce"
50
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
51
  </form>
52
  <script>
53
  jQuery('#go_back').click(function () {
18
  <form name="f" method="post" action="" id="mo2f_verifychatID_form">
19
  <input type="hidden" name="option" value="mo2f_configure_otp_over_Telegram_send_otp"/>
20
  <input type="hidden" name="mo2f_configure_otp_over_Telegram_send_otp_nonce"
21
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-Telegram-send-otp-nonce" )) ?>"/>
22
 
23
  <h4 class='mo_wpns_not_bold'> 1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message.</h4>
24
  <div style="display:inline;">
34
  <form name="f" method="post" action="" id="mo2f_validateotp_form">
35
  <input type="hidden" name="option" value="mo2f_configure_otp_over_Telegram_validate"/>
36
  <input type="hidden" name="mo2f_configure_otp_over_Telegram_validate_nonce"
37
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-Telegram-validate-nonce" )) ?>"/>
38
  <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
39
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token"
40
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
47
  <form name="f" method="post" action="" id="mo2f_go_back_form">
48
  <input type="hidden" name="option" value="mo2f_go_back"/>
49
  <input type="hidden" name="mo2f_go_back_nonce"
50
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
51
  </form>
52
  <script>
53
  jQuery('#go_back').click(function () {
views/twofa/setup/setup_otp_over_whatsapp.php DELETED
@@ -1,88 +0,0 @@
1
- <?php
2
-
3
- function mo2f_configure_otp_over_Whatsapp( $user ) {
4
-
5
- $whatsapp_id = get_user_meta($user->ID,'mo2f_whatsapp_id',true);
6
- $whatsapp_number = get_user_meta($user->ID,'mo2f_whatsapp_num',true);
7
- if($whatsapp_id == '')
8
- $whatsapp_id = get_user_meta($user->ID,'mo2f_temp_whatsappID',true);
9
- if($whatsapp_number == '')
10
- $whatsapp_number = get_user_meta($user->ID,'mo2f_temp_whatsapp_num',true);
11
-
12
-
13
- ?>
14
-
15
- <h3>
16
- <?php echo mo2f_lt( 'Configure OTP over Whatsapp <p style="text-align: right;"> Note: The Free API is only for personal use. </p>' ); ?>
17
-
18
- </h3>
19
- <h4> Remaining Whatsapp Transaction: <b><?php echo get_site_option('cmVtYWluaW5nV2hhdHNhcHB0cmFuc2FjdGlvbnM='); ?></b></h4>
20
- <hr>
21
-
22
- <form name="f" method="post" action="" id="mo2f_verifywhatsappID_form">
23
- <input type="hidden" name="option" value="mo2f_configure_otp_over_Whatsapp_send_otp"/>
24
- <input type="hidden" name="mo2f_configure_otp_over_Whatsapp_send_otp_nonce"
25
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-Whatsapp-send-otp-nonce" ) ?>"/>
26
-
27
- <h4 class='mo_wpns_not_bold'> 1. Add the given phone number (+34 644 17 94 64) in your phone with any name of your choice. <br><br> 2. Open the Whatsapp app in your phone and send the below text to the given phone number. <b>Message:</b> I allow callmebot to send me messages</h4>
28
- <div style="display:inline;">
29
-
30
- <h4 class='mo_wpns_not_bold'> 3. Enter the recieved API Key and your phone number in the below box.</h4>
31
- <table>
32
- <tr>
33
- <th>
34
- API Key:
35
- </th>
36
- <th>
37
- <input class="mo2f_table_textbox" style="width:200px;" type="text" name="verify_whatsappID" required id="phone"
38
- value="<?php echo esc_html($whatsapp_id) ?>" pattern="[0-9]+"
39
- title="<?php echo mo2f_lt( 'Enter API Key recieved on your Whatsapp without any space or dashes' ); ?>"/><br>
40
- </th>
41
- </tr>
42
- <tr>
43
- <th>
44
- Phone Number(with Country code):
45
- </th>
46
- <th>
47
- <input class="mo2f_table_textbox" style="width:200px;" type="text" required name="verify_whatsappNum" id="phone"
48
- value="<?php echo $whatsapp_number ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
49
- title="<?php echo mo2f_lt( 'Enter your Whatsapp Number with your country code.' ); ?>"/><br>
50
- </th>
51
- </tr>
52
- </table>
53
- <input type="submit" name="verify" id="verify" class="button button-primary button-large"
54
- value="<?php echo mo2f_lt( 'Verify' ); ?>"/>
55
- </div>
56
- </form>
57
- <form name="f" method="post" action="" id="mo2f_validateotp_form">
58
- <input type="hidden" name="option" value="mo2f_configure_otp_over_Whatsapp_validate"/>
59
- <input type="hidden" name="mo2f_configure_otp_over_Whatsapp_validate_nonce"
60
- value="<?php echo wp_create_nonce( "mo2f-configure-otp-over-Whatsapp-validate-nonce" ) ?>"/>
61
- <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
62
- <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token"
63
- placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
64
- <a href="#resendWhatsappSMS"><?php echo mo2f_lt( 'Resend OTP ?' ); ?></a>
65
- <br><br>
66
- <input type="button" name="back" id="go_back" class="button button-primary button-large"
67
- value="<?php echo mo2f_lt( 'Back' ); ?>"/>
68
- <input type="submit" name="validate" id="validate" class="button button-primary button-large"
69
- value="<?php echo mo2f_lt( 'Validate OTP' ); ?>"/>
70
- </form><br>
71
- <form name="f" method="post" action="" id="mo2f_go_back_form">
72
- <input type="hidden" name="option" value="mo2f_go_back"/>
73
- <input type="hidden" name="mo2f_go_back_nonce"
74
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
75
- </form>
76
- <script>
77
- jQuery('#go_back').click(function () {
78
- jQuery('#mo2f_go_back_form').submit();
79
- });
80
- jQuery('a[href=\"#resendWhatsappSMS\"]').click(function (e) {
81
- jQuery('#mo2f_verifyChatID_form').submit();
82
- });
83
-
84
- </script>
85
- <?php
86
- }
87
-
88
- ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/twofa/setup_twofa.php CHANGED
@@ -239,19 +239,19 @@
239
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
240
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"/>
241
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
242
- value="<?php echo wp_create_nonce( "mo-2factor-test-authentication-method-nonce" ) ?>"/>
243
  </form>
244
  <form name="f" method="post" action="" id="mo2f_2factor_resume_flow_driven_setup_form">
245
  <input type="hidden" name="option" value="mo_2factor_resume_flow_driven_setup"/>
246
  <input type="hidden" name="mo_2factor_resume_flow_driven_setup_nonce"
247
- value="<?php echo wp_create_nonce( "mo-2factor-resume-flow-driven-setup-nonce" ) ?>"/>
248
  </form>
249
 
250
 
251
  <form name="f" method="post" action="" id="mo2f_2factor_generate_backup_codes">
252
  <input type="hidden" name="option" value="mo2f_2factor_generate_backup_codes"/>
253
  <input type="hidden" name="mo_2factor_generate_backup_codes_nonce"
254
- value="<?php echo wp_create_nonce( "mo-2factor-generate-backup-codes-nonce" ) ?>"/>
255
  </form>
256
 
257
 
@@ -331,7 +331,7 @@
331
  jQuery('#ConfirmCloudButton1').click(function(){
332
  document.getElementById('mo2f_cloud').checked = false;
333
  document.getElementById('mo2f_cloud_modal').style.display = "none";
334
- var nonce = '<?php echo wp_create_nonce("singleUserNonce");?>';
335
  var data = {
336
  'action' : 'mo_two_factor_ajax',
337
  'mo_2f_two_factor_ajax' : 'mo2f_single_user',
@@ -372,7 +372,7 @@
372
  });
373
  jQuery('#save_entered_email').click(function(){
374
  var email = jQuery('#emailEntered').val();
375
- var nonce = '<?php echo wp_create_nonce('EmailVerificationSaveNonce');?>';
376
 
377
  var current_method = jQuery('#current_method').val();
378
 
@@ -444,7 +444,7 @@
444
 
445
  if((is_onprem == 0 || authMethod=='miniOrangeSoftToken'|| authMethod=='miniOrangeQRCodeAuthentication'|| authMethod=='miniOrangePushNotification') && is_user_registered == 0)
446
  {
447
- var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
448
  var data = {
449
  'action' : 'mo_two_factor_ajax',
450
  'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
@@ -460,7 +460,7 @@
460
  jQuery('#save_entered_email_cloud').click(function(){
461
 
462
  jQuery('#EnterEmailCloudVerification').css('display', 'none');
463
- var nonce = '<?php echo wp_create_nonce("checkuserinminiOrangeNonce");?>';
464
  var email = jQuery('#emailEnteredCloud').val();
465
 
466
  var data = {
239
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
240
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"/>
241
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
242
+ value="<?php echo esc_html(wp_create_nonce( "mo-2factor-test-authentication-method-nonce" )) ?>"/>
243
  </form>
244
  <form name="f" method="post" action="" id="mo2f_2factor_resume_flow_driven_setup_form">
245
  <input type="hidden" name="option" value="mo_2factor_resume_flow_driven_setup"/>
246
  <input type="hidden" name="mo_2factor_resume_flow_driven_setup_nonce"
247
+ value="<?php echo esc_html(wp_create_nonce( "mo-2factor-resume-flow-driven-setup-nonce" )) ?>"/>
248
  </form>
249
 
250
 
251
  <form name="f" method="post" action="" id="mo2f_2factor_generate_backup_codes">
252
  <input type="hidden" name="option" value="mo2f_2factor_generate_backup_codes"/>
253
  <input type="hidden" name="mo_2factor_generate_backup_codes_nonce"
254
+ value="<?php echo esc_html(wp_create_nonce( "mo-2factor-generate-backup-codes-nonce" )) ?>"/>
255
  </form>
256
 
257
 
331
  jQuery('#ConfirmCloudButton1').click(function(){
332
  document.getElementById('mo2f_cloud').checked = false;
333
  document.getElementById('mo2f_cloud_modal').style.display = "none";
334
+ var nonce = '<?php echo esc_html(wp_create_nonce("singleUserNonce"));?>';
335
  var data = {
336
  'action' : 'mo_two_factor_ajax',
337
  'mo_2f_two_factor_ajax' : 'mo2f_single_user',
372
  });
373
  jQuery('#save_entered_email').click(function(){
374
  var email = jQuery('#emailEntered').val();
375
+ var nonce = '<?php echo esc_html(wp_create_nonce('EmailVerificationSaveNonce'));?>';
376
 
377
  var current_method = jQuery('#current_method').val();
378
 
444
 
445
  if((is_onprem == 0 || authMethod=='miniOrangeSoftToken'|| authMethod=='miniOrangeQRCodeAuthentication'|| authMethod=='miniOrangePushNotification') && is_user_registered == 0)
446
  {
447
+ var nonce = '<?php echo esc_html(wp_create_nonce("checkuserinminiOrangeNonce"));?>';
448
  var data = {
449
  'action' : 'mo_two_factor_ajax',
450
  'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
460
  jQuery('#save_entered_email_cloud').click(function(){
461
 
462
  jQuery('#EnterEmailCloudVerification').css('display', 'none');
463
+ var nonce = '<?php echo esc_html(wp_create_nonce("checkuserinminiOrangeNonce"));?>';
464
  var email = jQuery('#emailEnteredCloud').val();
465
 
466
  var data = {
views/twofa/test/test_twofa_duo_authenticator.php CHANGED
@@ -9,7 +9,7 @@
9
  <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
10
  <br>
11
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
12
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
13
  </center>
14
 
15
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
@@ -20,18 +20,18 @@
20
  <form name="f" method="post" action="" id="mo2f_go_back_form">
21
  <input type="hidden" name="option" value="mo2f_go_back"/>
22
  <input type="hidden" name="mo2f_go_back_nonce"
23
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
24
  </form>
25
  <form name="f" method="post" id="mo2f_duo_authenticator_success_form" action="">
26
  <input type="hidden" name="option" value="mo2f_duo_authenticator_success_form"/>
27
  <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
28
- value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-success-nonce" ) ?>"/>
29
  </form>
30
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
31
  <input type="hidden" name="option" value="mo2f_duo_authenticator_error"/>
32
 
33
  <input type="hidden" name="mo2f_duo_authentcator_error_nonce"
34
- value="<?php echo wp_create_nonce( "mo2f-duo-authenticator-error-nonce" ) ?>"/>
35
  </form>
36
 
37
  <script>
@@ -45,7 +45,7 @@
45
 
46
  pollMobileValidation();
47
  function pollMobileValidation() {
48
- var nonce = "<?php echo wp_create_nonce( 'miniorange-2-factor-duo-nonce' ); ?>";
49
  var data={
50
  'action':'mo2f_duo_authenticator_ajax',
51
  'call_type':'check_duo_push_auth_status',
9
  <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
10
  <br>
11
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
12
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__)))) ); ?>"/>
13
  </center>
14
 
15
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
20
  <form name="f" method="post" action="" id="mo2f_go_back_form">
21
  <input type="hidden" name="option" value="mo2f_go_back"/>
22
  <input type="hidden" name="mo2f_go_back_nonce"
23
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
24
  </form>
25
  <form name="f" method="post" id="mo2f_duo_authenticator_success_form" action="">
26
  <input type="hidden" name="option" value="mo2f_duo_authenticator_success_form"/>
27
  <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
28
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-success-nonce" )) ?>"/>
29
  </form>
30
  <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
31
  <input type="hidden" name="option" value="mo2f_duo_authenticator_error"/>
32
 
33
  <input type="hidden" name="mo2f_duo_authentcator_error_nonce"
34
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-error-nonce" )) ?>"/>
35
  </form>
36
 
37
  <script>
45
 
46
  pollMobileValidation();
47
  function pollMobileValidation() {
48
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
49
  var data={
50
  'action':'mo2f_duo_authenticator_ajax',
51
  'call_type':'check_duo_push_auth_status',
views/twofa/test/test_twofa_email_verification.php CHANGED
@@ -14,7 +14,7 @@
14
  <h3><?php echo mo2f_lt( 'A verification email is sent to your registered email.' ); ?>
15
  <br>
16
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
17
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__))) ); ?>"/>
18
  </center>
19
 
20
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
@@ -25,19 +25,19 @@
25
  <form name="f" method="post" action="" id="mo2f_go_back_form">
26
  <input type="hidden" name="option" value="mo2f_go_back"/>
27
  <input type="hidden" name="mo2f_go_back_nonce"
28
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
29
  </form>
30
  <form name="f" method="post" id="mo2f_out_of_band_success_form" action="">
31
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
32
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
33
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-success-nonce" ) ?>"/>
34
  <input type="hidden" name="TxidEmail" value="<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>"/>
35
  </form>
36
  <form name="f" method="post" id="mo2f_out_of_band_error_form" action="">
37
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
38
 
39
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
40
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-error-nonce" ) ?>"/>
41
  </form>
42
 
43
  <script type="text/javascript">
@@ -56,9 +56,9 @@
56
  var timeout;
57
  pollMobileValidation();
58
  function pollMobileValidation() {
59
- var otpToken = "<?php echo $otpToken; ?>";
60
  var jsonString = "{\"otpToken\":\"" + otpToken + "\"}";
61
- var txid = '<?php echo $txid;?>';
62
  var data = {
63
  'action' : 'mo_two_factor_ajax',
64
  'mo_2f_two_factor_ajax' : 'CheckEVStatus',
@@ -90,7 +90,7 @@
90
  var timeout;
91
  pollMobileValidation();
92
  function pollMobileValidation() {
93
- var transId = "<?php echo $mo2f_transactionId; ?>";
94
  var jsonString = "{\"txId\":\"" + transId + "\"}";
95
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
96
 
14
  <h3><?php echo mo2f_lt( 'A verification email is sent to your registered email.' ); ?>
15
  <br>
16
  <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
17
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__)))) ); ?>"/>
18
  </center>
19
 
20
  <input type="button" name="back" id="go_back" class="button button-primary button-large"
25
  <form name="f" method="post" action="" id="mo2f_go_back_form">
26
  <input type="hidden" name="option" value="mo2f_go_back"/>
27
  <input type="hidden" name="mo2f_go_back_nonce"
28
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
29
  </form>
30
  <form name="f" method="post" id="mo2f_out_of_band_success_form" action="">
31
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
32
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
33
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-success-nonce" )) ?>"/>
34
  <input type="hidden" name="TxidEmail" value="<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>"/>
35
  </form>
36
  <form name="f" method="post" id="mo2f_out_of_band_error_form" action="">
37
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
38
 
39
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
40
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-error-nonce" )) ?>"/>
41
  </form>
42
 
43
  <script type="text/javascript">
56
  var timeout;
57
  pollMobileValidation();
58
  function pollMobileValidation() {
59
+ var otpToken = "<?php echo esc_html($otpToken); ?>";
60
  var jsonString = "{\"otpToken\":\"" + otpToken + "\"}";
61
+ var txid = '<?php echo esc_html($txid);?>';
62
  var data = {
63
  'action' : 'mo_two_factor_ajax',
64
  'mo_2f_two_factor_ajax' : 'CheckEVStatus',
90
  var timeout;
91
  pollMobileValidation();
92
  function pollMobileValidation() {
93
+ var transId = "<?php echo esc_html($mo2f_transactionId); ?>";
94
  var jsonString = "{\"txId\":\"" + transId + "\"}";
95
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
96
 
views/twofa/test/test_twofa_google_authy_authenticator.php CHANGED
@@ -9,7 +9,7 @@
9
  <form name="f" method="post" action="">
10
  <input type="hidden" name="option" value="mo2f_validate_google_authy_test"/>
11
  <input type="hidden" name="mo2f_validate_google_authy_test_nonce"
12
- value="<?php echo wp_create_nonce( "mo2f-validate-google-authy-test-nonce" ) ?>"/>
13
 
14
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
15
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:100%;"/>
@@ -23,7 +23,7 @@
23
  <form name="f" method="post" action="" id="mo2f_go_back_form">
24
  <input type="hidden" name="option" value="mo2f_go_back"/>
25
  <input type="hidden" name="mo2f_go_back_nonce"
26
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
27
  </form>
28
  <script>
29
  jQuery('#go_back').click(function () {
@@ -38,7 +38,7 @@ function mo2f_test_otp_over_email( $user,$method ) {
38
 
39
  ?>
40
  <h3><?php echo mo2f_lt( 'Test ' ) . mo2f_lt( $method ); ?></h3>
41
- <h4> Remaining Email Transaction: <?php echo MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');?> </h4>
42
 
43
  <hr>
44
  <p><?php echo mo2f_lt( 'Enter the one time passcode sent to your registered email id.' ); ?></p>
@@ -46,7 +46,7 @@ function mo2f_test_otp_over_email( $user,$method ) {
46
  <form name="f" method="post" action="">
47
  <input type="hidden" name="option" value="mo2f_validate_otp_over_email"/>
48
  <input type="hidden" name="mo2f_validate_otp_over_email_test_nonce"
49
- value="<?php echo wp_create_nonce( "mo2f-validate-otp-over-email-test-nonce" ) ?>"/>
50
 
51
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
52
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -60,7 +60,7 @@ function mo2f_test_otp_over_email( $user,$method ) {
60
  <form name="f" method="post" action="" id="mo2f_go_back_form">
61
  <input type="hidden" name="option" value="mo2f_go_back"/>
62
  <input type="hidden" name="mo2f_go_back_nonce"
63
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
64
  </form>
65
  <script>
66
  jQuery('#go_back').click(function () {
9
  <form name="f" method="post" action="">
10
  <input type="hidden" name="option" value="mo2f_validate_google_authy_test"/>
11
  <input type="hidden" name="mo2f_validate_google_authy_test_nonce"
12
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-google-authy-test-nonce" )) ?>"/>
13
 
14
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
15
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:100%;"/>
23
  <form name="f" method="post" action="" id="mo2f_go_back_form">
24
  <input type="hidden" name="option" value="mo2f_go_back"/>
25
  <input type="hidden" name="mo2f_go_back_nonce"
26
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce")) ?>"/>
27
  </form>
28
  <script>
29
  jQuery('#go_back').click(function () {
38
 
39
  ?>
40
  <h3><?php echo mo2f_lt( 'Test ' ) . mo2f_lt( $method ); ?></h3>
41
+ <h4> Remaining Email Transaction: <?php echo intval(esc_html((MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option'))));?> </h4>
42
 
43
  <hr>
44
  <p><?php echo mo2f_lt( 'Enter the one time passcode sent to your registered email id.' ); ?></p>
46
  <form name="f" method="post" action="">
47
  <input type="hidden" name="option" value="mo2f_validate_otp_over_email"/>
48
  <input type="hidden" name="mo2f_validate_otp_over_email_test_nonce"
49
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-otp-over-email-test-nonce" )) ?>"/>
50
 
51
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
52
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
60
  <form name="f" method="post" action="" id="mo2f_go_back_form">
61
  <input type="hidden" name="option" value="mo2f_go_back"/>
62
  <input type="hidden" name="mo2f_go_back_nonce"
63
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
64
  </form>
65
  <script>
66
  jQuery('#go_back').click(function () {
views/twofa/test/test_twofa_kba_questions.php CHANGED
@@ -10,7 +10,7 @@
10
  <form name="f" method="post" action="" id="mo2f_test_kba_form">
11
  <input type="hidden" name="option" value="mo2f_validate_kba_details"/>
12
  <input type="hidden" name="mo2f_validate_kba_details_nonce"
13
- value="<?php echo wp_create_nonce( "mo2f-validate-kba-details-nonce" ) ?>"/>
14
 
15
  <div id="mo2f_kba_content">
16
  <?php if ( isset( $questions ) ) {
@@ -42,7 +42,7 @@
42
  <form name="f" method="post" action="" id="mo2f_go_back_form">
43
  <input type="hidden" name="option" value="mo2f_go_back"/>
44
  <input type="hidden" name="mo2f_go_back_nonce"
45
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
46
  </form>
47
  <script>
48
  jQuery('#go_back').click(function () {
10
  <form name="f" method="post" action="" id="mo2f_test_kba_form">
11
  <input type="hidden" name="option" value="mo2f_validate_kba_details"/>
12
  <input type="hidden" name="mo2f_validate_kba_details_nonce"
13
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-kba-details-nonce" )) ?>"/>
14
 
15
  <div id="mo2f_kba_content">
16
  <?php if ( isset( $questions ) ) {
42
  <form name="f" method="post" action="" id="mo2f_go_back_form">
43
  <input type="hidden" name="option" value="mo2f_go_back"/>
44
  <input type="hidden" name="mo2f_go_back_nonce"
45
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
46
  </form>
47
  <script>
48
  jQuery('#go_back').click(function () {
views/twofa/test/test_twofa_miniorange_push_notification.php CHANGED
@@ -18,17 +18,17 @@
18
  <form name="f" method="post" action="" id="mo2f_go_back_form">
19
  <input type="hidden" name="option" value="mo2f_go_back"/>
20
  <input type="hidden" name="mo2f_go_back_nonce"
21
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
22
  </form>
23
  <form name="f" method="post" id="mo2f_push_success_form" action="">
24
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
25
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
26
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-success-nonce" ) ?>"/>
27
  </form>
28
  <form name="f" method="post" id="mo2f_push_error_form" action="">
29
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
30
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
31
- value="<?php echo wp_create_nonce( "mo2f-out-of-band-error-nonce" ) ?>"/>
32
  </form>
33
 
34
  <script>
@@ -40,7 +40,7 @@
40
  pollMobileValidation();
41
 
42
  function pollMobileValidation() {
43
- var transId = "<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>";
44
  var jsonString = "{\"txId\":\"" + transId + "\"}";
45
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
46
 
18
  <form name="f" method="post" action="" id="mo2f_go_back_form">
19
  <input type="hidden" name="option" value="mo2f_go_back"/>
20
  <input type="hidden" name="mo2f_go_back_nonce"
21
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
22
  </form>
23
  <form name="f" method="post" id="mo2f_push_success_form" action="">
24
  <input type="hidden" name="option" value="mo2f_out_of_band_success"/>
25
  <input type="hidden" name="mo2f_out_of_band_success_nonce"
26
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-success-nonce" )) ?>"/>
27
  </form>
28
  <form name="f" method="post" id="mo2f_push_error_form" action="">
29
  <input type="hidden" name="option" value="mo2f_out_of_band_error"/>
30
  <input type="hidden" name="mo2f_out_of_band_error_nonce"
31
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-out-of-band-error-nonce" )) ?>"/>
32
  </form>
33
 
34
  <script>
40
  pollMobileValidation();
41
 
42
  function pollMobileValidation() {
43
+ var transId = "<?php echo esc_html(get_user_meta($user->ID, 'mo2f_transactionId', true)); ?>";
44
  var jsonString = "{\"txId\":\"" + transId + "\"}";
45
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
46
 
views/twofa/test/test_twofa_miniorange_qrcode_authentication.php CHANGED
@@ -26,7 +26,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
26
  <table class="mo2f_settings_table">
27
  <div id="qr-success"></div>
28
  <div id="displayQrCode" >
29
- <br><?php echo '<img style="width:165px;" src="data:image/jpg;base64,' . get_user_meta($user->ID, 'mo2f_qrCode', true) . '" />'; ?>
30
  </div>
31
 
32
  </table>
@@ -35,17 +35,17 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
35
  <form name="f" method="post" id="mo2f_mobile_authenticate_success_form" action="">
36
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_success"/>
37
  <input type="hidden" name="mo2f_mobile_authenticate_success_nonce"
38
- value="<?php echo wp_create_nonce( "mo2f-mobile-authenticate-success-nonce" ) ?>"/>
39
  </form>
40
  <form name="f" method="post" id="mo2f_mobile_authenticate_error_form" action="">
41
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_error"/>
42
  <input type="hidden" name="mo2f_mobile_authenticate_error_nonce"
43
- value="<?php echo wp_create_nonce( "mo2f-mobile-authenticate-error-nonce" ) ?>"/>
44
  </form>
45
  <form name="f" method="post" action="" id="mo2f_go_back_form">
46
  <input type="hidden" name="option" value="mo2f_go_back"/>
47
  <input type="hidden" name="mo2f_go_back_nonce"
48
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
49
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
50
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
51
  </form>
@@ -57,7 +57,7 @@ function mo2f_test_miniorange_qr_code_authentication( $user ) {
57
  pollMobileValidation();
58
 
59
  function pollMobileValidation() {
60
- var transId = "<?php echo get_user_meta($user->ID, 'mo2f_transactionId', true); ?>";
61
  var jsonString = "{\"txId\":\"" + transId + "\"}";
62
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
63
 
26
  <table class="mo2f_settings_table">
27
  <div id="qr-success"></div>
28
  <div id="displayQrCode" >
29
+ <br><?php echo '<img style="width:165px;" src="data:image/jpg;base64,' . esc_html(get_user_meta($user->ID, 'mo2f_qrCode', true)) . '" />'; ?>
30
  </div>
31
 
32
  </table>
35
  <form name="f" method="post" id="mo2f_mobile_authenticate_success_form" action="">
36
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_success"/>
37
  <input type="hidden" name="mo2f_mobile_authenticate_success_nonce"
38
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-mobile-authenticate-success-nonce" )) ?>"/>
39
  </form>
40
  <form name="f" method="post" id="mo2f_mobile_authenticate_error_form" action="">
41
  <input type="hidden" name="option" value="mo2f_mobile_authenticate_error"/>
42
  <input type="hidden" name="mo2f_mobile_authenticate_error_nonce"
43
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-mobile-authenticate-error-nonce" )) ?>"/>
44
  </form>
45
  <form name="f" method="post" action="" id="mo2f_go_back_form">
46
  <input type="hidden" name="option" value="mo2f_go_back"/>
47
  <input type="hidden" name="mo2f_go_back_nonce"
48
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
49
  <input type="submit" name="validate" id="validate" class="button button-primary button-large"
50
  value="<?php echo mo2f_lt( 'Back' ); ?>"/>
51
  </form>
57
  pollMobileValidation();
58
 
59
  function pollMobileValidation() {
60
+ var transId = "<?php echo esc_html(get_user_meta($user->ID, 'mo2f_transactionId', true)); ?>";
61
  var jsonString = "{\"txId\":\"" + transId + "\"}";
62
  var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
63
 
views/twofa/test/test_twofa_miniorange_soft_token.php CHANGED
@@ -10,7 +10,7 @@
10
  <form name="f" method="post" action="" id="mo2f_test_token_form">
11
  <input type="hidden" name="option" value="mo2f_validate_soft_token"/>
12
  <input type="hidden" name="mo2f_validate_soft_token_nonce"
13
- value="<?php echo wp_create_nonce( "mo2f-validate-soft-token-nonce" ) ?>"/>
14
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
15
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
16
 
@@ -25,7 +25,7 @@
25
  <form name="f" method="post" action="" id="mo2f_go_back_form">
26
  <input type="hidden" name="option" value="mo2f_go_back"/>
27
  <input type="hidden" name="mo2f_go_back_nonce"
28
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
29
  </form>
30
  </div>
31
  <script>
10
  <form name="f" method="post" action="" id="mo2f_test_token_form">
11
  <input type="hidden" name="option" value="mo2f_validate_soft_token"/>
12
  <input type="hidden" name="mo2f_validate_soft_token_nonce"
13
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-soft-token-nonce" )) ?>"/>
14
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
15
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
16
 
25
  <form name="f" method="post" action="" id="mo2f_go_back_form">
26
  <input type="hidden" name="option" value="mo2f_go_back"/>
27
  <input type="hidden" name="mo2f_go_back_nonce"
28
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
29
  </form>
30
  </div>
31
  <script>
views/twofa/test/test_twofa_otp_over_Telegram.php CHANGED
@@ -11,7 +11,7 @@ function mo2f_test_otp_over_Telegram( $user ) {
11
  <form name="f" method="post" action="" id="mo2f_test_token_form">
12
  <input type="hidden" name="option" value="mo2f_validate_otp_over_Telegram"/>
13
  <input type="hidden" name="mo2f_validate_otp_over_Telegram_nonce"
14
- value="<?php echo wp_create_nonce( "mo2f-validate-otp-over-Telegram-nonce" ) ?>"/>
15
 
16
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
17
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -26,13 +26,13 @@ function mo2f_test_otp_over_Telegram( $user ) {
26
  <form name="f" method="post" action="" id="mo2f_go_back_form">
27
  <input type="hidden" name="option" value="mo2f_go_back"/>
28
  <input type="hidden" name="mo2f_go_back_nonce"
29
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
30
  </form>
31
 
32
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
33
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
34
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
35
- value="<?php echo wp_create_nonce( "mo-2factor-test-authentication-method-nonce" ) ?>"/>
36
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
37
  value="OTP Over Telegram"/>
38
  </form>
11
  <form name="f" method="post" action="" id="mo2f_test_token_form">
12
  <input type="hidden" name="option" value="mo2f_validate_otp_over_Telegram"/>
13
  <input type="hidden" name="mo2f_validate_otp_over_Telegram_nonce"
14
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-otp-over-Telegram-nonce" )) ?>"/>
15
 
16
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
17
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
26
  <form name="f" method="post" action="" id="mo2f_go_back_form">
27
  <input type="hidden" name="option" value="mo2f_go_back"/>
28
  <input type="hidden" name="mo2f_go_back_nonce"
29
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
30
  </form>
31
 
32
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
33
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
34
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
35
+ value="<?php echo esc_html(wp_create_nonce( "mo-2factor-test-authentication-method-nonce" )) ?>"/>
36
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
37
  value="OTP Over Telegram"/>
38
  </form>
views/twofa/test/test_twofa_otp_over_Whatsapp.php DELETED
@@ -1,54 +0,0 @@
1
- <?php
2
- function mo2f_test_otp_over_Whatsapp( $user ) {
3
-
4
- ?>
5
- <h3><?php echo mo2f_lt( 'Test OTP Over Whatsapp' );
6
-
7
- ?>
8
-
9
- </h3>
10
- <?php echo mo2f_lt( 'Remaining Transactions:'.get_site_option('cmVtYWluaW5nV2hhdHNhcHB0cmFuc2FjdGlvbnM=') );?>
11
- <hr><p><?php echo mo2f_lt( 'Enter the one time passcode sent to your registered mobile number of Whatsapp.' ); ?></p>
12
-
13
-
14
- <form name="f" method="post" action="" id="mo2f_test_token_form">
15
- <input type="hidden" name="option" value="mo2f_validate_otp_over_Whatsapp"/>
16
- <input type="hidden" name="mo2f_validate_otp_over_Whatsapp_nonce"
17
- value="<?php echo wp_create_nonce( "mo2f-validate-otp-over-Whatsapp-nonce" ) ?>"/>
18
-
19
- <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
20
- placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
21
- <a href="#resendsmslink"><?php echo mo2f_lt( 'Resend OTP ?' ); ?></a>
22
- <br><br>
23
- <input type="button" name="back" id="go_back" class="button button-primary button-large"
24
- value="<?php echo mo2f_lt( 'Back' ); ?>"/>
25
- <input type="submit" name="validate" id="validate" class="button button-primary button-large"
26
- value="<?php echo mo2f_lt( 'Validate OTP' ); ?>"/>
27
-
28
- </form>
29
- <form name="f" method="post" action="" id="mo2f_go_back_form">
30
- <input type="hidden" name="option" value="mo2f_go_back"/>
31
- <input type="hidden" name="mo2f_go_back_nonce"
32
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
33
- </form>
34
-
35
- <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
36
- <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
37
- <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
38
- value="<?php echo wp_create_nonce( "mo-2factor-test-authentication-method-nonce" ) ?>"/>
39
- <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
40
- value="OTP Over Whatsapp"/>
41
- </form>
42
-
43
-
44
-
45
- <script>
46
- jQuery('#go_back').click(function () {
47
- jQuery('#mo2f_go_back_form').submit();
48
- });
49
- jQuery('a[href=\"#resendsmslink\"]').click(function (e) {
50
- jQuery('#mo2f_2factor_test_authentication_method_form').submit();
51
- });
52
- </script>
53
-
54
- <?php } ?>
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
views/twofa/test/test_twofa_otp_over_sms.php CHANGED
@@ -13,7 +13,7 @@ function mo2f_test_otp_over_sms( $user ) {
13
  <form name="f" method="post" action="" id="mo2f_test_token_form">
14
  <input type="hidden" name="option" value="mo2f_validate_otp_over_sms"/>
15
  <input type="hidden" name="mo2f_validate_otp_over_sms_nonce"
16
- value="<?php echo wp_create_nonce( "mo2f-validate-otp-over-sms-nonce" ) ?>"/>
17
 
18
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
19
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
@@ -28,13 +28,13 @@ function mo2f_test_otp_over_sms( $user ) {
28
  <form name="f" method="post" action="" id="mo2f_go_back_form">
29
  <input type="hidden" name="option" value="mo2f_go_back"/>
30
  <input type="hidden" name="mo2f_go_back_nonce"
31
- value="<?php echo wp_create_nonce( "mo2f-go-back-nonce" ) ?>"/>
32
  </form>
33
 
34
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
35
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
36
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
37
- value="<?php echo wp_create_nonce( "mo-2factor-test-authentication-method-nonce" ) ?>"/>
38
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
39
  value="OTP Over SMS"/>
40
  </form>
13
  <form name="f" method="post" action="" id="mo2f_test_token_form">
14
  <input type="hidden" name="option" value="mo2f_validate_otp_over_sms"/>
15
  <input type="hidden" name="mo2f_validate_otp_over_sms_nonce"
16
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-validate-otp-over-sms-nonce" )) ?>"/>
17
 
18
  <input class="mo2f_table_textbox" style="width:200px;" autofocus="true" type="text" name="otp_token" required
19
  placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
28
  <form name="f" method="post" action="" id="mo2f_go_back_form">
29
  <input type="hidden" name="option" value="mo2f_go_back"/>
30
  <input type="hidden" name="mo2f_go_back_nonce"
31
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
32
  </form>
33
 
34
  <form name="f" method="post" action="" id="mo2f_2factor_test_authentication_method_form">
35
  <input type="hidden" name="option" value="mo_2factor_test_authentication_method"/>
36
  <input type="hidden" name="mo_2factor_test_authentication_method_nonce"
37
+ value="<?php echo esc_html(wp_create_nonce( "mo-2factor-test-authentication-method-nonce" )) ?>"/>
38
  <input type="hidden" name="mo2f_configured_2FA_method_test" id="mo2f_configured_2FA_method_test"
39
  value="OTP Over SMS"/>
40
  </form>
views/twofa/two_fa.php CHANGED
@@ -137,12 +137,12 @@ else
137
  }
138
  localStorage.setItem("2fa_last_tab", tabname);
139
  }
140
- var tour = '<?php echo MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option');?>';
141
 
142
  if(tour != 1)
143
  var tab = localStorage.getItem("2fa_last_tab");
144
  else
145
- var tab = '<?php echo get_option("mo2f_tour_tab");?>';
146
 
147
  if(tab && tab.length>0)
148
  document.getElementById(tab).click();
137
  }
138
  localStorage.setItem("2fa_last_tab", tabname);
139
  }
140
+ var tour = '<?php echo esc_html(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'));?>';
141
 
142
  if(tour != 1)
143
  var tab = localStorage.getItem("2fa_last_tab");
144
  else
145
+ var tab = '<?php echo esc_html(get_option("mo2f_tour_tab"));?>';
146
 
147
  if(tab && tab.length>0)
148
  document.getElementById(tab).click();
views/twofa/two_fa_custom_form.php CHANGED
@@ -39,7 +39,7 @@ include $setup_dirName;
39
  </td>
40
  <td>
41
  <div style="text-align: center;">
42
- <a href='<?php echo $two_factor_premium_doc['Woocommerce'];?>' target="blank"><span class="dashicons dashicons-text-page mo2f_doc_icon_style" style="font-size: 25px;color: #413c69"></span></a>
43
  </div>
44
  </td>
45
  </tr>
@@ -210,7 +210,7 @@ include $setup_dirName;
210
  for ($i= 0 ; $i < sizeof($formsArray["forms"]) ; $i++)
211
  {
212
  $formName = $formsArray["forms"];
213
- echo '<option value='.strtolower(str_replace(" ","",$formName[$i]["formName"])).'>'.$formName[$i]["formName"].'</option>';
214
  ?>
215
  <?php
216
  }
@@ -224,7 +224,7 @@ include $setup_dirName;
224
  <h4 id="enterMessage" name="enterMessage" style="display: none;padding:8px; color: white; background-color: teal">Enter Selectors for your Form</h4>
225
  <div id="formDiv">
226
  <h4>Form Selector<span style="color: red;font-size: 14px">*</span></h4>
227
- <input type="text" value="<?php echo get_site_option('mo2f_custom_form_name');?>" style="width: 100%" name="mo2f_shortcode_form_selector" id="mo2f_shortcode_form_selector" placeholder="Example #form_id" <?php if($is_any_of_woo_bb) { echo 'disabled';}?> >
228
  </div>
229
  <div id="emailDiv">
230
  <h4>Email Field Selector <span style="color: red;font-size: 14px">*</span></h4>
@@ -248,7 +248,7 @@ include $setup_dirName;
248
  <input type="button" style="float: right" class="button button-primary" value="Save Settings"
249
  id="mo2f_form_config_save" name= "mo2f_form_config_save">
250
  <input type="hidden" id="mo2f_nonce_save_form_settings" name="mo2f_nonce_save_form_settings"
251
- value="<?php echo wp_create_nonce( "mo2f-nonce-save-form-settings" ) ?>"/>
252
  <br>
253
  </div>
254
  <h2> Step 3 : Copy Shortcode </h2>
@@ -270,7 +270,7 @@ include $setup_dirName;
270
  $mo('#mo2f_shortcode_submit_selector').prop('disabled',true)
271
  $mo('#mo2f_shortcode_email_selector').prop('disabled',true)
272
  let customForm = false;
273
- is_registered = '<?php echo $is_registered; ?>';
274
 
275
  $mo('#phoneDiv').css('display','none')
276
 
@@ -329,13 +329,13 @@ include $setup_dirName;
329
  $mo('#formDiv').css('display','inherit')
330
  $mo('#submitDiv').css('display','inherit')
331
  $mo('#emailDiv').css('display','inherit')
332
- $mo('#mo2f_shortcode_form_selector').val('<?php echo get_site_option('mo2f_custom_form_name')?>');
333
- $mo('#mo2f_shortcode_submit_selector').val('<?php echo get_site_option('mo2f_custom_submit_selector');?>');
334
- $mo('#mo2f_shortcode_email_selector').val('<?php echo get_site_option('mo2f_custom_email_selector');?>');
335
  });
336
 
337
  $mo('#mo2f_form_config_save').click(function () {
338
- is_registered = '<?php echo $is_registered; ?>';
339
  if(!is_registered)
340
  error_msg("Please Register/Login with miniOrange");
341
  else
39
  </td>
40
  <td>
41
  <div style="text-align: center;">
42
+ <a href='<?php echo esc_url($two_factor_premium_doc['Woocommerce']);?>' target="blank"><span class="dashicons dashicons-text-page mo2f_doc_icon_style" style="font-size: 25px;color: #413c69"></span></a>
43
  </div>
44
  </td>
45
  </tr>
210
  for ($i= 0 ; $i < sizeof($formsArray["forms"]) ; $i++)
211
  {
212
  $formName = $formsArray["forms"];
213
+ echo '<option value='.strtolower(str_replace(" ","", esc_html($formName[$i]["formName"]))).'>'.esc_html($formName[$i]["formName"]).'</option>';
214
  ?>
215
  <?php
216
  }
224
  <h4 id="enterMessage" name="enterMessage" style="display: none;padding:8px; color: white; background-color: teal">Enter Selectors for your Form</h4>
225
  <div id="formDiv">
226
  <h4>Form Selector<span style="color: red;font-size: 14px">*</span></h4>
227
+ <input type="text" value="<?php echo esc_html(get_site_option('mo2f_custom_form_name'));?>" style="width: 100%" name="mo2f_shortcode_form_selector" id="mo2f_shortcode_form_selector" placeholder="Example #form_id" <?php if($is_any_of_woo_bb) { echo 'disabled';}?> >
228
  </div>
229
  <div id="emailDiv">
230
  <h4>Email Field Selector <span style="color: red;font-size: 14px">*</span></h4>
248
  <input type="button" style="float: right" class="button button-primary" value="Save Settings"
249
  id="mo2f_form_config_save" name= "mo2f_form_config_save">
250
  <input type="hidden" id="mo2f_nonce_save_form_settings" name="mo2f_nonce_save_form_settings"
251
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-nonce-save-form-settings" )) ?>"/>
252
  <br>
253
  </div>
254
  <h2> Step 3 : Copy Shortcode </h2>
270
  $mo('#mo2f_shortcode_submit_selector').prop('disabled',true)
271
  $mo('#mo2f_shortcode_email_selector').prop('disabled',true)
272
  let customForm = false;
273
+ is_registered = '<?php echo esc_html($is_registered); ?>';
274
 
275
  $mo('#phoneDiv').css('display','none')
276
 
329
  $mo('#formDiv').css('display','inherit')
330
  $mo('#submitDiv').css('display','inherit')
331
  $mo('#emailDiv').css('display','inherit')
332
+ $mo('#mo2f_shortcode_form_selector').val('<?php echo esc_html(get_site_option('mo2f_custom_form_name'))?>');
333
+ $mo('#mo2f_shortcode_submit_selector').val('<?php echo esc_html(get_site_option('mo2f_custom_submit_selector'));?>');
334
+ $mo('#mo2f_shortcode_email_selector').val('<?php echo esc_html(get_site_option('mo2f_custom_email_selector'));?>');
335
  });
336
 
337
  $mo('#mo2f_form_config_save').click(function () {
338
+ is_registered = '<?php echo esc_html($is_registered); ?>';
339
  if(!is_registered)
340
  error_msg("Please Register/Login with miniOrange");
341
  else
views/twofa/two_fa_custom_login.php CHANGED
@@ -11,7 +11,7 @@ $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'
11
 
12
  <div id="mo2f_custom_addon_hide">
13
  <h2><?php echo __('2. Personalization'); ?>
14
- <span style="text-align: right;font-size: large;"><?php echo '<a href="'.$addons_url .'" style="color: red">'; ?>[ PREMIUM ]</a></span><a class="mo2fa-addons-preview-alignment" onclick="mo2f_Personalization_Plugin_Icon()">&nbsp;&nbsp;See Preview</a>
15
  </h2>
16
  <hr>
17
  <p id="custom_description">
@@ -21,7 +21,7 @@ $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'
21
  </div>
22
  <div id="mo2f_Personalization_Plugin_Icon" style="display: none;">
23
 
24
- <h3><?php echo mo2f_lt('Customize Plugin Icon');?><a href='<?php echo $two_factor_premium_doc['Custom plugin logo'];?>' target="_blank">
25
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
26
 
27
  </a> </h3><br>
@@ -35,14 +35,14 @@ $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'
35
  Go to /wp-content/uploads/miniorange folder and upload a .png image with the name "plugin_icon" (Max Size: 20x34px).');?></i></p>
36
  </div>
37
  </div> </div><hr>
38
- <h3><?php echo mo2f_lt('Customize Plugin Name');?><a href='<?php echo $two_factor_premium_doc['Custom plugin name'];?>' target="_blank">
39
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
40
 
41
  </a></h3>
42
  <div>
43
  <div style="margin-left:2%">
44
  <?php echo mo2f_lt('Change Plugin Name:');?> &nbsp;
45
- <input type="text" class="mo2f_table_textbox" style="width:35% " id="mo2f_custom_plugin_name" name="mo2f_custom_plugin_name" <?php echo 'disabled'; ?> value="<?php echo MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option')?>" placeholder="<?php echo mo2f_lt('Enter a custom Plugin Name.');?>" />
46
 
47
  <div class="mo2f_advanced_options_note"><p style="padding:5px;"><i>
48
  <?php echo mo2f_lt('This will be the Plugin Name You and your Users see in WordPress Dashboard.');?>
@@ -100,7 +100,7 @@ $setup_dirName = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'
100
  <form name="f" id="custom_css_reset_form" method="post" action="" >
101
  <input type="hidden" name="option" value="mo_auth_custom_design_options_reset" />
102
 
103
- <h3><?php echo mo2f_lt('Customize UI of Login Pop up\'s');?><a href='<?php echo $two_factor_premium_doc['custom login popup'];?>' target="_blank">
104
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
105
 
106
  </a> </h3>
11
 
12
  <div id="mo2f_custom_addon_hide">
13
  <h2><?php echo __('2. Personalization'); ?>
14
+ <span style="text-align: right;font-size: large;"><?php echo '<a href="'.esc_url($addons_url) .'" style="color: red">'; ?>[ PREMIUM ]</a></span><a class="mo2fa-addons-preview-alignment" onclick="mo2f_Personalization_Plugin_Icon()">&nbsp;&nbsp;See Preview</a>
15
  </h2>
16
  <hr>
17
  <p id="custom_description">
21
  </div>
22
  <div id="mo2f_Personalization_Plugin_Icon" style="display: none;">
23
 
24
+ <h3><?php echo mo2f_lt('Customize Plugin Icon');?><a href='<?php echo esc_url($two_factor_premium_doc['Custom plugin logo']);?>' target="_blank">
25
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
26
 
27
  </a> </h3><br>
35
  Go to /wp-content/uploads/miniorange folder and upload a .png image with the name "plugin_icon" (Max Size: 20x34px).');?></i></p>
36
  </div>
37
  </div> </div><hr>
38
+ <h3><?php echo mo2f_lt('Customize Plugin Name');?><a href='<?php echo esc_url($two_factor_premium_doc['Custom plugin name']);?>' target="_blank">
39
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
40
 
41
  </a></h3>
42
  <div>
43
  <div style="margin-left:2%">
44
  <?php echo mo2f_lt('Change Plugin Name:');?> &nbsp;
45
+ <input type="text" class="mo2f_table_textbox" style="width:35% " id="mo2f_custom_plugin_name" name="mo2f_custom_plugin_name" <?php echo 'disabled'; ?> value="<?php echo esc_html(MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'))?>" placeholder="<?php echo mo2f_lt('Enter a custom Plugin Name.');?>" />
46
 
47
  <div class="mo2f_advanced_options_note"><p style="padding:5px;"><i>
48
  <?php echo mo2f_lt('This will be the Plugin Name You and your Users see in WordPress Dashboard.');?>
100
  <form name="f" id="custom_css_reset_form" method="post" action="" >
101
  <input type="hidden" name="option" value="mo_auth_custom_design_options_reset" />
102
 
103
+ <h3><?php echo mo2f_lt('Customize UI of Login Pop up\'s');?><a href='<?php echo esc_url($two_factor_premium_doc['custom login popup']);?>' target="_blank">
104
  <span class="dashicons dashicons-text-page" style="font-size:19px;color:#413c69;float: right;"></span>
105
 
106
  </a> </h3>
views/twofa/two_fa_login_option.php CHANGED
@@ -22,7 +22,7 @@ global $Mo2fdbQueries;
22
  <form name="f" id="login_settings_form" method="post" action="">
23
  <input type="hidden" name="option" value="mo_auth_login_settings_save"/>
24
  <input type="hidden" name="mo_auth_login_settings_save_nonce"
25
- value="<?php echo wp_create_nonce( "mo-auth-login-settings-save-nonce" ) ?>"/>
26
  <div class="row">
27
  <h3 style="padding:10px;"><?php echo mo2f_lt( 'Select Login Screen Options' ); ?>
28
 
22
  <form name="f" id="login_settings_form" method="post" action="">
23
  <input type="hidden" name="option" value="mo_auth_login_settings_save"/>
24
  <input type="hidden" name="mo_auth_login_settings_save_nonce"
25
+ value="<?php echo esc_html(wp_create_nonce( "mo-auth-login-settings-save-nonce" )) ?>"/>
26
  <div class="row">
27
  <h3 style="padding:10px;"><?php echo mo2f_lt( 'Select Login Screen Options' ); ?>
28
 
views/twofa/two_fa_unlimittedUser.php CHANGED
@@ -22,7 +22,7 @@ function miniorange_2_factor_user_roles($current_user) {
22
  $setting = get_site_option('mo2fa_'.$id);
23
  ?>
24
  <div>
25
- <input type="checkbox" name="role" value="<?php echo 'mo2fa_'.$id; ?>"
26
  <?php
27
 
28
  if(get_site_option('mo2fa_'.$id))
@@ -33,7 +33,7 @@ function miniorange_2_factor_user_roles($current_user) {
33
  <?php
34
  echo esc_html($name);
35
  ?>
36
- <input type="text" class="mo2f_table_textbox" style="width:50% !important;float:right;" id="<?php echo 'mo2fa_'.$id; ?>_login_url" value="<?php echo esc_url(site_url()); ?>"
37
  <?php
38
  echo 'disabled' ;
39
  ?>
@@ -68,7 +68,7 @@ if(current_user_can('administrator')){
68
  <div>
69
  <form name="f" method="post" action="" >
70
  <input type="hidden" id="mo2f_nonce_enable_2FA" name="mo2f_nonce_enable_2FA"
71
- value="<?php echo wp_create_nonce( "mo2f-nonce-enable-2FA" ) ?>"/>
72
  <label class="mo_wpns_switch" style="float: right">
73
  <input type="checkbox" onChange="mo_toggle_twofa()" style="padding-top: 50px;" id="mo2f_enable_2faa"
74
  name="mo2f_enable_2fa"
@@ -80,7 +80,7 @@ if(current_user_can('administrator')){
80
  </form>
81
  <form name="f" method="post" action="" id="mo2f_enable_debuglog_form_id">
82
  <input type="hidden" id="mo2f_nonce_enable_debug_log" name="mo2f_nonce_enable_debug_log"
83
- value="<?php echo wp_create_nonce( "mo2f-nonce-enable-debug-log" ) ?>"/>
84
  <h3>
85
  </br> <hr>
86
  <?php
@@ -108,13 +108,13 @@ if(current_user_can('administrator')){
108
  <input type="button" class="button button-primary" value="Delete log file"
109
  id="mo2f_debug_delete_form" name= "mo2f_debug_delete_form">
110
  <input type="hidden" id="mo2f_download_log" name="mo2f_nonce_download_log"
111
- value="<?php echo wp_create_nonce( "mo2f-nonce-download-log" ) ?>"/>
112
  <input type="hidden" id="mo2f_download_log" name="option"
113
  value="log_file_download"/>
114
  </form>
115
  <form name="f" method="post" action="" id="mo2f_delete_log_file">
116
  <input type="hidden" id="mo2f_delete_log" name="mo2f_nonce_delete_log"
117
- value="<?php echo wp_create_nonce( "mo2f-nonce-delete-log" ) ?>"/>
118
  <input type="hidden" id="mo2f_delete_logs" name="option"
119
  value="log_file_delete"/>
120
  </form>
@@ -133,7 +133,7 @@ if(current_user_can('administrator')){
133
  <div>
134
  <form name="f" method="post" action="" >
135
  <input type="hidden" id="mo2f_nonce_enable_2FA_prompt_on_login" name="mo2f_nonce_enable_2FA_prompt_on_login"
136
- value="<?php echo wp_create_nonce( "mo2f-enable-2FA-on-login-page-option-nonce" ) ?>"/>
137
 
138
  <label class="mo_wpns_switch" style="float: right">
139
  <input type="checkbox" onChange="mo_toggle_twofa_prompt_on_login()" style="padding-top: 20px;" id="mo2f_enable_2faa_prompt_on_login"
@@ -154,7 +154,7 @@ if(current_user_can('administrator')){
154
  <div>
155
  <form name="f" method="post" action="" >
156
  <input type="hidden" id="mo2f_nonce_enable_inline" name="mo2f_nonce_enable_inline"
157
- value="<?php echo wp_create_nonce( "mo2f-nonce-enable-inline" ) ?>"/>
158
  <label class="mo_wpns_switch" style="float: right;">
159
  <input type="checkbox" onChange="mo_toggle_inline()" style="padding-top: 50px;float: right;" id="mo2f_inline_registration"
160
  name="mo2f_inline_registration"
@@ -286,7 +286,7 @@ if(current_user_can('administrator')){
286
 
287
  }
288
  function mo_toggle_configured_methods(){
289
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce_configurd_methods");?>';
290
  var data = {
291
  'action' : 'mo_two_factor_ajax',
292
  'mo_2f_two_factor_ajax' : 'mo2f_enable_disable_configurd_methods',
@@ -328,14 +328,14 @@ if(current_user_can('administrator'))
328
  <span>
329
  <h2>Select User Roles to enable 2-Factor for <b style="font-size: 70%;color: red;">(Upto 3 users in Free version)</b>
330
  <?php mo2f_setting_tooltip_array($settings_tab_tooltip_array[3]); ?>
331
- <a href= '<?php echo $two_factor_premium_doc['Enable 2FA Role Based'];?>' target="_blank">
332
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#4a47a3;float: right;"></span>
333
  </a></h2>
334
  </br>
335
  <span>
336
 
337
  <?php
338
- echo miniorange_2_factor_user_roles($current_user);
339
  ?>
340
  <br>
341
  </span>
@@ -353,7 +353,7 @@ if(current_user_can('administrator'))
353
  enabledrole.push($(this).val());
354
  });
355
  var mo2fa_administrator_login_url = $('#mo2fa_administrator_login_url').val();
356
- var nonce = '<?php echo wp_create_nonce("unlimittedUserNonce");?>';
357
  var data = {
358
  'action' : 'mo_two_factor_ajax',
359
  'mo_2f_two_factor_ajax' : 'mo2f_role_based_2_factor',
@@ -458,7 +458,7 @@ if(current_user_can('administrator'))
458
  jQuery('#ConfirmOnPremButton').click(function(){
459
  jQuery('#ConfirmOnPrem').hide();
460
  var enableOnPremise = jQuery("input[name='unlimittedUser']:checked").val();
461
- var nonce = '<?php echo wp_create_nonce("unlimittedUserNonce");?>';
462
  var data = {
463
  'action' : 'mo_two_factor_ajax',
464
  'mo_2f_two_factor_ajax' : 'mo2f_unlimitted_user',
@@ -493,8 +493,8 @@ if(current_user_can('administrator'))
493
  });
494
  jQuery('#save_email').click(function(){
495
  var email = jQuery('#emalEntered').val();
496
- var nonce = '<?php echo wp_create_nonce('EmailVerificationSaveNonce');?>';
497
- var user_id = '<?php echo get_current_user_id();?>';
498
 
499
  if(email != '')
500
  {
22
  $setting = get_site_option('mo2fa_'.$id);
23
  ?>
24
  <div>
25
+ <input type="checkbox" name="role" value="<?php echo 'mo2fa_'.esc_html($id); ?>"
26
  <?php
27
 
28
  if(get_site_option('mo2fa_'.$id))
33
  <?php
34
  echo esc_html($name);
35
  ?>
36
+ <input type="text" class="mo2f_table_textbox" style="width:50% !important;float:right;" id="<?php echo 'mo2fa_'.esc_html($id); ?>_login_url" value="<?php echo esc_url(site_url()); ?>"
37
  <?php
38
  echo 'disabled' ;
39
  ?>
68
  <div>
69
  <form name="f" method="post" action="" >
70
  <input type="hidden" id="mo2f_nonce_enable_2FA" name="mo2f_nonce_enable_2FA"
71
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-nonce-enable-2FA" )) ?>"/>
72
  <label class="mo_wpns_switch" style="float: right">
73
  <input type="checkbox" onChange="mo_toggle_twofa()" style="padding-top: 50px;" id="mo2f_enable_2faa"
74
  name="mo2f_enable_2fa"
80
  </form>
81
  <form name="f" method="post" action="" id="mo2f_enable_debuglog_form_id">
82
  <input type="hidden" id="mo2f_nonce_enable_debug_log" name="mo2f_nonce_enable_debug_log"
83
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-nonce-enable-debug-log" )) ?>"/>
84
  <h3>
85
  </br> <hr>
86
  <?php
108
  <input type="button" class="button button-primary" value="Delete log file"
109
  id="mo2f_debug_delete_form" name= "mo2f_debug_delete_form">
110
  <input type="hidden" id="mo2f_download_log" name="mo2f_nonce_download_log"
111
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-nonce-download-log" )) ?>"/>
112
  <input type="hidden" id="mo2f_download_log" name="option"
113
  value="log_file_download"/>
114
  </form>
115
  <form name="f" method="post" action="" id="mo2f_delete_log_file">
116
  <input type="hidden" id="mo2f_delete_log" name="mo2f_nonce_delete_log"
117
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-nonce-delete-log" )) ?>"/>
118
  <input type="hidden" id="mo2f_delete_logs" name="option"
119
  value="log_file_delete"/>
120
  </form>
133
  <div>
134
  <form name="f" method="post" action="" >
135
  <input type="hidden" id="mo2f_nonce_enable_2FA_prompt_on_login" name="mo2f_nonce_enable_2FA_prompt_on_login"
136
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-enable-2FA-on-login-page-option-nonce" )) ?>"/>
137
 
138
  <label class="mo_wpns_switch" style="float: right">
139
  <input type="checkbox" onChange="mo_toggle_twofa_prompt_on_login()" style="padding-top: 20px;" id="mo2f_enable_2faa_prompt_on_login"
154
  <div>
155
  <form name="f" method="post" action="" >
156
  <input type="hidden" id="mo2f_nonce_enable_inline" name="mo2f_nonce_enable_inline"
157
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-nonce-enable-inline" )) ?>"/>
158
  <label class="mo_wpns_switch" style="float: right;">
159
  <input type="checkbox" onChange="mo_toggle_inline()" style="padding-top: 50px;float: right;" id="mo2f_inline_registration"
160
  name="mo2f_inline_registration"
286
 
287
  }
288
  function mo_toggle_configured_methods(){
289
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce_configurd_methods"));?>';
290
  var data = {
291
  'action' : 'mo_two_factor_ajax',
292
  'mo_2f_two_factor_ajax' : 'mo2f_enable_disable_configurd_methods',
328
  <span>
329
  <h2>Select User Roles to enable 2-Factor for <b style="font-size: 70%;color: red;">(Upto 3 users in Free version)</b>
330
  <?php mo2f_setting_tooltip_array($settings_tab_tooltip_array[3]); ?>
331
+ <a href= '<?php echo esc_url($two_factor_premium_doc['Enable 2FA Role Based']);?>' target="_blank">
332
  <span class="dashicons dashicons-text-page" title="More Information" style="font-size:19px;color:#4a47a3;float: right;"></span>
333
  </a></h2>
334
  </br>
335
  <span>
336
 
337
  <?php
338
+ echo esc_html(miniorange_2_factor_user_roles($current_user));
339
  ?>
340
  <br>
341
  </span>
353
  enabledrole.push($(this).val());
354
  });
355
  var mo2fa_administrator_login_url = $('#mo2fa_administrator_login_url').val();
356
+ var nonce = '<?php echo esc_html(wp_create_nonce("unlimittedUserNonce"));?>';
357
  var data = {
358
  'action' : 'mo_two_factor_ajax',
359
  'mo_2f_two_factor_ajax' : 'mo2f_role_based_2_factor',
458
  jQuery('#ConfirmOnPremButton').click(function(){
459
  jQuery('#ConfirmOnPrem').hide();
460
  var enableOnPremise = jQuery("input[name='unlimittedUser']:checked").val();
461
+ var nonce = '<?php echo esc_html(wp_create_nonce("unlimittedUserNonce"));?>';
462
  var data = {
463
  'action' : 'mo_two_factor_ajax',
464
  'mo_2f_two_factor_ajax' : 'mo2f_unlimitted_user',
493
  });
494
  jQuery('#save_email').click(function(){
495
  var email = jQuery('#emalEntered').val();
496
+ var nonce = '<?php echo esc_html(wp_create_nonce('EmailVerificationSaveNonce'));?>';
497
+ var user_id = '<?php echo esc_html(get_current_user_id());?>';
498
 
499
  if(email != '')
500
  {
views/upgrade.php CHANGED
@@ -1176,24 +1176,24 @@ Addons
1176
  <div class="mo_2fa_card mo_2fa_animation">
1177
  <div class="mo_2fa_Card-header">
1178
  <?php
1179
- echo'<img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/card.png" class="mo2fa_card">';?>
1180
  </div>
1181
  <hr class="mo2fa_hr">
1182
  <div class="mo_2fa_card-body">
1183
  <p class="mo2fa_payment_p">If payment is done through Credit Card/Intenational debit card, the license would be created automatically once payment is completed. </p>
1184
  <p class="mo2fa_payment_p"><i><b>For guide
1185
- <?php echo'<a href='.MoWpnsConstants::FAQ_PAYMENT_URL.' target="blank">Click Here.</a>';?></b></i></p>
1186
 
1187
  </div>
1188
  </div>
1189
  <div class="mo_2fa_card mo_2fa_animation">
1190
  <div class="mo_2fa_Card-header">
1191
  <?php
1192
- echo'<img src="'.dirname(plugin_dir_url(__FILE__)).'/includes/images/paypal.png" class="mo2fa_card">';?>
1193
  </div>
1194
  <hr class="mo2fa_hr">
1195
  <div class="mo_2fa_card-body">
1196
- <?php echo'<p class="mo2fa_payment_p">Use the following PayPal id for payment via PayPal.</p><p><i><b style="color:#1261d8"><a href="mailto:'.MoWpnsConstants::SUPPORT_EMAIL.'">info@xecurify.com</a></b></i>';?>
1197
 
1198
  </div>
1199
  </div>
@@ -1205,7 +1205,7 @@ Addons
1205
  </div>
1206
  <hr class="mo2fa_hr">
1207
  <div class="mo_2fa_card-body">
1208
- <?php echo'<p class="mo2fa_payment_p">If you want to use Bank Transfer for payment then contact us at <i><b style="color:#1261d8"><a href="mailto:'.MoWpnsConstants::SUPPORT_EMAIL.'">info@xecurify.com</a></b></i> so that we can provide you bank details. </i></p>';?>
1209
  </div>
1210
  </div>
1211
  </div>
1176
  <div class="mo_2fa_card mo_2fa_animation">
1177
  <div class="mo_2fa_Card-header">
1178
  <?php
1179
+ echo'<img src="'.esc_url(dirname(plugin_dir_url(__FILE__))).'/includes/images/card.png" class="mo2fa_card">';?>
1180
  </div>
1181
  <hr class="mo2fa_hr">
1182
  <div class="mo_2fa_card-body">
1183
  <p class="mo2fa_payment_p">If payment is done through Credit Card/Intenational debit card, the license would be created automatically once payment is completed. </p>
1184
  <p class="mo2fa_payment_p"><i><b>For guide
1185
+ <?php echo'<a href='.esc_url(MoWpnsConstants::FAQ_PAYMENT_URL).' target="blank">Click Here.</a>';?></b></i></p>
1186
 
1187
  </div>
1188
  </div>
1189
  <div class="mo_2fa_card mo_2fa_animation">
1190
  <div class="mo_2fa_Card-header">
1191
  <?php
1192
+ echo'<img src="'.esc_url(dirname(plugin_dir_url(__FILE__))).'/includes/images/paypal.png" class="mo2fa_card">';?>
1193
  </div>
1194
  <hr class="mo2fa_hr">
1195
  <div class="mo_2fa_card-body">
1196
+ <?php echo'<p class="mo2fa_payment_p">Use the following PayPal id for payment via PayPal.</p><p><i><b style="color:#1261d8"><a href="mailto:'.esc_html(MoWpnsConstants::SUPPORT_EMAIL).'">info@xecurify.com</a></b></i>';?>
1197
 
1198
  </div>
1199
  </div>
1205
  </div>
1206
  <hr class="mo2fa_hr">
1207
  <div class="mo_2fa_card-body">
1208
+ <?php echo'<p class="mo2fa_payment_p">If you want to use Bank Transfer for payment then contact us at <i><b style="color:#1261d8"><a href="mailto:'.esc_html(MoWpnsConstants::SUPPORT_EMAIL).'">info@xecurify.com</a></b></i> so that we can provide you bank details. </i></p>';?>
1209
  </div>
1210
  </div>
1211
  </div>
views/upgrade_2fa_lite.php CHANGED
@@ -247,7 +247,7 @@
247
  }
248
  elseif ($feature_set != "Support")
249
  {
250
- echo $feature_set;
251
  }
252
  if ($feature_set == "Force Two Factor for" ) {
253
  echo " administrators";
@@ -318,7 +318,7 @@
318
  }
319
  elseif ($feature_set != "Support")
320
  {
321
- echo $feature_set;
322
  }
323
  if ($feature_set == "Force Two Factor for" ) {
324
  echo " all users";
@@ -450,7 +450,7 @@
450
  }
451
  elseif($feature_set != "Support")
452
  {
453
- echo $feature_set;
454
  }
455
  if ($feature_set == "Force Two Factor for" ) {
456
  echo " all users";
@@ -556,11 +556,11 @@
556
  <?php for ( $i = 0; $i < count( $mo2f_addons_set ); $i ++ ) {
557
  $f_feature_set_of_addons = $mo2f_addons_with_features[ $mo2f_addons_set[ $i ] ];
558
  for ( $j = 0; $j < $i + 1; $j ++ ) { ?>*<?php } ?>
559
- <b><?php echo $mo2f_addons_set[ $i ]; ?> Features</b>
560
  <br>
561
  <ol>
562
  <?php for ( $k = 0; $k < count( $f_feature_set_of_addons ); $k ++ ) { ?>
563
- <li><?php echo $f_feature_set_of_addons[ $k ]; ?></li>
564
  <?php } ?>
565
  </ol>
566
 
247
  }
248
  elseif ($feature_set != "Support")
249
  {
250
+ echo esc_html($feature_set);
251
  }
252
  if ($feature_set == "Force Two Factor for" ) {
253
  echo " administrators";
318
  }
319
  elseif ($feature_set != "Support")
320
  {
321
+ echo esc_html($feature_set);
322
  }
323
  if ($feature_set == "Force Two Factor for" ) {
324
  echo " all users";
450
  }
451
  elseif($feature_set != "Support")
452
  {
453
+ echo esc_html($feature_set);
454
  }
455
  if ($feature_set == "Force Two Factor for" ) {
456
  echo " all users";
556
  <?php for ( $i = 0; $i < count( $mo2f_addons_set ); $i ++ ) {
557
  $f_feature_set_of_addons = $mo2f_addons_with_features[ $mo2f_addons_set[ $i ] ];
558
  for ( $j = 0; $j < $i + 1; $j ++ ) { ?>*<?php } ?>
559
+ <b><?php echo esc_html($mo2f_addons_set[ $i ]); ?> Features</b>
560
  <br>
561
  <ol>
562
  <?php for ( $k = 0; $k < count( $f_feature_set_of_addons ); $k ++ ) { ?>
563
+ <li><?php echo esc_html($f_feature_set_of_addons[ $k ]); ?></li>
564
  <?php } ?>
565
  </ol>
566
 
views/waf-settings.php CHANGED
@@ -155,13 +155,13 @@ echo "<a href='". esc_url($url)."' download='".esc_html($nameDownload)."'>";?>
155
  document.getElementById('AttackTypes').style.display = "none";
156
  document.getElementById('htaccessChange').style.display="none";
157
 
158
- var WAF = "<?php echo get_option('WAF');?>";
159
- var wafE = "<?php echo get_option('WAFEnabled');?>";
160
- var SQL = "<?php echo get_option('SQLInjection');?>";
161
- var XSS = "<?php echo get_option('XSSAttack');?>";
162
- var LFI = "<?php echo get_option('LFIAttack');?>";
163
- var RFI = "<?php echo get_option('RFIAttack');?>";
164
- var RCE = "<?php echo get_option('RCEAttack');?>";
165
 
166
  if(wafE=='1')
167
  {
@@ -319,11 +319,11 @@ echo "<a href='". esc_url($url)."' download='".esc_html($nameDownload)."'>";?>
319
  if(pluginWAF == 'on')
320
  {
321
  document.getElementById('AttackTypes').style.display="block";
322
- var SQL ="<?php echo get_option('SQLInjection');?>";
323
- var XSS ="<?php echo get_option('XSSAttack');?>";
324
- var LFI ="<?php echo get_option('LFIAttack');?>";
325
- var RFI ="<?php echo get_option('RFIAttack');?>";
326
- var RCE ="<?php echo get_option('RCEAttack');?>";
327
  if(SQL == '1')
328
  {
329
  jQuery('#SQL').prop("checked",true);
@@ -370,7 +370,7 @@ echo "<a href='". esc_url($url)."' download='".esc_html($nameDownload)."'>";?>
370
 
371
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
372
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
373
- var url = '<?php echo $save_Hwaf_url; ?>';
374
  if(htaccessWAF =='on')
375
  {
376
  document.getElementById("htaccessChange").style.display ="block";
@@ -443,11 +443,11 @@ echo "<a href='". esc_url($url)."' download='".esc_html($nameDownload)."'>";?>
443
  if(htaccessWAF=='on')
444
  {
445
  document.getElementById('AttackTypes').style.display="block";
446
- var SQL ="<?php echo get_option('SQLInjection');?>";
447
- var XSS ="<?php echo get_option('XSSAttack');?>";
448
- var LFI ="<?php echo get_option('LFIAttack');?>";
449
- var RFI ="<?php echo get_option('RFIAttack');?>";
450
- var RCE ="<?php echo get_option('RCEAttack');?>";
451
  if(SQL == '1')
452
  {
453
  jQuery('#SQL').prop("checked",true);
155
  document.getElementById('AttackTypes').style.display = "none";
156
  document.getElementById('htaccessChange').style.display="none";
157
 
158
+ var wafE = "<?php echo esc_html(get_option('WAFEnabled'));?>";
159
+ var WAF = "<?php echo esc_html(get_option('WAF'));?>";
160
+ var SQL = "<?php echo esc_html(get_option('SQLInjection'));?>";
161
+ var XSS = "<?php echo esc_html(get_option('XSSAttack'));?>";
162
+ var LFI = "<?php echo esc_html(get_option('LFIAttack'));?>";
163
+ var RFI = "<?php echo esc_html(get_option('RFIAttack'));?>";
164
+ var RCE = "<?php echo esc_html(get_option('RCEAttack'));?>";
165
 
166
  if(wafE=='1')
167
  {
319
  if(pluginWAF == 'on')
320
  {
321
  document.getElementById('AttackTypes').style.display="block";
322
+ var SQL ="<?php echo esc_html(get_option('SQLInjection'));?>";
323
+ var XSS ="<?php echo esc_html(get_option('XSSAttack'));?>";
324
+ var LFI ="<?php echo esc_html(get_option('LFIAttack'));?>";
325
+ var RFI ="<?php echo esc_html(get_option('RFIAttack'));?>";
326
+ var RCE ="<?php echo esc_html(get_option('RCEAttack'));?>";
327
  if(SQL == '1')
328
  {
329
  jQuery('#SQL').prop("checked",true);
370
 
371
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
372
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
373
+ var url = '<?php echo esc_url($save_Hwaf_url); ?>';
374
  if(htaccessWAF =='on')
375
  {
376
  document.getElementById("htaccessChange").style.display ="block";
443
  if(htaccessWAF=='on')
444
  {
445
  document.getElementById('AttackTypes').style.display="block";
446
+ var XSS ="<?php echo esc_html(get_option('XSSAttack'));?>";
447
+ var SQL ="<?php echo esc_html(get_option('SQLInjection'));?>";
448
+ var LFI ="<?php echo esc_html(get_option('LFIAttack'));?>";
449
+ var RFI ="<?php echo esc_html(get_option('RFIAttack'));?>";
450
+ var RCE ="<?php echo esc_html(get_option('RCEAttack'));?>";
451
  if(SQL == '1')
452
  {
453
  jQuery('#SQL').prop("checked",true);
views/waf.php CHANGED
@@ -23,7 +23,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
23
  <div class="mo_wpns_small_3_layout">
24
  <div class ="mo_wpns_sub_sub_dashboard_layout">Injections<hr class="line"><?php echo esc_attr($sqlC); ?></></div>
25
  <div class ="mo_wpns_sub_sub_dashboard_layout">RCE<hr class="line"><?php echo esc_attr($rceC); ?></div>
26
- <div class ="mo_wpns_sub_sub_dashboard_layout">RFI/LFI<hr class="line"><?php echo $rfiC + $lfiC; ?></div>
27
  <div class ="mo_wpns_sub_sub_dashboard_layout">XSS<hr class="line"><?php echo esc_attr($xssC); ?></div>
28
  </div>
29
  </div>
@@ -85,7 +85,7 @@ $setup_dirName = $mo2f_dirName.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEP
85
  global $mo2f_dirName;
86
  foreach($blockedattacks as $blockedattack)
87
  {
88
- echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedattack->ip)."</td><td>".retrivefullname(esc_attr($blockedattack->type))."</td>";
89
 
90
  echo "<td>".date("M j, Y, g:i:s a",esc_attr($blockedattack->time))."</td><td>".esc_attr($blockedattack->input)."</td></tr>";
91
  }
@@ -387,7 +387,7 @@ echo "<td>".date("M j, Y, g:i:s a",esc_attr($blockedattack->time))."</td><td>
387
  <div class="mo_wpns_setting_layout" id= 'mo2f_settings_tab_div'>
388
  <table style="width:100%">
389
  <tr><th align="left">
390
- <h3>Website Firewall on Plugin Level : <a href='<?php echo $two_factor_premium_doc['Plugin level waf'];?>' target="_blank">
391
  <span class=" dashicons dashicons-text-page" style="font-size:23px;color:#413c69;"></span></a>
392
  <br>
393
  <p><i class="mo_wpns_not_bold">This will activate WAF after the WordPress load. This will block illegitimate requests after making connection to WordPress. This will check Every Request in plugin itself.</i></p>
@@ -415,7 +415,7 @@ echo "<td>".date("M j, Y, g:i:s a",esc_attr($blockedattack->time))."</td><td>
415
  Rename the file as '.htaccess' [without name just extension] and use it as backup.
416
  </i></p>
417
  <?php
418
- echo "<a href='". $url."' download='".$nameDownload."'>";?>
419
  <input type='button' name='CDhtaccess' id='CDhtaccess' value='Confirm & Download' class="button button-primary button-large" />
420
  </a>
421
 
@@ -573,10 +573,10 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
573
  jQuery('#resultsIPLookup').empty();
574
 
575
 
576
- var Rate_request = "<?php echo get_option('Rate_request');?>";
577
- var Rate_limiting = "<?php echo get_option('Rate_limiting');?>";
578
- var actionValue = "<?php echo get_option('actionRateL');?>";
579
- var WAFEnabled = "<?php echo get_option('WAFEnabled');?>";
580
  if(WAFEnabled == '1')
581
  {
582
  if(Rate_limiting == '1')
@@ -601,9 +601,9 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
601
 
602
  document.getElementById('rateLFD').style.display="none";
603
 
604
- var Rate_request = "<?php echo get_option('Rate_request');?>";
605
- var nonce = '<?php echo wp_create_nonce("RateLimitingNonce");?>';
606
- var actionValue = "<?php echo get_option('actionRateL');?>";
607
 
608
  jQuery('#req').val(Rate_request);
609
  if(actionValue == 0)
@@ -664,7 +664,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
664
  var req = jQuery('#req').val();
665
  var rateL = jQuery("input[name='rateL']:checked").val();
666
  var Action = jQuery("#action").val();
667
- var nonce = '<?php echo wp_create_nonce("RateLimitingNonce");?>';
668
 
669
 
670
  if(req !='' && rateL !='' && Action !='')
@@ -696,14 +696,14 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
696
 
697
  });
698
 
699
- var WAF = "<?php echo get_option('WAF');?>";
700
- var wafE = "<?php echo get_option('WAFEnabled');?>";
701
- var SQL = "<?php echo get_option('SQLInjection');?>";
702
- var XSS = "<?php echo get_option('XSSAttack');?>";
703
- var LFI = "<?php echo get_option('LFIAttack');?>";
704
- var RFI = "<?php echo get_option('RFIAttack');?>";
705
- var RCE = "<?php echo get_option('RCEAttack');?>";
706
- var limitAttack = "<?php echo get_option('limitAttack');?>"
707
 
708
 
709
 
@@ -747,7 +747,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
747
  jQuery('#SQL').click(function(){
748
  var SQL = jQuery("input[name='SQL']:checked").val();
749
 
750
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
751
  if(SQL != '')
752
  {
753
  var data = {
@@ -778,7 +778,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
778
 
779
  jQuery('#saveLimitAttacks').click(function(){
780
  var limitAttack = jQuery("#limitAttack").val();
781
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
782
  if(limitAttack != '')
783
  {
784
  var data = {
@@ -812,7 +812,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
812
 
813
  jQuery('#XSS').click(function(){
814
  var XSS = jQuery("input[name='XSS']:checked").val();
815
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
816
  if(XSS != '')
817
  {
818
  var data = {
@@ -841,7 +841,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
841
  });
842
  jQuery('#LFI').click(function(){
843
  var LFI = jQuery("input[name='LFI']:checked").val();
844
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
845
  if(LFI != '')
846
  {
847
  var data = {
@@ -876,7 +876,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
876
  jQuery('#pluginWAF').click(function(){
877
  pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
878
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
879
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
880
  if(pluginWAF != '')
881
  {
882
 
@@ -893,12 +893,12 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
893
 
894
  if(response == "PWAFenabled")
895
  {
896
- var SQL ="<?php echo get_option('SQLInjection');?>";
897
- var XSS ="<?php echo get_option('XSSAttack');?>";
898
- var LFI ="<?php echo get_option('LFIAttack');?>";
899
- var RFI ="<?php echo get_option('RFIAttack');?>";
900
- var RCE ="<?php echo get_option('RCEAttack');?>";
901
- var limitAttack = "<?php echo get_option('limitAttack');?>"
902
 
903
  if(SQL == '1')
904
  {
@@ -946,7 +946,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
946
  document.getElementById("htaccessWAF").disabled = false;
947
  document.getElementById("htaccessChange").style.display = "none";
948
 
949
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
950
  var data = {
951
  'action' : 'wpns_login_security',
952
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
@@ -987,7 +987,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
987
 
988
  if(htaccessWAF != 'on')
989
  {
990
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
991
  var data = {
992
  'action' : 'wpns_login_security',
993
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
@@ -1015,7 +1015,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
1015
  }
1016
  else
1017
  {
1018
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
1019
  var data = {
1020
  'action' : 'wpns_login_security',
1021
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
@@ -1061,7 +1061,7 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
1061
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
1062
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
1063
 
1064
- var nonce = '<?php echo wp_create_nonce("WAFsettingNonce");?>';
1065
  var data = {
1066
  'action' : 'wpns_login_security',
1067
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
@@ -1075,12 +1075,12 @@ echo "<a href='". $url."' download='".$nameDownload."'>";?>
1075
  {
1076
  if(htaccessWAF=='on')
1077
  {
1078
- var SQL ="<?php echo get_option('SQLInjection');?>";
1079
- var XSS ="<?php echo get_option('XSSAttack');?>";
1080
- var LFI ="<?php echo get_option('LFIAttack');?>";
1081
- var RFI ="<?php echo get_option('RFIAttack');?>";
1082
- var RCE ="<?php echo get_option('RCEAttack');?>";
1083
- var limitAttack = "<?php echo get_option('limitAttack');?>"
1084
 
1085
  if(SQL == '1')
1086
  {
@@ -1152,7 +1152,7 @@ jQuery('#RLPage').click(function(){
1152
 
1153
  jQuery('#mo2f_realtime_ip_block_free').click(function(){
1154
  var mo2f_realtime_ip_block_free = jQuery("input[name='mo2f_realtime_ip_block_free']:checked").val();
1155
- var nonce = '<?php echo wp_create_nonce("mo2f_realtime_ip_block_free");?>';
1156
  var data = {
1157
  'action' : 'wpns_login_security',
1158
  'wpns_loginsecurity_ajax' : 'wpns_waf_realtime_ip_block_free',
23
  <div class="mo_wpns_small_3_layout">
24
  <div class ="mo_wpns_sub_sub_dashboard_layout">Injections<hr class="line"><?php echo esc_attr($sqlC); ?></></div>
25
  <div class ="mo_wpns_sub_sub_dashboard_layout">RCE<hr class="line"><?php echo esc_attr($rceC); ?></div>
26
+ <div class ="mo_wpns_sub_sub_dashboard_layout">RFI/LFI<hr class="line"><?php echo intval(esc_attr($rfiC)) + intval(esc_attr($lfiC)); ?></div>
27
  <div class ="mo_wpns_sub_sub_dashboard_layout">XSS<hr class="line"><?php echo esc_attr($xssC); ?></div>
28
  </div>
29
  </div>
85
  global $mo2f_dirName;
86
  foreach($blockedattacks as $blockedattack)
87
  {
88
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedattack->ip)."</td><td>".esc_attr(retrivefullname($blockedattack->type))."</td>";
89
 
90
  echo "<td>".date("M j, Y, g:i:s a",esc_attr($blockedattack->time))."</td><td>".esc_attr($blockedattack->input)."</td></tr>";
91
  }
387
  <div class="mo_wpns_setting_layout" id= 'mo2f_settings_tab_div'>
388
  <table style="width:100%">
389
  <tr><th align="left">
390
+ <h3>Website Firewall on Plugin Level : <a href='<?php echo esc_url($two_factor_premium_doc['Plugin level waf']);?>' target="_blank">
391
  <span class=" dashicons dashicons-text-page" style="font-size:23px;color:#413c69;"></span></a>
392
  <br>
393
  <p><i class="mo_wpns_not_bold">This will activate WAF after the WordPress load. This will block illegitimate requests after making connection to WordPress. This will check Every Request in plugin itself.</i></p>
415
  Rename the file as '.htaccess' [without name just extension] and use it as backup.
416
  </i></p>
417
  <?php
418
+ echo "<a href='". esc_url($url)."' download='".esc_html($nameDownload)."'>";?>
419
  <input type='button' name='CDhtaccess' id='CDhtaccess' value='Confirm & Download' class="button button-primary button-large" />
420
  </a>
421
 
573
  jQuery('#resultsIPLookup').empty();
574
 
575
 
576
+ var Rate_request = "<?php echo esc_html(get_option('Rate_request'));?>";
577
+ var Rate_limiting = "<?php echo esc_html(get_option('Rate_limiting'));?>";
578
+ var actionValue = "<?php echo esc_html(get_option('actionRateL'));?>";
579
+ var WAFEnabled = "<?php echo esc_html(get_option('WAFEnabled'));?>";
580
  if(WAFEnabled == '1')
581
  {
582
  if(Rate_limiting == '1')
601
 
602
  document.getElementById('rateLFD').style.display="none";
603
 
604
+ var Rate_request = "<?php echo esc_html(get_option('Rate_request'));?>";
605
+ var nonce = '<?php echo esc_html(wp_create_nonce("RateLimitingNonce"));?>';
606
+ var actionValue = "<?php echo esc_html(get_option('actionRateL'));?>";
607
 
608
  jQuery('#req').val(Rate_request);
609
  if(actionValue == 0)
664
  var req = jQuery('#req').val();
665
  var rateL = jQuery("input[name='rateL']:checked").val();
666
  var Action = jQuery("#action").val();
667
+ var nonce = '<?php echo esc_html(wp_create_nonce("RateLimitingNonce"));?>';
668
 
669
 
670
  if(req !='' && rateL !='' && Action !='')
696
 
697
  });
698
 
699
+ var wafE = "<?php echo esc_html(get_option('WAFEnabled'));?>";
700
+ var SQL = "<?php echo esc_html(get_option('SQLInjection'));?>";
701
+ var XSS = "<?php echo esc_html(get_option('XSSAttack'));?>";
702
+ var LFI = "<?php echo esc_html(get_option('LFIAttack'));?>";
703
+ var RFI = "<?php echo esc_html(get_option('RFIAttack'));?>";
704
+ var RCE = "<?php echo esc_html(get_option('RCEAttack'));?>";
705
+ var limitAttack = "<?php echo esc_html(get_option('limitAttack'));?>"
706
+ var WAF = "<?php echo esc_html(get_option('WAF'));?>";
707
 
708
 
709
 
747
  jQuery('#SQL').click(function(){
748
  var SQL = jQuery("input[name='SQL']:checked").val();
749
 
750
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
751
  if(SQL != '')
752
  {
753
  var data = {
778
 
779
  jQuery('#saveLimitAttacks').click(function(){
780
  var limitAttack = jQuery("#limitAttack").val();
781
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
782
  if(limitAttack != '')
783
  {
784
  var data = {
812
 
813
  jQuery('#XSS').click(function(){
814
  var XSS = jQuery("input[name='XSS']:checked").val();
815
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
816
  if(XSS != '')
817
  {
818
  var data = {
841
  });
842
  jQuery('#LFI').click(function(){
843
  var LFI = jQuery("input[name='LFI']:checked").val();
844
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
845
  if(LFI != '')
846
  {
847
  var data = {
876
  jQuery('#pluginWAF').click(function(){
877
  pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
878
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
879
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
880
  if(pluginWAF != '')
881
  {
882
 
893
 
894
  if(response == "PWAFenabled")
895
  {
896
+ var SQL ="<?php echo esc_html(get_option('SQLInjection'));?>";
897
+ var XSS ="<?php echo esc_html(get_option('XSSAttack'));?>";
898
+ var LFI ="<?php echo esc_html(get_option('LFIAttack'));?>";
899
+ var RFI ="<?php echo esc_html(get_option('RFIAttack'));?>";
900
+ var RCE ="<?php echo esc_html(get_option('RCEAttack'));?>";
901
+ var limitAttack = "<?php echo esc_html(get_option('limitAttack'));?>"
902
 
903
  if(SQL == '1')
904
  {
946
  document.getElementById("htaccessWAF").disabled = false;
947
  document.getElementById("htaccessChange").style.display = "none";
948
 
949
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
950
  var data = {
951
  'action' : 'wpns_login_security',
952
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
987
 
988
  if(htaccessWAF != 'on')
989
  {
990
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
991
  var data = {
992
  'action' : 'wpns_login_security',
993
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
1015
  }
1016
  else
1017
  {
1018
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
1019
  var data = {
1020
  'action' : 'wpns_login_security',
1021
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
1061
  var pluginWAF = jQuery("input[name='pluginWAF']:checked").val();
1062
  var htaccessWAF = jQuery("input[name='htaccessWAF']:checked").val();
1063
 
1064
+ var nonce = '<?php echo esc_html(wp_create_nonce("WAFsettingNonce"));?>';
1065
  var data = {
1066
  'action' : 'wpns_login_security',
1067
  'wpns_loginsecurity_ajax' : 'wpns_waf_settings_form',
1075
  {
1076
  if(htaccessWAF=='on')
1077
  {
1078
+ var SQL ="<?php echo esc_html(get_option('SQLInjection'));?>";
1079
+ var XSS ="<?php echo esc_html(get_option('XSSAttack'));?>";
1080
+ var LFI ="<?php echo esc_html(get_option('LFIAttack'));?>";
1081
+ var RFI ="<?php echo esc_html(get_option('RFIAttack'));?>";
1082
+ var RCE ="<?php echo esc_html(get_option('RCEAttack'));?>";
1083
+ var limitAttack = "<?php echo esc_html(get_option('limitAttack'));?>"
1084
 
1085
  if(SQL == '1')
1086
  {
1152
 
1153
  jQuery('#mo2f_realtime_ip_block_free').click(function(){
1154
  var mo2f_realtime_ip_block_free = jQuery("input[name='mo2f_realtime_ip_block_free']:checked").val();
1155
+ var nonce = '<?php echo esc_html(wp_create_nonce("mo2f_realtime_ip_block_free"));?>';
1156
  var data = {
1157
  'action' : 'wpns_login_security',
1158
  'wpns_loginsecurity_ajax' : 'wpns_waf_realtime_ip_block_free',