Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.5.78

Version Description

  • Google Authenticator - Two factor Authentication (2FA, OTP) :
  • Bug Fixes and Code Improvements
Download this release

Release Info

Developer mayurjogale
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.5.78
Comparing to
See all releases

Code changes from version 5.5.77 to 5.5.78

Files changed (38) hide show
  1. api/Mo2f_OnPremRedirect.php +346 -346
  2. api/class-customer-common-setup.php +473 -473
  3. api/mo2f_api.php +69 -69
  4. changelog.txt +24 -0
  5. controllers/account.php +303 -303
  6. controllers/advanced-blocking.php +189 -189
  7. controllers/backup/backup_ajax.php +156 -156
  8. controllers/change-password.php +16 -16
  9. controllers/content-protection.php +94 -94
  10. controllers/dashboard_ajax.php +210 -210
  11. controllers/duo_authenticator/duo_authenticator_ajax.php +70 -70
  12. controllers/feedback_footer.php +56 -56
  13. controllers/ip-blocking.php +242 -242
  14. controllers/login-security.php +216 -216
  15. controllers/malware_scanner/malware_scan_ajax.php +421 -421
  16. controllers/malware_scanner/malware_scan_result.php +40 -40
  17. controllers/navbar.php +95 -95
  18. controllers/notification-settings.php +97 -97
  19. controllers/registration-security.php +125 -128
  20. controllers/request_christmas_offer.php +47 -47
  21. controllers/request_demo.php +50 -50
  22. controllers/request_offer.php +45 -45
  23. controllers/support.php +59 -59
  24. controllers/tour/tour_ajax.php +145 -145
  25. controllers/two-fa-intro.php +222 -222
  26. controllers/twofa/mo2fa_common_login.php +1683 -1683
  27. controllers/twofa/mo2fa_inline_registration.php +1551 -1551
  28. controllers/twofa/setup_twofa.php +50 -50
  29. controllers/twofa/two_fa_unlimittedUser_ajax.php +46 -46
  30. controllers/twofa/two_factor_ajax.php +1284 -1284
  31. controllers/wpns-loginsecurity-ajax.php +1413 -1413
  32. database/database_functions.php +873 -873
  33. handler/WAF/mo-waf-real-time.php +41 -41
  34. handler/WAF/waf-include.php +99 -99
  35. handler/ajax.php +192 -192
  36. handler/feedback_form.php +212 -212
  37. handler/login.php +412 -412
  38. handler/malware_scanner.php +0 -13
api/Mo2f_OnPremRedirect.php CHANGED
@@ -1,346 +1,346 @@
1
- <?php
2
- class Mo2f_OnPremRedirect {
3
-
4
- function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
- switch($authType){
6
-
7
- case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken,$current_user);
8
- return $content;
9
- break;
10
- case "KBA": $content = $this->mo2f_kba_onpremise();
11
- return $content;
12
- break;
13
- case "OUT OF BAND EMAIL":
14
- break;
15
- case "EMAIL":
16
- case "OTP OVER EMAIL":
17
- case "OTP_OVER_EMAIL":
18
- return $this->mo2f_otp_over_email($otpToken,$current_user);
19
-
20
-
21
- }
22
-
23
- }
24
-
25
- function mo2f_kba_onpremise(){
26
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
- if(isset($_POST['validate'])){
28
- $user_id = wp_get_current_user()->ID;
29
- }
30
- else{
31
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
- }
33
- $redirect_to = isset( $_POST['redirect_to'] ) ? sanitize_url( $_POST['redirect_to']) : null;
34
- $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
- $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
- $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
- $questions_challenged = $questions_challenged[0];
38
- $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
- $all_ques_ans = $all_ques_ans[0];
40
- $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
- $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
-
45
- $pass2fa = new Miniorange_Password_2Factor_Login;
46
- $twofa_Settings = new Miniorange_Authentication;
47
- if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
- $content = json_encode($arr);
50
- delete_user_meta( $user_id, 'test_2FA' );
51
- return $content;
52
- }
53
- else {
54
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
- $content = json_encode($arr);
56
- return $content;
57
- }
58
-
59
- }
60
-
61
- function OnpremSendRedirect($useremail,$authType,$currentuser){
62
-
63
- switch($authType){
64
-
65
- case "Email Verification":
66
- case "OUT OF BAND EMAIL":
67
- $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
- return $content;
69
- case "EMAIL":
70
-
71
- case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
- return $content;
73
- case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
- return $content;
75
-
76
- }
77
-
78
- }
79
-
80
- function OnpremSecurityQuestions($user){
81
- $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
- $challenge_questions = array_keys($question_answers[0]);
83
- $random_keys = array_rand($challenge_questions,2);
84
- $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
- $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
- $questions = array($challenge_ques1,$challenge_ques2);
87
- update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
- $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
- return $response;
90
-
91
- }
92
-
93
- function mo2f_google_authenticator_onpremise($otpToken,$current_user=null){
94
- include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
- $gauth_obj= new Google_auth_onpremise();
96
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
- if(is_user_logged_in()){
98
- $user = wp_get_current_user();
99
- $user_id = $user->ID;
100
- }else if(isset($current_user) && !empty($current_user->ID)){
101
- $user_id = $current_user->ID;
102
- }else{
103
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
104
- }
105
- $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
106
- $content=$gauth_obj->verifyCode($secret, $otpToken);
107
- return $content;
108
- }
109
- function OnpremOTPOverEMail($current_user,$useremail=false)
110
- {
111
- return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
112
- }
113
- function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
114
- {
115
- $count_threshold = 5;
116
- global $Mo2fdbQueries,$imagePath;
117
- if(!isset($current_user) or is_null($current_user))
118
- {
119
- if(is_user_logged_in()){
120
- $current_user = wp_get_current_user();
121
- }else{
122
- $current_user = unserialize($_SESSION['mo2f_current_user']);
123
- }
124
- }
125
-
126
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
127
- {
128
- $email = get_user_meta($current_user->ID,'tempEmail',true);
129
-
130
- if($email == '' or empty($email))
131
- {
132
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
133
- }
134
-
135
- }
136
- if(is_null($email) or empty($email) or $email == '' or !isset($email) )
137
- $email = $current_user->user_email;
138
-
139
- delete_user_meta($current_user->ID,'tempEmail');
140
- $subject = '2-Factor Authentication';
141
- $headers = array('Content-Type: text/html; charset=UTF-8');
142
- $otpToken = '';
143
- for($i=1;$i<7;$i++)
144
- {
145
- $otpToken .= rand(0,9);
146
- }
147
- update_user_meta($current_user->ID,$tokenName,$otpToken);
148
- update_user_meta($current_user->ID,$timeName,time());
149
- update_user_meta($current_user->ID,'tempRegEmail',$email);
150
- $message = '<table cellpadding="25" style="margin:0px auto">
151
- <tbody>
152
- <tr>
153
- <td>
154
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
155
- <tbody>
156
- <tr>
157
- <td><img src="'.$imagePath.'includes/images/xecurify-logo.png" alt="Xecurify" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
158
- </tr>
159
- </tbody>
160
- </table>
161
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
162
- <tbody>
163
- <tr>
164
- <td>
165
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
166
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
167
- <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
168
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
169
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
170
- </div></div></td>
171
- </tr>
172
- </tbody>
173
- </table>
174
- </td>
175
- </tr>
176
- </tbody>
177
- </table>';
178
-
179
- $result = wp_mail($email,$subject,$message,$headers);
180
- if($result){
181
- if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
182
- Miniorange_Authentication::low_otp_alert("email");
183
- update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
184
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
185
-
186
- }else{
187
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
188
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
189
- }
190
- $content = json_encode($arr);
191
- return $content;
192
-
193
- }
194
-
195
- function mo2f_otp_over_email($otpToken,$current_user)
196
- {
197
- return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
198
- }
199
- function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
200
- {
201
- global $Mo2fdbQueries;
202
- if(is_null($current_user))
203
- {
204
- $current_user = wp_get_current_user();
205
- }
206
-
207
- if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
208
- {
209
- $user_id = $current_user->ID;
210
-
211
-
212
-
213
-
214
- $valid_token = get_user_meta($user_id,$dtoken,true);
215
-
216
-
217
- $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
218
-
219
-
220
- $time = get_user_meta($user_id,$dtime,true);
221
- $accepted_time = time()-300;
222
-
223
-
224
- if($accepted_time>$time)
225
- {
226
-
227
- delete_user_meta( $user_id, $dtoken );
228
- delete_user_meta( $user_id, $dtime );
229
- delete_user_meta( $user_id,'tempRegEmail');
230
-
231
- $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
232
- }
233
-
234
- else if($valid_token == $otpToken)
235
- {
236
- $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
237
- delete_user_meta( $user_id, $dtoken );
238
- if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
239
- {
240
- $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
241
- if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
242
- $Mo2fdbQueries->update_user_details($user_id,array(
243
- 'mo2f_configured_2FA_method' => 'OTP Over Email',
244
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
245
- 'mo2f_user_email'=> $tempRegEmail));
246
- }
247
- delete_user_meta( $user_id,'tempRegEmail');
248
- }
249
- else
250
- {
251
- $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
252
- }
253
-
254
- $content = json_encode($arr);
255
- return $content;
256
-
257
- }
258
- }
259
-
260
-
261
- function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
262
- {
263
-
264
- global $Mo2fdbQueries;
265
-
266
- $email = get_user_meta($current_user->ID,'tempEmail',true);
267
-
268
-
269
- if(empty($email))
270
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
271
-
272
- $subject = "2-Factor Authentication(Email verification)";
273
- $headers = array('Content-Type: text/html; charset=UTF-8');
274
- $txid = '';
275
- $otpToken = '';
276
- $otpTokenD = '';
277
- for($i=1;$i<7;$i++)
278
- {
279
- $otpToken .= rand(0,9);
280
- $txid .= rand(100,999);
281
- $otpTokenD .= rand(0,9);
282
- }
283
- $otpTokenH = hash('sha512',$otpToken);
284
- $otpTokenDH = hash('sha512', $otpTokenD);
285
- update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
286
- $userID = hash('sha512',$current_user->ID);
287
- update_site_option($userID,$otpTokenH);
288
- update_site_option($txid,3);
289
- $userIDd = $userID . 'D';
290
- update_site_option($userIDd,$otpTokenDH);
291
-
292
- $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
293
- $result = wp_mail($email,$subject,$message,$headers);
294
-
295
- $response=array("txId"=>$txid);
296
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
297
- if($result)
298
- {
299
- $response['status']='SUCCESS';
300
- $time = "time".$txid;
301
- $currentTimeInMillis = round(microtime(true) * 1000);
302
- update_site_option($time,$currentTimeInMillis);
303
- }
304
- else
305
- {
306
- $response['status']='FAILED';
307
- }
308
-
309
- return json_encode($response);
310
- }
311
-
312
- function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
313
- global $imagePath;
314
- $url = get_site_option('siteurl').'/wp-login.php?';
315
- $message = '<table cellpadding="25" style="margin:0px auto">
316
- <tbody>
317
- <tr>
318
- <td>
319
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
320
- <tbody>
321
- <tr>
322
- <td><img src="'.$imagePath.'includes/images/xecurify-logo.png" alt="Xecurify" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
323
- </tr>
324
- </tbody>
325
- </table>
326
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
327
- <tbody>
328
- <tr>
329
- <td>
330
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
331
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
332
- <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
333
- <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
334
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
335
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
336
- </div></div></td>
337
- </tr>
338
- </tbody>
339
- </table>
340
- </td>
341
- </tr>
342
- </tbody>
343
- </table>';
344
- return $message;
345
- }
346
- }
1
+ <?php
2
+ class Mo2f_OnPremRedirect {
3
+
4
+ function OnpremValidateRedirect($authType, $otpToken,$current_user =null){
5
+ switch($authType){
6
+
7
+ case "GOOGLE AUTHENTICATOR" :$content = $this->mo2f_google_authenticator_onpremise($otpToken,$current_user);
8
+ return $content;
9
+ break;
10
+ case "KBA": $content = $this->mo2f_kba_onpremise();
11
+ return $content;
12
+ break;
13
+ case "OUT OF BAND EMAIL":
14
+ break;
15
+ case "EMAIL":
16
+ case "OTP OVER EMAIL":
17
+ case "OTP_OVER_EMAIL":
18
+ return $this->mo2f_otp_over_email($otpToken,$current_user);
19
+
20
+
21
+ }
22
+
23
+ }
24
+
25
+ function mo2f_kba_onpremise(){
26
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
27
+ if(isset($_POST['validate'])){
28
+ $user_id = wp_get_current_user()->ID;
29
+ }
30
+ else{
31
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
32
+ }
33
+ $redirect_to = isset( $_POST['redirect_to'] ) ? sanitize_url( $_POST['redirect_to']) : null;
34
+ $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
35
+ $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
36
+ $questions_challenged = get_user_meta($user_id ,'kba_questions_user');
37
+ $questions_challenged = $questions_challenged[0];
38
+ $all_ques_ans = (get_user_meta($user_id , 'mo2f_kba_challenge'));
39
+ $all_ques_ans = $all_ques_ans[0];
40
+ $ans_1 = $all_ques_ans[$questions_challenged[0]['question']];
41
+ $ans_2 = $all_ques_ans[$questions_challenged[1]['question']];
42
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
43
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
44
+
45
+ $pass2fa = new Miniorange_Password_2Factor_Login;
46
+ $twofa_Settings = new Miniorange_Authentication;
47
+ if(!strcmp(md5($kba_ans_1),$ans_1 ) && !strcmp(md5($kba_ans_2), $ans_2) ){
48
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
49
+ $content = json_encode($arr);
50
+ delete_user_meta( $user_id, 'test_2FA' );
51
+ return $content;
52
+ }
53
+ else {
54
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
55
+ $content = json_encode($arr);
56
+ return $content;
57
+ }
58
+
59
+ }
60
+
61
+ function OnpremSendRedirect($useremail,$authType,$currentuser){
62
+
63
+ switch($authType){
64
+
65
+ case "Email Verification":
66
+ case "OUT OF BAND EMAIL":
67
+ $content = $this->mo2f_pass2login_push_email_onpremise($currentuser);
68
+ return $content;
69
+ case "EMAIL":
70
+
71
+ case "OTP Over Email": $content = $this->OnpremOTPOverEMail($currentuser,$useremail);
72
+ return $content;
73
+ case "KBA": $content = $this->OnpremSecurityQuestions($currentuser);
74
+ return $content;
75
+
76
+ }
77
+
78
+ }
79
+
80
+ function OnpremSecurityQuestions($user){
81
+ $question_answers = get_user_meta($user->ID , 'mo2f_kba_challenge');
82
+ $challenge_questions = array_keys($question_answers[0]);
83
+ $random_keys = array_rand($challenge_questions,2);
84
+ $challenge_ques1 = array('question'=>$challenge_questions[$random_keys[0]]);
85
+ $challenge_ques2 = array('question'=>$challenge_questions[$random_keys[1]]);
86
+ $questions = array($challenge_ques1,$challenge_ques2);
87
+ update_user_meta( $user->ID, 'kba_questions_user', $questions );
88
+ $response=json_encode(array('txId'=>rand(100,10000000),'status'=>'SUCCESS','message'=>'Please answer the following security questions.','questions'=>$questions));
89
+ return $response;
90
+
91
+ }
92
+
93
+ function mo2f_google_authenticator_onpremise($otpToken,$current_user=null){
94
+ include_once dirname(dirname( __FILE__ )) . DIRECTORY_SEPARATOR. 'handler'.DIRECTORY_SEPARATOR. 'twofa' . DIRECTORY_SEPARATOR . 'gaonprem.php';
95
+ $gauth_obj= new Google_auth_onpremise();
96
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
97
+ if(is_user_logged_in()){
98
+ $user = wp_get_current_user();
99
+ $user_id = $user->ID;
100
+ }else if(isset($current_user) && !empty($current_user->ID)){
101
+ $user_id = $current_user->ID;
102
+ }else{
103
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
104
+ }
105
+ $secret= $gauth_obj->mo_GAuth_get_secret($user_id);
106
+ $content=$gauth_obj->verifyCode($secret, $otpToken);
107
+ return $content;
108
+ }
109
+ function OnpremOTPOverEMail($current_user,$useremail=false)
110
+ {
111
+ return $this->OnpremSendOTPEMail($current_user,'mo2f_otp_email_code','mo2f_otp_email_time',$useremail);
112
+ }
113
+ function OnpremSendOTPEMail($current_user,$tokenName,$timeName,$email=null)
114
+ {
115
+ $count_threshold = 5;
116
+ global $Mo2fdbQueries,$imagePath;
117
+ if(!isset($current_user) or is_null($current_user))
118
+ {
119
+ if(is_user_logged_in()){
120
+ $current_user = wp_get_current_user();
121
+ }else{
122
+ $current_user = unserialize($_SESSION['mo2f_current_user']);
123
+ }
124
+ }
125
+
126
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
127
+ {
128
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
129
+
130
+ if($email == '' or empty($email))
131
+ {
132
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
133
+ }
134
+
135
+ }
136
+ if(is_null($email) or empty($email) or $email == '' or !isset($email) )
137
+ $email = $current_user->user_email;
138
+
139
+ delete_user_meta($current_user->ID,'tempEmail');
140
+ $subject = '2-Factor Authentication';
141
+ $headers = array('Content-Type: text/html; charset=UTF-8');
142
+ $otpToken = '';
143
+ for($i=1;$i<7;$i++)
144
+ {
145
+ $otpToken .= rand(0,9);
146
+ }
147
+ update_user_meta($current_user->ID,$tokenName,$otpToken);
148
+ update_user_meta($current_user->ID,$timeName,time());
149
+ update_user_meta($current_user->ID,'tempRegEmail',$email);
150
+ $message = '<table cellpadding="25" style="margin:0px auto">
151
+ <tbody>
152
+ <tr>
153
+ <td>
154
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
155
+ <tbody>
156
+ <tr>
157
+ <td><img src="'.$imagePath.'includes/images/xecurify-logo.png" alt="Xecurify" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
158
+ </tr>
159
+ </tbody>
160
+ </table>
161
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
162
+ <tbody>
163
+ <tr>
164
+ <td>
165
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
166
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
167
+ <p style="margin-top:0;margin-bottom:10px">Your one time passcode is '.$otpToken.'.
168
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
169
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
170
+ </div></div></td>
171
+ </tr>
172
+ </tbody>
173
+ </table>
174
+ </td>
175
+ </tr>
176
+ </tbody>
177
+ </table>';
178
+
179
+ $result = wp_mail($email,$subject,$message,$headers);
180
+ if($result){
181
+ if(get_site_option('cmVtYWluaW5nT1RQ') == $count_threshold)
182
+ Miniorange_Authentication::low_otp_alert("email");
183
+ update_site_option( 'mo2f_message', 'A OTP has been sent to you on' .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
184
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.' ,'txId' => '' );
185
+
186
+ }else{
187
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
188
+ update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
189
+ }
190
+ $content = json_encode($arr);
191
+ return $content;
192
+
193
+ }
194
+
195
+ function mo2f_otp_over_email($otpToken,$current_user)
196
+ {
197
+ return $this->mo2f_otp_email_verify($otpToken,$current_user,'mo2f_otp_email_code','mo2f_otp_email_time');
198
+ }
199
+ function mo2f_otp_email_verify($otpToken,$current_user,$dtoken,$dtime)
200
+ {
201
+ global $Mo2fdbQueries;
202
+ if(is_null($current_user))
203
+ {
204
+ $current_user = wp_get_current_user();
205
+ }
206
+
207
+ if(isset($otpToken) and !empty($otpToken) and !is_null($current_user))
208
+ {
209
+ $user_id = $current_user->ID;
210
+
211
+
212
+
213
+
214
+ $valid_token = get_user_meta($user_id,$dtoken,true);
215
+
216
+
217
+ $cd = get_user_meta($user_id,"mo2f_email_check_code",true);
218
+
219
+
220
+ $time = get_user_meta($user_id,$dtime,true);
221
+ $accepted_time = time()-300;
222
+
223
+
224
+ if($accepted_time>$time)
225
+ {
226
+
227
+ delete_user_meta( $user_id, $dtoken );
228
+ delete_user_meta( $user_id, $dtime );
229
+ delete_user_meta( $user_id,'tempRegEmail');
230
+
231
+ $arr = array('status' => 'FAILED','message'=>'OTP Expire.');
232
+ }
233
+
234
+ else if($valid_token == $otpToken)
235
+ {
236
+ $arr = array('status' => 'SUCCESS','message'=>'Successfully validated.');
237
+ delete_user_meta( $user_id, $dtoken );
238
+ if($dtoken == 'mo2f_email_check_code' or $dtoken == 'mo2f_otp_email_code')
239
+ {
240
+ $tempRegEmail = get_user_meta($user_id,'tempRegEmail',true);
241
+ if($tempRegEmail != '' or !is_null($tempRegEmail) or !$tempRegEmail)
242
+ $Mo2fdbQueries->update_user_details($user_id,array(
243
+ 'mo2f_configured_2FA_method' => 'OTP Over Email',
244
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS',
245
+ 'mo2f_user_email'=> $tempRegEmail));
246
+ }
247
+ delete_user_meta( $user_id,'tempRegEmail');
248
+ }
249
+ else
250
+ {
251
+ $arr = array('status' => 'FAILED','message'=>'TEST FAILED.');
252
+ }
253
+
254
+ $content = json_encode($arr);
255
+ return $content;
256
+
257
+ }
258
+ }
259
+
260
+
261
+ function mo2f_pass2login_push_email_onpremise($current_user, $redirect_to=null)
262
+ {
263
+
264
+ global $Mo2fdbQueries;
265
+
266
+ $email = get_user_meta($current_user->ID,'tempEmail',true);
267
+
268
+
269
+ if(empty($email))
270
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
271
+
272
+ $subject = "2-Factor Authentication(Email verification)";
273
+ $headers = array('Content-Type: text/html; charset=UTF-8');
274
+ $txid = '';
275
+ $otpToken = '';
276
+ $otpTokenD = '';
277
+ for($i=1;$i<7;$i++)
278
+ {
279
+ $otpToken .= rand(0,9);
280
+ $txid .= rand(100,999);
281
+ $otpTokenD .= rand(0,9);
282
+ }
283
+ $otpTokenH = hash('sha512',$otpToken);
284
+ $otpTokenDH = hash('sha512', $otpTokenD);
285
+ update_user_meta($current_user->ID,'mo2f_EV_txid',$txid);
286
+ $userID = hash('sha512',$current_user->ID);
287
+ update_site_option($userID,$otpTokenH);
288
+ update_site_option($txid,3);
289
+ $userIDd = $userID . 'D';
290
+ update_site_option($userIDd,$otpTokenDH);
291
+
292
+ $message = $this->getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email);
293
+ $result = wp_mail($email,$subject,$message,$headers);
294
+
295
+ $response=array("txId"=>$txid);
296
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $email );
297
+ if($result)
298
+ {
299
+ $response['status']='SUCCESS';
300
+ $time = "time".$txid;
301
+ $currentTimeInMillis = round(microtime(true) * 1000);
302
+ update_site_option($time,$currentTimeInMillis);
303
+ }
304
+ else
305
+ {
306
+ $response['status']='FAILED';
307
+ }
308
+
309
+ return json_encode($response);
310
+ }
311
+
312
+ function getEmailTemplate($userID, $otpTokenH,$otpTokenDH,$txid,$email){
313
+ global $imagePath;
314
+ $url = get_site_option('siteurl').'/wp-login.php?';
315
+ $message = '<table cellpadding="25" style="margin:0px auto">
316
+ <tbody>
317
+ <tr>
318
+ <td>
319
+ <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
320
+ <tbody>
321
+ <tr>
322
+ <td><img src="'.$imagePath.'includes/images/xecurify-logo.png" alt="Xecurify" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
323
+ </tr>
324
+ </tbody>
325
+ </table>
326
+ <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
327
+ <tbody>
328
+ <tr>
329
+ <td>
330
+ <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
331
+ <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
332
+ <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
333
+ <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
334
+ <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
335
+ <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
336
+ </div></div></td>
337
+ </tr>
338
+ </tbody>
339
+ </table>
340
+ </td>
341
+ </tr>
342
+ </tbody>
343
+ </table>';
344
+ return $message;
345
+ }
346
+ }
api/class-customer-common-setup.php CHANGED
@@ -1,473 +1,473 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
-
21
- /**
22
- * This library is miniOrange Authentication Service.
23
- * Contains Request Calls to Customer service.
24
- **/
25
-
26
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
-
28
- class Customer_Cloud_Setup {
29
-
30
- public $email;
31
- public $phone;
32
- public $customerKey;
33
- public $transactionId;
34
-
35
- private $auth_mode = 2; // miniorange test or not
36
- private $https_mode = false; // website http or https
37
-
38
-
39
- function check_customer() {
40
- $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
- $email = get_option( "mo2f_email" );
42
- $mo2fApi= new Mo2f_Api();
43
- $fields = array (
44
- 'email' => $email
45
- );
46
- $field_string = json_encode ( $fields );
47
-
48
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
-
50
- $response = $mo2fApi->make_curl_call( $url, $field_string );
51
- return $response;
52
-
53
- }
54
-
55
- function guest_audit() {
56
- $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
- $email = get_option( "mo2f_email" );
58
-
59
- $user = wp_get_current_user();
60
-
61
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
- if (empty($email))
63
- $email = $user->user_email;
64
- }
65
-
66
- $mo2fApi= new Mo2f_Api();
67
- $MoWpnsUtility = new MoWpnsUtility();
68
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
- $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
- $fields = array (
71
- 'emailAddress' => $email,
72
- 'companyName'=>$company,
73
- 'cmsName'=>"WP",
74
- 'applicationType'=>'Two Factor Upgrade',
75
- 'applicationName'=>$applicationName,
76
- 'pluginVersion'=>MO2F_VERSION,
77
- 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
- );
79
-
80
-
81
-
82
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
-
84
- $field_string = json_encode ( $fields );
85
-
86
- $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
- return $response;
88
-
89
- }
90
-
91
- function send_email_alert( $email, $phone, $message ) {
92
-
93
- $url = MO_HOST_NAME . '/moas/api/notify/send';
94
-
95
- $mo2fApi= new Mo2f_Api();
96
- $customerKey = "16555";
97
- $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
-
99
- $currentTimeInMillis = $mo2fApi->get_timestamp();
100
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
- $hashValue = hash( "sha512", $stringToHash );
102
- $fromEmail = $email;
103
- $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
-
105
- global $user;
106
- $user = wp_get_current_user();
107
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
-
110
-
111
- $customer_feature = "";
112
-
113
- if ( $is_ec_with_1_user ) {
114
- $customer_feature = "V1";
115
- }elseif ( $is_nc_with_1_user ) {
116
- $customer_feature = "V3";
117
- }
118
-
119
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
-
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . sanitize_url($_SERVER['SERVER_NAME']) . '" target="_blank" >' . sanitize_text_field($_SERVER['SERVER_NAME']) . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
-
123
- $fields = array(
124
- 'customerKey' => $customerKey,
125
- 'sendEmail' => true,
126
- 'email' => array(
127
- 'customerKey' => $customerKey,
128
- 'fromEmail' => $fromEmail,
129
- 'fromName' => 'Xecurify',
130
- 'toEmail' => '2fasupport@xecurify.com',
131
- 'toName' => '2fasupport@xecurify.com',
132
- 'subject' => $subject,
133
- 'content' => $content
134
- ),
135
- );
136
- $field_string = json_encode( $fields );
137
-
138
- $headers = $mo2fApi->get_http_header_array();
139
-
140
- $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
- return $response;
142
-
143
-
144
- }
145
-
146
- function create_customer() {
147
- global $Mo2fdbQueries;
148
- if ( ! MO2f_Utility::is_curl_installed() ) {
149
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
-
151
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
- }
153
-
154
- $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
- $mo2fApi= new Mo2f_Api();
156
- global $user;
157
- $user = wp_get_current_user();
158
- $this->email = get_option( 'mo2f_email' );
159
- $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
- $password = get_option( 'mo2f_password' );
161
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
-
163
- $fields = array(
164
- 'companyName' => $company,
165
- 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
- 'productInterest' => 'API_2FA',
167
- 'email' => $this->email,
168
- 'phone' => $this->phone,
169
- 'password' => $password
170
- );
171
- $field_string = json_encode( $fields );
172
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
-
174
- $content = $mo2fApi->make_curl_call( $url, $field_string );
175
-
176
- return $content;
177
- }
178
-
179
-
180
- function get_customer_key() {
181
- if ( ! MO2f_Utility::is_curl_installed() ) {
182
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
-
184
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
- }
186
-
187
- $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
-
189
- $email = get_option( "mo2f_email" );
190
- $password = get_option( "mo2f_password" );
191
- $mo2fApi= new Mo2f_Api();
192
- $fields = array(
193
- 'email' => $email,
194
- 'password' => $password
195
- );
196
- $field_string = json_encode( $fields );
197
-
198
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
-
200
- $content = $mo2fApi->make_curl_call( $url, $field_string );
201
-
202
- return $content;
203
- }
204
-
205
-
206
- function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
-
208
- if ( ! MO2f_Utility::is_curl_installed()) {
209
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
-
211
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
- }
213
-
214
- $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
- $mo2fApi = new Mo2f_Api();
216
- /* The customer Key provided to you */
217
- $customerKey = $cKey;
218
-
219
- /* The customer API Key provided to you */
220
- $apiKey = $apiKey;
221
-
222
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
- $currentTimeInMillis = $mo2fApi->get_timestamp();
224
-
225
- /* Creating the Hash using SHA-512 algorithm */
226
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
- $hashValue = hash( "sha512", $stringToHash );
228
-
229
- $headers = $mo2fApi->get_http_header_array();
230
-
231
- $fields = '';
232
- if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
- $fields = array(
234
- 'customerKey' => $customerKey,
235
- 'email' => $uKey,
236
- 'authType' => $authType,
237
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
- );
239
- } elseif ( $authType == 'SMS' ) {
240
- $authType = "SMS";
241
- $fields = array(
242
- 'customerKey' => $customerKey,
243
- 'phone' => $uKey,
244
- 'authType' => $authType
245
- );
246
- } else {
247
- $fields = array(
248
- 'customerKey' => $customerKey,
249
- 'username' => $uKey,
250
- 'authType' => $authType,
251
- 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
- );
253
- }
254
-
255
- $field_string = json_encode( $fields );
256
-
257
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
-
259
- $content1 = json_decode($content,true);
260
-
261
- if ( $content1['status'] == "SUCCESS" ) {
262
- if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
- Miniorange_Authentication::low_otp_alert("sms");
264
- }
265
- if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
- Miniorange_Authentication::low_otp_alert("email");
267
- }
268
- }
269
-
270
- return $content;
271
- }
272
-
273
-
274
-
275
-
276
- function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
-
278
- $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
-
280
- $customerKey = $cKey;
281
- $apiKey = $apiKey;
282
- $mo2fApi= new Mo2f_Api();
283
- $currentTimeInMillis = $mo2fApi->get_timestamp();
284
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
- $hashValue = hash( "sha512", $stringToHash );
286
-
287
- $fields = '';
288
- if($license_type == 'DEMO'){
289
- $fields = array(
290
- 'customerId' => $customerKey,
291
- 'applicationName' => '-1',
292
- 'licenseType' => $license_type
293
- );
294
- }else{
295
- $fields = array(
296
- 'customerId' => $customerKey,
297
- 'applicationName' => 'otp_recharge_plan',
298
- 'licenseType' => $license_type
299
- );
300
- }
301
-
302
- $field_string = json_encode( $fields );
303
-
304
- $headers = $mo2fApi->get_http_header_array();
305
-
306
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
307
-
308
-
309
- return $content;
310
- }
311
-
312
- public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
313
-
314
-
315
- $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
316
-
317
- $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
318
-
319
- $postdata = array('mo2f_email'=> $mo2f_user_email,
320
- 'mo2f_domain' =>$site_url,
321
- 'headers'=>$headers['header'],
322
- 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
323
-
324
- $args = array(
325
- 'method' => 'POST',
326
- 'timeout' => 45,
327
- 'sslverify' => false,
328
- 'headers' => array(),
329
- 'body' => $postdata,
330
- );
331
-
332
- $mo2f_api=new Mo2f_Api();
333
- $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
334
- return $data;
335
-
336
- }
337
-
338
- public function mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email){
339
- $url = 'https://sitestats.xecurify.com/backupcodeservice/backup_code_validation.php';
340
-
341
- $site_url = site_url();
342
- $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
343
-
344
- $postdata = array('mo2f_otp_token' => $mo2f_backup_code,
345
- 'mo2f_user_email'=> $mo2f_user_email,
346
- 'headers'=>$headers['header'],
347
- 'mo2f_site_url' => $site_url);
348
-
349
- $args = array(
350
- 'method' => 'POST',
351
- 'timeout' => 45,
352
- 'sslverify' => false,
353
- 'headers' => array(),
354
- 'body' => $postdata,
355
- );
356
-
357
- $data=wp_remote_post($url,$args);
358
-
359
- $data=wp_remote_retrieve_body( $data );
360
-
361
- return $data;
362
- }
363
-
364
-
365
- function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
366
- $content='';
367
- if ( ! MO2f_Utility::is_curl_installed() ) {
368
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
369
-
370
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
371
- }
372
-
373
- $url = MO_HOST_NAME . '/moas/api/auth/validate';
374
- $mo2fApi= new Mo2f_Api();
375
- /* The customer Key provided to you */
376
- $customerKey = $cKey;
377
-
378
- /* The customer API Key provided to you */
379
- $apiKey = $customerApiKey;
380
-
381
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
382
- $currentTimeInMillis = $mo2fApi->get_timestamp();
383
-
384
- /* Creating the Hash using SHA-512 algorithm */
385
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
386
- $hashValue = hash( "sha512", $stringToHash );
387
-
388
- $headers = $mo2fApi->get_http_header_array();
389
- $fields = '';
390
- if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
391
- /*check for soft token*/
392
- $fields = array(
393
- 'customerKey' => $customerKey,
394
- 'username' => $username,
395
- 'token' => $otpToken,
396
- 'authType' => $authType
397
- );
398
- } elseif ( $authType == 'KBA' ) {
399
- $fields = array(
400
- 'txId' => $transactionId,
401
- 'answers' => array(
402
- array(
403
- 'question' => $otpToken[0],
404
- 'answer' => $otpToken[1]
405
- ),
406
- array(
407
- 'question' => $otpToken[2],
408
- 'answer' => $otpToken[3]
409
- )
410
- )
411
- );
412
-
413
- } else {
414
- //*check for otp over sms/email
415
- $fields = array(
416
- 'txId' => $transactionId,
417
- 'token' => $otpToken
418
- );
419
- }
420
- $field_string = json_encode( $fields );
421
-
422
-
423
- $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
424
- return $content;
425
- }
426
-
427
- function submit_contact_us( $q_email, $q_phone, $query ) {
428
- if ( ! MO2f_Utility::is_curl_installed() ) {
429
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
430
-
431
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
432
- }
433
-
434
- $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
435
- global $user;
436
- $user = wp_get_current_user();
437
- $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
438
- $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
439
-
440
- $mo2fApi= new Mo2f_Api();
441
- $customer_feature = "";
442
-
443
- if ( $is_ec_with_1_user ) {
444
- $customer_feature = "V1";
445
- } elseif ( $is_nc_with_1_user ) {
446
- $customer_feature = "V3";
447
- }
448
- global $moWpnsUtility;
449
-
450
- $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
451
- $fields = array(
452
- 'firstName' => $user->user_firstname,
453
- 'lastName' => $user->user_lastname,
454
- 'company' => $_SERVER['SERVER_NAME'],
455
- 'email' => $q_email,
456
- 'ccEmail' => '2fasupport@xecurify.com',
457
- 'phone' => $q_phone,
458
- 'query' => $query
459
- );
460
- $field_string = json_encode( $fields );
461
-
462
- $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
463
-
464
- $content = $mo2fApi->make_curl_call( $url, $field_string );
465
-
466
-
467
- return true;
468
- }
469
-
470
- }
471
-
472
-
473
- ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+
21
+ /**
22
+ * This library is miniOrange Authentication Service.
23
+ * Contains Request Calls to Customer service.
24
+ **/
25
+
26
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR.'mo2f_api.php';
27
+
28
+ class Customer_Cloud_Setup {
29
+
30
+ public $email;
31
+ public $phone;
32
+ public $customerKey;
33
+ public $transactionId;
34
+
35
+ private $auth_mode = 2; // miniorange test or not
36
+ private $https_mode = false; // website http or https
37
+
38
+
39
+ function check_customer() {
40
+ $url = MO_HOST_NAME . "/moas/rest/customer/check-if-exists";
41
+ $email = get_option( "mo2f_email" );
42
+ $mo2fApi= new Mo2f_Api();
43
+ $fields = array (
44
+ 'email' => $email
45
+ );
46
+ $field_string = json_encode ( $fields );
47
+
48
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
49
+
50
+ $response = $mo2fApi->make_curl_call( $url, $field_string );
51
+ return $response;
52
+
53
+ }
54
+
55
+ function guest_audit() {
56
+ $url = MO_HOST_NAME . "/moas/rest/customer/guest-audit";
57
+ $email = get_option( "mo2f_email" );
58
+
59
+ $user = wp_get_current_user();
60
+
61
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
62
+ if (empty($email))
63
+ $email = $user->user_email;
64
+ }
65
+
66
+ $mo2fApi= new Mo2f_Api();
67
+ $MoWpnsUtility = new MoWpnsUtility();
68
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
+ $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
+ $fields = array (
71
+ 'emailAddress' => $email,
72
+ 'companyName'=>$company,
73
+ 'cmsName'=>"WP",
74
+ 'applicationType'=>'Two Factor Upgrade',
75
+ 'applicationName'=>$applicationName,
76
+ 'pluginVersion'=>MO2F_VERSION,
77
+ 'inUse'=>$MoWpnsUtility->getFeatureStatus()
78
+ );
79
+
80
+
81
+
82
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
83
+
84
+ $field_string = json_encode ( $fields );
85
+
86
+ $response = $mo2fApi->make_curl_call( $url, $field_string,$headers );
87
+ return $response;
88
+
89
+ }
90
+
91
+ function send_email_alert( $email, $phone, $message ) {
92
+
93
+ $url = MO_HOST_NAME . '/moas/api/notify/send';
94
+
95
+ $mo2fApi= new Mo2f_Api();
96
+ $customerKey = "16555";
97
+ $apiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
98
+
99
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
100
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
101
+ $hashValue = hash( "sha512", $stringToHash );
102
+ $fromEmail = $email;
103
+ $subject = "WordPress 2FA Plugin Feedback - " . $email;
104
+
105
+ global $user;
106
+ $user = wp_get_current_user();
107
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
108
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
109
+
110
+
111
+ $customer_feature = "";
112
+
113
+ if ( $is_ec_with_1_user ) {
114
+ $customer_feature = "V1";
115
+ }elseif ( $is_nc_with_1_user ) {
116
+ $customer_feature = "V3";
117
+ }
118
+
119
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
+
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . sanitize_url($_SERVER['SERVER_NAME']) . '" target="_blank" >' . sanitize_text_field($_SERVER['SERVER_NAME']) . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
+
123
+ $fields = array(
124
+ 'customerKey' => $customerKey,
125
+ 'sendEmail' => true,
126
+ 'email' => array(
127
+ 'customerKey' => $customerKey,
128
+ 'fromEmail' => $fromEmail,
129
+ 'fromName' => 'Xecurify',
130
+ 'toEmail' => '2fasupport@xecurify.com',
131
+ 'toName' => '2fasupport@xecurify.com',
132
+ 'subject' => $subject,
133
+ 'content' => $content
134
+ ),
135
+ );
136
+ $field_string = json_encode( $fields );
137
+
138
+ $headers = $mo2fApi->get_http_header_array();
139
+
140
+ $response = $mo2fApi->make_curl_call( $url, $field_string, $headers );
141
+ return $response;
142
+
143
+
144
+ }
145
+
146
+ function create_customer() {
147
+ global $Mo2fdbQueries;
148
+ if ( ! MO2f_Utility::is_curl_installed() ) {
149
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
150
+
151
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
152
+ }
153
+
154
+ $url = MO_HOST_NAME . '/moas/rest/customer/add';
155
+ $mo2fApi= new Mo2f_Api();
156
+ global $user;
157
+ $user = wp_get_current_user();
158
+ $this->email = get_option( 'mo2f_email' );
159
+ $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
+ $password = get_option( 'mo2f_password' );
161
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
+
163
+ $fields = array(
164
+ 'companyName' => $company,
165
+ 'areaOfInterest' => 'WordPress 2 Factor Authentication Plugin',
166
+ 'productInterest' => 'API_2FA',
167
+ 'email' => $this->email,
168
+ 'phone' => $this->phone,
169
+ 'password' => $password
170
+ );
171
+ $field_string = json_encode( $fields );
172
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
173
+
174
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
175
+
176
+ return $content;
177
+ }
178
+
179
+
180
+ function get_customer_key() {
181
+ if ( ! MO2f_Utility::is_curl_installed() ) {
182
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
183
+
184
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
185
+ }
186
+
187
+ $url = MO_HOST_NAME . "/moas/rest/customer/key";
188
+
189
+ $email = get_option( "mo2f_email" );
190
+ $password = get_option( "mo2f_password" );
191
+ $mo2fApi= new Mo2f_Api();
192
+ $fields = array(
193
+ 'email' => $email,
194
+ 'password' => $password
195
+ );
196
+ $field_string = json_encode( $fields );
197
+
198
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
199
+
200
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
201
+
202
+ return $content;
203
+ }
204
+
205
+
206
+ function send_otp_token( $uKey, $authType, $cKey, $apiKey, $currentuser=null ) {
207
+
208
+ if ( ! MO2f_Utility::is_curl_installed()) {
209
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
210
+
211
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
212
+ }
213
+
214
+ $url = MO_HOST_NAME . '/moas/api/auth/challenge';
215
+ $mo2fApi = new Mo2f_Api();
216
+ /* The customer Key provided to you */
217
+ $customerKey = $cKey;
218
+
219
+ /* The customer API Key provided to you */
220
+ $apiKey = $apiKey;
221
+
222
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
223
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
224
+
225
+ /* Creating the Hash using SHA-512 algorithm */
226
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
227
+ $hashValue = hash( "sha512", $stringToHash );
228
+
229
+ $headers = $mo2fApi->get_http_header_array();
230
+
231
+ $fields = '';
232
+ if ( $authType == 'EMAIL' || $authType == 'OTP Over Email' || $authType == 'OUT OF BAND EMAIL' ) {
233
+ $fields = array(
234
+ 'customerKey' => $customerKey,
235
+ 'email' => $uKey,
236
+ 'authType' => $authType,
237
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
238
+ );
239
+ } elseif ( $authType == 'SMS' ) {
240
+ $authType = "SMS";
241
+ $fields = array(
242
+ 'customerKey' => $customerKey,
243
+ 'phone' => $uKey,
244
+ 'authType' => $authType
245
+ );
246
+ } else {
247
+ $fields = array(
248
+ 'customerKey' => $customerKey,
249
+ 'username' => $uKey,
250
+ 'authType' => $authType,
251
+ 'transactionName' => 'WordPress 2 Factor Authentication Plugin'
252
+ );
253
+ }
254
+
255
+ $field_string = json_encode( $fields );
256
+
257
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
258
+
259
+ $content1 = json_decode($content,true);
260
+
261
+ if ( $content1['status'] == "SUCCESS" ) {
262
+ if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z') == 4 && $authType == 'SMS'){
263
+ Miniorange_Authentication::low_otp_alert("sms");
264
+ }
265
+ if(get_site_option('cmVtYWluaW5nT1RQ') == 5 && $authType == 'OTP Over Email'){
266
+ Miniorange_Authentication::low_otp_alert("email");
267
+ }
268
+ }
269
+
270
+ return $content;
271
+ }
272
+
273
+
274
+
275
+
276
+ function get_customer_transactions( $cKey, $apiKey ,$license_type) {
277
+
278
+ $url = MO_HOST_NAME . '/moas/rest/customer/license';
279
+
280
+ $customerKey = $cKey;
281
+ $apiKey = $apiKey;
282
+ $mo2fApi= new Mo2f_Api();
283
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
284
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
285
+ $hashValue = hash( "sha512", $stringToHash );
286
+
287
+ $fields = '';
288
+ if($license_type == 'DEMO'){
289
+ $fields = array(
290
+ 'customerId' => $customerKey,
291
+ 'applicationName' => '-1',
292
+ 'licenseType' => $license_type
293
+ );
294
+ }else{
295
+ $fields = array(
296
+ 'customerId' => $customerKey,
297
+ 'applicationName' => 'otp_recharge_plan',
298
+ 'licenseType' => $license_type
299
+ );
300
+ }
301
+
302
+ $field_string = json_encode( $fields );
303
+
304
+ $headers = $mo2fApi->get_http_header_array();
305
+
306
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
307
+
308
+
309
+ return $content;
310
+ }
311
+
312
+ public function mo_2f_generate_backup_codes($mo2f_user_email,$site_url){
313
+
314
+
315
+ $url = 'https://sitestats.xecurify.com/backupcodeservice/index.php';
316
+
317
+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
318
+
319
+ $postdata = array('mo2f_email'=> $mo2f_user_email,
320
+ 'mo2f_domain' =>$site_url,
321
+ 'headers'=>$headers['header'],
322
+ 'mo2f_generate_backup_codes'=>'initiated_backup_codes');
323
+
324
+ $args = array(
325
+ 'method' => 'POST',
326
+ 'timeout' => 45,
327
+ 'sslverify' => false,
328
+ 'headers' => array(),
329
+ 'body' => $postdata,
330
+ );
331
+
332
+ $mo2f_api=new Mo2f_Api();
333
+ $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
334
+ return $data;
335
+
336
+ }
337
+
338
+ public function mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email){
339
+ $url = 'https://sitestats.xecurify.com/backupcodeservice/backup_code_validation.php';
340
+
341
+ $site_url = site_url();
342
+ $headers = array('header' => "Authorization:Basic" . base64_encode("$mo2f_user_email:$site_url") );
343
+
344
+ $postdata = array('mo2f_otp_token' => $mo2f_backup_code,
345
+ 'mo2f_user_email'=> $mo2f_user_email,
346
+ 'headers'=>$headers['header'],
347
+ 'mo2f_site_url' => $site_url);
348
+
349
+ $args = array(
350
+ 'method' => 'POST',
351
+ 'timeout' => 45,
352
+ 'sslverify' => false,
353
+ 'headers' => array(),
354
+ 'body' => $postdata,
355
+ );
356
+
357
+ $data=wp_remote_post($url,$args);
358
+
359
+ $data=wp_remote_retrieve_body( $data );
360
+
361
+ return $data;
362
+ }
363
+
364
+
365
+ function validate_otp_token( $authType, $username, $transactionId, $otpToken, $cKey, $customerApiKey, $current_user =null) {
366
+ $content='';
367
+ if ( ! MO2f_Utility::is_curl_installed() ) {
368
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
369
+
370
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
371
+ }
372
+
373
+ $url = MO_HOST_NAME . '/moas/api/auth/validate';
374
+ $mo2fApi= new Mo2f_Api();
375
+ /* The customer Key provided to you */
376
+ $customerKey = $cKey;
377
+
378
+ /* The customer API Key provided to you */
379
+ $apiKey = $customerApiKey;
380
+
381
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
382
+ $currentTimeInMillis = $mo2fApi->get_timestamp();
383
+
384
+ /* Creating the Hash using SHA-512 algorithm */
385
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;
386
+ $hashValue = hash( "sha512", $stringToHash );
387
+
388
+ $headers = $mo2fApi->get_http_header_array();
389
+ $fields = '';
390
+ if ( $authType == 'SOFT TOKEN' || $authType == 'GOOGLE AUTHENTICATOR' ) {
391
+ /*check for soft token*/
392
+ $fields = array(
393
+ 'customerKey' => $customerKey,
394
+ 'username' => $username,
395
+ 'token' => $otpToken,
396
+ 'authType' => $authType
397
+ );
398
+ } elseif ( $authType == 'KBA' ) {
399
+ $fields = array(
400
+ 'txId' => $transactionId,
401
+ 'answers' => array(
402
+ array(
403
+ 'question' => $otpToken[0],
404
+ 'answer' => $otpToken[1]
405
+ ),
406
+ array(
407
+ 'question' => $otpToken[2],
408
+ 'answer' => $otpToken[3]
409
+ )
410
+ )
411
+ );
412
+
413
+ } else {
414
+ //*check for otp over sms/email
415
+ $fields = array(
416
+ 'txId' => $transactionId,
417
+ 'token' => $otpToken
418
+ );
419
+ }
420
+ $field_string = json_encode( $fields );
421
+
422
+
423
+ $content = $mo2fApi->make_curl_call( $url, $field_string, $headers );
424
+ return $content;
425
+ }
426
+
427
+ function submit_contact_us( $q_email, $q_phone, $query ) {
428
+ if ( ! MO2f_Utility::is_curl_installed() ) {
429
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
430
+
431
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
432
+ }
433
+
434
+ $url = MO_HOST_NAME . "/moas/rest/customer/contact-us";
435
+ global $user;
436
+ $user = wp_get_current_user();
437
+ $is_nc_with_1_user = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
438
+ $is_ec_with_1_user = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
439
+
440
+ $mo2fApi= new Mo2f_Api();
441
+ $customer_feature = "";
442
+
443
+ if ( $is_ec_with_1_user ) {
444
+ $customer_feature = "V1";
445
+ } elseif ( $is_nc_with_1_user ) {
446
+ $customer_feature = "V3";
447
+ }
448
+ global $moWpnsUtility;
449
+
450
+ $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.'- Ticket Id:'.$moWpnsUtility->getFeatureStatus().']: ' . $query;
451
+ $fields = array(
452
+ 'firstName' => $user->user_firstname,
453
+ 'lastName' => $user->user_lastname,
454
+ 'company' => $_SERVER['SERVER_NAME'],
455
+ 'email' => $q_email,
456
+ 'ccEmail' => '2fasupport@xecurify.com',
457
+ 'phone' => $q_phone,
458
+ 'query' => $query
459
+ );
460
+ $field_string = json_encode( $fields );
461
+
462
+ $headers = array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic");
463
+
464
+ $content = $mo2fApi->make_curl_call( $url, $field_string );
465
+
466
+
467
+ return true;
468
+ }
469
+
470
+ }
471
+
472
+
473
+ ?>
api/mo2f_api.php CHANGED
@@ -1,70 +1,70 @@
1
- <?php
2
-
3
- class Mo2f_Api
4
- {
5
-
6
- public function mo2f_wp_remote_post($url, $args = array()){
7
- $response = wp_remote_post($url, $args);
8
- if(!is_wp_error($response)){
9
- return $response['body'];
10
- } else {
11
- $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
12
-
13
- return json_encode( array( "status" => 'ERROR', "message" => $message ) );
14
- }
15
- }
16
-
17
- function get_timestamp() {
18
-
19
- $currentTimeInMillis = round( microtime( true ) * 1000 );
20
- $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
21
-
22
- return $currentTimeInMillis ;
23
- }
24
-
25
- function make_curl_call( $url, $fields, $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic")) {
26
-
27
- if ( gettype( $fields ) !== 'string' ) {
28
- $fields = json_encode( $fields );
29
- }
30
-
31
- $args = array(
32
- 'method' => 'POST',
33
- 'body' => $fields,
34
- 'timeout' => '5',
35
- 'redirection' => '5',
36
- 'sslverify' =>true,
37
- 'httpversion' => '1.0',
38
- 'blocking' => true,
39
- 'headers' => $http_header_array
40
- );
41
-
42
-
43
- $response = Mo2f_Api::mo2f_wp_remote_post($url, $args);
44
- return $response;
45
-
46
- }
47
-
48
- function get_http_header_array() {
49
-
50
- $customerKey = get_option( 'mo2f_customerKey' );
51
- $apiKey = get_option( 'mo2f_api_key' );
52
-
53
- /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
54
- $currentTimeInMillis = Mo2f_Api::get_timestamp();
55
-
56
- /* Creating the Hash using SHA-512 algorithm */
57
- $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;;
58
- $hashValue = hash( "sha512", $stringToHash );
59
-
60
- $headers = array(
61
- "Content-Type" => "application/json",
62
- "Customer-Key" => $customerKey,
63
- "Timestamp" => $currentTimeInMillis,
64
- "Authorization" => $hashValue
65
- );
66
-
67
- return $headers;
68
- }
69
-
70
  }
1
+ <?php
2
+
3
+ class Mo2f_Api
4
+ {
5
+
6
+ public function mo2f_wp_remote_post($url, $args = array()){
7
+ $response = wp_remote_post($url, $args);
8
+ if(!is_wp_error($response)){
9
+ return $response['body'];
10
+ } else {
11
+ $message = 'Please enable curl extension. <a href="admin.php?page=mo_2fa_troubleshooting">Click here</a> for the steps to enable curl.';
12
+
13
+ return json_encode( array( "status" => 'ERROR', "message" => $message ) );
14
+ }
15
+ }
16
+
17
+ function get_timestamp() {
18
+
19
+ $currentTimeInMillis = round( microtime( true ) * 1000 );
20
+ $currentTimeInMillis = number_format( $currentTimeInMillis, 0, '', '' );
21
+
22
+ return $currentTimeInMillis ;
23
+ }
24
+
25
+ function make_curl_call( $url, $fields, $http_header_array =array("Content-Type"=>"application/json","charset"=>"UTF-8","Authorization"=>"Basic")) {
26
+
27
+ if ( gettype( $fields ) !== 'string' ) {
28
+ $fields = json_encode( $fields );
29
+ }
30
+
31
+ $args = array(
32
+ 'method' => 'POST',
33
+ 'body' => $fields,
34
+ 'timeout' => '5',
35
+ 'redirection' => '5',
36
+ 'sslverify' =>true,
37
+ 'httpversion' => '1.0',
38
+ 'blocking' => true,
39
+ 'headers' => $http_header_array
40
+ );
41
+
42
+
43
+ $response = Mo2f_Api::mo2f_wp_remote_post($url, $args);
44
+ return $response;
45
+
46
+ }
47
+
48
+ function get_http_header_array() {
49
+
50
+ $customerKey = get_option( 'mo2f_customerKey' );
51
+ $apiKey = get_option( 'mo2f_api_key' );
52
+
53
+ /* Current time in milliseconds since midnight, January 1, 1970 UTC. */
54
+ $currentTimeInMillis = Mo2f_Api::get_timestamp();
55
+
56
+ /* Creating the Hash using SHA-512 algorithm */
57
+ $stringToHash = $customerKey . $currentTimeInMillis . $apiKey;;
58
+ $hashValue = hash( "sha512", $stringToHash );
59
+
60
+ $headers = array(
61
+ "Content-Type" => "application/json",
62
+ "Customer-Key" => $customerKey,
63
+ "Timestamp" => $currentTimeInMillis,
64
+ "Authorization" => $hashValue
65
+ );
66
+
67
+ return $headers;
68
+ }
69
+
70
  }
changelog.txt CHANGED
@@ -5,6 +5,30 @@
5
  This file contains older changelog entries, so we can keep the size of the standard WordPress readme.txt file reasonable.
6
  For the latest changes, please refer to the "Changelog" section in the [readme.txt file](https://plugins.svn.wordpress.org/miniorange-2-factor-authentication/trunk/readme.txt).
7
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
8
  = 5.5.5 =
9
  * Google Authenticator - Two factor Authentication (2FA, OTP) :
10
  * Compatibility with WordPress v6.0
5
  This file contains older changelog entries, so we can keep the size of the standard WordPress readme.txt file reasonable.
6
  For the latest changes, please refer to the "Changelog" section in the [readme.txt file](https://plugins.svn.wordpress.org/miniorange-2-factor-authentication/trunk/readme.txt).
7
 
8
+ = 5.5.78 =
9
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
10
+ * Bug Fixes and Code Improvements
11
+
12
+ = 5.5.77 =
13
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
14
+ * Bug Fixes and Code Improvements
15
+
16
+ = 5.5.76 =
17
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
18
+ * Bug Fixes and Code Improvements
19
+
20
+ = 5.5.75 =
21
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
22
+ * Bug Fixes and Code Improvements
23
+
24
+ = 5.5.7 =
25
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
26
+ * Bug Fixes and Code Improvements
27
+
28
+ = 5.5.6 =
29
+ * Google Authenticator - Two factor Authentication (2FA, OTP) :
30
+ * Bug Fixes
31
+
32
  = 5.5.5 =
33
  * Google Authenticator - Two factor Authentication (2FA, OTP) :
34
  * Compatibility with WordPress v6.0
controllers/account.php CHANGED
@@ -1,303 +1,303 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName,$Mo2fdbQueries;
4
-
5
- if(isset($_POST['option']))
6
- {
7
- $option = trim(sanitize_text_field($_POST['option']));
8
- switch($option)
9
- {
10
- case "mo_wpns_register_customer":
11
- _register_customer($_POST); break;
12
- case "mo_wpns_verify_customer":
13
- _verify_customer($_POST); break;
14
- case "mo_wpns_cancel":
15
- _revert_back_registration(); break;
16
- case "mo_wpns_reset_password":
17
- _reset_password(); break;
18
- case "mo2f_goto_verifycustomer":
19
- _goto_sign_in_page(); break;
20
- }
21
- }
22
-
23
- $user = wp_get_current_user();
24
- $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
25
-
26
- if((get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_SUCCESS'
27
- || get_option('mo_wpns_registration_status') == 'MO_OTP_VALIDATION_FAILURE'
28
- || get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_FAILURE') && in_array($mo2f_current_registration_status, array("MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE")))
29
- {
30
- $admin_phone = get_option('mo_wpns_admin_phone') ? get_option('mo_wpns_admin_phone') : "";
31
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'verify.php';
32
- }
33
- else if ((get_option ( 'mo_wpns_verify_customer' ) == 'true' || (get_option('mo2f_email') && !get_option('mo2f_customerKey'))) && $mo2f_current_registration_status == "MO_2_FACTOR_VERIFY_CUSTOMER")
34
- {
35
- $admin_email = get_option('mo2f_email') ? get_option('mo2f_email') : "";
36
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'login.php';
37
- }
38
- else if (! $moWpnsUtility->icr())
39
- {
40
- delete_option ( 'password_mismatch' );
41
- update_option ( 'mo_wpns_new_registration', 'true' );
42
- update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
43
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'register.php';
44
- }
45
- else
46
- {
47
- $email = get_option('mo2f_email');
48
- $key = get_option('mo2f_customerKey');
49
- $api = get_option('mo2f_api_key');
50
- $token = get_option('mo2f_customer_token');
51
- $EmailTransactions = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
52
- $EmailTransactions = $EmailTransactions? $EmailTransactions : 0;
53
- $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
54
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'profile.php';
55
- }
56
-
57
- /* REGISTRATION RELATED FUNCTIONS */
58
-
59
- //Function to register new customer
60
- function _register_customer($post)
61
- {
62
- //validate and sanitize
63
- global $moWpnsUtility, $Mo2fdbQueries;
64
- $user = wp_get_current_user();
65
- $email = sanitize_email($post['email']);
66
- $company = sanitize_text_field($_SERVER["SERVER_NAME"]);
67
-
68
- $password = sanitize_text_field($post['password']);
69
- $confirmPassword = sanitize_text_field($post['confirmPassword']);
70
-
71
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
72
- {
73
- do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_LENGTH'),'ERROR');
74
- return;
75
- }
76
-
77
- if( $password != $confirmPassword )
78
- {
79
- do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_MISMATCH'),'ERROR');
80
- return;
81
- }
82
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
83
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
84
- {
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
86
- return;
87
- }
88
-
89
- update_option( 'mo2f_email', $email );
90
-
91
- update_option( 'mo_wpns_company' , $company );
92
-
93
- update_option( 'mo_wpns_password' , $password );
94
-
95
- $customer = new MocURL();
96
- $content = json_decode($customer->check_customer($email), true);
97
- $Mo2fdbQueries->insert_user( $user->ID );
98
- switch ($content['status'])
99
- {
100
- case 'CUSTOMER_NOT_FOUND':
101
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
102
-
103
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
104
- {
105
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
106
- update_option( 'mo2f_email', $email );
107
- save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
108
- _get_current_customer($email,$password);
109
- }
110
-
111
- break;
112
- default:
113
- _get_current_customer($email,$password);
114
- break;
115
- }
116
-
117
- }
118
-
119
-
120
- function _goto_sign_in_page(){
121
- global $Mo2fdbQueries;
122
- $user = wp_get_current_user();
123
- update_option('mo_wpns_verify_customer','true');
124
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
125
- }
126
-
127
- //Function to go back to the registration page
128
- function _revert_back_registration()
129
- {
130
- global $Mo2fdbQueries;
131
- $user = wp_get_current_user();
132
- delete_option('mo2f_email');
133
- delete_option('mo_wpns_registration_status');
134
- delete_option('mo_wpns_verify_customer');
135
- update_option('mo_2factor_user_registration_status','');
136
- }
137
-
138
-
139
- //Function to reset customer's password
140
- function _reset_password()
141
- {
142
- $customer = new MocURL();
143
- $forgot_password_response = json_decode($customer->mo_wpns_forgot_password());
144
- if($forgot_password_response->status == 'SUCCESS')
145
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RESET_PASS'),'SUCCESS');
146
- }
147
-
148
-
149
- //Function to verify customer
150
- function _verify_customer($post)
151
- {
152
- global $moWpnsUtility;
153
- $email = sanitize_email( $post['email'] );
154
- $password = sanitize_text_field( $post['password'] );
155
-
156
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
157
- {
158
- do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
159
- return;
160
- }
161
- _get_current_customer($email,$password);
162
- }
163
-
164
-
165
- //Function to get customer details
166
- function _get_current_customer($email,$password)
167
- {
168
- global $Mo2fdbQueries;
169
- $user = wp_get_current_user();
170
- $customer = new MocURL();
171
- $content = $customer->get_customer_key($email, $password);
172
- $customerKey = json_decode($content, true);
173
- if(json_last_error() == JSON_ERROR_NONE)
174
- {
175
- if(isset($customerKey['phone'])){
176
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
177
- }
178
- update_option('mo2f_email',$email);
179
-
180
- save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
182
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
183
- $customerT = new Customer_Cloud_Setup();
184
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
185
- if($content['status'] == 'SUCCESS')
186
- {
187
- update_site_option('mo2f_license_type','PREMIUM');
188
- }
189
- else
190
- {
191
- update_site_option('mo2f_license_type','DEMO');
192
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
193
- }
194
- if(isset($content['smsRemaining']))
195
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
196
- else if($content['status'] =='SUCCESS')
197
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
198
-
199
- if(isset($content['emailRemaining']))
200
- {
201
- if($content['emailRemaining']>30)
202
- {
203
- $currentTransaction = $content['emailRemaining'];
204
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
205
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
206
- }
207
- else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
208
- {
209
- update_site_option('cmVtYWluaW5nT1RQ',30);
210
- }
211
- }
212
-
213
- }
214
- else
215
- {
216
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
217
- update_option('mo_wpns_verify_customer', 'true');
218
- delete_option('mo_wpns_new_registration');
219
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ACCOUNT_EXISTS'),'ERROR');
220
- }
221
- }
222
-
223
-
224
- //Save all required fields on customer registration/retrieval complete.
225
- function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
226
- {
227
- global $Mo2fdbQueries;
228
-
229
- $user = wp_get_current_user();
230
- update_option( 'mo2f_customerKey' , $id );
231
- update_option( 'mo2f_api_key' , $apiKey );
232
- update_option( 'mo2f_customer_token' , $token );
233
- update_option( 'mo2f_app_secret' , $appSecret );
234
- update_option( 'mo_wpns_enable_log_requests' , true );
235
- update_option( 'mo2f_miniorange_admin', $user->ID );
236
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
237
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
238
-
239
- $Mo2fdbQueries->update_user_details( $user->ID, array(
240
- 'mo2f_user_email' => $email,
241
- 'user_registration_with_miniorange' => 'SUCCESS'
242
- ) );
243
- $enduser = new Two_Factor_Setup();
244
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
245
-
246
- $mo2f_second_factor = 'NONE';
247
- if ( json_last_error() == JSON_ERROR_NONE) {
248
- if ( $userinfo['status'] == 'SUCCESS' ) {
249
- $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
250
- }
251
- }
252
- $configured_2FA_method='';
253
- if( $mo2f_second_factor == 'EMAIL'){
254
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
255
- $configured_2FA_method = 'NONE';
256
- }else if ( $mo2f_second_factor != 'NONE' ) {
257
- $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
258
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
259
- $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
260
- } else {
261
- if ( in_array( $configured_2FA_method, array(
262
- 'Email Verification',
263
- 'Authy Authenticator',
264
- 'OTP over SMS'
265
- ) ) ) {
266
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
267
- }
268
- }
269
- }
270
-
271
- $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
272
- if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
273
- $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '. ';
274
- }
275
- $mo2f_message .= '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
276
-
277
- delete_user_meta( $user->ID, 'register_account' );
278
-
279
- $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
280
- if ( ! empty( $mo2f_customer_selected_plan ) ) {
281
- delete_option( 'mo2f_customer_selected_plan' );
282
-
283
- if (MoWpnsUtility::get_mo2f_db_option('mo2f_planname', 'site_option') == 'addon_plan')
284
- {
285
- ?><script>window.location.href="admin.php?page=mo_2fa_addons";</script><?php
286
- }
287
- else
288
- {
289
- ?><script>window.location.href="admin.php?page=mo_2fa_upgrade";</script><?php
290
- }
291
-
292
- } else if ( $mo2f_second_factor == 'NONE' ) {
293
- if(get_user_meta( $user->ID, 'register_account_popup', true)){
294
- update_user_meta( $user->ID, 'configure_2FA', 1 );
295
- }
296
- }
297
-
298
- update_option( 'mo2f_message', $mo2f_message );
299
- delete_user_meta( $user->ID, 'register_account_popup' );
300
- delete_option( 'mo_wpns_verify_customer' );
301
- delete_option( 'mo_wpns_registration_status' );
302
- delete_option( 'mo_wpns_password' );
303
- }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName,$Mo2fdbQueries;
4
+
5
+ if(isset($_POST['option']))
6
+ {
7
+ $option = trim(sanitize_text_field($_POST['option']));
8
+ switch($option)
9
+ {
10
+ case "mo_wpns_register_customer":
11
+ _register_customer($_POST); break;
12
+ case "mo_wpns_verify_customer":
13
+ _verify_customer($_POST); break;
14
+ case "mo_wpns_cancel":
15
+ _revert_back_registration(); break;
16
+ case "mo_wpns_reset_password":
17
+ _reset_password(); break;
18
+ case "mo2f_goto_verifycustomer":
19
+ _goto_sign_in_page(); break;
20
+ }
21
+ }
22
+
23
+ $user = wp_get_current_user();
24
+ $mo2f_current_registration_status = get_option( 'mo_2factor_user_registration_status');
25
+
26
+ if((get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_SUCCESS'
27
+ || get_option('mo_wpns_registration_status') == 'MO_OTP_VALIDATION_FAILURE'
28
+ || get_option('mo_wpns_registration_status') == 'MO_OTP_DELIVERED_FAILURE') && in_array($mo2f_current_registration_status, array("MO_2_FACTOR_OTP_DELIVERED_SUCCESS", "MO_2_FACTOR_OTP_DELIVERED_FAILURE")))
29
+ {
30
+ $admin_phone = get_option('mo_wpns_admin_phone') ? get_option('mo_wpns_admin_phone') : "";
31
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'verify.php';
32
+ }
33
+ else if ((get_option ( 'mo_wpns_verify_customer' ) == 'true' || (get_option('mo2f_email') && !get_option('mo2f_customerKey'))) && $mo2f_current_registration_status == "MO_2_FACTOR_VERIFY_CUSTOMER")
34
+ {
35
+ $admin_email = get_option('mo2f_email') ? get_option('mo2f_email') : "";
36
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'login.php';
37
+ }
38
+ else if (! $moWpnsUtility->icr())
39
+ {
40
+ delete_option ( 'password_mismatch' );
41
+ update_option ( 'mo_wpns_new_registration', 'true' );
42
+ update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
43
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'register.php';
44
+ }
45
+ else
46
+ {
47
+ $email = get_option('mo2f_email');
48
+ $key = get_option('mo2f_customerKey');
49
+ $api = get_option('mo2f_api_key');
50
+ $token = get_option('mo2f_customer_token');
51
+ $EmailTransactions = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
52
+ $EmailTransactions = $EmailTransactions? $EmailTransactions : 0;
53
+ $SMSTransactions = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')?get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z'):0;
54
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'account'.DIRECTORY_SEPARATOR.'profile.php';
55
+ }
56
+
57
+ /* REGISTRATION RELATED FUNCTIONS */
58
+
59
+ //Function to register new customer
60
+ function _register_customer($post)
61
+ {
62
+ //validate and sanitize
63
+ global $moWpnsUtility, $Mo2fdbQueries;
64
+ $user = wp_get_current_user();
65
+ $email = sanitize_email($post['email']);
66
+ $company = sanitize_text_field($_SERVER["SERVER_NAME"]);
67
+
68
+ $password = sanitize_text_field($post['password']);
69
+ $confirmPassword = sanitize_text_field($post['confirmPassword']);
70
+
71
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
72
+ {
73
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_LENGTH'),'ERROR');
74
+ return;
75
+ }
76
+
77
+ if( $password != $confirmPassword )
78
+ {
79
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('PASS_MISMATCH'),'ERROR');
80
+ return;
81
+ }
82
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
83
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
84
+ {
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
86
+ return;
87
+ }
88
+
89
+ update_option( 'mo2f_email', $email );
90
+
91
+ update_option( 'mo_wpns_company' , $company );
92
+
93
+ update_option( 'mo_wpns_password' , $password );
94
+
95
+ $customer = new MocURL();
96
+ $content = json_decode($customer->check_customer($email), true);
97
+ $Mo2fdbQueries->insert_user( $user->ID );
98
+ switch ($content['status'])
99
+ {
100
+ case 'CUSTOMER_NOT_FOUND':
101
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
102
+
103
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
104
+ {
105
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
106
+ update_option( 'mo2f_email', $email );
107
+ save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
108
+ _get_current_customer($email,$password);
109
+ }
110
+
111
+ break;
112
+ default:
113
+ _get_current_customer($email,$password);
114
+ break;
115
+ }
116
+
117
+ }
118
+
119
+
120
+ function _goto_sign_in_page(){
121
+ global $Mo2fdbQueries;
122
+ $user = wp_get_current_user();
123
+ update_option('mo_wpns_verify_customer','true');
124
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
125
+ }
126
+
127
+ //Function to go back to the registration page
128
+ function _revert_back_registration()
129
+ {
130
+ global $Mo2fdbQueries;
131
+ $user = wp_get_current_user();
132
+ delete_option('mo2f_email');
133
+ delete_option('mo_wpns_registration_status');
134
+ delete_option('mo_wpns_verify_customer');
135
+ update_option('mo_2factor_user_registration_status','');
136
+ }
137
+
138
+
139
+ //Function to reset customer's password
140
+ function _reset_password()
141
+ {
142
+ $customer = new MocURL();
143
+ $forgot_password_response = json_decode($customer->mo_wpns_forgot_password());
144
+ if($forgot_password_response->status == 'SUCCESS')
145
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RESET_PASS'),'SUCCESS');
146
+ }
147
+
148
+
149
+ //Function to verify customer
150
+ function _verify_customer($post)
151
+ {
152
+ global $moWpnsUtility;
153
+ $email = sanitize_email( $post['email'] );
154
+ $password = sanitize_text_field( $post['password'] );
155
+
156
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
157
+ {
158
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('REQUIRED_FIELDS'),'ERROR');
159
+ return;
160
+ }
161
+ _get_current_customer($email,$password);
162
+ }
163
+
164
+
165
+ //Function to get customer details
166
+ function _get_current_customer($email,$password)
167
+ {
168
+ global $Mo2fdbQueries;
169
+ $user = wp_get_current_user();
170
+ $customer = new MocURL();
171
+ $content = $customer->get_customer_key($email, $password);
172
+ $customerKey = json_decode($content, true);
173
+ if(json_last_error() == JSON_ERROR_NONE)
174
+ {
175
+ if(isset($customerKey['phone'])){
176
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
177
+ }
178
+ update_option('mo2f_email',$email);
179
+
180
+ save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('REG_SUCCESS'),'SUCCESS');
182
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
183
+ $customerT = new Customer_Cloud_Setup();
184
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
185
+ if($content['status'] == 'SUCCESS')
186
+ {
187
+ update_site_option('mo2f_license_type','PREMIUM');
188
+ }
189
+ else
190
+ {
191
+ update_site_option('mo2f_license_type','DEMO');
192
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
193
+ }
194
+ if(isset($content['smsRemaining']))
195
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
196
+ else if($content['status'] =='SUCCESS')
197
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
198
+
199
+ if(isset($content['emailRemaining']))
200
+ {
201
+ if($content['emailRemaining']>30)
202
+ {
203
+ $currentTransaction = $content['emailRemaining'];
204
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
205
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
206
+ }
207
+ else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
208
+ {
209
+ update_site_option('cmVtYWluaW5nT1RQ',30);
210
+ }
211
+ }
212
+
213
+ }
214
+ else
215
+ {
216
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
217
+ update_option('mo_wpns_verify_customer', 'true');
218
+ delete_option('mo_wpns_new_registration');
219
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ACCOUNT_EXISTS'),'ERROR');
220
+ }
221
+ }
222
+
223
+
224
+ //Save all required fields on customer registration/retrieval complete.
225
+ function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
226
+ {
227
+ global $Mo2fdbQueries;
228
+
229
+ $user = wp_get_current_user();
230
+ update_option( 'mo2f_customerKey' , $id );
231
+ update_option( 'mo2f_api_key' , $apiKey );
232
+ update_option( 'mo2f_customer_token' , $token );
233
+ update_option( 'mo2f_app_secret' , $appSecret );
234
+ update_option( 'mo_wpns_enable_log_requests' , true );
235
+ update_option( 'mo2f_miniorange_admin', $user->ID );
236
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
237
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
238
+
239
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
240
+ 'mo2f_user_email' => $email,
241
+ 'user_registration_with_miniorange' => 'SUCCESS'
242
+ ) );
243
+ $enduser = new Two_Factor_Setup();
244
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
245
+
246
+ $mo2f_second_factor = 'NONE';
247
+ if ( json_last_error() == JSON_ERROR_NONE) {
248
+ if ( $userinfo['status'] == 'SUCCESS' ) {
249
+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
250
+ }
251
+ }
252
+ $configured_2FA_method='';
253
+ if( $mo2f_second_factor == 'EMAIL'){
254
+ $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
255
+ $configured_2FA_method = 'NONE';
256
+ }else if ( $mo2f_second_factor != 'NONE' ) {
257
+ $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
258
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
259
+ $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
260
+ } else {
261
+ if ( in_array( $configured_2FA_method, array(
262
+ 'Email Verification',
263
+ 'Authy Authenticator',
264
+ 'OTP over SMS'
265
+ ) ) ) {
266
+ $enduser->mo2f_update_userinfo( $email, 'NONE', null, '', true );
267
+ }
268
+ }
269
+ }
270
+
271
+ $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
272
+ if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
273
+ $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '. ';
274
+ }
275
+ $mo2f_message .= '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
276
+
277
+ delete_user_meta( $user->ID, 'register_account' );
278
+
279
+ $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
280
+ if ( ! empty( $mo2f_customer_selected_plan ) ) {
281
+ delete_option( 'mo2f_customer_selected_plan' );
282
+
283
+ if (MoWpnsUtility::get_mo2f_db_option('mo2f_planname', 'site_option') == 'addon_plan')
284
+ {
285
+ ?><script>window.location.href="admin.php?page=mo_2fa_addons";</script><?php
286
+ }
287
+ else
288
+ {
289
+ ?><script>window.location.href="admin.php?page=mo_2fa_upgrade";</script><?php
290
+ }
291
+
292
+ } else if ( $mo2f_second_factor == 'NONE' ) {
293
+ if(get_user_meta( $user->ID, 'register_account_popup', true)){
294
+ update_user_meta( $user->ID, 'configure_2FA', 1 );
295
+ }
296
+ }
297
+
298
+ update_option( 'mo2f_message', $mo2f_message );
299
+ delete_user_meta( $user->ID, 'register_account_popup' );
300
+ delete_option( 'mo_wpns_verify_customer' );
301
+ delete_option( 'mo_wpns_registration_status' );
302
+ delete_option( 'mo_wpns_password' );
303
+ }
controllers/advanced-blocking.php CHANGED
@@ -1,189 +1,189 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
6
- {
7
- switch(sanitize_text_field($_POST['option']))
8
- {
9
- case "mo_wpns_block_ip_range":
10
- wpns_handle_range_blocking($_POST); break;
11
- case "mo_wpns_browser_blocking":
12
- wpns_handle_browser_blocking($_POST); break;
13
- case "mo_wpns_enable_htaccess_blocking":
14
- wpns_handle_htaccess_blocking($_POST); break;
15
- case "mo_wpns_enable_user_agent_blocking":
16
- wpns_handle_user_agent_blocking($_POST); break;
17
- case "mo_wpns_block_countries":
18
- wpns_handle_country_block($_POST); break;
19
- case "mo_wpns_block_referrer":
20
- wpns_handle_block_referrer($_POST); break;
21
-
22
- }
23
- }
24
-
25
- $range_count = is_numeric(get_option('mo_wpns_iprange_count'))
26
- && intval(get_option('mo_wpns_iprange_count')) !=0 ? intval(get_option('mo_wpns_iprange_count')) : 1;
27
- $htaccess_block = get_option('mo_wpns_enable_htaccess_blocking') ? "checked" : "";
28
- $user_agent = get_option('mo_wpns_enable_user_agent_blocking') ? "checked" : "";
29
- $block_chrome = get_option('mo_wpns_block_chrome') ? "checked" : "";
30
- $block_ie = get_option('mo_wpns_block_ie') ? "checked" : "";
31
- $block_firefox = get_option('mo_wpns_block_firefox') ? "checked" : "";
32
- $block_safari = get_option('mo_wpns_block_safari') ? "checked" : "";
33
- $block_opera = get_option('mo_wpns_block_opera') ? "checked" : "";
34
- $block_edge = get_option('mo_wpns_block_edge') ? "checked" : "";
35
- $country = MoWpnsConstants::$country;
36
- $codes = get_option( "mo_wpns_countrycodes");
37
- $referrers = get_option( 'mo_wpns_referrers');
38
- $referrers = explode(";",$referrers);
39
- $current_browser= $moWpnsUtility->getCurrentBrowser();
40
- $start = array();
41
- $end = array();
42
- for($i = 1 ; $i <= $range_count ; $i++){
43
- $ip_range = get_option("mo_wpns_iprange_range_".$i);
44
- if($ip_range){
45
- $a = explode('-', $ip_range);
46
-
47
- $start[$i] = $a[0];
48
- $end[$i] = $a[1];
49
- }
50
-
51
- }
52
- if(!isset($start[1])){
53
- $start[1] = '';
54
- }
55
- if(!isset($end[1])){
56
- $end[1] = '';
57
- }
58
-
59
- switch($current_browser)
60
- {
61
- case "chrome":
62
- $block_chrome = 'disabled'; break;
63
- case "ie":
64
- $block_ie = 'disabled'; break;
65
- case "firefox":
66
- $block_firefox= 'disabled'; break;
67
- case "safari":
68
- $block_safari = 'disabled'; break;
69
- case "edge":
70
- $block_edge = 'disabled'; break;
71
- case "opera":
72
- $block_opera = 'disabled'; break;
73
- }
74
-
75
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'advanced-blocking.php';
76
-
77
-
78
- /* ADVANCD BLOCKING FUNCTIONS */
79
-
80
- //Function to save range of ips
81
- function wpns_handle_range_blocking($postedValue)
82
- {
83
-
84
- $flag=0;
85
- $max_allowed_ranges = 100;
86
- $added_mappings_ranges = 0 ;
87
- for($i=1;$i<=$max_allowed_ranges;$i++){
88
- if(isset($postedValue['start_'.$i]) && isset($postedValue['end_'.$i]) && !empty($postedValue['start_'.$i]) && !empty($postedValue['end_'.$i])){
89
-
90
- $postedValue['start_'.$i] = sanitize_text_field($postedValue['start_'.$i]);
91
- $postedValue['end_'.$i] = sanitize_text_field($postedValue['end_'.$i]);
92
-
93
-
94
- if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
95
- $range = '';
96
- $range = $postedValue['start_'.$i];
97
- $range .= '-';
98
- $range .= $postedValue['end_'.$i];
99
- $added_mappings_ranges++;
100
- update_option( 'mo_wpns_iprange_range_'.$added_mappings_ranges, $range );
101
-
102
- }
103
- else{
104
- $flag = 1;
105
- do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_IP'),'ERROR');
106
- return;
107
- }
108
- }
109
- }
110
-
111
-
112
- if($added_mappings_ranges==0)
113
- update_option( 'mo_wpns_iprange_range_1','');
114
- update_option( 'mo_wpns_iprange_count', $added_mappings_ranges);
115
- if($flag == 0){
116
- do_action('wpns_show_message',MoWpnsMessages::showMessage('IP_PERMANENTLY_BLOCKED'),'SUCCESS');
117
- }
118
- }
119
-
120
- //Function to handle browser blocking
121
- function wpns_handle_browser_blocking($postedValue)
122
- {
123
- isset($postedValue['mo_wpns_block_chrome']) ? update_option( 'mo_wpns_block_chrome' , $postedValue['mo_wpns_block_chrome'] ) : update_option( 'mo_wpns_block_chrome' , false );
124
- isset($postedValue['mo_wpns_block_firefox']) ? update_option( 'mo_wpns_block_firefox' , $postedValue['mo_wpns_block_firefox'] ) : update_option( 'mo_wpns_block_firefox' , false );
125
- isset($postedValue['mo_wpns_block_ie']) ? update_option( 'mo_wpns_block_ie' , $postedValue['mo_wpns_block_ie'] ) : update_option( 'mo_wpns_block_ie' , false );
126
- isset($postedValue['mo_wpns_block_safari']) ? update_option( 'mo_wpns_block_safari' , $postedValue['mo_wpns_block_safari'] ) : update_option( 'mo_wpns_block_safari' , false );
127
- isset($postedValue['mo_wpns_block_opera']) ? update_option( 'mo_wpns_block_opera' , $postedValue['mo_wpns_block_opera'] ) : update_option( 'mo_wpns_block_opera' , false );
128
- isset($postedValue['mo_wpns_block_edge']) ? update_option( 'mo_wpns_block_edge' , $postedValue['mo_wpns_block_edge'] ) : update_option( 'mo_wpns_block_edge' , false );
129
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
130
- }
131
-
132
-
133
- //Function to handle Htaccess blocking
134
- function wpns_handle_htaccess_blocking($postdata)
135
- {
136
- $htaccess = isset($postdata['mo_wpns_enable_htaccess_blocking']) ? true : false;
137
- update_option( 'mo_wpns_enable_htaccess_blocking', $htaccess);
138
- $mo_wpns_config = new MoWpnsHandler();
139
- if($htaccess)
140
- {
141
- $mo_wpns_config->add_htaccess_ips();
142
- do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_ENABLED'),'SUCCESS');
143
- }
144
- else
145
- {
146
- $mo_wpns_config->remove_htaccess_ips();
147
- do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_DISABLED'),'ERROR');
148
- }
149
- }
150
-
151
-
152
- //Function to handle user agent blocking
153
- function wpns_handle_user_agent_blocking($postvalue)
154
- {
155
- $user_agent = isset($postvalue['mo_wpns_enable_user_agent_blocking']) ? true : false;
156
- update_option( 'mo_wpns_enable_user_agent_blocking', $user_agent);
157
- if($user_agent)
158
- do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_ENABLED'),'SUCCESS');
159
- else
160
- do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_DISABLED'),'ERROR');
161
- }
162
-
163
-
164
- //Function to handle country block
165
- function wpns_handle_country_block($post)
166
- {
167
- $countrycodes = "";
168
- foreach($post as $countrycode=>$value){
169
- if($countrycode!="option")
170
- $countrycodes .= $countrycode.";";
171
- }
172
- update_option( 'mo_wpns_countrycodes', $countrycodes);
173
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
174
- }
175
-
176
-
177
- //Function to handle block referrer
178
- function wpns_handle_block_referrer($post)
179
- {
180
-
181
- $referrers = "";
182
- foreach($post as $key => $value)
183
- {
184
- if(strpos($key, 'referrer_') !== false)
185
- if(!empty($value))
186
- $referrers .= sanitize_url($value).";";
187
- }
188
- update_option( 'mo_wpns_referrers', $referrers);
189
- }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
6
+ {
7
+ switch(sanitize_text_field($_POST['option']))
8
+ {
9
+ case "mo_wpns_block_ip_range":
10
+ wpns_handle_range_blocking($_POST); break;
11
+ case "mo_wpns_browser_blocking":
12
+ wpns_handle_browser_blocking($_POST); break;
13
+ case "mo_wpns_enable_htaccess_blocking":
14
+ wpns_handle_htaccess_blocking($_POST); break;
15
+ case "mo_wpns_enable_user_agent_blocking":
16
+ wpns_handle_user_agent_blocking($_POST); break;
17
+ case "mo_wpns_block_countries":
18
+ wpns_handle_country_block($_POST); break;
19
+ case "mo_wpns_block_referrer":
20
+ wpns_handle_block_referrer($_POST); break;
21
+
22
+ }
23
+ }
24
+
25
+ $range_count = is_numeric(get_option('mo_wpns_iprange_count'))
26
+ && intval(get_option('mo_wpns_iprange_count')) !=0 ? intval(get_option('mo_wpns_iprange_count')) : 1;
27
+ $htaccess_block = get_option('mo_wpns_enable_htaccess_blocking') ? "checked" : "";
28
+ $user_agent = get_option('mo_wpns_enable_user_agent_blocking') ? "checked" : "";
29
+ $block_chrome = get_option('mo_wpns_block_chrome') ? "checked" : "";
30
+ $block_ie = get_option('mo_wpns_block_ie') ? "checked" : "";
31
+ $block_firefox = get_option('mo_wpns_block_firefox') ? "checked" : "";
32
+ $block_safari = get_option('mo_wpns_block_safari') ? "checked" : "";
33
+ $block_opera = get_option('mo_wpns_block_opera') ? "checked" : "";
34
+ $block_edge = get_option('mo_wpns_block_edge') ? "checked" : "";
35
+ $country = MoWpnsConstants::$country;
36
+ $codes = get_option( "mo_wpns_countrycodes");
37
+ $referrers = get_option( 'mo_wpns_referrers');
38
+ $referrers = explode(";",$referrers);
39
+ $current_browser= $moWpnsUtility->getCurrentBrowser();
40
+ $start = array();
41
+ $end = array();
42
+ for($i = 1 ; $i <= $range_count ; $i++){
43
+ $ip_range = get_option("mo_wpns_iprange_range_".$i);
44
+ if($ip_range){
45
+ $a = explode('-', $ip_range);
46
+
47
+ $start[$i] = $a[0];
48
+ $end[$i] = $a[1];
49
+ }
50
+
51
+ }
52
+ if(!isset($start[1])){
53
+ $start[1] = '';
54
+ }
55
+ if(!isset($end[1])){
56
+ $end[1] = '';
57
+ }
58
+
59
+ switch($current_browser)
60
+ {
61
+ case "chrome":
62
+ $block_chrome = 'disabled'; break;
63
+ case "ie":
64
+ $block_ie = 'disabled'; break;
65
+ case "firefox":
66
+ $block_firefox= 'disabled'; break;
67
+ case "safari":
68
+ $block_safari = 'disabled'; break;
69
+ case "edge":
70
+ $block_edge = 'disabled'; break;
71
+ case "opera":
72
+ $block_opera = 'disabled'; break;
73
+ }
74
+
75
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'advanced-blocking.php';
76
+
77
+
78
+ /* ADVANCD BLOCKING FUNCTIONS */
79
+
80
+ //Function to save range of ips
81
+ function wpns_handle_range_blocking($postedValue)
82
+ {
83
+
84
+ $flag=0;
85
+ $max_allowed_ranges = 100;
86
+ $added_mappings_ranges = 0 ;
87
+ for($i=1;$i<=$max_allowed_ranges;$i++){
88
+ if(isset($postedValue['start_'.$i]) && isset($postedValue['end_'.$i]) && !empty($postedValue['start_'.$i]) && !empty($postedValue['end_'.$i])){
89
+
90
+ $postedValue['start_'.$i] = sanitize_text_field($postedValue['start_'.$i]);
91
+ $postedValue['end_'.$i] = sanitize_text_field($postedValue['end_'.$i]);
92
+
93
+
94
+ if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
95
+ $range = '';
96
+ $range = $postedValue['start_'.$i];
97
+ $range .= '-';
98
+ $range .= $postedValue['end_'.$i];
99
+ $added_mappings_ranges++;
100
+ update_option( 'mo_wpns_iprange_range_'.$added_mappings_ranges, $range );
101
+
102
+ }
103
+ else{
104
+ $flag = 1;
105
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_IP'),'ERROR');
106
+ return;
107
+ }
108
+ }
109
+ }
110
+
111
+
112
+ if($added_mappings_ranges==0)
113
+ update_option( 'mo_wpns_iprange_range_1','');
114
+ update_option( 'mo_wpns_iprange_count', $added_mappings_ranges);
115
+ if($flag == 0){
116
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('IP_PERMANENTLY_BLOCKED'),'SUCCESS');
117
+ }
118
+ }
119
+
120
+ //Function to handle browser blocking
121
+ function wpns_handle_browser_blocking($postedValue)
122
+ {
123
+ isset($postedValue['mo_wpns_block_chrome']) ? update_option( 'mo_wpns_block_chrome' , $postedValue['mo_wpns_block_chrome'] ) : update_option( 'mo_wpns_block_chrome' , false );
124
+ isset($postedValue['mo_wpns_block_firefox']) ? update_option( 'mo_wpns_block_firefox' , $postedValue['mo_wpns_block_firefox'] ) : update_option( 'mo_wpns_block_firefox' , false );
125
+ isset($postedValue['mo_wpns_block_ie']) ? update_option( 'mo_wpns_block_ie' , $postedValue['mo_wpns_block_ie'] ) : update_option( 'mo_wpns_block_ie' , false );
126
+ isset($postedValue['mo_wpns_block_safari']) ? update_option( 'mo_wpns_block_safari' , $postedValue['mo_wpns_block_safari'] ) : update_option( 'mo_wpns_block_safari' , false );
127
+ isset($postedValue['mo_wpns_block_opera']) ? update_option( 'mo_wpns_block_opera' , $postedValue['mo_wpns_block_opera'] ) : update_option( 'mo_wpns_block_opera' , false );
128
+ isset($postedValue['mo_wpns_block_edge']) ? update_option( 'mo_wpns_block_edge' , $postedValue['mo_wpns_block_edge'] ) : update_option( 'mo_wpns_block_edge' , false );
129
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
130
+ }
131
+
132
+
133
+ //Function to handle Htaccess blocking
134
+ function wpns_handle_htaccess_blocking($postdata)
135
+ {
136
+ $htaccess = isset($postdata['mo_wpns_enable_htaccess_blocking']) ? true : false;
137
+ update_option( 'mo_wpns_enable_htaccess_blocking', $htaccess);
138
+ $mo_wpns_config = new MoWpnsHandler();
139
+ if($htaccess)
140
+ {
141
+ $mo_wpns_config->add_htaccess_ips();
142
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_ENABLED'),'SUCCESS');
143
+ }
144
+ else
145
+ {
146
+ $mo_wpns_config->remove_htaccess_ips();
147
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('HTACCESS_DISABLED'),'ERROR');
148
+ }
149
+ }
150
+
151
+
152
+ //Function to handle user agent blocking
153
+ function wpns_handle_user_agent_blocking($postvalue)
154
+ {
155
+ $user_agent = isset($postvalue['mo_wpns_enable_user_agent_blocking']) ? true : false;
156
+ update_option( 'mo_wpns_enable_user_agent_blocking', $user_agent);
157
+ if($user_agent)
158
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_ENABLED'),'SUCCESS');
159
+ else
160
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('USER_AGENT_BLOCK_DISABLED'),'ERROR');
161
+ }
162
+
163
+
164
+ //Function to handle country block
165
+ function wpns_handle_country_block($post)
166
+ {
167
+ $countrycodes = "";
168
+ foreach($post as $countrycode=>$value){
169
+ if($countrycode!="option")
170
+ $countrycodes .= $countrycode.";";
171
+ }
172
+ update_option( 'mo_wpns_countrycodes', $countrycodes);
173
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
174
+ }
175
+
176
+
177
+ //Function to handle block referrer
178
+ function wpns_handle_block_referrer($post)
179
+ {
180
+
181
+ $referrers = "";
182
+ foreach($post as $key => $value)
183
+ {
184
+ if(strpos($key, 'referrer_') !== false)
185
+ if(!empty($value))
186
+ $referrers .= sanitize_url($value).";";
187
+ }
188
+ update_option( 'mo_wpns_referrers', $referrers);
189
+ }
controllers/backup/backup_ajax.php CHANGED
@@ -1,157 +1,157 @@
1
- <?php
2
- class Mo_wpns_file_db_backup{
3
-
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_file_db_backup_functions' ) );
6
- }
7
-
8
- public function mo_wpns_file_db_backup_functions(){
9
- add_action('wp_ajax_mo_wpns_backup_redirect', array( $this, 'mo_wpns_backup_redirect' ));
10
- }
11
-
12
- public function mo_wpns_backup_redirect(){
13
-
14
- switch(sanitize_text_field(wp_unslash($_POST['call_type'])))
15
- {
16
- case "submit_backup_settings_form":
17
- $this->mo_wpns_save_backup_config_form($_POST);
18
- break;
19
- case "submit_schedule_settings_form":
20
- $this->mo_wpns_save_schedule_backup_config_form($_POST);
21
- break;
22
- case "delete_backup":
23
- $this->delete_backup($_POST);
24
- break;
25
- }
26
- }
27
-
28
- public function mo_wpns_save_backup_config_form($postData){
29
- $nonce = $postData['nonce'];
30
- if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
- wp_send_json('ERROR');
32
- }
33
-
34
- if(! isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database'])){
35
- wp_send_json('folder_error');
36
- }
37
-
38
- isset($postData['backup_plugin']) ? update_site_option( 'mo_file_manual_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_manual_backup_plugins', 0);
39
-
40
- isset($postData['backup_themes']) ? update_site_option( 'mo_file_manual_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_manual_backup_themes', 0);
41
-
42
- isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_manual_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_manual_backup_wp_files', 0);
43
-
44
- isset($postData['database']) ? update_site_option( 'mo_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_database_backup', 0);
45
-
46
- if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
47
- $handler_obj = new MoBackupSite();
48
- update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
49
- $handler_obj->file_manual_backup();
50
- }
51
- if(isset($postData['database'])) {
52
- $handler_obj = new MoBackupSite();
53
- update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
54
- $handler_obj->backupDB();
55
- }
56
- wp_send_json('created_backup');
57
- }
58
-
59
- function mo_wpns_save_schedule_backup_config_form($postData){
60
- $nonce = $postData['nonce'];
61
- if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
- wp_send_json('ERROR');
63
-
64
- }
65
-
66
- $handler_obj = new MoBackupSite;
67
- if(!isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database']))
68
- {
69
- wp_send_json('folder_error');
70
-
71
- }
72
-
73
- isset($postData['backup_plugin']) ? update_site_option( 'mo_file_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_backup_plugins', 0);
74
-
75
- isset($postData['backup_themes']) ? update_site_option( 'mo_file_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_backup_themes', 0);
76
-
77
- isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_backup_wp_files', 0);
78
-
79
- isset($postData['database']) ? update_site_option( 'mo_schedule_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_schedule_database_backup', 0);
80
-
81
- if($postData['backup_time']==='12'||$postData['backup_time']==='24'||$postData['backup_time']==='168'||$postData['backup_time']==='360'||$postData['backup_time']==='720')
82
- {
83
- isset($postData['backup_time']) ? update_site_option( 'mo_wpns_backup_time', sanitize_text_field($postData['backup_time'])) : update_site_option( 'mo_wpns_backup_time', 0);
84
- }else{
85
- wp_send_json('invalid_hours');
86
-
87
- }
88
-
89
- isset($postData['enable_backup_schedule']) ? update_site_option( 'enable_backup_schedule', sanitize_text_field($postData['enable_backup_schedule'])) : update_site_option( 'enable_backup_schedule', 0);
90
-
91
- isset($postData['local_storage']) ? update_site_option( 'storage_type', sanitize_text_field($postData['local_storage'])) : update_site_option( 'storage_type', 0);
92
-
93
- if(get_site_option('enable_backup_schedule') === '1'){
94
-
95
- if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
96
- $handler_obj-> file_backup_deactivate();
97
- if (!wp_next_scheduled( 'mo_eb_file_cron_hook')) {
98
- wp_schedule_event( time(), 'file_eb_backup_time', 'mo_eb_file_cron_hook' );
99
- }
100
- update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
101
- update_site_option('scheduled_file_backup',1);
102
- }
103
- else
104
- $handler_obj-> file_backup_deactivate();
105
-
106
- if(MoWpnsUtility::get_mo2f_db_option('mo_schedule_database_backup', 'site_option') === '1'){
107
- $handler_obj->bl_deactivate();
108
- if ( ! wp_next_scheduled( 'mo_eb_bl_cron_hook' ) ) {
109
- wp_schedule_event( time(), 'db_eb_backup_time', 'mo_eb_bl_cron_hook' );
110
- }
111
- update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
112
- update_site_option('scheduled_db_backup',1);
113
- }
114
- else
115
- $handler_obj->bl_deactivate();
116
-
117
- wp_send_json('success');
118
-
119
- }else{
120
- $handler_obj-> file_backup_deactivate();
121
- $handler_obj->bl_deactivate();
122
- update_site_option('scheduled_db_backup',0);
123
- update_site_option('scheduled_file_backup',0);
124
- wp_send_json('disable');
125
-
126
- }
127
- }
128
-
129
-
130
-
131
- function delete_backup($postData){
132
-
133
- $nonce = $postData['nonce'];
134
- if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
- wp_send_json('ERROR');
136
-
137
- }
138
-
139
- if(current_user_can('administrator')){
140
- global $wpnsDbQueries;
141
- $id = $postData['id'];
142
- $row_exist = (int)$wpnsDbQueries->row_exist($id);
143
- $status = file_exists($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
144
- if($status){
145
- unlink($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
146
- if($row_exist)
147
- $wpnsDbQueries->delete_file($id);
148
- wp_send_json('success');
149
-
150
- }else{
151
- $wpnsDbQueries->delete_file($id);
152
- wp_send_json('notexist');
153
- }
154
- }
155
- }
156
- }new Mo_wpns_file_db_backup();
157
  ?>
1
+ <?php
2
+ class Mo_wpns_file_db_backup{
3
+
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_file_db_backup_functions' ) );
6
+ }
7
+
8
+ public function mo_wpns_file_db_backup_functions(){
9
+ add_action('wp_ajax_mo_wpns_backup_redirect', array( $this, 'mo_wpns_backup_redirect' ));
10
+ }
11
+
12
+ public function mo_wpns_backup_redirect(){
13
+
14
+ switch(sanitize_text_field(wp_unslash($_POST['call_type'])))
15
+ {
16
+ case "submit_backup_settings_form":
17
+ $this->mo_wpns_save_backup_config_form($_POST);
18
+ break;
19
+ case "submit_schedule_settings_form":
20
+ $this->mo_wpns_save_schedule_backup_config_form($_POST);
21
+ break;
22
+ case "delete_backup":
23
+ $this->delete_backup($_POST);
24
+ break;
25
+ }
26
+ }
27
+
28
+ public function mo_wpns_save_backup_config_form($postData){
29
+ $nonce = $postData['nonce'];
30
+ if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
+ wp_send_json('ERROR');
32
+ }
33
+
34
+ if(! isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database'])){
35
+ wp_send_json('folder_error');
36
+ }
37
+
38
+ isset($postData['backup_plugin']) ? update_site_option( 'mo_file_manual_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_manual_backup_plugins', 0);
39
+
40
+ isset($postData['backup_themes']) ? update_site_option( 'mo_file_manual_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_manual_backup_themes', 0);
41
+
42
+ isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_manual_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_manual_backup_wp_files', 0);
43
+
44
+ isset($postData['database']) ? update_site_option( 'mo_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_database_backup', 0);
45
+
46
+ if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
47
+ $handler_obj = new MoBackupSite();
48
+ update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
49
+ $handler_obj->file_manual_backup();
50
+ }
51
+ if(isset($postData['database'])) {
52
+ $handler_obj = new MoBackupSite();
53
+ update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
54
+ $handler_obj->backupDB();
55
+ }
56
+ wp_send_json('created_backup');
57
+ }
58
+
59
+ function mo_wpns_save_schedule_backup_config_form($postData){
60
+ $nonce = $postData['nonce'];
61
+ if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
+ wp_send_json('ERROR');
63
+
64
+ }
65
+
66
+ $handler_obj = new MoBackupSite;
67
+ if(!isset($postData['backup_plugin']) && ! isset($postData['backup_themes']) && ! isset($postData['backup_wp_files']) && ! isset($postData['database']))
68
+ {
69
+ wp_send_json('folder_error');
70
+
71
+ }
72
+
73
+ isset($postData['backup_plugin']) ? update_site_option( 'mo_file_backup_plugins', sanitize_text_field($postData['backup_plugin'])) : update_site_option( 'mo_file_backup_plugins', 0);
74
+
75
+ isset($postData['backup_themes']) ? update_site_option( 'mo_file_backup_themes', sanitize_text_field($postData['backup_themes'])) : update_site_option( 'mo_file_backup_themes', 0);
76
+
77
+ isset($postData['backup_wp_files']) ? update_site_option( 'mo_file_backup_wp_files', sanitize_text_field($postData['backup_wp_files'])) : update_site_option( 'mo_file_backup_wp_files', 0);
78
+
79
+ isset($postData['database']) ? update_site_option( 'mo_schedule_database_backup', sanitize_text_field($postData['database'])) : update_site_option( 'mo_schedule_database_backup', 0);
80
+
81
+ if($postData['backup_time']==='12'||$postData['backup_time']==='24'||$postData['backup_time']==='168'||$postData['backup_time']==='360'||$postData['backup_time']==='720')
82
+ {
83
+ isset($postData['backup_time']) ? update_site_option( 'mo_wpns_backup_time', sanitize_text_field($postData['backup_time'])) : update_site_option( 'mo_wpns_backup_time', 0);
84
+ }else{
85
+ wp_send_json('invalid_hours');
86
+
87
+ }
88
+
89
+ isset($postData['enable_backup_schedule']) ? update_site_option( 'enable_backup_schedule', sanitize_text_field($postData['enable_backup_schedule'])) : update_site_option( 'enable_backup_schedule', 0);
90
+
91
+ isset($postData['local_storage']) ? update_site_option( 'storage_type', sanitize_text_field($postData['local_storage'])) : update_site_option( 'storage_type', 0);
92
+
93
+ if(get_site_option('enable_backup_schedule') === '1'){
94
+
95
+ if(isset($postData['backup_plugin']) || isset($postData['backup_themes']) || isset($postData['backup_wp_files'])){
96
+ $handler_obj-> file_backup_deactivate();
97
+ if (!wp_next_scheduled( 'mo_eb_file_cron_hook')) {
98
+ wp_schedule_event( time(), 'file_eb_backup_time', 'mo_eb_file_cron_hook' );
99
+ }
100
+ update_site_option('file_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
101
+ update_site_option('scheduled_file_backup',1);
102
+ }
103
+ else
104
+ $handler_obj-> file_backup_deactivate();
105
+
106
+ if(MoWpnsUtility::get_mo2f_db_option('mo_schedule_database_backup', 'site_option') === '1'){
107
+ $handler_obj->bl_deactivate();
108
+ if ( ! wp_next_scheduled( 'mo_eb_bl_cron_hook' ) ) {
109
+ wp_schedule_event( time(), 'db_eb_backup_time', 'mo_eb_bl_cron_hook' );
110
+ }
111
+ update_site_option('db_backup_created_time',date("l").' , '.date("d-m-Y") .' '.date("h:i"));
112
+ update_site_option('scheduled_db_backup',1);
113
+ }
114
+ else
115
+ $handler_obj->bl_deactivate();
116
+
117
+ wp_send_json('success');
118
+
119
+ }else{
120
+ $handler_obj-> file_backup_deactivate();
121
+ $handler_obj->bl_deactivate();
122
+ update_site_option('scheduled_db_backup',0);
123
+ update_site_option('scheduled_file_backup',0);
124
+ wp_send_json('disable');
125
+
126
+ }
127
+ }
128
+
129
+
130
+
131
+ function delete_backup($postData){
132
+
133
+ $nonce = $postData['nonce'];
134
+ if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
+ wp_send_json('ERROR');
136
+
137
+ }
138
+
139
+ if(current_user_can('administrator')){
140
+ global $wpnsDbQueries;
141
+ $id = $postData['id'];
142
+ $row_exist = (int)$wpnsDbQueries->row_exist($id);
143
+ $status = file_exists($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
144
+ if($status){
145
+ unlink($postData["folder_name"].DIRECTORY_SEPARATOR. $postData['file_name']);
146
+ if($row_exist)
147
+ $wpnsDbQueries->delete_file($id);
148
+ wp_send_json('success');
149
+
150
+ }else{
151
+ $wpnsDbQueries->delete_file($id);
152
+ wp_send_json('notexist');
153
+ }
154
+ }
155
+ }
156
+ }new Mo_wpns_file_db_backup();
157
  ?>
controllers/change-password.php CHANGED
@@ -1,16 +1,16 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $username = $user->data->user_login;
6
- $message = isset($newpassword) && ($newpassword != $confirmpassword) ? "Both Passwords do not match." : "Please enter a stronger password.";
7
- $css_file = plugins_url('wp-security-pro/includes/css/style_settings.css',$mo2f_dirName);
8
-
9
- $js_file = plugins_url('wp-security-pro/includes/js/settings_page.js',$mo2f_dirName);
10
-
11
- wp_register_script('mo2f_setting_page_js',$js_file);
12
- wp_register_style( 'mo2f_seetings_style',$css_file);
13
-
14
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'change-password.php';
15
- exit;
16
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $username = $user->data->user_login;
6
+ $message = isset($newpassword) && ($newpassword != $confirmpassword) ? "Both Passwords do not match." : "Please enter a stronger password.";
7
+ $css_file = plugins_url('wp-security-pro/includes/css/style_settings.css',$mo2f_dirName);
8
+
9
+ $js_file = plugins_url('wp-security-pro/includes/js/settings_page.js',$mo2f_dirName);
10
+
11
+ wp_register_script('mo2f_setting_page_js',$js_file);
12
+ wp_register_style( 'mo2f_seetings_style',$css_file);
13
+
14
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'change-password.php';
15
+ exit;
16
+
controllers/content-protection.php CHANGED
@@ -1,95 +1,95 @@
1
- <?php
2
- global $moWpnsUtility,$mo2f_dirName;
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch(sanitize_text_field($_POST['option']))
7
- {
8
- case "mo_wpns_content_protection":
9
- wpns_handle_content_protection($_POST); break;
10
- case "mo_wpns_enable_comment_spam_blocking":
11
- wpns_handle_comment_spam_blocking($_POST); break;
12
- case "mo_wpns_enable_comment_recaptcha":
13
- wpns_handle_comment_recaptcha($_POST); break;
14
- case "mo_wpns_comment_recaptcha_settings":
15
- wpns_save_comment_recaptcha($_POST); break;
16
- }
17
- }
18
-
19
-
20
- $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
- $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
- $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
- $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
- $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
- $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
- $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
- $test_recaptcha_url = "";
28
- $test_recaptcha_url_v3 = "";
29
- $wp_config = site_url().'/wp-config.php';
30
- $wp_uploads = get_site_url().'/wp-content/uploads';
31
- $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
32
- $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
33
- $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
- if($enable_recaptcha)
35
- {
36
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
37
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
- }
40
-
41
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
42
-
43
- /* CONTENT PROTECTION FUNCTIONS */
44
-
45
- //Function to save content protection settings
46
- function wpns_handle_content_protection()
47
- {
48
- isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
49
- isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
50
- isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
51
- isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
52
- if(isset($_POST['restrictAPI'])){
53
- update_site_option('mo2f_restrict_restAPI', 1);
54
- }
55
- else{
56
- update_site_option('mo2f_restrict_restAPI',0);
57
- }
58
-
59
-
60
-
61
-
62
- $mo_wpns_htaccess_handler = new MoWpnsHandler();
63
- $mo_wpns_htaccess_handler->update_htaccess_configuration();
64
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
65
- }
66
-
67
-
68
- //Function to handle comment spam blocking
69
- function wpns_handle_comment_spam_blocking($postvalue)
70
- {
71
- $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
72
- update_option('mo_wpns_enable_comment_spam_blocking', $enable);
73
- if($enable)
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
75
- else
76
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
77
- }
78
-
79
-
80
- //Function to handle reCAPTCHA for comments
81
- function wpns_handle_comment_recaptcha($postvalue)
82
- {
83
- $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
84
- update_option('mo_wpns_enable_comment_recaptcha', $enable);
85
- if($enable)
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
87
- else
88
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
89
- }
90
-
91
- function wpns_save_comment_recaptcha($postvalue){
92
- update_option('mo_wpns_recaptcha_site_key', sanitize_post($postvalue['mo_wpns_recaptcha_site_key']));
93
- update_option('mo_wpns_recaptcha_secret_key', sanitize_post($postvalue['mo_wpns_recaptcha_secret_key']));
94
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
95
  }
1
+ <?php
2
+ global $moWpnsUtility,$mo2f_dirName;
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch(sanitize_text_field($_POST['option']))
7
+ {
8
+ case "mo_wpns_content_protection":
9
+ wpns_handle_content_protection($_POST); break;
10
+ case "mo_wpns_enable_comment_spam_blocking":
11
+ wpns_handle_comment_spam_blocking($_POST); break;
12
+ case "mo_wpns_enable_comment_recaptcha":
13
+ wpns_handle_comment_recaptcha($_POST); break;
14
+ case "mo_wpns_comment_recaptcha_settings":
15
+ wpns_save_comment_recaptcha($_POST); break;
16
+ }
17
+ }
18
+
19
+
20
+ $protect_wp_config = get_option('mo2f_protect_wp_config') ? "checked" : "";
21
+ $protect_wp_uploads = get_option('mo2f_prevent_directory_browsing') ? "checked" : "";
22
+ $disable_file_editing = get_option('mo2f_disable_file_editing') ? "checked" : "";
23
+ $comment_spam_protect = get_option('mo_wpns_enable_comment_spam_blocking') ? "checked" : "";
24
+ $enable_recaptcha = get_option('mo_wpns_enable_comment_recaptcha') ? "checked" : "";
25
+ $htaccess_file = get_option('mo2f_htaccess_file') ? "checked" : "";
26
+ $restAPI = get_site_option('mo2f_restrict_restAPI') ? "checked" : "";
27
+ $test_recaptcha_url = "";
28
+ $test_recaptcha_url_v3 = "";
29
+ $wp_config = site_url().'/wp-config.php';
30
+ $wp_uploads = get_site_url().'/wp-content/uploads';
31
+ $plugin_editor = get_site_url().'/wp-admin/plugin-editor.php';
32
+ $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.'users';
33
+ $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
+ if($enable_recaptcha)
35
+ {
36
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
37
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
+ }
40
+
41
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'content-protection.php';
42
+
43
+ /* CONTENT PROTECTION FUNCTIONS */
44
+
45
+ //Function to save content protection settings
46
+ function wpns_handle_content_protection()
47
+ {
48
+ isset($_POST['protect_wp_config']) ? update_option('mo2f_protect_wp_config' , sanitize_text_field($_POST['protect_wp_config']) ) : update_option('mo2f_protect_wp_config' ,0);
49
+ isset($_POST['prevent_directory_browsing']) ? update_option('mo2f_prevent_directory_browsing', sanitize_text_field($_POST['prevent_directory_browsing'])): update_option('mo2f_prevent_directory_browsing',0);
50
+ isset($_POST['disable_file_editing']) ? update_option('mo2f_disable_file_editing' , sanitize_text_field($_POST['disable_file_editing'])) : update_option('mo2f_disable_file_editing' ,0);
51
+ isset($_POST['mo2f_htaccess_file']) ? update_option('mo2f_htaccess_file' , sanitize_text_field($_POST['mo2f_htaccess_file'])) : update_option('mo2f_htaccess_file',0);
52
+ if(isset($_POST['restrictAPI'])){
53
+ update_site_option('mo2f_restrict_restAPI', 1);
54
+ }
55
+ else{
56
+ update_site_option('mo2f_restrict_restAPI',0);
57
+ }
58
+
59
+
60
+
61
+
62
+ $mo_wpns_htaccess_handler = new MoWpnsHandler();
63
+ $mo_wpns_htaccess_handler->update_htaccess_configuration();
64
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_PROTECTION_ENABLED'),'SUCCESS');
65
+ }
66
+
67
+
68
+ //Function to handle comment spam blocking
69
+ function wpns_handle_comment_spam_blocking($postvalue)
70
+ {
71
+ $enable = isset($postvalue['mo_wpns_enable_comment_spam_blocking']) ? true : false;
72
+ update_option('mo_wpns_enable_comment_spam_blocking', $enable);
73
+ if($enable)
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING'),'SUCCESS');
75
+ else
76
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_SPAM_BLOCKING_DISABLED'),'ERROR');
77
+ }
78
+
79
+
80
+ //Function to handle reCAPTCHA for comments
81
+ function wpns_handle_comment_recaptcha($postvalue)
82
+ {
83
+ $enable = isset($postvalue['mo_wpns_enable_comment_recaptcha']) ? true : false;
84
+ update_option('mo_wpns_enable_comment_recaptcha', $enable);
85
+ if($enable)
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA'),'SUCCESS');
87
+ else
88
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONTENT_RECAPTCHA_DISABLED'),'ERROR');
89
+ }
90
+
91
+ function wpns_save_comment_recaptcha($postvalue){
92
+ update_option('mo_wpns_recaptcha_site_key', sanitize_post($postvalue['mo_wpns_recaptcha_site_key']));
93
+ update_option('mo_wpns_recaptcha_secret_key', sanitize_post($postvalue['mo_wpns_recaptcha_secret_key']));
94
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
95
  }
controllers/dashboard_ajax.php CHANGED
@@ -1,211 +1,211 @@
1
- <?php
2
- class Mo2f_ajax_dashboard
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
- }
7
-
8
- public function mo2f_switch_functions(){
9
- if(isset($_POST) && isset($_POST['option'])){
10
- $tab_count= get_site_option('mo2f_tab_count', 0);
11
- if($tab_count == 5)
12
- update_site_option('mo_2f_switch_all', 1);
13
- elseif($tab_count == 0)
14
- update_site_option('mo_2f_switch_all', 0);
15
- $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
- switch(sanitize_text_field($_POST['option']))
17
- {
18
- case "tab_all_switch":
19
- $this->mo2f_handle_all_enable($santizied_post);
20
- break;
21
- case "tab_2fa_switch":
22
- $this->mo2f_handle_2fa_enable($santizied_post);
23
- break;
24
- case "tab_waf_switch":
25
- $this->mo2f_handle_waf_enable($santizied_post);
26
- break;
27
- case "tab_login_switch":
28
- $this->mo2f_handle_login_enable($santizied_post);
29
- break;
30
- case "tab_backup_switch":
31
- $this->mo2f_handle_backup_enable($santizied_post);
32
- break;
33
- case "tab_malware_switch":
34
- $this->mo2f_handle_malware_enable($santizied_post);
35
- break;
36
- case "tab_block_switch":
37
- $this->mo2f_handle_block_enable($santizied_post);
38
- break;
39
-
40
- }
41
- }
42
- }
43
-
44
- public function mo2f_handle_all_enable($POSTED){
45
- $this->mo2f_handle_waf_enable($POSTED);
46
- $this->mo2f_handle_login_enable($POSTED);
47
- $this->mo2f_handle_backup_enable($POSTED);
48
- $this->mo2f_handle_malware_enable($POSTED);
49
- $this->mo2f_handle_block_enable($POSTED);
50
- if($POSTED){
51
- update_option('mo_2f_switch_all',1);
52
- update_site_option('mo2f_tab_count', 5);
53
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
- }
55
- else{
56
- update_option('mo_2f_switch_all', 0);
57
- update_site_option('mo2f_tab_count', 0);
58
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
- }
60
- }
61
-
62
- public function mo2f_handle_2fa_enable($POSTED){
63
- global $Mo2fdbQueries;
64
- $user= wp_get_current_user();
65
- $user_id= $user->user_ID;
66
- if($POSTED){
67
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
- if(sanitize_text_field($_POST['tab_2fa_switch']))
69
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
- }
71
- else{
72
- $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
- if(sanitize_text_field($_POST['tab_2fa_switch']))
74
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
- }
76
- }
77
-
78
- public function mo2f_handle_waf_enable($POSTED){
79
- if($POSTED){
80
- update_site_option('mo_2f_switch_waf', 1);
81
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
- if (isset($_POST['option'] ))
83
- {
84
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
- {
86
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
- }
88
- }
89
- }
90
- else{
91
- update_site_option('mo_2f_switch_waf', 0);
92
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
- update_option('WAFEnabled', 0);
94
- update_option('WAF','wafDisable');
95
- update_site_option('Rate_limiting', 0);
96
- $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
- $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
- $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
- $filePath = str_replace('\\', '/', $filePath);
100
- $file = file_get_contents($dir_name1);
101
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
- $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
- $cont .= '# END miniOrange WAF'.PHP_EOL;
104
- $file =str_replace($cont,'',$file);
105
- file_put_contents($dir_name1, $file);
106
- if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
- do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
- }
109
- }
110
-
111
- public function mo2f_handle_login_enable($POSTED){
112
- if($POSTED){
113
- update_site_option('mo_2f_switch_loginspam', 1);
114
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
- if (isset($_POST['option'] ))
116
- {
117
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
- }
120
- }
121
- else{
122
- update_site_option('mo_2f_switch_loginspam', 0);
123
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
- update_site_option('mo2f_enable_brute_force', false);
125
- update_site_option('mo_wpns_activate_recaptcha', false);
126
- update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
- update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
- update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
- update_site_option('mo2f_enforce_strong_passswords', 0);
131
- update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
- update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
- update_site_option('mo_wpns_enable_social_integration', false);
134
- update_site_option('mo2f_protect_wp_config', 0);
135
- update_site_option('mo2f_prevent_directory_browsing', 0);
136
- update_site_option('mo2f_disable_file_editing', 0);
137
- update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
- update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
- update_site_option('mo2f_htaccess_file', 0);
140
- if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
- do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
- }
143
- }
144
-
145
- public function mo2f_handle_backup_enable($POSTED){
146
- if($POSTED){
147
- update_site_option('mo_2f_switch_backup', 1);
148
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
- if (isset($_POST['option'] ))
150
- {
151
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
- }
154
- }
155
- else{
156
- update_site_option('mo_2f_switch_backup', 0);
157
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
- $handler_obj = new MoBackupSite;
159
- $handler_obj->bl_deactivate();
160
- update_site_option('mo2f_enable_cron_backup', 0);
161
- $handler_obj->file_backup_deactivate();
162
- update_site_option('mo2f_enable_cron_file_backup', 0);
163
- if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
- }
166
- }
167
-
168
- public function mo2f_handle_malware_enable($POSTED){
169
- if($POSTED){
170
- update_site_option('mo_2f_switch_malware', 1);
171
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
- if (isset($_POST['option'] ))
173
- {
174
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
- }
177
- }else{
178
- update_site_option('mo_2f_switch_malware', 0);
179
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
- if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
- do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
- }
183
- }
184
-
185
- public function mo2f_handle_block_enable($POSTED){
186
- if($POSTED){
187
- update_site_option('mo_2f_switch_adv_block', 1);
188
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
- if (isset($_POST['option'] ))
190
- {
191
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
- }
194
- }
195
- else{
196
- update_site_option('mo_2f_switch_adv_block', 0);
197
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
- update_site_option('mo_wpns_iprange_count', 0);
199
- update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
- update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
- update_site_option('mo_wpns_referrers', false);
202
- update_site_option('mo_wpns_countrycodes', false);
203
- if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
- }
206
- }
207
-
208
-
209
- }
210
- new Mo2f_ajax_dashboard();
211
  ?>
1
+ <?php
2
+ class Mo2f_ajax_dashboard
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_switch_functions' ) );
6
+ }
7
+
8
+ public function mo2f_switch_functions(){
9
+ if(isset($_POST) && isset($_POST['option'])){
10
+ $tab_count= get_site_option('mo2f_tab_count', 0);
11
+ if($tab_count == 5)
12
+ update_site_option('mo_2f_switch_all', 1);
13
+ elseif($tab_count == 0)
14
+ update_site_option('mo_2f_switch_all', 0);
15
+ $santizied_post=isset($_POST['switch_val'])? sanitize_text_field($_POST['switch_val']):null;
16
+ switch(sanitize_text_field($_POST['option']))
17
+ {
18
+ case "tab_all_switch":
19
+ $this->mo2f_handle_all_enable($santizied_post);
20
+ break;
21
+ case "tab_2fa_switch":
22
+ $this->mo2f_handle_2fa_enable($santizied_post);
23
+ break;
24
+ case "tab_waf_switch":
25
+ $this->mo2f_handle_waf_enable($santizied_post);
26
+ break;
27
+ case "tab_login_switch":
28
+ $this->mo2f_handle_login_enable($santizied_post);
29
+ break;
30
+ case "tab_backup_switch":
31
+ $this->mo2f_handle_backup_enable($santizied_post);
32
+ break;
33
+ case "tab_malware_switch":
34
+ $this->mo2f_handle_malware_enable($santizied_post);
35
+ break;
36
+ case "tab_block_switch":
37
+ $this->mo2f_handle_block_enable($santizied_post);
38
+ break;
39
+
40
+ }
41
+ }
42
+ }
43
+
44
+ public function mo2f_handle_all_enable($POSTED){
45
+ $this->mo2f_handle_waf_enable($POSTED);
46
+ $this->mo2f_handle_login_enable($POSTED);
47
+ $this->mo2f_handle_backup_enable($POSTED);
48
+ $this->mo2f_handle_malware_enable($POSTED);
49
+ $this->mo2f_handle_block_enable($POSTED);
50
+ if($POSTED){
51
+ update_option('mo_2f_switch_all',1);
52
+ update_site_option('mo2f_tab_count', 5);
53
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_ENABLED'),'SUCCESS');
54
+ }
55
+ else{
56
+ update_option('mo_2f_switch_all', 0);
57
+ update_site_option('mo2f_tab_count', 0);
58
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ALL_DISABLED'),'ERROR');
59
+ }
60
+ }
61
+
62
+ public function mo2f_handle_2fa_enable($POSTED){
63
+ global $Mo2fdbQueries;
64
+ $user= wp_get_current_user();
65
+ $user_id= $user->user_ID;
66
+ if($POSTED){
67
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'));
68
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
69
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_ENABLE'),'SUCCESS');
70
+ }
71
+ else{
72
+ $Mo2fdbQueries->update_user_deails($user_id, array('mo_2factor_user_registration_status', 0));
73
+ if(sanitize_text_field($_POST['tab_2fa_switch']))
74
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FACTOR_DISABLE'),'ERROR');
75
+ }
76
+ }
77
+
78
+ public function mo2f_handle_waf_enable($POSTED){
79
+ if($POSTED){
80
+ update_site_option('mo_2f_switch_waf', 1);
81
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
82
+ if (isset($_POST['option'] ))
83
+ {
84
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
85
+ {
86
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_ENABLE'),'SUCCESS');
87
+ }
88
+ }
89
+ }
90
+ else{
91
+ update_site_option('mo_2f_switch_waf', 0);
92
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
93
+ update_option('WAFEnabled', 0);
94
+ update_option('WAF','wafDisable');
95
+ update_site_option('Rate_limiting', 0);
96
+ $dir_name = dirname(dirname(dirname(dirname(dirname(__FILE__)))));
97
+ $dir_name1 = $dir_name.DIRECTORY_SEPARATOR.'.htaccess';
98
+ $filePath = $dir_name.DIRECTORY_SEPARATOR.'mo-check.php';
99
+ $filePath = str_replace('\\', '/', $filePath);
100
+ $file = file_get_contents($dir_name1);
101
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
102
+ $cont .= 'php_value auto_prepend_file '.$filePath.PHP_EOL;
103
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
104
+ $file =str_replace($cont,'',$file);
105
+ file_put_contents($dir_name1, $file);
106
+ if(sanitize_text_field($_POST['option']) == 'tab_waf_switch')
107
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('WAF_DISABLE'),'ERROR');
108
+ }
109
+ }
110
+
111
+ public function mo2f_handle_login_enable($POSTED){
112
+ if($POSTED){
113
+ update_site_option('mo_2f_switch_loginspam', 1);
114
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
115
+ if (isset($_POST['option'] ))
116
+ {
117
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
118
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_ENABLE'),'SUCCESS');
119
+ }
120
+ }
121
+ else{
122
+ update_site_option('mo_2f_switch_loginspam', 0);
123
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
124
+ update_site_option('mo2f_enable_brute_force', false);
125
+ update_site_option('mo_wpns_activate_recaptcha', false);
126
+ update_site_option('mo_wpns_activate_recaptcha_for_login', false);
127
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_login', false);
128
+ update_site_option('mo_wpns_activate_recaptcha_for_registration', false);
129
+ update_site_option('mo_wpns_activate_recaptcha_for_woocommerce_registration', false);
130
+ update_site_option('mo2f_enforce_strong_passswords', 0);
131
+ update_site_option('mo_wpns_enable_fake_domain_blocking', false);
132
+ update_site_option('mo_wpns_enable_advanced_user_verification', false);
133
+ update_site_option('mo_wpns_enable_social_integration', false);
134
+ update_site_option('mo2f_protect_wp_config', 0);
135
+ update_site_option('mo2f_prevent_directory_browsing', 0);
136
+ update_site_option('mo2f_disable_file_editing', 0);
137
+ update_site_option('mo_wpns_enable_comment_spam_blocking', false);
138
+ update_site_option('mo_wpns_enable_comment_recaptcha', false);
139
+ update_site_option('mo2f_htaccess_file', 0);
140
+ if(sanitize_text_field($_POST['option']) == 'tab_login_switch')
141
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('LOGIN_DISABLE'),'ERROR');
142
+ }
143
+ }
144
+
145
+ public function mo2f_handle_backup_enable($POSTED){
146
+ if($POSTED){
147
+ update_site_option('mo_2f_switch_backup', 1);
148
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
149
+ if (isset($_POST['option'] ))
150
+ {
151
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
152
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_ENABLE'),'SUCCESS');
153
+ }
154
+ }
155
+ else{
156
+ update_site_option('mo_2f_switch_backup', 0);
157
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
158
+ $handler_obj = new MoBackupSite;
159
+ $handler_obj->bl_deactivate();
160
+ update_site_option('mo2f_enable_cron_backup', 0);
161
+ $handler_obj->file_backup_deactivate();
162
+ update_site_option('mo2f_enable_cron_file_backup', 0);
163
+ if(sanitize_text_field($_POST['option']) == 'tab_backup_switch')
164
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BACKUP_DISABLE'),'ERROR');
165
+ }
166
+ }
167
+
168
+ public function mo2f_handle_malware_enable($POSTED){
169
+ if($POSTED){
170
+ update_site_option('mo_2f_switch_malware', 1);
171
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
172
+ if (isset($_POST['option'] ))
173
+ {
174
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
175
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_ENABLE'),'SUCCESS');
176
+ }
177
+ }else{
178
+ update_site_option('mo_2f_switch_malware', 0);
179
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
180
+ if(sanitize_text_field($_POST['option']) == 'tab_malware_switch')
181
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('MALWARE_DISABLE'),'ERROR');
182
+ }
183
+ }
184
+
185
+ public function mo2f_handle_block_enable($POSTED){
186
+ if($POSTED){
187
+ update_site_option('mo_2f_switch_adv_block', 1);
188
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
189
+ if (isset($_POST['option'] ))
190
+ {
191
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
192
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_ENABLE'),'SUCCESS');
193
+ }
194
+ }
195
+ else{
196
+ update_site_option('mo_2f_switch_adv_block', 0);
197
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')-1);
198
+ update_site_option('mo_wpns_iprange_count', 0);
199
+ update_site_option('mo_wpns_enable_htaccess_blocking', 0);
200
+ update_site_option('mo_wpns_enable_user_agent_blocking', 0);
201
+ update_site_option('mo_wpns_referrers', false);
202
+ update_site_option('mo_wpns_countrycodes', false);
203
+ if(sanitize_text_field($_POST['option']) == 'tab_block_switch')
204
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ADV_BLOCK_DISABLE'),'ERROR');
205
+ }
206
+ }
207
+
208
+
209
+ }
210
+ new Mo2f_ajax_dashboard();
211
  ?>
controllers/duo_authenticator/duo_authenticator_ajax.php CHANGED
@@ -1,70 +1,70 @@
1
- <?php
2
- class Mo_2f_duo_authenticator
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
-
7
- }
8
-
9
- public function mo2f_duo_authenticator_functions(){
10
- add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
- add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
- }
13
-
14
- public function mo2f_duo_ajax_request(){
15
-
16
- switch (sanitize_text_field(wp_unslash($_POST['call_type']))) {
17
- case "check_duo_push_auth_status":
18
- $this->mo2f_check_duo_push_auth_status();
19
- break;
20
- }
21
- }
22
-
23
- public function mo2f_duo_authenticator_ajax(){
24
- switch (sanitize_text_field(wp_unslash($_POST['call_type'])))
25
- {
26
- case "check_duo_push_auth_status":
27
- $this->mo2f_check_duo_push_auth_status();
28
- break;
29
- }
30
- }
31
-
32
-
33
- function mo2f_check_duo_push_auth_status(){
34
-
35
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
36
- {
37
- wp_send_json("ERROR");
38
- exit;
39
- }else{
40
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
41
- $ikey = get_site_option('mo2f_d_integration_key');
42
- $skey = get_site_option('mo2f_d_secret_key');
43
- $host = get_site_option('mo2f_d_api_hostname');
44
- $current_user = wp_get_current_user();
45
-
46
- $session_id_encrypt = isset($_POST['session_id_encrypt']) ? sanitize_text_field($_POST['session_id_encrypt']) : '';
47
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
48
- $user_email = get_user_meta($user_id,'current_user_email');
49
- $user_email = isset($user_email[0])? $user_email[0]:'';
50
-
51
- if($user_email == '' || empty($user_email))
52
- $user_email = sanitize_email($current_user->user_email);
53
-
54
- $device['device'] = 'auto';
55
- $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
56
-
57
- if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
58
- wp_send_json('SUCCESS');
59
- }else{
60
-
61
- wp_send_json('ERROR');
62
- }
63
- }
64
-
65
-
66
- }
67
-
68
- }
69
- new Mo_2f_duo_authenticator();
70
- ?>
1
+ <?php
2
+ class Mo_2f_duo_authenticator
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo2f_duo_authenticator_functions' ) );
6
+
7
+ }
8
+
9
+ public function mo2f_duo_authenticator_functions(){
10
+ add_action('wp_ajax_mo2f_duo_authenticator_ajax', array( $this, 'mo2f_duo_authenticator_ajax' ));
11
+ add_action( 'wp_ajax_nopriv_mo2f_duo_ajax_request', array($this,'mo2f_duo_ajax_request') );
12
+ }
13
+
14
+ public function mo2f_duo_ajax_request(){
15
+
16
+ switch (sanitize_text_field(wp_unslash($_POST['call_type']))) {
17
+ case "check_duo_push_auth_status":
18
+ $this->mo2f_check_duo_push_auth_status();
19
+ break;
20
+ }
21
+ }
22
+
23
+ public function mo2f_duo_authenticator_ajax(){
24
+ switch (sanitize_text_field(wp_unslash($_POST['call_type'])))
25
+ {
26
+ case "check_duo_push_auth_status":
27
+ $this->mo2f_check_duo_push_auth_status();
28
+ break;
29
+ }
30
+ }
31
+
32
+
33
+ function mo2f_check_duo_push_auth_status(){
34
+
35
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-duo-nonce'))
36
+ {
37
+ wp_send_json("ERROR");
38
+ exit;
39
+ }else{
40
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
41
+ $ikey = get_site_option('mo2f_d_integration_key');
42
+ $skey = get_site_option('mo2f_d_secret_key');
43
+ $host = get_site_option('mo2f_d_api_hostname');
44
+ $current_user = wp_get_current_user();
45
+
46
+ $session_id_encrypt = isset($_POST['session_id_encrypt']) ? sanitize_text_field($_POST['session_id_encrypt']) : '';
47
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
48
+ $user_email = get_user_meta($user_id,'current_user_email');
49
+ $user_email = isset($user_email[0])? $user_email[0]:'';
50
+
51
+ if($user_email == '' || empty($user_email))
52
+ $user_email = sanitize_email($current_user->user_email);
53
+
54
+ $device['device'] = 'auto';
55
+ $auth_response = mo2f_duo_auth( $user_email,'push',$device , $skey, $ikey, $host,true);
56
+
57
+ if(isset($auth_response['response']['response']['result']) && $auth_response['response']['response']['result'] == 'allow'){
58
+ wp_send_json('SUCCESS');
59
+ }else{
60
+
61
+ wp_send_json('ERROR');
62
+ }
63
+ }
64
+
65
+
66
+ }
67
+
68
+ }
69
+ new Mo_2f_duo_authenticator();
70
+ ?>
controllers/feedback_footer.php CHANGED
@@ -1,57 +1,57 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
- switch(sanitize_text_field($_POST['option']))
8
- {
9
- case "mo_wpns_send_query":
10
- wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
- break;
12
- }
13
- }
14
-
15
- $current_user = wp_get_current_user();
16
- $email = get_option("mo2f_email");
17
- $phone = get_option("mo_wpns_admin_phone");
18
-
19
-
20
- /* SUPPORT FORM RELATED FUNCTIONS */
21
-
22
- //Function to handle support form submit
23
-
24
- if(empty($email))
25
- $email = $current_user->user_email;
26
-
27
- function wpns_handle_support_form_new($email,$query,$phone)
28
- {
29
- $send_configuration = (isset($_POST['mo2f_send_configuration'])? sanitize_text_field($_POST['mo2f_send_configuration']):0);
30
-
31
- if(empty($email) || empty($query)){
32
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
33
- return;
34
- }
35
-
36
- $query = sanitize_text_field( $query );
37
- $email = sanitize_email( $email );
38
- $phone = sanitize_text_field( $phone );
39
- $contact_us = new MocURL();
40
-
41
- if($send_configuration)
42
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
43
- else
44
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
45
-
46
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
- } else {
49
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
50
- }
51
- if(json_last_error() == JSON_ERROR_NONE && $submited){
52
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
53
- }else{
54
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
55
- }
56
- }
57
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+ switch(sanitize_text_field($_POST['option']))
8
+ {
9
+ case "mo_wpns_send_query":
10
+ wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
+ break;
12
+ }
13
+ }
14
+
15
+ $current_user = wp_get_current_user();
16
+ $email = get_option("mo2f_email");
17
+ $phone = get_option("mo_wpns_admin_phone");
18
+
19
+
20
+ /* SUPPORT FORM RELATED FUNCTIONS */
21
+
22
+ //Function to handle support form submit
23
+
24
+ if(empty($email))
25
+ $email = $current_user->user_email;
26
+
27
+ function wpns_handle_support_form_new($email,$query,$phone)
28
+ {
29
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])? sanitize_text_field($_POST['mo2f_send_configuration']):0);
30
+
31
+ if(empty($email) || empty($query)){
32
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
33
+ return;
34
+ }
35
+
36
+ $query = sanitize_text_field( $query );
37
+ $email = sanitize_email( $email );
38
+ $phone = sanitize_text_field( $phone );
39
+ $contact_us = new MocURL();
40
+
41
+ if($send_configuration)
42
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
43
+ else
44
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
45
+
46
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ } else {
49
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
50
+ }
51
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
52
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
53
+ }else{
54
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
55
+ }
56
+ }
57
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'feedback_footer.php';
controllers/ip-blocking.php CHANGED
@@ -1,243 +1,243 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- $mo_wpns_handler = new MoWpnsHandler();
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
-
9
- switch(sanitize_text_field($_POST['option']))
10
- {
11
- case "mo_wpns_manual_block_ip":
12
- wpns_handle_manual_block_ip($_POST['IP']); break;
13
- case "mo_wpns_unblock_ip":
14
- wpns_handle_unblock_ip($_POST['id']); break;
15
- case "mo_wpns_whitelist_ip":
16
- wpns_handle_whitelist_ip($_POST['IP']); break;
17
- case "mo_wpns_remove_whitelist":
18
- wpns_handle_remove_whitelist($_POST['id'] ); break;
19
- }
20
- }
21
-
22
- $blockedips = $mo_wpns_handler->get_blocked_ips();
23
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
24
- $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
25
- $path = explode('plugins', $path);
26
- $img_loader_url = plugins_url().$path[1];
27
-
28
- $page_url = "";
29
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
30
-
31
-
32
- function wpns_handle_manual_block_ip($ip)
33
- {
34
- global $moWpnsUtility;
35
- if( $moWpnsUtility->check_empty_or_null( $ip) )
36
- {
37
- echo("empty IP");
38
- exit;
39
- }
40
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
41
- {
42
- echo("INVALID_IP_FORMAT");
43
- exit;
44
- }
45
- else
46
- {
47
-
48
-
49
- $ipAddress = filter_var($ip, FILTER_VALIDATE_IP) ? $ip : 'INVALID_IP_FORMAT';
50
- $mo_wpns_config = new MoWpnsHandler();
51
- $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
52
- if(!$isWhitelisted)
53
- {
54
- if($mo_wpns_config->mo_wpns_is_ip_blocked($ipAddress)){
55
- echo("already blocked");
56
- exit;
57
- } else{
58
- $mo_wpns_config->mo_wpns_block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
59
- ?>
60
- <table id="blockedips_table1" class="display">
61
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
62
- <tbody>
63
- <?php
64
- $mo_wpns_handler = new MoWpnsHandler();
65
- $blockedips = $mo_wpns_handler->get_blocked_ips();
66
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
67
- global $mo2f_dirName;
68
- foreach($blockedips as $blockedip)
69
- {
70
- echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
71
- if(empty($blockedip->blocked_for_time))
72
- echo "<span class=redtext>Permanently</span>";
73
- else
74
- echo date("M j, Y, g:i:s a", esc_attr($blockedip->blocked_for_time));
75
- echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_html($blockedip->id)."')>Unblock IP</a></td></tr>";
76
- }
77
- ?>
78
- </tbody>
79
- </table>
80
- <script type="text/javascript">
81
- jQuery("#blockedips_table1").DataTable({
82
- "order": [[ 3, "desc" ]]
83
- });
84
- </script>
85
- <?php
86
- exit;
87
- }
88
- }
89
- else
90
- {
91
- echo("IP_IN_WHITELISTED");
92
- exit;
93
- }
94
- }
95
- }
96
-
97
-
98
- function wpns_handle_unblock_ip($entryID)
99
- {
100
- global $moWpnsUtility;
101
-
102
- if( $moWpnsUtility->check_empty_or_null($entryID))
103
- {
104
- echo("UNKNOWN_ERROR");
105
- exit;
106
- }
107
- else
108
- {
109
- $entryid = sanitize_text_field($entryID);
110
- $mo_wpns_config = new MoWpnsHandler();
111
- $mo_wpns_config->unblock_ip_entry($entryid);
112
- ?>
113
- <table id="blockedips_table1" class="display">
114
- <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
115
- <tbody>
116
- <?php
117
- $mo_wpns_handler = new MoWpnsHandler();
118
- $blockedips = $mo_wpns_handler->get_blocked_ips();
119
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
120
- global $mo2f_dirName;
121
- foreach($blockedips as $blockedip)
122
- {
123
- echo "<tr class='mo_wpns_not_bold'><td>". esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
124
- if(empty($blockedip->blocked_for_time))
125
- echo "<span class=redtext>Permanently</span>";
126
- else
127
- echo date("M j, Y, g:i:s a",esc_attr($blockedip->blocked_for_time));
128
- echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_attr($blockedip->id)."')>Unblock IP</a></td></tr>";
129
- }
130
- ?>
131
- </tbody>
132
- </table>
133
- <script type="text/javascript">
134
- jQuery("#blockedips_table1").DataTable({
135
- "order": [[ 3, "desc" ]]
136
- });
137
- </script>
138
- <?php
139
-
140
- exit;
141
- }
142
- }
143
-
144
-
145
- function wpns_handle_whitelist_ip($ip)
146
- {
147
- global $moWpnsUtility;
148
- if( $moWpnsUtility->check_empty_or_null($ip))
149
- {
150
- echo("EMPTY IP");
151
- exit;
152
- }
153
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
154
- {
155
- echo("INVALID_IP");
156
- exit;
157
- }
158
- else
159
- {
160
- $ipAddress = (filter_var($ip, FILTER_VALIDATE_IP)) ? $ipAddress : 'INVALID_IP';
161
- $mo_wpns_config = new MoWpnsHandler();
162
- if($mo_wpns_config->is_whitelisted($ipAddress))
163
- {
164
- echo("IP_ALREADY_WHITELISTED");
165
- exit;
166
- }
167
- else
168
- {
169
- $mo_wpns_config->whitelist_ip($ip);
170
- $mo_wpns_handler = new MoWpnsHandler();
171
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
172
-
173
- ?>
174
- <table id="whitelistedips_table1" class="display">
175
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
176
- <tbody>
177
- <?php
178
- foreach($whitelisted_ips as $whitelisted_ip)
179
- {
180
- echo "<tr class='mo_wpns_not_bold'><td>".esc_html($whitelisted_ip->ip_address)."</td><td>".date("M j, Y, g:i:s a",esc_html($whitelisted_ip->created_timestamp))."</td><td><a onclick=removefromwhitelist('".esc_attr($whitelisted_ip->id)."')>Remove</a></td></tr>";
181
- }
182
-
183
-
184
- ?>
185
- </tbody>
186
- </table>
187
- <script type="text/javascript">
188
- jQuery("#whitelistedips_table1").DataTable({
189
- "order": [[ 1, "desc" ]]
190
- });
191
- </script>
192
-
193
- <?php
194
- exit;
195
- }
196
- }
197
- }
198
-
199
-
200
- function wpns_handle_remove_whitelist($entryID)
201
- {
202
- global $moWpnsUtility;
203
- if( $moWpnsUtility->check_empty_or_null($entryID))
204
- {
205
- //change Message
206
- echo("UNKNOWN_ERROR");
207
- exit;
208
- }
209
- else
210
- {
211
- $entryid = sanitize_text_field($entryID);
212
- $mo_wpns_config = new MoWpnsHandler();
213
- $mo_wpns_config->remove_whitelist_entry($entryid);
214
- //structures
215
- $mo_wpns_handler = new MoWpnsHandler();
216
- $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
217
-
218
- ?>
219
- <table id="whitelistedips_table1" class="display">
220
- <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
221
- <tbody>
222
- <?php
223
- foreach($whitelisted_ips as $whitelisted_ip)
224
- {
225
- echo "<tr class='mo_wpns_not_bold'><td>".esc_html($whitelisted_ip->ip_address)."</td><td>".date("M j, Y, g:i:s a",esc_html($whitelisted_ip->created_timestamp))."</td><td><a onclick=removefromwhitelist('".esc_attr($whitelisted_ip->id)."')>Remove</a></td></tr>";
226
- }
227
-
228
-
229
- ?>
230
- </tbody>
231
- </table>
232
- <script type="text/javascript">
233
- jQuery("#whitelistedips_table1").DataTable({
234
- "order": [[ 1, "desc" ]]
235
- });
236
- </script>
237
-
238
- <?php
239
- exit;
240
- }
241
- }
242
-
243
 
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ $mo_wpns_handler = new MoWpnsHandler();
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+
9
+ switch(sanitize_text_field($_POST['option']))
10
+ {
11
+ case "mo_wpns_manual_block_ip":
12
+ wpns_handle_manual_block_ip($_POST['IP']); break;
13
+ case "mo_wpns_unblock_ip":
14
+ wpns_handle_unblock_ip($_POST['id']); break;
15
+ case "mo_wpns_whitelist_ip":
16
+ wpns_handle_whitelist_ip($_POST['IP']); break;
17
+ case "mo_wpns_remove_whitelist":
18
+ wpns_handle_remove_whitelist($_POST['id'] ); break;
19
+ }
20
+ }
21
+
22
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
23
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
24
+ $path = dirname(dirname(__FILE__)).DIRECTORY_SEPARATOR.'includes'.DIRECTORY_SEPARATOR.'images'.DIRECTORY_SEPARATOR.'loader.gif';
25
+ $path = explode('plugins', $path);
26
+ $img_loader_url = plugins_url().$path[1];
27
+
28
+ $page_url = "";
29
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
30
+
31
+
32
+ function wpns_handle_manual_block_ip($ip)
33
+ {
34
+ global $moWpnsUtility;
35
+ if( $moWpnsUtility->check_empty_or_null( $ip) )
36
+ {
37
+ echo("empty IP");
38
+ exit;
39
+ }
40
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
41
+ {
42
+ echo("INVALID_IP_FORMAT");
43
+ exit;
44
+ }
45
+ else
46
+ {
47
+
48
+
49
+ $ipAddress = filter_var($ip, FILTER_VALIDATE_IP) ? $ip : 'INVALID_IP_FORMAT';
50
+ $mo_wpns_config = new MoWpnsHandler();
51
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($ipAddress);
52
+ if(!$isWhitelisted)
53
+ {
54
+ if($mo_wpns_config->mo_wpns_is_ip_blocked($ipAddress)){
55
+ echo("already blocked");
56
+ exit;
57
+ } else{
58
+ $mo_wpns_config->mo_wpns_block_ip($ipAddress, MoWpnsConstants::BLOCKED_BY_ADMIN, true);
59
+ ?>
60
+ <table id="blockedips_table1" class="display">
61
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
62
+ <tbody>
63
+ <?php
64
+ $mo_wpns_handler = new MoWpnsHandler();
65
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
66
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
67
+ global $mo2f_dirName;
68
+ foreach($blockedips as $blockedip)
69
+ {
70
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
71
+ if(empty($blockedip->blocked_for_time))
72
+ echo "<span class=redtext>Permanently</span>";
73
+ else
74
+ echo date("M j, Y, g:i:s a", esc_attr($blockedip->blocked_for_time));
75
+ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_html($blockedip->id)."')>Unblock IP</a></td></tr>";
76
+ }
77
+ ?>
78
+ </tbody>
79
+ </table>
80
+ <script type="text/javascript">
81
+ jQuery("#blockedips_table1").DataTable({
82
+ "order": [[ 3, "desc" ]]
83
+ });
84
+ </script>
85
+ <?php
86
+ exit;
87
+ }
88
+ }
89
+ else
90
+ {
91
+ echo("IP_IN_WHITELISTED");
92
+ exit;
93
+ }
94
+ }
95
+ }
96
+
97
+
98
+ function wpns_handle_unblock_ip($entryID)
99
+ {
100
+ global $moWpnsUtility;
101
+
102
+ if( $moWpnsUtility->check_empty_or_null($entryID))
103
+ {
104
+ echo("UNKNOWN_ERROR");
105
+ exit;
106
+ }
107
+ else
108
+ {
109
+ $entryid = sanitize_text_field($entryID);
110
+ $mo_wpns_config = new MoWpnsHandler();
111
+ $mo_wpns_config->unblock_ip_entry($entryid);
112
+ ?>
113
+ <table id="blockedips_table1" class="display">
114
+ <thead><tr><th>IP Address&emsp;&emsp;</th><th>Reason&emsp;&emsp;</th><th>Blocked Until&emsp;&emsp;</th><th>Blocked Date&emsp;&emsp;</th><th>Action&emsp;&emsp;</th></tr></thead>
115
+ <tbody>
116
+ <?php
117
+ $mo_wpns_handler = new MoWpnsHandler();
118
+ $blockedips = $mo_wpns_handler->get_blocked_ips();
119
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
120
+ global $mo2f_dirName;
121
+ foreach($blockedips as $blockedip)
122
+ {
123
+ echo "<tr class='mo_wpns_not_bold'><td>". esc_attr($blockedip->ip_address)."</td><td>".esc_attr($blockedip->reason)."</td><td>";
124
+ if(empty($blockedip->blocked_for_time))
125
+ echo "<span class=redtext>Permanently</span>";
126
+ else
127
+ echo date("M j, Y, g:i:s a",esc_attr($blockedip->blocked_for_time));
128
+ echo "</td><td>".date("M j, Y, g:i:s a",esc_attr($blockedip->created_timestamp))."</td><td><a onclick=unblockip('".esc_attr($blockedip->id)."')>Unblock IP</a></td></tr>";
129
+ }
130
+ ?>
131
+ </tbody>
132
+ </table>
133
+ <script type="text/javascript">
134
+ jQuery("#blockedips_table1").DataTable({
135
+ "order": [[ 3, "desc" ]]
136
+ });
137
+ </script>
138
+ <?php
139
+
140
+ exit;
141
+ }
142
+ }
143
+
144
+
145
+ function wpns_handle_whitelist_ip($ip)
146
+ {
147
+ global $moWpnsUtility;
148
+ if( $moWpnsUtility->check_empty_or_null($ip))
149
+ {
150
+ echo("EMPTY IP");
151
+ exit;
152
+ }
153
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
154
+ {
155
+ echo("INVALID_IP");
156
+ exit;
157
+ }
158
+ else
159
+ {
160
+ $ipAddress = (filter_var($ip, FILTER_VALIDATE_IP)) ? $ipAddress : 'INVALID_IP';
161
+ $mo_wpns_config = new MoWpnsHandler();
162
+ if($mo_wpns_config->is_whitelisted($ipAddress))
163
+ {
164
+ echo("IP_ALREADY_WHITELISTED");
165
+ exit;
166
+ }
167
+ else
168
+ {
169
+ $mo_wpns_config->whitelist_ip($ip);
170
+ $mo_wpns_handler = new MoWpnsHandler();
171
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
172
+
173
+ ?>
174
+ <table id="whitelistedips_table1" class="display">
175
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
176
+ <tbody>
177
+ <?php
178
+ foreach($whitelisted_ips as $whitelisted_ip)
179
+ {
180
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_html($whitelisted_ip->ip_address)."</td><td>".date("M j, Y, g:i:s a",esc_html($whitelisted_ip->created_timestamp))."</td><td><a onclick=removefromwhitelist('".esc_attr($whitelisted_ip->id)."')>Remove</a></td></tr>";
181
+ }
182
+
183
+
184
+ ?>
185
+ </tbody>
186
+ </table>
187
+ <script type="text/javascript">
188
+ jQuery("#whitelistedips_table1").DataTable({
189
+ "order": [[ 1, "desc" ]]
190
+ });
191
+ </script>
192
+
193
+ <?php
194
+ exit;
195
+ }
196
+ }
197
+ }
198
+
199
+
200
+ function wpns_handle_remove_whitelist($entryID)
201
+ {
202
+ global $moWpnsUtility;
203
+ if( $moWpnsUtility->check_empty_or_null($entryID))
204
+ {
205
+ //change Message
206
+ echo("UNKNOWN_ERROR");
207
+ exit;
208
+ }
209
+ else
210
+ {
211
+ $entryid = sanitize_text_field($entryID);
212
+ $mo_wpns_config = new MoWpnsHandler();
213
+ $mo_wpns_config->remove_whitelist_entry($entryid);
214
+ //structures
215
+ $mo_wpns_handler = new MoWpnsHandler();
216
+ $whitelisted_ips = $mo_wpns_handler->get_whitelisted_ips();
217
+
218
+ ?>
219
+ <table id="whitelistedips_table1" class="display">
220
+ <thead><tr><th >IP Address</th><th >Whitelisted Date</th><th >Remove from Whitelist</th></tr></thead>
221
+ <tbody>
222
+ <?php
223
+ foreach($whitelisted_ips as $whitelisted_ip)
224
+ {
225
+ echo "<tr class='mo_wpns_not_bold'><td>".esc_html($whitelisted_ip->ip_address)."</td><td>".date("M j, Y, g:i:s a",esc_html($whitelisted_ip->created_timestamp))."</td><td><a onclick=removefromwhitelist('".esc_attr($whitelisted_ip->id)."')>Remove</a></td></tr>";
226
+ }
227
+
228
+
229
+ ?>
230
+ </tbody>
231
+ </table>
232
+ <script type="text/javascript">
233
+ jQuery("#whitelistedips_table1").DataTable({
234
+ "order": [[ 1, "desc" ]]
235
+ });
236
+ </script>
237
+
238
+ <?php
239
+ exit;
240
+ }
241
+ }
242
+
243
 
controllers/login-security.php CHANGED
@@ -1,216 +1,216 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $twofactor_url = add_query_arg(
6
- array('page' => 'mo_2fa_two_fa')
7
- , $_SERVER['REQUEST_URI']
8
- );
9
-
10
-
11
-
12
- if(current_user_can( 'manage_options' ) && isset($_REQUEST['option']))
13
- {
14
- switch($_REQUEST['option'])
15
- {
16
- case "mo_wpns_enable_brute_force":
17
- wpns_handle_bf_enable_form($_POST); break;
18
- case "mo_wpns_brute_force_configuration":
19
- wpns_handle_bf_configuration_form($_POST); break;
20
- case "mo_wpns_slow_down_attacks":
21
- wpns_handle_dos_enable_form($_POST); break;
22
- case "mo_wpns_slow_down_attacks_config":
23
- wpns_handle_dos_configuration($_POST); break;
24
- case "mo_wpns_enable_2fa":
25
- wpns_handle_enable_2fa($_POST); break;
26
- case "mo2f_enforce_strong_passswords":
27
- wpns_handle_enable_strong_password($_POST); break;
28
- case "mo_wpns_rba_enable_2fa":
29
- wpns_handle_enable_rba(); break;
30
- case "mo_wpns_recaptcha_settings":
31
- wpns_handle_recaptcha_configuration($_POST); break;
32
- case "mo_wpns_enable_rename_login_url":
33
- wpns_handle_enable_rename_login_url($_POST); break;
34
-
35
- }
36
- }
37
-
38
- $allwed_login_attempts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
39
- $time_of_blocking_type = get_option('mo2f_time_of_blocking_type') ? get_option('mo2f_time_of_blocking_type') : "permanent";
40
- $time_of_blocking_val = get_option('mo2f_time_of_blocking_val') ? get_option('mo2f_time_of_blocking_val') : 3;
41
- $brute_force_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option') ? "checked" : "";
42
- $remaining_attempts = MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option') ? "checked" : "";
43
- $slow_down_attacks = get_option('mo_wpns_slow_down_attacks') ? "checked" : "";
44
- $enable_2fa = get_option('mo_wpns_enable_2fa') ? "checked" : "";
45
-
46
- $enforce_strong_password= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') ? "checked" : "";
47
- $attack_delay = get_option('mo_wpns_slow_down_attacks_delay') ? get_option('mo_wpns_slow_down_attacks_delay'): 2 ;
48
- $google_recaptcha = get_option('mo_wpns_activate_recaptcha') ? "checked": "";
49
-
50
-
51
-
52
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), sanitize_url($_SERVER['REQUEST_URI']));
53
-
54
-
55
- $test_recaptcha_url_v3 = add_query_arg( array('option'=>'testrecaptchaconfig3'), sanitize_url($_SERVER['REQUEST_URI']));
56
- $captcha_url_v2 = 'https://www.google.com/recaptcha/admin#list';
57
- $captcha_url_v3 = 'https://www.google.com/recaptcha/admin/create';
58
-
59
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2'){
60
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key');
61
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');}
62
-
63
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3'){
64
- $captcha_site_key = get_option('mo_wpns_recaptcha_site_key_v3');
65
- $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key_v3');
66
- }
67
-
68
- $captcha_login = get_option('mo_wpns_activate_recaptcha_for_login') ? "checked" : "";
69
- $captcha_reg = get_option('mo_wpns_activate_recaptcha_for_registration') ? "checked" : "";
70
-
71
-
72
- $strong_password_account= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') ? MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') : "all";
73
-
74
-
75
- $mo2FAPlugin = new TwoFAPlugin();
76
- $twofa_status= $mo2FAPlugin->getstatus();
77
- switch ($twofa_status)
78
- {
79
-
80
- case "ACTIVE":
81
- $mo2FAPlugin->updatePluginConfiguration();
82
- break;
83
- case "INSTALLED":
84
- $path = "miniorange-2-factor-authentication/miniorange_2_factor_settings.php";
85
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
86
- break;
87
- default:
88
- $action = 'install-plugin';
89
- $slug = 'miniorange-2-factor-authentication';
90
- $install_link = wp_nonce_url(
91
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
92
- $action.'_'.$slug
93
- );
94
- break;
95
- }
96
-
97
-
98
-
99
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login-security.php';
100
-
101
-
102
-
103
- /** LOGIN SECURITY RELATED FUNCTIONS **/
104
-
105
- //Function to handle enabling and disabling of brute force protection
106
- function wpns_handle_bf_enable_form($postData)
107
- {
108
- $enable = isset($postData['enable_brute_force_protection']) ? sanitize_text_field($postData['enable_brute_force_protection']) : false;
109
- update_option( 'mo2f_enable_brute_force', $enable );
110
-
111
- if($enable)
112
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_ENABLED'),'SUCCESS');
113
- else
114
- do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_DISABLED'),'ERROR');
115
- }
116
-
117
-
118
- //Function to handle brute force configuration
119
- function wpns_handle_bf_configuration_form($postData)
120
- {
121
- $login_attempts = sanitize_text_field($postData['allwed_login_attempts']);
122
- $blocking_type = sanitize_text_field($postData['time_of_blocking_type']);
123
- $blocking_value = isset($postData['time_of_blocking_val']) ? sanitize_text_field($postData['time_of_blocking_val']) : false;
124
- $remaining_attempts = isset($postData['show_remaining_attempts'])? sanitize_text_field($postData['show_remaining_attempts']) : false;
125
-
126
- update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
- update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
128
- update_option( 'mo2f_time_of_blocking_val' , $blocking_value );
129
- update_option( 'mo2f_show_remaining_attempts', $remaining_attempts );
130
-
131
- do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
132
- }
133
-
134
-
135
-
136
-
137
-
138
- //Function to handle enabling and disabling of two factor
139
- function wpns_handle_enable_2fa($postData)
140
- {
141
- $enable_2fa = isset($postData['mo_wpns_enable_2fa']) ? true : false;
142
- update_option( 'mo_wpns_enable_2fa', $enable_2fa);
143
-
144
- if($enable_2fa)
145
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_ENABLED'),'SUCCESS');
146
- else
147
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_DISABLED'),'ERROR');
148
- }
149
-
150
-
151
- //Function to handle enabling and disabling enforcement of strong password
152
- function wpns_handle_enable_strong_password($postData)
153
- {
154
- $set = isset($postData['mo2f_enforce_strong_passswords']) ? sanitize_text_field($postData['mo2f_enforce_strong_passswords']) : 0;
155
- update_option( 'mo2f_enforce_strong_passswords' , $set);
156
- update_option( 'mo2f_enforce_strong_passswords_for_accounts', sanitize_text_field($postData['mo2f_enforce_strong_passswords_for_accounts']));
157
- if($set)
158
- do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_ENABLED'),'SUCCESS');
159
- else
160
- do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_DISABLED'),'ERROR');
161
- }
162
-
163
-
164
- //Function to handle enabling and disabling RBA
165
- function wpns_handle_enable_rba()
166
- {
167
- update_option( 'mo_wpns_enable_2fa' , 1);
168
- update_option( 'mo2f_activate_plugin' , 1);
169
- update_option( 'mo_wpns_risk_based_access', 1);
170
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RBA_ENABLED'),'SUCCESS');
171
- }
172
-
173
-
174
- //Function to handle RBA configuration
175
-
176
-
177
- //Function to handle enabling and disabling google recaptcha
178
- function wpns_handle_enable_recaptcha($postData)
179
- {
180
- $enable = isset($postData['mo_wpns_activate_recaptcha']) ? sanitize_text_field($postData['mo_wpns_activate_recaptcha']) : false;
181
- update_option( 'mo_wpns_activate_recaptcha', $enable );
182
-
183
- if($enable)
184
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
185
- else
186
- {
187
- update_option( 'mo_wpns_activate_recaptcha_for_login' , false );
188
- update_option( 'mo_wpns_activate_recaptcha_for_registration', false );
189
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login' , false );
190
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration', false );
191
- do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_DISABLED'),'ERROR');
192
- }
193
- }
194
-
195
-
196
- //Function to handle recaptcha configuration
197
-
198
-
199
-
200
-
201
- function wpns_handle_enable_rename_login_url($postData){
202
- $enable_rename_login_url_checkbox = false;
203
- if(isset($postData['enable_rename_login_url_checkbox']) && $postData['enable_rename_login_url_checkbox']){
204
- $enable_rename_login_url_checkbox = sanitize_text_field($postData['enable_rename_login_url_checkbox']);
205
- do_action('wpns_show_message','Rename Admin Login Page URL is enabled.','SUCCESS');
206
- }else {
207
- do_action('wpns_show_message','Rename Admin Login Page URL is disabled.','SUCCESS');
208
- }
209
- $loginurl = get_option('login_page_url');
210
- if ($loginurl == "") {
211
- update_option('login_page_url', "mylogin");
212
- }
213
- update_option( 'mo_wpns_enable_rename_login_url', $enable_rename_login_url_checkbox);
214
- }
215
-
216
-
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $twofactor_url = add_query_arg(
6
+ array('page' => 'mo_2fa_two_fa')
7
+ , $_SERVER['REQUEST_URI']
8
+ );
9
+
10
+
11
+
12
+ if(current_user_can( 'manage_options' ) && isset($_REQUEST['option']))
13
+ {
14
+ switch($_REQUEST['option'])
15
+ {
16
+ case "mo_wpns_enable_brute_force":
17
+ wpns_handle_bf_enable_form($_POST); break;
18
+ case "mo_wpns_brute_force_configuration":
19
+ wpns_handle_bf_configuration_form($_POST); break;
20
+ case "mo_wpns_slow_down_attacks":
21
+ wpns_handle_dos_enable_form($_POST); break;
22
+ case "mo_wpns_slow_down_attacks_config":
23
+ wpns_handle_dos_configuration($_POST); break;
24
+ case "mo_wpns_enable_2fa":
25
+ wpns_handle_enable_2fa($_POST); break;
26
+ case "mo2f_enforce_strong_passswords":
27
+ wpns_handle_enable_strong_password($_POST); break;
28
+ case "mo_wpns_rba_enable_2fa":
29
+ wpns_handle_enable_rba(); break;
30
+ case "mo_wpns_recaptcha_settings":
31
+ wpns_handle_recaptcha_configuration($_POST); break;
32
+ case "mo_wpns_enable_rename_login_url":
33
+ wpns_handle_enable_rename_login_url($_POST); break;
34
+
35
+ }
36
+ }
37
+
38
+ $allwed_login_attempts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
39
+ $time_of_blocking_type = get_option('mo2f_time_of_blocking_type') ? get_option('mo2f_time_of_blocking_type') : "permanent";
40
+ $time_of_blocking_val = get_option('mo2f_time_of_blocking_val') ? get_option('mo2f_time_of_blocking_val') : 3;
41
+ $brute_force_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option') ? "checked" : "";
42
+ $remaining_attempts = MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option') ? "checked" : "";
43
+ $slow_down_attacks = get_option('mo_wpns_slow_down_attacks') ? "checked" : "";
44
+ $enable_2fa = get_option('mo_wpns_enable_2fa') ? "checked" : "";
45
+
46
+ $enforce_strong_password= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') ? "checked" : "";
47
+ $attack_delay = get_option('mo_wpns_slow_down_attacks_delay') ? get_option('mo_wpns_slow_down_attacks_delay'): 2 ;
48
+ $google_recaptcha = get_option('mo_wpns_activate_recaptcha') ? "checked": "";
49
+
50
+
51
+
52
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), sanitize_url($_SERVER['REQUEST_URI']));
53
+
54
+
55
+ $test_recaptcha_url_v3 = add_query_arg( array('option'=>'testrecaptchaconfig3'), sanitize_url($_SERVER['REQUEST_URI']));
56
+ $captcha_url_v2 = 'https://www.google.com/recaptcha/admin#list';
57
+ $captcha_url_v3 = 'https://www.google.com/recaptcha/admin/create';
58
+
59
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2'){
60
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key');
61
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');}
62
+
63
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3'){
64
+ $captcha_site_key = get_option('mo_wpns_recaptcha_site_key_v3');
65
+ $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key_v3');
66
+ }
67
+
68
+ $captcha_login = get_option('mo_wpns_activate_recaptcha_for_login') ? "checked" : "";
69
+ $captcha_reg = get_option('mo_wpns_activate_recaptcha_for_registration') ? "checked" : "";
70
+
71
+
72
+ $strong_password_account= MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') ? MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords_for_accounts', 'get_option') : "all";
73
+
74
+
75
+ $mo2FAPlugin = new TwoFAPlugin();
76
+ $twofa_status= $mo2FAPlugin->getstatus();
77
+ switch ($twofa_status)
78
+ {
79
+
80
+ case "ACTIVE":
81
+ $mo2FAPlugin->updatePluginConfiguration();
82
+ break;
83
+ case "INSTALLED":
84
+ $path = "miniorange-2-factor-authentication/miniorange_2_factor_settings.php";
85
+ $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
86
+ break;
87
+ default:
88
+ $action = 'install-plugin';
89
+ $slug = 'miniorange-2-factor-authentication';
90
+ $install_link = wp_nonce_url(
91
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
92
+ $action.'_'.$slug
93
+ );
94
+ break;
95
+ }
96
+
97
+
98
+
99
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'login-security.php';
100
+
101
+
102
+
103
+ /** LOGIN SECURITY RELATED FUNCTIONS **/
104
+
105
+ //Function to handle enabling and disabling of brute force protection
106
+ function wpns_handle_bf_enable_form($postData)
107
+ {
108
+ $enable = isset($postData['enable_brute_force_protection']) ? sanitize_text_field($postData['enable_brute_force_protection']) : false;
109
+ update_option( 'mo2f_enable_brute_force', $enable );
110
+
111
+ if($enable)
112
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_ENABLED'),'SUCCESS');
113
+ else
114
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('BRUTE_FORCE_DISABLED'),'ERROR');
115
+ }
116
+
117
+
118
+ //Function to handle brute force configuration
119
+ function wpns_handle_bf_configuration_form($postData)
120
+ {
121
+ $login_attempts = sanitize_text_field($postData['allwed_login_attempts']);
122
+ $blocking_type = sanitize_text_field($postData['time_of_blocking_type']);
123
+ $blocking_value = isset($postData['time_of_blocking_val']) ? sanitize_text_field($postData['time_of_blocking_val']) : false;
124
+ $remaining_attempts = isset($postData['show_remaining_attempts'])? sanitize_text_field($postData['show_remaining_attempts']) : false;
125
+
126
+ update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
+ update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
128
+ update_option( 'mo2f_time_of_blocking_val' , $blocking_value );
129
+ update_option( 'mo2f_show_remaining_attempts', $remaining_attempts );
130
+
131
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
132
+ }
133
+
134
+
135
+
136
+
137
+
138
+ //Function to handle enabling and disabling of two factor
139
+ function wpns_handle_enable_2fa($postData)
140
+ {
141
+ $enable_2fa = isset($postData['mo_wpns_enable_2fa']) ? true : false;
142
+ update_option( 'mo_wpns_enable_2fa', $enable_2fa);
143
+
144
+ if($enable_2fa)
145
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_ENABLED'),'SUCCESS');
146
+ else
147
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWOFA_DISABLED'),'ERROR');
148
+ }
149
+
150
+
151
+ //Function to handle enabling and disabling enforcement of strong password
152
+ function wpns_handle_enable_strong_password($postData)
153
+ {
154
+ $set = isset($postData['mo2f_enforce_strong_passswords']) ? sanitize_text_field($postData['mo2f_enforce_strong_passswords']) : 0;
155
+ update_option( 'mo2f_enforce_strong_passswords' , $set);
156
+ update_option( 'mo2f_enforce_strong_passswords_for_accounts', sanitize_text_field($postData['mo2f_enforce_strong_passswords_for_accounts']));
157
+ if($set)
158
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_ENABLED'),'SUCCESS');
159
+ else
160
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('STRONG_PASS_DISABLED'),'ERROR');
161
+ }
162
+
163
+
164
+ //Function to handle enabling and disabling RBA
165
+ function wpns_handle_enable_rba()
166
+ {
167
+ update_option( 'mo_wpns_enable_2fa' , 1);
168
+ update_option( 'mo2f_activate_plugin' , 1);
169
+ update_option( 'mo_wpns_risk_based_access', 1);
170
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RBA_ENABLED'),'SUCCESS');
171
+ }
172
+
173
+
174
+ //Function to handle RBA configuration
175
+
176
+
177
+ //Function to handle enabling and disabling google recaptcha
178
+ function wpns_handle_enable_recaptcha($postData)
179
+ {
180
+ $enable = isset($postData['mo_wpns_activate_recaptcha']) ? sanitize_text_field($postData['mo_wpns_activate_recaptcha']) : false;
181
+ update_option( 'mo_wpns_activate_recaptcha', $enable );
182
+
183
+ if($enable)
184
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_ENABLED'),'SUCCESS');
185
+ else
186
+ {
187
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , false );
188
+ update_option( 'mo_wpns_activate_recaptcha_for_registration', false );
189
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login' , false );
190
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration', false );
191
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('RECAPTCHA_DISABLED'),'ERROR');
192
+ }
193
+ }
194
+
195
+
196
+ //Function to handle recaptcha configuration
197
+
198
+
199
+
200
+
201
+ function wpns_handle_enable_rename_login_url($postData){
202
+ $enable_rename_login_url_checkbox = false;
203
+ if(isset($postData['enable_rename_login_url_checkbox']) && $postData['enable_rename_login_url_checkbox']){
204
+ $enable_rename_login_url_checkbox = sanitize_text_field($postData['enable_rename_login_url_checkbox']);
205
+ do_action('wpns_show_message','Rename Admin Login Page URL is enabled.','SUCCESS');
206
+ }else {
207
+ do_action('wpns_show_message','Rename Admin Login Page URL is disabled.','SUCCESS');
208
+ }
209
+ $loginurl = get_option('login_page_url');
210
+ if ($loginurl == "") {
211
+ update_option('login_page_url', "mylogin");
212
+ }
213
+ update_option( 'mo_wpns_enable_rename_login_url', $enable_rename_login_url_checkbox);
214
+ }
215
+
216
+
controllers/malware_scanner/malware_scan_ajax.php CHANGED
@@ -1,421 +1,421 @@
1
- <?php
2
- class Mo_wpns_scan_malware
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_malware_scanner_functions' ) );
6
-
7
- }
8
-
9
- public function mo_wpns_malware_scanner_functions(){
10
- add_action('wp_ajax_mo_wpns_malware_redirect', array( $this, 'mo_wpns_malware_redirect' ));
11
-
12
-
13
- }
14
-
15
- public function mo_wpns_malware_redirect(){
16
- switch (sanitize_text_field(wp_unslash($_POST['call_type'])))
17
- {
18
- case "submit_malware_settings_form":
19
- $this->mo_wpns_save_malware_config_form($_POST);
20
- break;
21
- case "malware_scan_initiate":
22
- $this->mo_wpns_start_malware_scan($_POST);
23
- break;
24
- case "wpns_enable_tour":
25
- update_option('skip_tour', 0);
26
- break;
27
- case "wpns_disable_tour":
28
- update_option('skip_tour', 1);
29
- break;
30
- case "malware_progress_bar":
31
- $this->mo_wpns_get_progress();
32
- break;
33
- case "malware_scan_last_result":
34
- $this->mo_wpns_get_scan_result();
35
- break;
36
- case "malware_scan_terminate":
37
- $this->mo_wpns_stop_scan();
38
- break;
39
-
40
- }
41
- }
42
-
43
- public function mo_wpns_save_malware_config_form($POSTED){
44
- $nonce = $POSTED['nonce'];
45
- if ( ! wp_verify_nonce( $nonce, 'mo-wpns-scan-settings' ) ){
46
- wp_send_json('ERROR');
47
- return;
48
- }
49
- if(! isset($POSTED['scan_plugin']) && ! isset($POSTED['scan_themes']) && ! isset($POSTED['scan_core'])){
50
- wp_send_json('folder_error');
51
- }elseif (! isset($POSTED['vulnerable_check']) && ! isset($POSTED['sql_check']) && ! isset($POSTED['rfi_check']) && ! isset($POSTED['ext_link']) && ! isset($POSTED['repo_check'])) {
52
- wp_send_json('level_error');
53
- }
54
- else{
55
- $mo_wpns_scan_plugins=isset($POSTED['scan_plugin']) ? sanitize_text_field($POSTED['scan_plugin']) : 0;
56
- $mo_wpns_scan_themes=isset($POSTED['scan_themes']) ? sanitize_text_field($POSTED['scan_themes']) : 0;
57
- $mo_wpns_scan_wp_files= isset($POSTED['scan_core']) ? sanitize_text_field($POSTED['scan_core']) : 0;
58
- $mo_wpns_scan_files_extensions= sanitize_text_field($POSTED['file_type']);
59
- $mo_wpns_check_vulnerable_code=isset($POSTED['vulnerable_check']) ? sanitize_text_field($POSTED['vulnerable_check']) : 0;
60
- $mo_wpns_check_sql_injection=isset($POSTED['sql_check']) ? sanitize_text_field($POSTED['sql_check']) : 0;
61
- $mo_wpns_check_external_link=isset($POSTED['ext_link']) ? sanitize_text_field($POSTED['ext_link']) : 0;
62
- $mo_wpns_scan_files_with_repo=isset($POSTED['repo_check']) ? sanitize_text_field($POSTED['repo_check']) : 0;
63
- $folders_to_skip= sanitize_text_field($POSTED['skip_path']);
64
- $folders_to_skip = str_replace('\\\\', '/', $folders_to_skip);
65
- $str="";
66
-
67
- $mo_wpns_skip_folders="";
68
- if(!empty($folders_to_skip)){
69
- $folders_to_skip_array=explode(";",$folders_to_skip);
70
- for($i=0; $i< count($folders_to_skip_array); $i++){
71
- if(is_dir($folders_to_skip_array[$i])){
72
- $str.= $folders_to_skip_array[$i];
73
- if($i!= count($folders_to_skip_array)-1){
74
- $str.=";";
75
- }
76
- }elseif($folders_to_skip_array[$i] == ''){
77
- $str.= $folders_to_skip_array[$i];
78
- }
79
- else{
80
- wp_send_json('path_error');
81
- }
82
- }
83
- $mo_wpns_skip_folders=$str;
84
- }else{
85
- $mo_wpns_skip_folders=$folders_to_skip;
86
- }
87
-
88
- $scan_configuration = array(
89
- 'plugin_scan' => $mo_wpns_scan_plugins,
90
- 'theme_scan' => $mo_wpns_scan_themes,
91
- 'core_scan' => $mo_wpns_scan_wp_files,
92
- 'file_extension' => $mo_wpns_scan_files_extensions,
93
- 'check_vulnerable' => $mo_wpns_check_vulnerable_code,
94
- 'check_sql' => $mo_wpns_check_sql_injection,
95
- 'ext_link_check' => $mo_wpns_check_external_link,
96
- 'check_repo' => $mo_wpns_scan_files_with_repo,
97
- 'path_skip' => $mo_wpns_skip_folders,
98
- 'type_scan' => "",
99
- );
100
-
101
- $encoded_scan_configuration=json_encode($scan_configuration);
102
- update_site_option("mo_wpns_scan_configuration",$encoded_scan_configuration);
103
- wp_send_json('save_success');
104
- }
105
- }
106
-
107
- public function mo_wpns_start_malware_scan($POSTED){
108
- $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
109
- if(isset($decoded_scan_configuration)){
110
- $status = $decoded_scan_configuration->scan_progress;
111
- }else{
112
- $status=false;
113
- $scan_mode=false;
114
- }
115
- if($status == "IN PROGRESS"){
116
- wp_send_json('scanning_already');
117
- }
118
- global $moWpnsUtility, $mo2f_dirName;
119
-
120
- $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
121
- $mo2f_malware_db_handler = new MoWpnsDB();
122
-
123
- $current_time= time();
124
- update_site_option('mo_wpns_last_scan_time', $current_time);
125
- $plugin_current= get_plugins();
126
- update_site_option('mo_wpns_last_plugins', $plugin_current);
127
- $args=array();
128
- $theme_current= wp_get_themes($args);
129
- update_site_option('mo_wpns_last_themes', $theme_current);
130
- update_site_option('malware_notification_option',1);
131
-
132
- update_site_option('mo2f_scan_initialize', 0);
133
- update_site_option('mo_wpns_hide_malware_popup', 1);
134
-
135
- $mo_wpns_malware_scan_in_progress="IN PROGRESS";
136
- $mo_wpns_files_scanned=0;
137
- $mo_wpns_infected_files=0;
138
- $mo_wpns_warning_files=0;
139
- $wordpress_download_status=false;
140
-
141
- update_site_option('mo_wpns_infected_files',0);
142
- update_site_option('mo_wpns_warning_files',0);
143
- update_site_option('mo2f_files_skipped', 0);
144
- update_site_option('mo2f_file_size_excess', 0);
145
- update_site_option('mo2f_download_done', 0);
146
-
147
-
148
- $scan_status = array(
149
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
150
- 'files_scanned' => $mo_wpns_files_scanned,
151
- 'infected_files' => $mo_wpns_infected_files,
152
- 'warning_files' => $mo_wpns_warning_files,
153
- 'total_files' => 0,
154
- 'check_with_repo' => 0,
155
- 'extlink_check' => 0,
156
- 'scan_mode' => "",
157
- 'average_time_each_file' => 0,
158
- 'total_files_processed' => 0,
159
- 'status_download_time' => $wordpress_download_status
160
- );
161
-
162
- $encoded_scan_status=json_encode($scan_status);
163
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
164
-
165
-
166
- $mo2f_malware_db_handler->delete_files_parts();
167
-
168
- if(isset($POSTED['scan']) && $POSTED['scan']=='scan_start'){
169
- $scan_configuration = array();
170
- switch($POSTED['scantype'])
171
- {
172
- case "quick_scan":
173
- $nonce = $POSTED['nonce'];
174
- if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
175
- wp_send_json('ERROR');
176
- return;
177
- }
178
- $scan_configuration = MoWpnsConstants::$quick_scan_configuration;
179
- update_site_option('mo_wpns_scan_mode','quick_scan');
180
- $scan_status = array(
181
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
182
- 'files_scanned' => $mo_wpns_files_scanned,
183
- 'infected_files' => $mo_wpns_infected_files,
184
- 'warning_files' => $mo_wpns_warning_files,
185
- 'total_files' => 0,
186
- 'check_with_repo' => 0,
187
- 'extlink_check' => 0,
188
- 'average_time_each_file' => 0,
189
- 'total_files_processed' => 0,
190
- 'scan_mode' => "quick_scan",
191
- 'status_download_time' => $wordpress_download_status
192
- );
193
-
194
- $encoded_scan_status=json_encode($scan_status);
195
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
196
- $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
197
- break;
198
- case "standard_scan":
199
- $nonce = $POSTED['nonce'];
200
- if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
201
- wp_send_json('ERROR');
202
- return;
203
- }
204
- $scan_configuration = MoWpnsConstants::$standard_scan_configuration;
205
- update_site_option('mo_wpns_scan_mode','standard_scan');
206
- $scan_status = array(
207
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
208
- 'files_scanned' => $mo_wpns_files_scanned,
209
- 'infected_files' => $mo_wpns_infected_files,
210
- 'warning_files' => $mo_wpns_warning_files,
211
- 'total_files' => 0,
212
- 'check_with_repo' => 1,
213
- 'extlink_check' => 1,
214
- 'total_files_processed' => 0,
215
- 'average_time_each_file' => 0,
216
- 'scan_mode' => "standard_scan",
217
- 'status_download_time' => $wordpress_download_status
218
- );
219
-
220
- $encoded_scan_status=json_encode($scan_status);
221
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
222
- $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
223
- break;
224
- case "custom_scan":
225
- $nonce = $POSTED['nonce'];
226
- if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
227
- wp_send_json('ERROR');
228
- return;
229
- }
230
- $decode_scan_configuration=json_decode(get_site_option("mo_wpns_scan_configuration"));
231
- if(is_null($decode_scan_configuration))
232
- {
233
- delete_option("mo_wpns_scan_status",$encoded_scan_status);
234
- wp_send_json("RECONFIGURE");
235
- }
236
-
237
- $scan_configuration = array('plugin_scan' => $decode_scan_configuration->plugin_scan,
238
- 'theme_scan' => $decode_scan_configuration->theme_scan,
239
- 'core_scan' => $decode_scan_configuration->core_scan,
240
- 'file_extension' => $decode_scan_configuration->file_extension,
241
- 'check_vulnerable' => $decode_scan_configuration->check_vulnerable,
242
- 'check_sql' => $decode_scan_configuration->check_sql,
243
- 'ext_link_check' => $decode_scan_configuration->ext_link_check,
244
- 'check_repo' => $decode_scan_configuration->check_repo,
245
- 'path_skip' => $decode_scan_configuration->path_skip,
246
- 'type_scan' => "Custom Scan"
247
- );
248
-
249
-
250
- $scan_status = array(
251
- 'scan_progress' => $mo_wpns_malware_scan_in_progress,
252
- 'files_scanned' => $mo_wpns_files_scanned,
253
- 'infected_files' => $mo_wpns_infected_files,
254
- 'warning_files' => $mo_wpns_warning_files,
255
- 'total_files' => 0,
256
- 'extlink_check' => $decode_scan_configuration->ext_link_check,
257
- 'check_with_repo' => $decode_scan_configuration->check_repo,
258
- 'average_time_each_file' => 0,
259
- 'total_files_processed' => 0,
260
- 'scan_mode' => "custom_scan",
261
- 'status_download_time' => $wordpress_download_status
262
- );
263
-
264
- $encoded_scan_status=json_encode($scan_status);
265
- update_site_option("mo_wpns_scan_status",$encoded_scan_status);
266
- update_site_option('mo_wpns_scan_mode','custom_scan');
267
- update_site_option('mo2f_custom_scan_config', $scan_configuration);
268
- $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
269
- break;
270
- }
271
- }
272
- }
273
-
274
-
275
- public function mo_wpns_get_progress(){
276
-
277
- $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
278
- $status= $decoded_scan_status->scan_progress;
279
- $files_scanned= $decoded_scan_status->files_scanned;
280
- $total_files = $decoded_scan_status->total_files;
281
- $check_repo = $decoded_scan_status->check_with_repo;
282
- $extlink_check = $decoded_scan_status->extlink_check;
283
- $scan_mode= $decoded_scan_status->scan_mode;
284
- $status_download= $decoded_scan_status->status_download_time;
285
- $averageFileScanTime= $decoded_scan_status->average_time_each_file;
286
- $total_files_processed= $decoded_scan_status->total_files_processed;
287
- if($status_download != false && $status == "IN PROGRESS"){
288
- $time_spent_in_downloading= time()-$status_download;
289
-
290
- if($time_spent_in_downloading > 600){
291
- $mo2f_malware_db_handler = new MoWpnsDB();
292
- $reportid= get_site_option('mo2f_report_id');
293
- $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
294
- if(!empty($last_report)){
295
- $issue = $last_report[0]->repo_key;
296
- $repo_key = get_site_option('mo2f_current_repo_key');
297
- if($repo_key == 'core'){
298
- $issue.= "WordPress Core Files;";
299
- }else{
300
- $issue.= $repo_key.";";
301
- }
302
- $mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
303
- }
304
- $scan_mode = get_site_option('mo_wpns_scan_mode');
305
- if ( $scan_mode == 'Quick Scan' ) {
306
- $scan_config = MoWpnsConstants::$quick_scan_configuration;
307
- } elseif ( $scan_mode == 'Standard Scan' ) {
308
- $scan_config = MoWpnsConstants::$standard_scan_configuration;
309
- } else {
310
- $scan_config = get_site_option( 'mo2f_custom_scan_config' );
311
- }
312
- $uploads_dir = wp_upload_dir();
313
- $uploads_path= $uploads_dir['basedir'];
314
- $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
315
- $scanverification = get_site_option( "mo2f_scanverification" );
316
- $req_obj = new mo2f_scanner_parts();
317
- $req_obj->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
318
- }
319
- }
320
- $repo_scan=0;
321
- if($scan_mode == "standard_scan" || ($scan_mode == "custom_scan" && $check_repo == 1)){
322
- $repo_scan=1;
323
- }
324
- if($status == "IN PROGRESS"){
325
- $result=array("status"=>$status, "scanned"=>$files_scanned, "total"=>$total_files, "repo_scan"=> $repo_scan,"extlink_check"=> $extlink_check,"AverageFileTime"=>$averageFileScanTime,"total_files_processed"=>$total_files_processed);
326
- wp_send_json($result);
327
- }
328
- else{
329
- //stop scan check
330
- $stop_scan=get_site_option('mo_stop_scan');
331
-
332
- $mo_wpns_db_handler = new MoWpnsDB();
333
- $total_scan=$mo_wpns_db_handler->count_files();
334
- $total_malicious=$mo_wpns_db_handler->count_malicious_files();
335
- $last_id=$mo_wpns_db_handler->get_last_id();
336
- $send_id=$last_id[0]->max;
337
- $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
338
- $malicious_last_scan= get_site_option('mo_wpns_infected_files');
339
- $warning_last_scan = get_site_option('mo_wpns_warning_files');
340
- if($total_scan > 999){
341
- $total_scan=($total_scan/1000);
342
- $total_scan= round($total_scan,1)."k";
343
- }
344
- if($total_malicious > 999){
345
- $total_malicious=($total_malicious/1000);
346
- $total_malicious= round($total_malicious,1)."k";
347
- }
348
- if($last_scan > 999){
349
- $last_scan = ($last_scan/1000);
350
- $last_scan = round($last_scan,1)."k";
351
- }
352
- if($stop_scan){
353
- $status="ABORTED";
354
- $result = array("status"=>$status, 'total_files'=>$total_scan,"AverageFileTime"=>$averageFileScanTime, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
355
- wp_send_json($result);
356
- }
357
- $result = array("status"=>$status, 'total_files'=>$total_scan, 'total_mal'=>$total_malicious,"AverageFileTime"=>$averageFileScanTime, 'scan_files'=>$total_files, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
358
- wp_send_json($result);
359
- }
360
- }
361
-
362
- function mo_wpns_stop_scan(){
363
- update_site_option('mo_stop_scan','1');
364
- $mo2f_malware_db_handler = new MoWpnsDB();
365
- $mo2f_malware_db_handler->delete_files_parts();
366
- wp_send_json('success');
367
- }
368
-
369
-
370
-
371
-
372
-
373
-
374
- function mo_wpns_get_scan_result(){
375
- $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
376
- $status=$decoded_scan_configuration->scan_progress;
377
- $mo_wpns_db_handler = new MoWpnsDB();
378
- $result = $mo_wpns_db_handler->get_report();
379
- $str1= $_SERVER['REQUEST_URI'];
380
- $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
381
- $currenturl = remove_query_arg('delete',$str1);
382
- $currenturl = remove_query_arg('view',$currenturl);
383
- $currenturl = remove_query_arg('trust',$currenturl);
384
- $currenturl = remove_query_arg('trustchanged',$currenturl);
385
- $htmldata = "";
386
- if(!empty($result)){
387
- foreach($result as $report){
388
- if(empty($report->scan_mode)){
389
- $report->scan_mode="Custom Scan";
390
- }
391
- $repo_count = $report->repo_issues >= 0 ? $report->repo_issues : 0;
392
- $htmldata .= "<tr><td style=text-align:center>".$report->scan_mode."</td>";
393
- $htmldata .= "<td style=text-align:center>";
394
- if(!empty($report->scanned_folders)){
395
- foreach(explode(";",$report->scanned_folders) as $folder){
396
- if(!empty($folder)){
397
- $htmldata .= $folder."<br>";
398
- }
399
- }
400
- }
401
- $htmldata .= "</td><td style=text-align:center>";
402
- $htmldata .= "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
403
- $htmldata .= "<span style=color:red id=malicious_files>".$report->malware_count." malware found<br></span>";
404
- if($report->repo_issues < 0){
405
- $htmldata .= "<span style=color:orange id=malicious_files>Issues with repository check<br></span>";
406
- }
407
- $htmldata .= "<span style=color:orange id=warning_files>".($repo_count+$report->malicious_links)." warnings found</span>";
408
- $htmldata .= "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
409
- $htmldata .= "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
410
- $htmldata .= "</tr>";
411
-
412
- }
413
- }else{
414
- $htmldata .= '<tr class="odd"><td valign="top" colspan="5" class="dataTables_empty">No data available in table</td></tr>';
415
- }
416
- wp_send_json($htmldata);
417
-
418
- }
419
- }
420
- new Mo_wpns_scan_malware();
421
- ?>
1
+ <?php
2
+ class Mo_wpns_scan_malware
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_malware_scanner_functions' ) );
6
+
7
+ }
8
+
9
+ public function mo_wpns_malware_scanner_functions(){
10
+ add_action('wp_ajax_mo_wpns_malware_redirect', array( $this, 'mo_wpns_malware_redirect' ));
11
+
12
+
13
+ }
14
+
15
+ public function mo_wpns_malware_redirect(){
16
+ switch (sanitize_text_field(wp_unslash($_POST['call_type'])))
17
+ {
18
+ case "submit_malware_settings_form":
19
+ $this->mo_wpns_save_malware_config_form($_POST);
20
+ break;
21
+ case "malware_scan_initiate":
22
+ $this->mo_wpns_start_malware_scan($_POST);
23
+ break;
24
+ case "wpns_enable_tour":
25
+ update_option('skip_tour', 0);
26
+ break;
27
+ case "wpns_disable_tour":
28
+ update_option('skip_tour', 1);
29
+ break;
30
+ case "malware_progress_bar":
31
+ $this->mo_wpns_get_progress();
32
+ break;
33
+ case "malware_scan_last_result":
34
+ $this->mo_wpns_get_scan_result();
35
+ break;
36
+ case "malware_scan_terminate":
37
+ $this->mo_wpns_stop_scan();
38
+ break;
39
+
40
+ }
41
+ }
42
+
43
+ public function mo_wpns_save_malware_config_form($POSTED){
44
+ $nonce = $POSTED['nonce'];
45
+ if ( ! wp_verify_nonce( $nonce, 'mo-wpns-scan-settings' ) ){
46
+ wp_send_json('ERROR');
47
+ return;
48
+ }
49
+ if(! isset($POSTED['scan_plugin']) && ! isset($POSTED['scan_themes']) && ! isset($POSTED['scan_core'])){
50
+ wp_send_json('folder_error');
51
+ }elseif (! isset($POSTED['vulnerable_check']) && ! isset($POSTED['sql_check']) && ! isset($POSTED['rfi_check']) && ! isset($POSTED['ext_link']) && ! isset($POSTED['repo_check'])) {
52
+ wp_send_json('level_error');
53
+ }
54
+ else{
55
+ $mo_wpns_scan_plugins=isset($POSTED['scan_plugin']) ? sanitize_text_field($POSTED['scan_plugin']) : 0;
56
+ $mo_wpns_scan_themes=isset($POSTED['scan_themes']) ? sanitize_text_field($POSTED['scan_themes']) : 0;
57
+ $mo_wpns_scan_wp_files= isset($POSTED['scan_core']) ? sanitize_text_field($POSTED['scan_core']) : 0;
58
+ $mo_wpns_scan_files_extensions= sanitize_text_field($POSTED['file_type']);
59
+ $mo_wpns_check_vulnerable_code=isset($POSTED['vulnerable_check']) ? sanitize_text_field($POSTED['vulnerable_check']) : 0;
60
+ $mo_wpns_check_sql_injection=isset($POSTED['sql_check']) ? sanitize_text_field($POSTED['sql_check']) : 0;
61
+ $mo_wpns_check_external_link=isset($POSTED['ext_link']) ? sanitize_text_field($POSTED['ext_link']) : 0;
62
+ $mo_wpns_scan_files_with_repo=isset($POSTED['repo_check']) ? sanitize_text_field($POSTED['repo_check']) : 0;
63
+ $folders_to_skip= sanitize_text_field($POSTED['skip_path']);
64
+ $folders_to_skip = str_replace('\\\\', '/', $folders_to_skip);
65
+ $str="";
66
+
67
+ $mo_wpns_skip_folders="";
68
+ if(!empty($folders_to_skip)){
69
+ $folders_to_skip_array=explode(";",$folders_to_skip);
70
+ for($i=0; $i< count($folders_to_skip_array); $i++){
71
+ if(is_dir($folders_to_skip_array[$i])){
72
+ $str.= $folders_to_skip_array[$i];
73
+ if($i!= count($folders_to_skip_array)-1){
74
+ $str.=";";
75
+ }
76
+ }elseif($folders_to_skip_array[$i] == ''){
77
+ $str.= $folders_to_skip_array[$i];
78
+ }
79
+ else{
80
+ wp_send_json('path_error');
81
+ }
82
+ }
83
+ $mo_wpns_skip_folders=$str;
84
+ }else{
85
+ $mo_wpns_skip_folders=$folders_to_skip;
86
+ }
87
+
88
+ $scan_configuration = array(
89
+ 'plugin_scan' => $mo_wpns_scan_plugins,
90
+ 'theme_scan' => $mo_wpns_scan_themes,
91
+ 'core_scan' => $mo_wpns_scan_wp_files,
92
+ 'file_extension' => $mo_wpns_scan_files_extensions,
93
+ 'check_vulnerable' => $mo_wpns_check_vulnerable_code,
94
+ 'check_sql' => $mo_wpns_check_sql_injection,
95
+ 'ext_link_check' => $mo_wpns_check_external_link,
96
+ 'check_repo' => $mo_wpns_scan_files_with_repo,
97
+ 'path_skip' => $mo_wpns_skip_folders,
98
+ 'type_scan' => "",
99
+ );
100
+
101
+ $encoded_scan_configuration=json_encode($scan_configuration);
102
+ update_site_option("mo_wpns_scan_configuration",$encoded_scan_configuration);
103
+ wp_send_json('save_success');
104
+ }
105
+ }
106
+
107
+ public function mo_wpns_start_malware_scan($POSTED){
108
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
109
+ if(isset($decoded_scan_configuration)){
110
+ $status = $decoded_scan_configuration->scan_progress;
111
+ }else{
112
+ $status=false;
113
+ $scan_mode=false;
114
+ }
115
+ if($status == "IN PROGRESS"){
116
+ wp_send_json('scanning_already');
117
+ }
118
+ global $moWpnsUtility, $mo2f_dirName;
119
+
120
+ $mo_wpns_scan_handler = new Mo_wpns_Scan_Handler_Cron();
121
+ $mo2f_malware_db_handler = new MoWpnsDB();
122
+
123
+ $current_time= time();
124
+ update_site_option('mo_wpns_last_scan_time', $current_time);
125
+ $plugin_current= get_plugins();
126
+ update_site_option('mo_wpns_last_plugins', $plugin_current);
127
+ $args=array();
128
+ $theme_current= wp_get_themes($args);
129
+ update_site_option('mo_wpns_last_themes', $theme_current);
130
+ update_site_option('malware_notification_option',1);
131
+
132
+ update_site_option('mo2f_scan_initialize', 0);
133
+ update_site_option('mo_wpns_hide_malware_popup', 1);
134
+
135
+ $mo_wpns_malware_scan_in_progress="IN PROGRESS";
136
+ $mo_wpns_files_scanned=0;
137
+ $mo_wpns_infected_files=0;
138
+ $mo_wpns_warning_files=0;
139
+ $wordpress_download_status=false;
140
+
141
+ update_site_option('mo_wpns_infected_files',0);
142
+ update_site_option('mo_wpns_warning_files',0);
143
+ update_site_option('mo2f_files_skipped', 0);
144
+ update_site_option('mo2f_file_size_excess', 0);
145
+ update_site_option('mo2f_download_done', 0);
146
+
147
+
148
+ $scan_status = array(
149
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
150
+ 'files_scanned' => $mo_wpns_files_scanned,
151
+ 'infected_files' => $mo_wpns_infected_files,
152
+ 'warning_files' => $mo_wpns_warning_files,
153
+ 'total_files' => 0,
154
+ 'check_with_repo' => 0,
155
+ 'extlink_check' => 0,
156
+ 'scan_mode' => "",
157
+ 'average_time_each_file' => 0,
158
+ 'total_files_processed' => 0,
159
+ 'status_download_time' => $wordpress_download_status
160
+ );
161
+
162
+ $encoded_scan_status=json_encode($scan_status);
163
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
164
+
165
+
166
+ $mo2f_malware_db_handler->delete_files_parts();
167
+
168
+ if(isset($POSTED['scan']) && $POSTED['scan']=='scan_start'){
169
+ $scan_configuration = array();
170
+ switch($POSTED['scantype'])
171
+ {
172
+ case "quick_scan":
173
+ $nonce = $POSTED['nonce'];
174
+ if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
175
+ wp_send_json('ERROR');
176
+ return;
177
+ }
178
+ $scan_configuration = MoWpnsConstants::$quick_scan_configuration;
179
+ update_site_option('mo_wpns_scan_mode','quick_scan');
180
+ $scan_status = array(
181
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
182
+ 'files_scanned' => $mo_wpns_files_scanned,
183
+ 'infected_files' => $mo_wpns_infected_files,
184
+ 'warning_files' => $mo_wpns_warning_files,
185
+ 'total_files' => 0,
186
+ 'check_with_repo' => 0,
187
+ 'extlink_check' => 0,
188
+ 'average_time_each_file' => 0,
189
+ 'total_files_processed' => 0,
190
+ 'scan_mode' => "quick_scan",
191
+ 'status_download_time' => $wordpress_download_status
192
+ );
193
+
194
+ $encoded_scan_status=json_encode($scan_status);
195
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
196
+ $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
197
+ break;
198
+ case "standard_scan":
199
+ $nonce = $POSTED['nonce'];
200
+ if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
201
+ wp_send_json('ERROR');
202
+ return;
203
+ }
204
+ $scan_configuration = MoWpnsConstants::$standard_scan_configuration;
205
+ update_site_option('mo_wpns_scan_mode','standard_scan');
206
+ $scan_status = array(
207
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
208
+ 'files_scanned' => $mo_wpns_files_scanned,
209
+ 'infected_files' => $mo_wpns_infected_files,
210
+ 'warning_files' => $mo_wpns_warning_files,
211
+ 'total_files' => 0,
212
+ 'check_with_repo' => 1,
213
+ 'extlink_check' => 1,
214
+ 'total_files_processed' => 0,
215
+ 'average_time_each_file' => 0,
216
+ 'scan_mode' => "standard_scan",
217
+ 'status_download_time' => $wordpress_download_status
218
+ );
219
+
220
+ $encoded_scan_status=json_encode($scan_status);
221
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
222
+ $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
223
+ break;
224
+ case "custom_scan":
225
+ $nonce = $POSTED['nonce'];
226
+ if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
227
+ wp_send_json('ERROR');
228
+ return;
229
+ }
230
+ $decode_scan_configuration=json_decode(get_site_option("mo_wpns_scan_configuration"));
231
+ if(is_null($decode_scan_configuration))
232
+ {
233
+ delete_option("mo_wpns_scan_status",$encoded_scan_status);
234
+ wp_send_json("RECONFIGURE");
235
+ }
236
+
237
+ $scan_configuration = array('plugin_scan' => $decode_scan_configuration->plugin_scan,
238
+ 'theme_scan' => $decode_scan_configuration->theme_scan,
239
+ 'core_scan' => $decode_scan_configuration->core_scan,
240
+ 'file_extension' => $decode_scan_configuration->file_extension,
241
+ 'check_vulnerable' => $decode_scan_configuration->check_vulnerable,
242
+ 'check_sql' => $decode_scan_configuration->check_sql,
243
+ 'ext_link_check' => $decode_scan_configuration->ext_link_check,
244
+ 'check_repo' => $decode_scan_configuration->check_repo,
245
+ 'path_skip' => $decode_scan_configuration->path_skip,
246
+ 'type_scan' => "Custom Scan"
247
+ );
248
+
249
+
250
+ $scan_status = array(
251
+ 'scan_progress' => $mo_wpns_malware_scan_in_progress,
252
+ 'files_scanned' => $mo_wpns_files_scanned,
253
+ 'infected_files' => $mo_wpns_infected_files,
254
+ 'warning_files' => $mo_wpns_warning_files,
255
+ 'total_files' => 0,
256
+ 'extlink_check' => $decode_scan_configuration->ext_link_check,
257
+ 'check_with_repo' => $decode_scan_configuration->check_repo,
258
+ 'average_time_each_file' => 0,
259
+ 'total_files_processed' => 0,
260
+ 'scan_mode' => "custom_scan",
261
+ 'status_download_time' => $wordpress_download_status
262
+ );
263
+
264
+ $encoded_scan_status=json_encode($scan_status);
265
+ update_site_option("mo_wpns_scan_status",$encoded_scan_status);
266
+ update_site_option('mo_wpns_scan_mode','custom_scan');
267
+ update_site_option('mo2f_custom_scan_config', $scan_configuration);
268
+ $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
269
+ break;
270
+ }
271
+ }
272
+ }
273
+
274
+
275
+ public function mo_wpns_get_progress(){
276
+
277
+ $decoded_scan_status=json_decode(get_site_option('mo_wpns_scan_status'));
278
+ $status= $decoded_scan_status->scan_progress;
279
+ $files_scanned= $decoded_scan_status->files_scanned;
280
+ $total_files = $decoded_scan_status->total_files;
281
+ $check_repo = $decoded_scan_status->check_with_repo;
282
+ $extlink_check = $decoded_scan_status->extlink_check;
283
+ $scan_mode= $decoded_scan_status->scan_mode;
284
+ $status_download= $decoded_scan_status->status_download_time;
285
+ $averageFileScanTime= $decoded_scan_status->average_time_each_file;
286
+ $total_files_processed= $decoded_scan_status->total_files_processed;
287
+ if($status_download != false && $status == "IN PROGRESS"){
288
+ $time_spent_in_downloading= time()-$status_download;
289
+
290
+ if($time_spent_in_downloading > 600){
291
+ $mo2f_malware_db_handler = new MoWpnsDB();
292
+ $reportid= get_site_option('mo2f_report_id');
293
+ $last_report = $mo2f_malware_db_handler->get_report_with_id($reportid);
294
+ if(!empty($last_report)){
295
+ $issue = $last_report[0]->repo_key;
296
+ $repo_key = get_site_option('mo2f_current_repo_key');
297
+ if($repo_key == 'core'){
298
+ $issue.= "WordPress Core Files;";
299
+ }else{
300
+ $issue.= $repo_key.";";
301
+ }
302
+ $mo2f_malware_db_handler->mo2f_update_repo_issue($reportid, $issue);
303
+ }
304
+ $scan_mode = get_site_option('mo_wpns_scan_mode');
305
+ if ( $scan_mode == 'Quick Scan' ) {
306
+ $scan_config = MoWpnsConstants::$quick_scan_configuration;
307
+ } elseif ( $scan_mode == 'Standard Scan' ) {
308
+ $scan_config = MoWpnsConstants::$standard_scan_configuration;
309
+ } else {
310
+ $scan_config = get_site_option( 'mo2f_custom_scan_config' );
311
+ }
312
+ $uploads_dir = wp_upload_dir();
313
+ $uploads_path= $uploads_dir['basedir'];
314
+ $repo_file_path = $uploads_path . DIRECTORY_SEPARATOR . "miniorangescan";
315
+ $scanverification = get_site_option( "mo2f_scanverification" );
316
+ $req_obj = new mo2f_scanner_parts();
317
+ $req_obj->mo2f_make_next_request($scan_config, $reportid, $scanverification, $repo_file_path);
318
+ }
319
+ }
320
+ $repo_scan=0;
321
+ if($scan_mode == "standard_scan" || ($scan_mode == "custom_scan" && $check_repo == 1)){
322
+ $repo_scan=1;
323
+ }
324
+ if($status == "IN PROGRESS"){
325
+ $result=array("status"=>$status, "scanned"=>$files_scanned, "total"=>$total_files, "repo_scan"=> $repo_scan,"extlink_check"=> $extlink_check,"AverageFileTime"=>$averageFileScanTime,"total_files_processed"=>$total_files_processed);
326
+ wp_send_json($result);
327
+ }
328
+ else{
329
+ //stop scan check
330
+ $stop_scan=get_site_option('mo_stop_scan');
331
+
332
+ $mo_wpns_db_handler = new MoWpnsDB();
333
+ $total_scan=$mo_wpns_db_handler->count_files();
334
+ $total_malicious=$mo_wpns_db_handler->count_malicious_files();
335
+ $last_id=$mo_wpns_db_handler->get_last_id();
336
+ $send_id=$last_id[0]->max;
337
+ $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
338
+ $malicious_last_scan= get_site_option('mo_wpns_infected_files');
339
+ $warning_last_scan = get_site_option('mo_wpns_warning_files');
340
+ if($total_scan > 999){
341
+ $total_scan=($total_scan/1000);
342
+ $total_scan= round($total_scan,1)."k";
343
+ }
344
+ if($total_malicious > 999){
345
+ $total_malicious=($total_malicious/1000);
346
+ $total_malicious= round($total_malicious,1)."k";
347
+ }
348
+ if($last_scan > 999){
349
+ $last_scan = ($last_scan/1000);
350
+ $last_scan = round($last_scan,1)."k";
351
+ }
352
+ if($stop_scan){
353
+ $status="ABORTED";
354
+ $result = array("status"=>$status, 'total_files'=>$total_scan,"AverageFileTime"=>$averageFileScanTime, 'total_mal'=>$total_malicious, 'scan_files'=>$last_scan, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
355
+ wp_send_json($result);
356
+ }
357
+ $result = array("status"=>$status, 'total_files'=>$total_scan, 'total_mal'=>$total_malicious,"AverageFileTime"=>$averageFileScanTime, 'scan_files'=>$total_files, 'mal_files'=>$malicious_last_scan, 'warnings'=>$warning_last_scan,"total_files_processed"=>$total_files_processed);
358
+ wp_send_json($result);
359
+ }
360
+ }
361
+
362
+ function mo_wpns_stop_scan(){
363
+ update_site_option('mo_stop_scan','1');
364
+ $mo2f_malware_db_handler = new MoWpnsDB();
365
+ $mo2f_malware_db_handler->delete_files_parts();
366
+ wp_send_json('success');
367
+ }
368
+
369
+
370
+
371
+
372
+
373
+
374
+ function mo_wpns_get_scan_result(){
375
+ $decoded_scan_configuration=json_decode(get_site_option('mo_wpns_scan_status'));
376
+ $status=$decoded_scan_configuration->scan_progress;
377
+ $mo_wpns_db_handler = new MoWpnsDB();
378
+ $result = $mo_wpns_db_handler->get_report();
379
+ $str1= $_SERVER['REQUEST_URI'];
380
+ $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
381
+ $currenturl = remove_query_arg('delete',$str1);
382
+ $currenturl = remove_query_arg('view',$currenturl);
383
+ $currenturl = remove_query_arg('trust',$currenturl);
384
+ $currenturl = remove_query_arg('trustchanged',$currenturl);
385
+ $htmldata = "";
386
+ if(!empty($result)){
387
+ foreach($result as $report){
388
+ if(empty($report->scan_mode)){
389
+ $report->scan_mode="Custom Scan";
390
+ }
391
+ $repo_count = $report->repo_issues >= 0 ? $report->repo_issues : 0;
392
+ $htmldata .= "<tr><td style=text-align:center>".$report->scan_mode."</td>";
393
+ $htmldata .= "<td style=text-align:center>";
394
+ if(!empty($report->scanned_folders)){
395
+ foreach(explode(";",$report->scanned_folders) as $folder){
396
+ if(!empty($folder)){
397
+ $htmldata .= $folder."<br>";
398
+ }
399
+ }
400
+ }
401
+ $htmldata .= "</td><td style=text-align:center>";
402
+ $htmldata .= "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
403
+ $htmldata .= "<span style=color:red id=malicious_files>".$report->malware_count." malware found<br></span>";
404
+ if($report->repo_issues < 0){
405
+ $htmldata .= "<span style=color:orange id=malicious_files>Issues with repository check<br></span>";
406
+ }
407
+ $htmldata .= "<span style=color:orange id=warning_files>".($repo_count+$report->malicious_links)." warnings found</span>";
408
+ $htmldata .= "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
409
+ $htmldata .= "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
410
+ $htmldata .= "</tr>";
411
+
412
+ }
413
+ }else{
414
+ $htmldata .= '<tr class="odd"><td valign="top" colspan="5" class="dataTables_empty">No data available in table</td></tr>';
415
+ }
416
+ wp_send_json($htmldata);
417
+
418
+ }
419
+ }
420
+ new Mo_wpns_scan_malware();
421
+ ?>
controllers/malware_scanner/malware_scan_result.php CHANGED
@@ -1,41 +1,41 @@
1
- <?php
2
-
3
- function showScanResults(){
4
- $mo_wpns_db_handler = new MoWpnsDB();
5
- if(isset($_GET['view'])){
6
- if(isset($_GET['trust'])){
7
- $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
- }
9
- elseif(isset($_GET['trustchanged'])){
10
- $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
- }
12
- $last_id=$mo_wpns_db_handler->get_last_id();
13
- $send_id=$last_id[0]->max;
14
- $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
15
- $listofignorefiles = $mo_wpns_db_handler->getlistofignorefiles();
16
- $ignorefiles = array();
17
- foreach($listofignorefiles as $row)
18
- $ignorefiles[$row->path] = array('signature'=>$row->signature,"id"=>$row->id);
19
-
20
- $result = $mo_wpns_db_handler->get_report_with_id($_GET['view']);
21
- if(sizeof($result)>0){
22
- $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
23
- show_scan_details($detailreport, $result, $ignorefiles, $last_scan);
24
- }
25
- }
26
- else{
27
- $str1= $_SERVER['REQUEST_URI'];
28
- $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
29
- $currenturl = remove_query_arg('delete',$str1);
30
- $currenturl = remove_query_arg('view',$currenturl);
31
- $currenturl = remove_query_arg('trust',$currenturl);
32
- $currenturl = remove_query_arg('trustchanged',$currenturl);
33
- if(isset($_GET['delete'])){
34
- $mo_wpns_db_handler->delete_report($_GET['delete']);
35
- }
36
- $result = $mo_wpns_db_handler->get_report();
37
- show_scan_report($currenturl, $result);
38
- }
39
- }
40
-
41
  ?>
1
+ <?php
2
+
3
+ function showScanResults(){
4
+ $mo_wpns_db_handler = new MoWpnsDB();
5
+ if(isset($_GET['view'])){
6
+ if(isset($_GET['trust'])){
7
+ $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
+ }
9
+ elseif(isset($_GET['trustchanged'])){
10
+ $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
+ }
12
+ $last_id=$mo_wpns_db_handler->get_last_id();
13
+ $send_id=$last_id[0]->max;
14
+ $last_scan=$mo_wpns_db_handler->count_files_last_scan($send_id);
15
+ $listofignorefiles = $mo_wpns_db_handler->getlistofignorefiles();
16
+ $ignorefiles = array();
17
+ foreach($listofignorefiles as $row)
18
+ $ignorefiles[$row->path] = array('signature'=>$row->signature,"id"=>$row->id);
19
+
20
+ $result = $mo_wpns_db_handler->get_report_with_id($_GET['view']);
21
+ if(sizeof($result)>0){
22
+ $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
23
+ show_scan_details($detailreport, $result, $ignorefiles, $last_scan);
24
+ }
25
+ }
26
+ else{
27
+ $str1= $_SERVER['REQUEST_URI'];
28
+ $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
29
+ $currenturl = remove_query_arg('delete',$str1);
30
+ $currenturl = remove_query_arg('view',$currenturl);
31
+ $currenturl = remove_query_arg('trust',$currenturl);
32
+ $currenturl = remove_query_arg('trustchanged',$currenturl);
33
+ if(isset($_GET['delete'])){
34
+ $mo_wpns_db_handler->delete_report($_GET['delete']);
35
+ }
36
+ $result = $mo_wpns_db_handler->get_report();
37
+ show_scan_report($currenturl, $result);
38
+ }
39
+ }
40
+
41
  ?>
controllers/navbar.php CHANGED
@@ -1,95 +1,95 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
- {
8
- case "mo_wpns_2fa_with_network_security":
9
- $security_features = new Mo_2fa_security_features();
10
- $security_features->wpns_2fa_with_network_security($_POST); break;
11
- }
12
- }
13
- $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
-
15
- if( isset( $_GET[ 'page' ])){
16
- $tab_count= get_site_option('mo2f_tab_count', 0);
17
- if($tab_count == 5)
18
- update_site_option('mo_2f_switch_all', 1);
19
- else
20
- update_site_option('mo_2f_switch_all', 0);
21
- switch($_GET['page'])
22
- {
23
- case 'mo_2fa_login_and_spam':
24
- update_option('mo_2f_switch_loginspam', 1);
25
- if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
- break;
28
- case 'mo_2fa_backup':
29
- update_option('mo_2f_switch_backup', 1);
30
- if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
- break;
33
- case 'mo_2fa_waf':
34
- update_option('mo_2f_switch_waf', 1);
35
- if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
- break;
38
- case 'mo_2fa_advancedblocking':
39
- update_option('mo_2f_switch_adv_block', 1);
40
- if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
- break;
43
-
44
- case 'mo_2fa_malwarescan':
45
- update_option('mo_2f_switch_malware', 1);
46
- if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
- break;
49
- }
50
- }
51
- $profile_url = add_query_arg( array('page' => 'mo_2fa_account' ), $_SERVER['REQUEST_URI'] );
52
- $login_security = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
53
- $waf = add_query_arg( array('page' => 'mo_2fa_waf' ), $_SERVER['REQUEST_URI'] );
54
- $login_and_spam = add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), $_SERVER['REQUEST_URI'] );
55
- $register_url = add_query_arg( array('page' => 'registration' ), $_SERVER['REQUEST_URI'] );
56
- $blocked_ips = add_query_arg( array('page' => 'mo_2fa_blockedips' ), $_SERVER['REQUEST_URI'] );
57
- $advance_block = add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), $_SERVER['REQUEST_URI'] );
58
- $notif_url = add_query_arg( array('page' => 'mo_2fa_notifications' ), $_SERVER['REQUEST_URI'] );
59
- $reports_url = add_query_arg( array('page' => 'mo_2fa_reports' ), $_SERVER['REQUEST_URI'] );
60
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI'] );
61
- $help_url = add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), $_SERVER['REQUEST_URI'] );
62
- $addons_url = add_query_arg( array('page' => 'mo_2fa_addons' ), $_SERVER['REQUEST_URI'] );
63
- $content_protect= add_query_arg( array('page' => 'content_protect' ), $_SERVER['REQUEST_URI'] );
64
- $backup = add_query_arg( array('page' => 'mo_2fa_backup' ), $_SERVER['REQUEST_URI'] );
65
- $scan_url = add_query_arg( array('page' => 'mo_2fa_malwarescan' ), $_SERVER['REQUEST_URI'] );
66
- $two_fa = add_query_arg( array('page' => 'mo_2fa_two_fa' ), $_SERVER['REQUEST_URI'] );
67
- //Added for new design
68
- $dashboard_url = add_query_arg(array('page' => 'mo_2fa_dashboard' ), $_SERVER['REQUEST_URI']);
69
- $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
70
- $request_demo_url = add_query_arg(array('page' => 'mo_2fa_request_demo' ), $_SERVER['REQUEST_URI']);
71
- $request_offer_url = add_query_arg(array('page' => 'mo_2fa_request_offer' ), $_SERVER['REQUEST_URI']);
72
- $trial_url = add_query_arg( array('page' => 'mo_2fa_trial' ), $_SERVER['REQUEST_URI'] );
73
-
74
- //dynamic
75
- $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
76
- $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-2fa-and-password.png';
77
- $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_default_login_form.png';
78
- $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
79
- $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
80
-
81
- $moPluginHandler= new MoWpnsHandler();
82
- $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
83
-
84
- $active_tab = $_GET['page'];
85
-
86
- $user_id = get_current_user_id();
87
- $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
88
- $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
89
- if(is_array($backup_codes_remaining)){
90
- $backup_codes_remaining = sizeof($backup_codes_remaining);
91
- }else{
92
- $backup_codes_remaining = 0;
93
- }
94
-
95
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
+ {
8
+ case "mo_wpns_2fa_with_network_security":
9
+ $security_features = new Mo_2fa_security_features();
10
+ $security_features->wpns_2fa_with_network_security($_POST); break;
11
+ }
12
+ }
13
+ $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
+
15
+ if( isset( $_GET[ 'page' ])){
16
+ $tab_count= get_site_option('mo2f_tab_count', 0);
17
+ if($tab_count == 5)
18
+ update_site_option('mo_2f_switch_all', 1);
19
+ else
20
+ update_site_option('mo_2f_switch_all', 0);
21
+ switch($_GET['page'])
22
+ {
23
+ case 'mo_2fa_login_and_spam':
24
+ update_option('mo_2f_switch_loginspam', 1);
25
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
+ break;
28
+ case 'mo_2fa_backup':
29
+ update_option('mo_2f_switch_backup', 1);
30
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
+ break;
33
+ case 'mo_2fa_waf':
34
+ update_option('mo_2f_switch_waf', 1);
35
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
+ break;
38
+ case 'mo_2fa_advancedblocking':
39
+ update_option('mo_2f_switch_adv_block', 1);
40
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
+ break;
43
+
44
+ case 'mo_2fa_malwarescan':
45
+ update_option('mo_2f_switch_malware', 1);
46
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
+ break;
49
+ }
50
+ }
51
+ $profile_url = esc_url(add_query_arg( array('page' => 'mo_2fa_account' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
52
+ $login_security = esc_url(add_query_arg( array('page' => 'default' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
53
+ $waf = esc_url(add_query_arg( array('page' => 'mo_2fa_waf' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
54
+ $login_and_spam = esc_url(add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
55
+ $register_url = esc_url(add_query_arg( array('page' => 'registration' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
56
+ $blocked_ips = esc_url(add_query_arg( array('page' => 'mo_2fa_blockedips' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
57
+ $advance_block = esc_url(add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
58
+ $notif_url = esc_url(add_query_arg( array('page' => 'mo_2fa_notifications' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
59
+ $reports_url = esc_url(add_query_arg( array('page' => 'mo_2fa_reports' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
60
+ $license_url = esc_url(add_query_arg( array('page' => 'mo_2fa_upgrade' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
61
+ $help_url = esc_url(add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
62
+ $addons_url = esc_url(add_query_arg( array('page' => 'mo_2fa_addons' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
63
+ $content_protect= esc_url(add_query_arg( array('page' => 'content_protect' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
64
+ $backup = esc_url(add_query_arg( array('page' => 'mo_2fa_backup' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
65
+ $scan_url = esc_url(add_query_arg( array('page' => 'mo_2fa_malwarescan' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
66
+ $two_fa = esc_url(add_query_arg( array('page' => 'mo_2fa_two_fa' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
67
+ //Added for new design
68
+ $dashboard_url = esc_url(add_query_arg(array('page' => 'mo_2fa_dashboard' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
69
+ $upgrade_url = esc_url(add_query_arg(array('page' => 'mo_2fa_upgrade' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
70
+ $request_demo_url = esc_url(add_query_arg(array('page' => 'mo_2fa_request_demo' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
71
+ $request_offer_url = esc_url(add_query_arg(array('page' => 'mo_2fa_request_offer' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
72
+ $trial_url = esc_url(add_query_arg( array('page' => 'mo_2fa_trial' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
73
+
74
+ //dynamic
75
+ $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
76
+ $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-2fa-and-password.png';
77
+ $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_default_login_form.png';
78
+ $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
79
+ $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
80
+
81
+ $moPluginHandler= new MoWpnsHandler();
82
+ $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
83
+
84
+ $active_tab = $_GET['page'];
85
+
86
+ $user_id = get_current_user_id();
87
+ $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
88
+ $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
89
+ if(is_array($backup_codes_remaining)){
90
+ $backup_codes_remaining = sizeof($backup_codes_remaining);
91
+ }else{
92
+ $backup_codes_remaining = 0;
93
+ }
94
+
95
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
controllers/notification-settings.php CHANGED
@@ -1,98 +1,98 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
-
5
- $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
- $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
-
8
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
- {
10
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
11
- {
12
- case "mo_wpns_enable_ip_blocked_email_to_admin":
13
- wpns_handle_notify_admin_on_ip_block($_POST); break;
14
- case "mo_wpns_enable_unusual_activity_email_to_user":
15
- wpns_handle_notify_unusual_activity($_POST); break;
16
- case "custom_user_template":
17
- wpns_handle_custom_template($_POST['custom_user_template']); break;
18
- case "mo_wpns_get_manual_email" :
19
- wpns_handle_admin_email($_POST); break;
20
- case "custom_admin_template":
21
- wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
- }
23
- }
24
- if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
- update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
- $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "" : "unchacked";
27
- }
28
- $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "checked" : "";
29
- $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
-
31
- $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
- $template_type1 = 'custom_admin_template';
33
- $ip_blocking_template = array(
34
- 'textarea_name' => 'custom_admin_template',
35
- 'wpautop' => false
36
- );
37
- $fromEmail = get_option('mo2f_email');
38
- $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
- $template_type2 = 'custom_user_template';
40
- $user_activity_template = array(
41
- 'textarea_name' => 'custom_user_template',
42
- 'wpautop' => false
43
- );
44
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
-
46
-
47
-
48
- function wpns_handle_admin_email($postValue)
49
- {
50
- $email = sanitize_email($_POST['admin_email_address']);
51
- if(validate_email($email)){
52
- $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
53
- update_option('admin_email_address',$email);
54
- update_option( 'admin_email_address_status', $admin_email_address_status);
55
- do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
56
- }else{
57
- do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
58
- }
59
- }
60
- function validate_email($str) {
61
- return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
62
- }
63
-
64
-
65
- function wpns_handle_notify_admin_on_ip_block($postValue)
66
- {
67
- $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
68
- update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
69
-
70
- if($enable_ip_blocked_email_to_admin)
71
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
72
- else
73
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
74
- }
75
-
76
-
77
- function wpns_handle_notify_unusual_activity($postValue)
78
- {
79
- $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
80
- update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
81
-
82
- if($enable_unusual_activity_email_to_user)
83
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
84
- else
85
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
86
- }
87
-
88
-
89
- function wpns_handle_custom_template($template1,$template2=null)
90
- {
91
- if(!is_null($template1))
92
- update_option('custom_user_template', stripslashes($template1));
93
-
94
- if(!is_null($template2))
95
- update_option('custom_admin_template', stripslashes($template2));
96
-
97
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
98
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+
5
+ $template1 = "Hello,<br><br>The user with IP Address <b>##ipaddress##</b> has exceeded allowed trasaction limit on your website <b>".get_bloginfo()."</b> and we have blocked his IP address for further access to website.<br><br>You can login to your WordPress dashaboard to check more details.<br><br>Thanks,<br>miniOrange";
6
+ $template2 = "Hello ##username##,<br><br>Your account was logged in from new IP Address <b>##ipaddress##</b> on website <b>".get_bloginfo()."</b>. Please <a href='mailto:".MoWpnsConstants::SUPPORT_EMAIL."'>contact us</a> if you don't recognise this activity.<br><br>Thanks,<br>".get_bloginfo();
7
+
8
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
9
+ {
10
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
11
+ {
12
+ case "mo_wpns_enable_ip_blocked_email_to_admin":
13
+ wpns_handle_notify_admin_on_ip_block($_POST); break;
14
+ case "mo_wpns_enable_unusual_activity_email_to_user":
15
+ wpns_handle_notify_unusual_activity($_POST); break;
16
+ case "custom_user_template":
17
+ wpns_handle_custom_template($_POST['custom_user_template']); break;
18
+ case "mo_wpns_get_manual_email" :
19
+ wpns_handle_admin_email($_POST); break;
20
+ case "custom_admin_template":
21
+ wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
+ }
23
+ }
24
+ if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
25
+ update_option('mo_wpns_enable_ip_blocked_email_to_admin','0');
26
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "" : "unchacked";
27
+ }
28
+ $notify_admin_on_ip_block = MoWpnsUtility::get_mo2f_db_option('mo_wpns_enable_ip_blocked_email_to_admin', 'get_option') ? "checked" : "";
29
+ $notify_admin_unusual_activity = get_option('mo_wpns_enable_unusual_activity_email_to_user') ? "checked" : "";
30
+
31
+ $template1 = get_option('custom_admin_template') ? get_option('custom_admin_template') : $template1;
32
+ $template_type1 = 'custom_admin_template';
33
+ $ip_blocking_template = array(
34
+ 'textarea_name' => 'custom_admin_template',
35
+ 'wpautop' => false
36
+ );
37
+ $fromEmail = get_option('mo2f_email');
38
+ $template2 = get_option('custom_user_template') ? get_option('custom_user_template') : $template2;
39
+ $template_type2 = 'custom_user_template';
40
+ $user_activity_template = array(
41
+ 'textarea_name' => 'custom_user_template',
42
+ 'wpautop' => false
43
+ );
44
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'notification-settings.php';
45
+
46
+
47
+
48
+ function wpns_handle_admin_email($postValue)
49
+ {
50
+ $email = sanitize_email($_POST['admin_email_address']);
51
+ if(validate_email($email)){
52
+ $admin_email_address_status = isset($postValue['admin_email_address']) ? '1' :'0';
53
+ update_option('admin_email_address',$email);
54
+ update_option( 'admin_email_address_status', $admin_email_address_status);
55
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('EMAIL_SAVED'),'SUCCESS');
56
+ }else{
57
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('INVALID_EMAIL'),'ERROR');
58
+ }
59
+ }
60
+ function validate_email($str) {
61
+ return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
62
+ }
63
+
64
+
65
+ function wpns_handle_notify_admin_on_ip_block($postValue)
66
+ {
67
+ $enable_ip_blocked_email_to_admin = isset($postValue['enable_ip_blocked_email_to_admin']) ? true : false;
68
+ update_option( 'mo_wpns_enable_ip_blocked_email_to_admin', $enable_ip_blocked_email_to_admin);
69
+
70
+ if($enable_ip_blocked_email_to_admin)
71
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_IP_BLOCKED'),'SUCCESS');
72
+ else
73
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_IP_BLOCKED'),'ERROR');
74
+ }
75
+
76
+
77
+ function wpns_handle_notify_unusual_activity($postValue)
78
+ {
79
+ $enable_unusual_activity_email_to_user = isset($postValue['enable_unusual_activity_email_to_user']) ? true : false;
80
+ update_option( 'mo_wpns_enable_unusual_activity_email_to_user', $enable_unusual_activity_email_to_user);
81
+
82
+ if($enable_unusual_activity_email_to_user)
83
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOTIFY_ON_UNUSUAL_ACTIVITY'),'SUCCESS');
84
+ else
85
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DONOT_NOTIFY_ON_UNUSUAL_ACTIVITY'),'ERROR');
86
+ }
87
+
88
+
89
+ function wpns_handle_custom_template($template1,$template2=null)
90
+ {
91
+ if(!is_null($template1))
92
+ update_option('custom_user_template', stripslashes($template1));
93
+
94
+ if(!is_null($template2))
95
+ update_option('custom_admin_template', stripslashes($template2));
96
+
97
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TEMPLATE_SAVED'),'SUCCESS');
98
  }
controllers/registration-security.php CHANGED
@@ -1,129 +1,126 @@
1
- <?php
2
-
3
- global $moWpnsUtility, $mo2f_dirName;
4
-
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
9
- {
10
- case "mo_wpns_enable_fake_domain_blocking":
11
- wpns_handle_domain_blocking($_POST); break;
12
- case "mo_wpns_advanced_user_verification":
13
- wpns_handle_advanced_user_verification($_POST); break;
14
- case "mo_wpns_social_integration":
15
- wpns_handle_enable_social_login($_POST); break;
16
-
17
- }
18
- }
19
-
20
- $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), $_SERVER['REQUEST_URI'] );
21
- $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), $_SERVER['REQUEST_URI'] );
22
- $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
- $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
- $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
-
26
- if($user_verify)
27
- {
28
- $moOTPPlugin = new OTPPlugin();
29
- $status = $moOTPPlugin->getstatus();
30
- switch ($status)
31
- {
32
- case "ACTIVE":
33
- $html1 = "<br><a href='".$otpVerify_url."'>Click here to configure.</a>";
34
- $moOTPPlugin->updatePluginConfiguration();
35
- break;
36
- case "INSTALLED":
37
- $path = "miniorange-otp-verification/miniorange_validation_settings.php";
38
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
39
- $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate OTP Verification Plugin</a>';
40
- break;
41
- default:
42
- $action = 'install-plugin';
43
- $slug = 'miniorange-otp-verification';
44
- $install_link = wp_nonce_url(
45
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
46
- $action.'_'.$slug
47
- );
48
- $html1 = '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="'.$install_link.'">Install OTP Verification plugin</a>';
49
- break;
50
- }
51
- }
52
-
53
-
54
- if($social_login)
55
- {
56
- $moSocialLogin = new SocialPlugin();
57
- $status = $moSocialLogin->getstatus();
58
- switch ($status)
59
- {
60
- case "ACTIVE":
61
- $html2 = "<br><a href='".$openid_url."'>Click here to configure.</a>";
62
- break;
63
- case "INSTALLED":
64
- $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
65
- $activateUrl = wp_nonce_url(admin_url('plugins.php?action=activate&plugin='.$path), 'activate-plugin_'.$path);
66
- $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="'.$activateUrl.'">Click here to activate Social Login, Sharing Plugin</a>';
67
- break;
68
- default:
69
- $action = 'install-plugin';
70
- $slug = 'miniorange-login-openid';
71
- $install_link = wp_nonce_url(
72
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
73
- $action.'_'.$slug
74
- );
75
- $html2 = '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="'.$install_link.'">Install Social Login, Sharing plugin</a>';
76
- break;
77
- }
78
- }
79
-
80
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
81
-
82
-
83
-
84
-
85
- /* REGISTRATION SECURITY RELATED FUNCTIONS*/
86
-
87
- //Function to handle enabling and disabling domain blocking
88
- function wpns_handle_domain_blocking($postvalue)
89
- {
90
- $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
91
- update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
92
-
93
- if($enable_fake_emails)
94
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
95
- else
96
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
97
- }
98
-
99
-
100
- //Function to enable and disable User Verification for the Default Registration Page
101
- function wpns_handle_advanced_user_verification($postvalue)
102
- {
103
- $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
104
- update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
105
-
106
- if($enable_advanced_user_verification)
107
- {
108
- update_option('mo_customer_validation_wp_default_enable',1);
109
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
110
- }
111
- else
112
- {
113
- update_option('mo_customer_validation_wp_default_enable',0);
114
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
115
- }
116
- }
117
-
118
-
119
- //Function to enable and disable Social Login
120
- function wpns_handle_enable_social_login($postvalue)
121
- {
122
- $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
123
- update_option( 'mo_wpns_enable_social_integration', $social_login);
124
-
125
- if($social_login)
126
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
127
- else
128
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
129
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility, $mo2f_dirName;
4
+
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
9
+ {
10
+ case "mo_wpns_enable_fake_domain_blocking":
11
+ wpns_handle_domain_blocking($_POST); break;
12
+ case "mo_wpns_advanced_user_verification":
13
+ wpns_handle_advanced_user_verification($_POST); break;
14
+ case "mo_wpns_social_integration":
15
+ wpns_handle_enable_social_login($_POST); break;
16
+
17
+ }
18
+ }
19
+
20
+ $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), $_SERVER['REQUEST_URI'] );
21
+ $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), $_SERVER['REQUEST_URI'] );
22
+ $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
+ $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
+ $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
+
26
+ function mo2f_user_verify() {
27
+ if ( $user_verify ) {
28
+ $moOTPPlugin = new OTPPlugin();
29
+ $status = $moOTPPlugin->getstatus();
30
+ switch ( $status ) {
31
+ case "ACTIVE":
32
+ echo "<br><a href='" . esc_url($otpVerify_url) . "'>Click here to configure.</a>";
33
+ $moOTPPlugin->updatePluginConfiguration();
34
+ break;
35
+ case "INSTALLED":
36
+ $path = "miniorange-otp-verification/miniorange_validation_settings.php";
37
+ $activateUrl = wp_nonce_url( admin_url( 'plugins.php?action=activate&plugin=' . $path ), 'activate-plugin_' . $path );
38
+ echo '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="' . esc_url($activateUrl) . '">Click here to activate OTP Verification Plugin</a>';
39
+ break;
40
+ default:
41
+ $action = 'install-plugin';
42
+ $slug = 'miniorange-otp-verification';
43
+ $install_link = wp_nonce_url(
44
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
45
+ $action . '_' . $slug
46
+ );
47
+ echo '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="' . esc_url($install_link) . '">Install OTP Verification plugin</a>';
48
+ break;
49
+ }
50
+ }
51
+ }
52
+
53
+ function mo2f_social_login() {
54
+ $moSocialLogin = new SocialPlugin();
55
+ $status = $moSocialLogin->getstatus();
56
+ switch ( $status ) {
57
+ case "ACTIVE":
58
+ echo "<br><a href='" . esc_url( $openid_url ) . "'>Click here to configure.</a>";
59
+ break;
60
+ case "INSTALLED":
61
+ $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
62
+ $activateUrl = wp_nonce_url( admin_url( 'plugins.php?action=activate&plugin=' . $path ), 'activate-plugin_' . $path );
63
+ echo '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="' . esc_url( $activateUrl ) . '">Click here to activate Social Login, Sharing Plugin</a>';
64
+ break;
65
+ default:
66
+ $action = 'install-plugin';
67
+ $slug = 'miniorange-login-openid';
68
+ $install_link = wp_nonce_url(
69
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
70
+ $action . '_' . $slug
71
+ );
72
+ echo '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="' . esc_url( $install_link ) . '">Install Social Login, Sharing plugin</a>';
73
+ break;
74
+ }
75
+ }
76
+
77
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
78
+
79
+
80
+
81
+
82
+ /* REGISTRATION SECURITY RELATED FUNCTIONS*/
83
+
84
+ //Function to handle enabling and disabling domain blocking
85
+ function wpns_handle_domain_blocking($postvalue)
86
+ {
87
+ $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
88
+ update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
89
+
90
+ if($enable_fake_emails)
91
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
92
+ else
93
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
94
+ }
95
+
96
+
97
+ //Function to enable and disable User Verification for the Default Registration Page
98
+ function wpns_handle_advanced_user_verification($postvalue)
99
+ {
100
+ $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
101
+ update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
102
+
103
+ if($enable_advanced_user_verification)
104
+ {
105
+ update_option('mo_customer_validation_wp_default_enable',1);
106
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
107
+ }
108
+ else
109
+ {
110
+ update_option('mo_customer_validation_wp_default_enable',0);
111
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
112
+ }
113
+ }
114
+
115
+
116
+ //Function to enable and disable Social Login
117
+ function wpns_handle_enable_social_login($postvalue)
118
+ {
119
+ $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
120
+ update_option( 'mo_wpns_enable_social_integration', $social_login);
121
+
122
+ if($social_login)
123
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
124
+ else
125
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
 
 
 
126
  }
controllers/request_christmas_offer.php CHANGED
@@ -1,48 +1,48 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
- {
8
- case "mo_2FA_christmas_request_form":
9
- wpns_handle_christmas_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
-
15
- function wpns_handle_christmas_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
- $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $usecase = sanitize_text_field( $usecase );
30
- $email = sanitize_text_field( $email );
31
- $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
- $query .= ' =>';
33
- $query .= ' : ';
34
- $query .= $usecase;
35
- $contact_us = new MocURL();
36
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
-
38
- if(json_last_error() == JSON_ERROR_NONE && $submited)
39
- {
40
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
- return;
42
- }
43
- else{
44
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
- }
46
- }
47
- }
48
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
+ {
8
+ case "mo_2FA_christmas_request_form":
9
+ wpns_handle_christmas_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
+
15
+ function wpns_handle_christmas_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $usecase = sanitize_text_field( $usecase );
30
+ $email = sanitize_text_field( $email );
31
+ $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
+ $query .= ' =>';
33
+ $query .= ' : ';
34
+ $query .= $usecase;
35
+ $contact_us = new MocURL();
36
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
37
+
38
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
39
+ {
40
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
41
+ return;
42
+ }
43
+ else{
44
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
45
+ }
46
+ }
47
+ }
48
  ?>
controllers/request_demo.php CHANGED
@@ -1,51 +1,51 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
- {
8
- case "mo_2FA_demo_request_form":
9
- wpns_handle_demo_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
-
15
- function wpns_handle_demo_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
- $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
- $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
- return;
22
- }
23
- if(empty($usecase) || empty($email) || empty($demo_plan) )
24
- {
25
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
- return;
27
- }
28
- else{
29
-
30
- $usecase = sanitize_text_field( $usecase );
31
- $email = sanitize_text_field( $email );
32
- $demo_plan = sanitize_text_field($demo_plan);
33
- $query = 'REQUEST FOR DEMO';
34
- $query .= ' =>';
35
- $query .= $demo_plan;
36
- $query .= ' : ';
37
- $query .= $usecase;
38
- $contact_us = new MocURL();
39
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
-
41
- if(json_last_error() == JSON_ERROR_NONE && $submited)
42
- {
43
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
- return;
45
- }
46
- else{
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
- }
49
- }
50
- }
51
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
+ {
8
+ case "mo_2FA_demo_request_form":
9
+ wpns_handle_demo_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
+
15
+ function wpns_handle_demo_request_form($post){
16
+ $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
+ $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
+ $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
+ $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
+ return;
22
+ }
23
+ if(empty($usecase) || empty($email) || empty($demo_plan) )
24
+ {
25
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
26
+ return;
27
+ }
28
+ else{
29
+
30
+ $usecase = sanitize_text_field( $usecase );
31
+ $email = sanitize_text_field( $email );
32
+ $demo_plan = sanitize_text_field($demo_plan);
33
+ $query = 'REQUEST FOR DEMO';
34
+ $query .= ' =>';
35
+ $query .= $demo_plan;
36
+ $query .= ' : ';
37
+ $query .= $usecase;
38
+ $contact_us = new MocURL();
39
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
40
+
41
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
42
+ {
43
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
44
+ return;
45
+ }
46
+ else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
48
+ }
49
+ }
50
+ }
51
  ?>
controllers/request_offer.php CHANGED
@@ -1,46 +1,46 @@
1
- <?php
2
-
3
-
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
- {
8
- case "mo_2FA_offer_request_form":
9
- wpns_handle_offer_request_form($_POST); break;
10
- }
11
- }
12
-
13
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
-
15
- function wpns_handle_offer_request_form($post){
16
- $nonce = sanitize_text_field($post['nonce']);
17
- $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
- $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
- if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
- return;
21
- }
22
- if(empty($usecase) || empty($email) )
23
- {
24
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
- return;
26
- }
27
- else{
28
-
29
- $query = 'REQUEST FOR SPECIAL OFFERS';
30
- $query .= ' =>';
31
- $query .= ' : ';
32
- $query .= $usecase;
33
- $contact_us = new MocURL();
34
- $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
-
36
- if(json_last_error() == JSON_ERROR_NONE && $submited)
37
- {
38
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
- return;
40
- }
41
- else{
42
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
- }
44
- }
45
- }
46
  ?>
1
+ <?php
2
+
3
+
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']) )
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
+ {
8
+ case "mo_2FA_offer_request_form":
9
+ wpns_handle_offer_request_form($_POST); break;
10
+ }
11
+ }
12
+
13
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_offer.php';
14
+
15
+ function wpns_handle_offer_request_form($post){
16
+ $nonce = sanitize_text_field($post['nonce']);
17
+ $usecase = isset($post['mo_2FA_offer_usecase'])? sanitize_text_field($post['mo_2FA_offer_usecase']): NULL;
18
+ $email = isset($post['mo_2FA_offer_email'])? sanitize_text_field($post['mo_2FA_offer_email']) : NULL;
19
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-offer' ) ){
20
+ return;
21
+ }
22
+ if(empty($usecase) || empty($email) )
23
+ {
24
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DEMO_FORM_ERROR'),'SUCCESS');
25
+ return;
26
+ }
27
+ else{
28
+
29
+ $query = 'REQUEST FOR SPECIAL OFFERS';
30
+ $query .= ' =>';
31
+ $query .= ' : ';
32
+ $query .= $usecase;
33
+ $contact_us = new MocURL();
34
+ $submited = json_decode($contact_us->submit_contact_us($email, '', $query),true);
35
+
36
+ if(json_last_error() == JSON_ERROR_NONE && $submited)
37
+ {
38
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
39
+ return;
40
+ }
41
+ else{
42
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
43
+ }
44
+ }
45
+ }
46
  ?>
controllers/support.php CHANGED
@@ -1,59 +1,59 @@
1
- <?php
2
-
3
- global $mo2f_dirName;
4
-
5
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
- {
7
-
8
-
9
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
10
- {
11
- case "mo_wpns_send_query":
12
- wpns_handle_support_form(sanitize_email($_POST['query_email']),sanitize_text_field($_POST['query'])
13
- ,$_POST['query_phone']); break;
14
- }
15
- }
16
-
17
- $current_user = wp_get_current_user();
18
- $email = get_option("mo2f_email");
19
- $phone = get_option("mo_wpns_admin_phone");
20
-
21
-
22
- if(empty($email))
23
- $email = $current_user->user_email;
24
-
25
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
26
-
27
-
28
- /* SUPPORT FORM RELATED FUNCTIONS */
29
-
30
- //Function to handle support form submit
31
- function wpns_handle_support_form($email,$query,$phone)
32
- {
33
-
34
- $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
35
- if(empty($email) || empty($query)){
36
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
37
- return;
38
- }
39
- $query = sanitize_text_field( $query );
40
- $email = sanitize_email( $email );
41
- $phone = sanitize_text_field( $phone );
42
- $contact_us = new MocURL();
43
-
44
- if($send_configuration)
45
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
46
- else
47
- $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
48
-
49
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
50
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
51
- } else {
52
- $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
53
- }
54
- if(json_last_error() == JSON_ERROR_NONE && $submited){
55
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
56
- }else{
57
- do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
58
- }
59
- }
1
+ <?php
2
+
3
+ global $mo2f_dirName;
4
+
5
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
6
+ {
7
+
8
+
9
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
10
+ {
11
+ case "mo_wpns_send_query":
12
+ wpns_handle_support_form(sanitize_email($_POST['query_email']),sanitize_text_field($_POST['query'])
13
+ ,$_POST['query_phone']); break;
14
+ }
15
+ }
16
+
17
+ $current_user = wp_get_current_user();
18
+ $email = get_option("mo2f_email");
19
+ $phone = get_option("mo_wpns_admin_phone");
20
+
21
+
22
+ if(empty($email))
23
+ $email = $current_user->user_email;
24
+
25
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'support.php';
26
+
27
+
28
+ /* SUPPORT FORM RELATED FUNCTIONS */
29
+
30
+ //Function to handle support form submit
31
+ function wpns_handle_support_form($email,$query,$phone)
32
+ {
33
+
34
+ $send_configuration = (isset($_POST['mo2f_send_configuration'])?$_POST['mo2f_send_configuration']:0);
35
+ if(empty($email) || empty($query)){
36
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
37
+ return;
38
+ }
39
+ $query = sanitize_text_field( $query );
40
+ $email = sanitize_email( $email );
41
+ $phone = sanitize_text_field( $phone );
42
+ $contact_us = new MocURL();
43
+
44
+ if($send_configuration)
45
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration(true);
46
+ else
47
+ $query = $query.MoWpnsUtility::mo_2fa_send_configuration();
48
+
49
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
50
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
51
+ } else {
52
+ $submited = json_decode($contact_us->submit_contact_us( $email, $phone, $query),true);
53
+ }
54
+ if(json_last_error() == JSON_ERROR_NONE && $submited){
55
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_SENT'),'SUCCESS');
56
+ }else{
57
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_ERROR'),'ERROR');
58
+ }
59
+ }
controllers/tour/tour_ajax.php CHANGED
@@ -1,146 +1,146 @@
1
- <?php
2
- class Mo_wpns_Tour
3
- {
4
- function __construct(){
5
- add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
-
7
- }
8
-
9
- public function mo_wpns_save_tour_details(){
10
- if(isset($_REQUEST['page']))
11
- {
12
- switch ($_REQUEST['page']) {
13
- case 'mo_2fa_two_fa':
14
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
- update_option('mo2f_two_factor_tour',1);
16
-
17
- break;
18
- case 'mo_2fa_waf':
19
- if(!get_option('mo2f_tour_firewall'))
20
- update_option('mo2f_tour_firewall',1);
21
- break;
22
- case 'mo_2fa_login_and_spam':
23
- if(!get_option('mo2f_tour_loginSpam'))
24
- update_option('mo2f_tour_loginSpam',1);
25
- break;
26
-
27
- case 'mo_2fa_backup':
28
- if(!get_option('mo2f_tour_backup'))
29
- update_option('mo2f_tour_backup',1);
30
-
31
- break;
32
- case 'mo_2fa_malwarescan':
33
- if(!get_option('mo2f_tour_malware_scan'))
34
- update_option('mo2f_tour_malware_scan',1);
35
-
36
- break;
37
- case 'mo_2fa_advancedblocking':
38
- if(!get_option('mo2f_tour_advance_blocking'))
39
- update_option('mo2f_tour_advance_blocking',1);
40
- break;
41
-
42
- default:
43
- break;
44
- }
45
- }
46
- add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
-
48
- }
49
-
50
- public function mo_wpns_tour(){
51
- switch (sanitize_text_field(wp_unslash($_POST['call_type'])))
52
- {
53
- case "wpns_enable_tour":
54
- update_option('skip_tour', 0);
55
- break;
56
- case "skip_entire_plugin_tour":
57
- $this->handle_skip_entire_plugin();
58
- break;
59
- case 'entire_plugin_tour_started':
60
- $this->entire_plugin_tour_started();
61
- break;
62
- case "mo2f_close_tour_details":
63
- $this->mo2f_close_tour_details();
64
- break;
65
- case "mo2f_visit_page_tour_details":
66
- $this->mo2f_visit_page_tour_details();
67
- break;
68
- case "mo2f_last_visit_tab":
69
- $this->mo2f_last_visit_tab();
70
- break;
71
- }
72
- }
73
-
74
-
75
- function mo2f_last_visit_tab()
76
- {
77
- $lasttab = sanitize_text_field($_POST['tab']);
78
- update_option('mo2f_tour_tab',$lasttab);
79
- }
80
- function mo2f_visit_page_tour_details()
81
- {
82
- $currentPointer = '';
83
- if(isset($_POST['index']))
84
- $currentPointer = sanitize_text_field($_POST['index']);
85
-
86
- if(strpos($currentPointer, 'support') != false)
87
- {
88
- exit;
89
- }
90
- $uid = get_current_user_id();
91
- $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
- $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
- update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
- }
95
- function entire_plugin_tour_started()
96
- {
97
- update_option('mo2f_tour_started',3);
98
- exit;
99
- }
100
-
101
- function handle_skip_entire_plugin(){
102
- update_option('mo2f_two_factor_tour',-1);
103
- update_option('mo2f_tour_firewall',-1);
104
- update_option('mo2f_tour_malware_scan',-1);
105
- update_option('mo2f_tour_advance_blocking',-1);
106
- update_option('mo2f_tour_backup',-1);
107
- update_option('mo2f_tour_loginSpam',-1);
108
- update_option('mo2f_tour_started',3);
109
- exit;
110
- }
111
-
112
-
113
- function mo2f_close_tour_details()
114
- {
115
- $uid = get_current_user_id();
116
- delete_user_meta($uid,'mo2f_visited_pointers');
117
- $page = sanirize_text_field($_POST['page']);
118
- $page = sanitize_text_field($page[0]);
119
- update_option('mo2f_tour_tab','');
120
- update_option("yeah",1);
121
- switch ($page) {
122
- case 'toplevel_page_mo_2fa_two_fa':
123
- update_option('mo2f_two_factor_tour',-1);
124
- break;
125
- case 'miniorange-2-factor_page_mo_2fa_waf':
126
- update_option('mo2f_tour_firewall',-1);
127
- break;
128
- case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
- update_option('mo2f_tour_malware_scan',-1);
130
- break;
131
- case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
- update_option('mo2f_tour_advance_blocking',-1);
133
- break;
134
- case 'miniorange-2-factor_page_mo_2fa_backup':
135
- update_option('mo2f_tour_backup',-1);
136
- break;
137
- case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
- update_option('mo2f_tour_loginSpam',-1);
139
- break;
140
- }
141
-
142
- }
143
-
144
- }
145
- new Mo_wpns_Tour();
146
  ?>
1
+ <?php
2
+ class Mo_wpns_Tour
3
+ {
4
+ function __construct(){
5
+ add_action( 'admin_init' , array( $this, 'mo_wpns_save_tour_details' ) );
6
+
7
+ }
8
+
9
+ public function mo_wpns_save_tour_details(){
10
+ if(isset($_REQUEST['page']))
11
+ {
12
+ switch ($_REQUEST['page']) {
13
+ case 'mo_2fa_two_fa':
14
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
+ update_option('mo2f_two_factor_tour',1);
16
+
17
+ break;
18
+ case 'mo_2fa_waf':
19
+ if(!get_option('mo2f_tour_firewall'))
20
+ update_option('mo2f_tour_firewall',1);
21
+ break;
22
+ case 'mo_2fa_login_and_spam':
23
+ if(!get_option('mo2f_tour_loginSpam'))
24
+ update_option('mo2f_tour_loginSpam',1);
25
+ break;
26
+
27
+ case 'mo_2fa_backup':
28
+ if(!get_option('mo2f_tour_backup'))
29
+ update_option('mo2f_tour_backup',1);
30
+
31
+ break;
32
+ case 'mo_2fa_malwarescan':
33
+ if(!get_option('mo2f_tour_malware_scan'))
34
+ update_option('mo2f_tour_malware_scan',1);
35
+
36
+ break;
37
+ case 'mo_2fa_advancedblocking':
38
+ if(!get_option('mo2f_tour_advance_blocking'))
39
+ update_option('mo2f_tour_advance_blocking',1);
40
+ break;
41
+
42
+ default:
43
+ break;
44
+ }
45
+ }
46
+ add_action('wp_ajax_mo_wpns_tour', array( $this, 'mo_wpns_tour' ));
47
+
48
+ }
49
+
50
+ public function mo_wpns_tour(){
51
+ switch (sanitize_text_field(wp_unslash($_POST['call_type'])))
52
+ {
53
+ case "wpns_enable_tour":
54
+ update_option('skip_tour', 0);
55
+ break;
56
+ case "skip_entire_plugin_tour":
57
+ $this->handle_skip_entire_plugin();
58
+ break;
59
+ case 'entire_plugin_tour_started':
60
+ $this->entire_plugin_tour_started();
61
+ break;
62
+ case "mo2f_close_tour_details":
63
+ $this->mo2f_close_tour_details();
64
+ break;
65
+ case "mo2f_visit_page_tour_details":
66
+ $this->mo2f_visit_page_tour_details();
67
+ break;
68
+ case "mo2f_last_visit_tab":
69
+ $this->mo2f_last_visit_tab();
70
+ break;
71
+ }
72
+ }
73
+
74
+
75
+ function mo2f_last_visit_tab()
76
+ {
77
+ $lasttab = sanitize_text_field($_POST['tab']);
78
+ update_option('mo2f_tour_tab',$lasttab);
79
+ }
80
+ function mo2f_visit_page_tour_details()
81
+ {
82
+ $currentPointer = '';
83
+ if(isset($_POST['index']))
84
+ $currentPointer = sanitize_text_field($_POST['index']);
85
+
86
+ if(strpos($currentPointer, 'support') != false)
87
+ {
88
+ exit;
89
+ }
90
+ $uid = get_current_user_id();
91
+ $visited = get_user_meta($uid,'mo2f_visited_pointers',true);
92
+ $visited = $visited.',custom_admin_pointers4_8_52_'.$currentPointer;
93
+ update_user_meta($uid,'mo2f_visited_pointers',$visited);
94
+ }
95
+ function entire_plugin_tour_started()
96
+ {
97
+ update_option('mo2f_tour_started',3);
98
+ exit;
99
+ }
100
+
101
+ function handle_skip_entire_plugin(){
102
+ update_option('mo2f_two_factor_tour',-1);
103
+ update_option('mo2f_tour_firewall',-1);
104
+ update_option('mo2f_tour_malware_scan',-1);
105
+ update_option('mo2f_tour_advance_blocking',-1);
106
+ update_option('mo2f_tour_backup',-1);
107
+ update_option('mo2f_tour_loginSpam',-1);
108
+ update_option('mo2f_tour_started',3);
109
+ exit;
110
+ }
111
+
112
+
113
+ function mo2f_close_tour_details()
114
+ {
115
+ $uid = get_current_user_id();
116
+ delete_user_meta($uid,'mo2f_visited_pointers');
117
+ $page = sanirize_text_field($_POST['page']);
118
+ $page = sanitize_text_field($page[0]);
119
+ update_option('mo2f_tour_tab','');
120
+ update_option("yeah",1);
121
+ switch ($page) {
122
+ case 'toplevel_page_mo_2fa_two_fa':
123
+ update_option('mo2f_two_factor_tour',-1);
124
+ break;
125
+ case 'miniorange-2-factor_page_mo_2fa_waf':
126
+ update_option('mo2f_tour_firewall',-1);
127
+ break;
128
+ case 'miniorange-2-factor_page_mo_2fa_malwarescan':
129
+ update_option('mo2f_tour_malware_scan',-1);
130
+ break;
131
+ case 'miniorange-2-factor_page_mo_2fa_advancedblocking':
132
+ update_option('mo2f_tour_advance_blocking',-1);
133
+ break;
134
+ case 'miniorange-2-factor_page_mo_2fa_backup':
135
+ update_option('mo2f_tour_backup',-1);
136
+ break;
137
+ case 'miniorange-2-factor_page_mo_2fa_login_and_spam':
138
+ update_option('mo2f_tour_loginSpam',-1);
139
+ break;
140
+ }
141
+
142
+ }
143
+
144
+ }
145
+ new Mo_wpns_Tour();
146
  ?>
controllers/two-fa-intro.php CHANGED
@@ -1,222 +1,222 @@
1
-
2
- <div id="mo2f_2fa_intro" class = "modal" style="display: block;">
3
- <div id="mo2f_2fa_intro_modal" class="modal-content" style="width: 40%;overflow: hidden;padding:50px;" >
4
-
5
- <div class="modal-header" style="border-bottom: none;">
6
- <h2 class="modal-title" style="text-align: center; font-size: 20px; color: #2980b9">
7
- <span id="closeintromodal" class="close modal-span-close" onclick="skipintro();">X</span>
8
- </h2>
9
- </div>
10
-
11
- <div class="modal-body" style="height: auto;">
12
- <center>
13
- <div class="checkmark-circle" >
14
- <div class="background"></div>
15
- <div class="checkmark draw"></div>
16
- </div>
17
- <h1>Awesome!!</h1>
18
- <h2 style="color: black;font-size: 20px;">You are ready to use Two Factor.</h2>
19
- </center>
20
- <div >
21
- <h3 style="color: black;display:none;" ><span style="color:red;">Logout</span> : You can logout and get the same experience as your users. </h3>
22
-
23
- </div>
24
- </div>
25
-
26
- <div class="modal-footer" style="border: 0px;">
27
- <button type="button" class="button button-primary button-large modal-button readytogo mo2f_advance_setting" onclick="skipintro();">Advance Settings</button>
28
- <button type="button" class="button button-primary button-large modal-button mo2fa_tour_button" title="Logout and check the user experience" onclick="mo2f_userlogout()">Logout and Configure</button>
29
- <div class="mo2f_tooltip_addon logout button button-primary button-large modal-button " style="float: left;border: 2px solid black;border-left:none;width: 6%;box-shadow: none;text-decoration:none;background-color: #2271b1;margin-left: -5px;min-height: 50px;">
30
- <span class="dashicons dashicons-info mo2f_info_tab" style="color: white;font-size: 27px;margin-top: 14px;margin-left: -12px;"></span>
31
- <span class="mo2f_tooltiptext_addon mo2f_logout_and_configure_info" style="font-size: 20px;font-family: auto; text-align: justify;font-weight: lighter;background-color: #2EB150; font-size: 20px;">
32
- <ul style="list-style-type:square;margin: 10px 18px 10px 18px;"><li>This will logout you and will ask you to set your 2FA on next login.</li><li> New and existing users can set their 2FA on next login.</li></ul>
33
- </span>
34
- <span class="mo2f_tooltiptext_addon" style="color: #2EB150;background: none; margin-left: -200px; margin-top: -38px;">
35
- <span class="dashicons dashicons-arrow-down" style="font-size: 300%;"></span>
36
- </span>
37
- </div>
38
-
39
- </div>
40
- </div>
41
- </div>
42
- <form name="f" id="mo2f_skiploginform" method="post" action="">
43
- <input type="hidden" name="mo2f_skiplogin_nonce" value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-skiplogin-failed-nonce' )); ?>"/>
44
- <input type="hidden" name="option" value="mo2f_skiplogin"/>
45
- </form>
46
- <form name="f" id="mo2f_userlogoutform" method="post" action="">
47
- <input type="hidden" name="mo2f_userlogout_nonce" value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-userlogout-failed-nonce' )); ?>"/>
48
- <input type="hidden" name="option" value="mo2f_userlogout"/>
49
- </form>
50
-
51
- <script>
52
- function mo2f_userlogout() {
53
- jQuery("#mo2f_userlogoutform").submit();
54
- }
55
-
56
- function skipintro() {
57
- jQuery("#mo2f_skiploginform").submit();
58
- }
59
- </script>
60
-
61
- <style>
62
-
63
- .modalhover:hover{
64
- border:2px solid #2EB150;
65
- background: #2EB150 !important;
66
- color:white !important;
67
- }
68
- .checkmark-circle {
69
- width: 150px;
70
- height: 150px;
71
- position: relative;
72
- display: inline-block;
73
- vertical-align: top;
74
- }
75
- .checkmark-circle .background {
76
- width: 150px;
77
- height: 150px;
78
- border-radius: 50%;
79
- background: #2EB150;
80
- position: absolute;
81
- }
82
- .checkmark-circle .checkmark {
83
- border-radius: 5px;
84
- }
85
- .checkmark-circle .checkmark.draw:after {
86
- -webkit-animation-delay: 100ms;
87
- -moz-animation-delay: 100ms;
88
- animation-delay: 100ms;
89
- -webkit-animation-duration: 1s;
90
- -moz-animation-duration: 1s;
91
- animation-duration: 1s;
92
- -webkit-animation-timing-function: ease;
93
- -moz-animation-timing-function: ease;
94
- animation-timing-function: ease;
95
- -webkit-animation-name: checkmark;
96
- -moz-animation-name: checkmark;
97
- animation-name: checkmark;
98
- -webkit-transform: scaleX(-1) rotate(130deg);
99
- -moz-transform: scaleX(-1) rotate(130deg);
100
- -ms-transform: scaleX(-1) rotate(130deg);
101
- -o-transform: scaleX(-1) rotate(130deg);
102
- transform: scaleX(-1) rotate(130deg);
103
- -webkit-animation-fill-mode: forwards;
104
- -moz-animation-fill-mode: forwards;
105
- animation-fill-mode: forwards;
106
- }
107
- .checkmark-circle .checkmark:after {
108
- opacity: 1;
109
- height: 75px;
110
- width: 37.5px;
111
- -webkit-transform-origin: left top;
112
- -moz-transform-origin: left top;
113
- -ms-transform-origin: left top;
114
- -o-transform-origin: left top;
115
- transform-origin: left top;
116
- border-right: 15px solid white;
117
- border-top: 15px solid white;
118
- border-radius: 2.5px !important;
119
- content: '';
120
- left: 25px;
121
- top: 75px;
122
- position: absolute;
123
- }
124
-
125
- @-webkit-keyframes checkmark {
126
- 0% {
127
- height: 0;
128
- width: 0;
129
- opacity: 1;
130
- }
131
- 20% {
132
- height: 0;
133
- width: 37.5px;
134
- opacity: 1;
135
- }
136
- 40% {
137
- height: 75px;
138
- width: 37.5px;
139
- opacity: 1;
140
- }
141
- 100% {
142
- height: 75px;
143
- width: 37.5px;
144
- opacity: 1;
145
- }
146
- }
147
- @-moz-keyframes checkmark {
148
- 0% {
149
- height: 0;
150
- width: 0;
151
- opacity: 1;
152
- }
153
- 20% {
154
- height: 0;
155
- width: 37.5px;
156
- opacity: 1;
157
- }
158
- 40% {
159
- height: 75px;
160
- width: 37.5px;
161
- opacity: 1;
162
- }
163
- 100% {
164
- height: 75px;
165
- width: 37.5px;
166
- opacity: 1;
167
- }
168
- }
169
- @keyframes checkmark {
170
- 0% {
171
- height: 0;
172
- width: 0;
173
- opacity: 1;
174
- }
175
- 20% {
176
- height: 0;
177
- width: 37.5px;
178
- opacity: 1;
179
- }
180
- 40% {
181
- height: 75px;
182
- width: 37.5px;
183
- opacity: 1;
184
- }
185
- 100% {
186
- height: 75px;
187
- width: 37.5px;
188
- opacity: 1;
189
- }
190
- }
191
- body{
192
- background-color: #e6e6e6;
193
- width: 100%;
194
- height: 100%;
195
- }
196
- #success_tic .page-body{
197
- max-width:300px;
198
- background-color:#FFFFFF;
199
- margin:10% auto;
200
- }
201
- #success_tic .page-body .head{
202
- text-align:center;
203
- }
204
- /* #success_tic .tic{
205
- font-size:186px;
206
- } */
207
- .close{
208
- opacity: 1;
209
- position: absolute;
210
- right: 0px;
211
- font-size: 30px;
212
- padding: 3px 15px;
213
- margin-bottom: 10px;
214
- float: right;
215
- font-size: 21px;
216
- font-weight: 700;
217
- line-height: 1;
218
- color: #000;
219
- text-shadow: 0 1px 0 #fff;
220
- }
221
-
222
- </style>
1
+
2
+ <div id="mo2f_2fa_intro" class = "modal" style="display: block;">
3
+ <div id="mo2f_2fa_intro_modal" class="modal-content" style="width: 40%;overflow: hidden;padding:50px;" >
4
+
5
+ <div class="modal-header" style="border-bottom: none;">
6
+ <h2 class="modal-title" style="text-align: center; font-size: 20px; color: #2980b9">
7
+ <span id="closeintromodal" class="close modal-span-close" onclick="skipintro();">X</span>
8
+ </h2>
9
+ </div>
10
+
11
+ <div class="modal-body" style="height: auto;">
12
+ <center>
13
+ <div class="checkmark-circle" >
14
+ <div class="background"></div>
15
+ <div class="checkmark draw"></div>
16
+ </div>
17
+ <h1>Awesome!!</h1>
18
+ <h2 style="color: black;font-size: 20px;">You are ready to use Two Factor.</h2>
19
+ </center>
20
+ <div >
21
+ <h3 style="color: black;display:none;" ><span style="color:red;">Logout</span> : You can logout and get the same experience as your users. </h3>
22
+
23
+ </div>
24
+ </div>
25
+
26
+ <div class="modal-footer" style="border: 0px;">
27
+ <button type="button" class="button button-primary button-large modal-button readytogo mo2f_advance_setting" onclick="skipintro();">Advance Settings</button>
28
+ <button type="button" class="button button-primary button-large modal-button mo2fa_tour_button" title="Logout and check the user experience" onclick="mo2f_userlogout()">Logout and Configure</button>
29
+ <div class="mo2f_tooltip_addon logout button button-primary button-large modal-button " style="float: left;border: 2px solid black;border-left:none;width: 6%;box-shadow: none;text-decoration:none;background-color: #2271b1;margin-left: -5px;min-height: 50px;">
30
+ <span class="dashicons dashicons-info mo2f_info_tab" style="color: white;font-size: 27px;margin-top: 14px;margin-left: -12px;"></span>
31
+ <span class="mo2f_tooltiptext_addon mo2f_logout_and_configure_info" style="font-size: 20px;font-family: auto; text-align: justify;font-weight: lighter;background-color: #2EB150; font-size: 20px;">
32
+ <ul style="list-style-type:square;margin: 10px 18px 10px 18px;"><li>This will logout you and will ask you to set your 2FA on next login.</li><li> New and existing users can set their 2FA on next login.</li></ul>
33
+ </span>
34
+ <span class="mo2f_tooltiptext_addon" style="color: #2EB150;background: none; margin-left: -200px; margin-top: -38px;">
35
+ <span class="dashicons dashicons-arrow-down" style="font-size: 300%;"></span>
36
+ </span>
37
+ </div>
38
+
39
+ </div>
40
+ </div>
41
+ </div>
42
+ <form name="f" id="mo2f_skiploginform" method="post" action="">
43
+ <input type="hidden" name="mo2f_skiplogin_nonce" value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-skiplogin-failed-nonce' )); ?>"/>
44
+ <input type="hidden" name="option" value="mo2f_skiplogin"/>
45
+ </form>
46
+ <form name="f" id="mo2f_userlogoutform" method="post" action="">
47
+ <input type="hidden" name="mo2f_userlogout_nonce" value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-userlogout-failed-nonce' )); ?>"/>
48
+ <input type="hidden" name="option" value="mo2f_userlogout"/>
49
+ </form>
50
+
51
+ <script>
52
+ function mo2f_userlogout() {
53
+ jQuery("#mo2f_userlogoutform").submit();
54
+ }
55
+
56
+ function skipintro() {
57
+ jQuery("#mo2f_skiploginform").submit();
58
+ }
59
+ </script>
60
+
61
+ <style>
62
+
63
+ .modalhover:hover{
64
+ border:2px solid #2EB150;
65
+ background: #2EB150 !important;
66
+ color:white !important;
67
+ }
68
+ .checkmark-circle {
69
+ width: 150px;
70
+ height: 150px;
71
+ position: relative;
72
+ display: inline-block;
73
+ vertical-align: top;
74
+ }
75
+ .checkmark-circle .background {
76
+ width: 150px;
77
+ height: 150px;
78
+ border-radius: 50%;
79
+ background: #2EB150;
80
+ position: absolute;
81
+ }
82
+ .checkmark-circle .checkmark {
83
+ border-radius: 5px;
84
+ }
85
+ .checkmark-circle .checkmark.draw:after {
86
+ -webkit-animation-delay: 100ms;
87
+ -moz-animation-delay: 100ms;
88
+ animation-delay: 100ms;
89
+ -webkit-animation-duration: 1s;
90
+ -moz-animation-duration: 1s;
91
+ animation-duration: 1s;
92
+ -webkit-animation-timing-function: ease;
93
+ -moz-animation-timing-function: ease;
94
+ animation-timing-function: ease;
95
+ -webkit-animation-name: checkmark;
96
+ -moz-animation-name: checkmark;
97
+ animation-name: checkmark;
98
+ -webkit-transform: scaleX(-1) rotate(130deg);
99
+ -moz-transform: scaleX(-1) rotate(130deg);
100
+ -ms-transform: scaleX(-1) rotate(130deg);
101
+ -o-transform: scaleX(-1) rotate(130deg);
102
+ transform: scaleX(-1) rotate(130deg);
103
+ -webkit-animation-fill-mode: forwards;
104
+ -moz-animation-fill-mode: forwards;
105
+ animation-fill-mode: forwards;
106
+ }
107
+ .checkmark-circle .checkmark:after {
108
+ opacity: 1;
109
+ height: 75px;
110
+ width: 37.5px;
111
+ -webkit-transform-origin: left top;
112
+ -moz-transform-origin: left top;
113
+ -ms-transform-origin: left top;
114
+ -o-transform-origin: left top;
115
+ transform-origin: left top;
116
+ border-right: 15px solid white;
117
+ border-top: 15px solid white;
118
+ border-radius: 2.5px !important;
119
+ content: '';
120
+ left: 25px;
121
+ top: 75px;
122
+ position: absolute;
123
+ }
124
+
125
+ @-webkit-keyframes checkmark {
126
+ 0% {
127
+ height: 0;
128
+ width: 0;
129
+ opacity: 1;
130
+ }
131
+ 20% {
132
+ height: 0;
133
+ width: 37.5px;
134
+ opacity: 1;
135
+ }
136
+ 40% {
137
+ height: 75px;
138
+ width: 37.5px;
139
+ opacity: 1;
140
+ }
141
+ 100% {
142
+ height: 75px;
143
+ width: 37.5px;
144
+ opacity: 1;
145
+ }
146
+ }
147
+ @-moz-keyframes checkmark {
148
+ 0% {
149
+ height: 0;
150
+ width: 0;
151
+ opacity: 1;
152
+ }
153
+ 20% {
154
+ height: 0;
155
+ width: 37.5px;
156
+ opacity: 1;
157
+ }
158
+ 40% {
159
+ height: 75px;
160
+ width: 37.5px;
161
+ opacity: 1;
162
+ }
163
+ 100% {
164
+ height: 75px;
165
+ width: 37.5px;
166
+ opacity: 1;
167
+ }
168
+ }
169
+ @keyframes checkmark {
170
+ 0% {
171
+ height: 0;
172
+ width: 0;
173
+ opacity: 1;
174
+ }
175
+ 20% {
176
+ height: 0;
177
+ width: 37.5px;
178
+ opacity: 1;
179
+ }
180
+ 40% {
181
+ height: 75px;
182
+ width: 37.5px;
183
+ opacity: 1;
184
+ }
185
+ 100% {
186
+ height: 75px;
187
+ width: 37.5px;
188
+ opacity: 1;
189
+ }
190
+ }
191
+ body{
192
+ background-color: #e6e6e6;
193
+ width: 100%;
194
+ height: 100%;
195
+ }
196
+ #success_tic .page-body{
197
+ max-width:300px;
198
+ background-color:#FFFFFF;
199
+ margin:10% auto;
200
+ }
201
+ #success_tic .page-body .head{
202
+ text-align:center;
203
+ }
204
+ /* #success_tic .tic{
205
+ font-size:186px;
206
+ } */
207
+ .close{
208
+ opacity: 1;
209
+ position: absolute;
210
+ right: 0px;
211
+ font-size: 30px;
212
+ padding: 3px 15px;
213
+ margin-bottom: 10px;
214
+ float: right;
215
+ font-size: 21px;
216
+ font-weight: 700;
217
+ line-height: 1;
218
+ color: #000;
219
+ text-shadow: 0 1px 0 #fff;
220
+ }
221
+
222
+ </style>
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -1,1684 +1,1684 @@
1
- <?php
2
- function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_to = null ) {
3
- ?>
4
- <html>
5
- <head>
6
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
7
- <meta name="viewport" content="width=device-width, initial-scale=1">
8
- <?php
9
- wp_print_scripts( 'jquery' );
10
- ?>
11
- </head>
12
- <body>
13
- <div>
14
- <form id="morba_loginform" method="post">
15
- <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
- <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__)))) ); ?>"/>
17
- <?php
18
- if ( get_option( 'mo2f_remember_device' ) ) {
19
- ?>
20
- <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
- <?php
22
- wp_enqueue_script('jquery');
23
- wp_register_script('mo2f_rba_flash',plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ));
24
- wp_register_script('mo2f_rba_ua_parser',plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ));
25
- wp_register_script('mo2f_client',plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ));
26
- wp_register_script('mo2f_device',plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(dirname(__FILE__))) ));
27
- wp_register_script('mo2f_swfobject',plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(dirname(__FILE__))) ));
28
- wp_register_script('mo2f_font',plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(dirname(__FILE__))) ));
29
- wp_register_script('mo2f_murmur',plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ));
30
- wp_register_script('mo2f_fd',plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ));
31
-
32
- wp_print_scripts( 'jquery');
33
- wp_print_scripts( 'mo2f_rba_flash');
34
- wp_print_scripts( 'mo2f_rba_ua_parser');
35
- wp_print_scripts( 'mo2f_client');
36
- wp_print_scripts( 'mo2f_device');
37
- wp_print_scripts( 'mo2f_swfobject');
38
- wp_print_scripts( 'mo2f_font');
39
- wp_print_scripts( 'mo2f_murmur');
40
- wp_print_scripts( 'mo2f_fd');
41
- }
42
- ?>
43
- <input type="hidden" name="miniorange_attribute_collection_nonce"
44
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' )); ?>"/>
45
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
46
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
47
- </form>
48
- </div>
49
- </body>
50
- </html>
51
- <?php
52
- }
53
- function mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encrypt,$redirect_to)
54
- {
55
- ?>
56
- <html>
57
- <head>
58
- <meta charset="utf-8"/>
59
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
60
- <meta name="viewport" content="width=device-width, initial-scale=1">
61
- <?php
62
- mo2f_inline_css_and_js();
63
- ?>
64
- </head>
65
- <body>
66
- <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
67
- <div class="mo2f-modal-backdrop"></div>
68
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
69
- <div class="login mo_customer_validation-modal-content">
70
- <div class="mo2f_modal-header">
71
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
72
-
73
- <?php echo __('Select 2 Factor method for authentication', 'miniorange-2-factor-authentication'); ?></h3>
74
- </div>
75
- <div class="mo2f_modal-body">
76
- <?php
77
- foreach ($configure_array_method as $key => $value)
78
- {
79
- echo'<span >
80
- <label>
81
- <input type="radio" name="mo2f_selected_mfactor_method" class ="mo2f-styled-radio_conf" value="'.$value.'"/>';
82
- echo'<span class="mo2f-styled-radio-text_conf">';
83
- echo __($value, 'miniorange-2-factor-authentication');
84
- echo ' </span> </label>
85
- <br>
86
- <br>
87
- </span>';
88
-
89
- }
90
-
91
- ?>
92
-
93
- <?php mo2f_customize_logo() ?>
94
- </div>
95
- </div>
96
- </div>
97
- </div>
98
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
99
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
100
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
101
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
102
- </form>
103
- <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
104
- <input type="hidden" name="mo2f_selected_mfactor_method" />
105
- <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('mo2f_miniorange-2factor-method-nonce')); ?>" />
106
- <input type="hidden" name="option" value="miniorange_mfactor_method" />
107
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
108
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
109
- </form>
110
-
111
- <script>
112
- function mologinback(){
113
- jQuery('#mo2f_backto_mo_loginform').submit();
114
- }
115
- jQuery('input:radio[name=mo2f_selected_mfactor_method]').click(function() {
116
- var selectedMethod = jQuery(this).val();
117
- document.getElementById("mo2f_select_mfa_methods_form").elements[0].value = selectedMethod;
118
- jQuery('#mo2f_select_mfa_methods_form').submit();
119
- });
120
-
121
- </script>
122
- </body>
123
- </html>
124
- <?php
125
- }
126
- function miniorange_get_user_role( $user ) {
127
- return $user->roles;
128
- }
129
-
130
- function redirect_user_to( $user, $redirect_to ) {
131
- $roles = $user->roles;
132
- $current_role = array_shift( $roles );
133
- $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
134
- if ( $current_role == 'administrator' ) {
135
- $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
136
- } else {
137
- $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
138
- }
139
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
140
- $redirect = array(
141
- 'redirect' => $redirectUrl,
142
- ) ;
143
-
144
- wp_send_json_success($redirect);
145
- }
146
- else
147
- wp_redirect( $redirectUrl );
148
- }
149
-
150
-
151
- // used in shortcode addon
152
-
153
- function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
154
- if ( empty( $current_roles ) ) {
155
- return 0;
156
- }
157
-
158
- foreach ( $current_roles as $value ) {
159
- if ( get_option( 'mo2fa_' . $value ) ) {
160
- return 1;
161
- }
162
- }
163
-
164
- return 0;
165
- }
166
-
167
- function mo2f_register_profile( $email, $deviceKey, $mo2f_rba_status ) {
168
-
169
- if ( isset( $deviceKey ) && $deviceKey == 'true' ) {
170
- if ( $mo2f_rba_status['status'] == 'WAIT_FOR_INPUT' && $mo2f_rba_status['decision_flag'] ) {
171
- $rba_profile = new Miniorange_Rba_Attributes();
172
- //register profile
173
- json_decode( $rba_profile->mo2f_register_rba_profile( $email, $mo2f_rba_status['sessionUuid'] ), true );
174
-
175
- return true;
176
- } else {
177
- return false;
178
- }
179
- }
180
-
181
- return false;
182
- }
183
-
184
- function mo2f_collect_attributes( $email, $attributes ) {
185
- $mo2f_rba_status = array();
186
- $mo2f_rba_status['decision_flag'] = false;
187
- $mo2f_rba_status['sessionUuid'] = '';
188
-
189
- if ( get_option( 'mo2f_remember_device' ) ) {
190
- $rba_attributes = new Miniorange_Rba_Attributes();
191
- //collect rba attributes
192
- $rba_response = json_decode( $rba_attributes->mo2f_collect_attributes( $email, $attributes ), true );
193
- if ( json_last_error() == JSON_ERROR_NONE ) {
194
- //attributes are collected successfully
195
- if ( $rba_response['status'] == 'SUCCESS' ) {
196
- $sessionUuid = $rba_response['sessionUuid'];
197
- // evaluate the rba risk
198
- $rba_risk_response = json_decode( $rba_attributes->mo2f_evaluate_risk( $email, $sessionUuid ), true );
199
-
200
- if ( json_last_error() == JSON_ERROR_NONE ) {
201
- if ( $rba_risk_response['status'] == 'SUCCESS' || $rba_risk_response['status'] == 'WAIT_FOR_INPUT' ) {
202
-
203
- $mo2f_rba_status['status'] = $rba_risk_response['status'];
204
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
205
- $mo2f_rba_status['decision_flag'] = true;
206
-
207
- } else {
208
- $mo2f_rba_status['status'] = $rba_risk_response['status'];
209
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
210
-
211
- }
212
- } else {
213
- $mo2f_rba_status['status'] = 'JSON_EVALUATE_ERROR';
214
- $mo2f_rba_status['sessionUuid'] = $sessionUuid;
215
-
216
- }
217
- } else {
218
- $mo2f_rba_status['status'] = 'ATTR_NOT_COLLECTED';
219
-
220
- }
221
- } else {
222
- $mo2f_rba_status['status'] = 'JSON_ATTR_NOT_COLLECTED';
223
-
224
- }
225
- } else {
226
- $mo2f_rba_status['status'] = 'RBA_NOT_ENABLED';
227
-
228
- }
229
-
230
- return $mo2f_rba_status;
231
- }
232
-
233
- function mo2f_get_user_2ndfactor( $user ) {
234
- global $Mo2fdbQueries;
235
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
236
- $enduser = new Two_Factor_Setup();
237
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $mo2f_user_email ), true );
238
- if ( json_last_error() == JSON_ERROR_NONE ) {
239
- if ( $userinfo['status'] == 'ERROR' ) {
240
- $mo2f_second_factor = 'NONE';
241
- } else if ( $userinfo['status'] == 'SUCCESS' ) {
242
- $mo2f_second_factor = $userinfo['authType'];
243
- } else if ( $userinfo['status'] == 'FAILED' ) {
244
- $mo2f_second_factor = 'USER_NOT_FOUND';
245
- } else {
246
- $mo2f_second_factor = 'NONE';
247
- }
248
- } else {
249
- $mo2f_second_factor = 'NONE';
250
- }
251
-
252
- return $mo2f_second_factor;
253
- }
254
-
255
- function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
256
- $mo2f_forgotphone_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
257
- $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
258
- $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
259
- ?>
260
- <html>
261
- <head>
262
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
263
- <meta name="viewport" content="width=device-width, initial-scale=1">
264
- <?php
265
- echo_js_css_files(); ?>
266
- </head>
267
- <body>
268
- <div class="mo2f_modal" tabindex="-1" role="dialog">
269
- <div class="mo2f-modal-backdrop"></div>
270
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
271
- <div class="login mo_customer_validation-modal-content">
272
- <div class="mo2f_modal-header">
273
- <h4 class="mo2f_modal-title">
274
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
275
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
276
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
277
- <?php echo mo2f_lt( 'How would you like to authenticate yourself?' ); ?>
278
- </h4>
279
- </div>
280
- <div class="mo2f_modal-body">
281
- <?php if ( $mo2f_forgotphone_enabled ) {
282
- if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
283
- <div id="otpMessage" class="mo2fa_display_message_frontend">
284
- <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
285
- </div>
286
- <?php } ?>
287
- <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
288
- <div class="mo2f_backup_options_div">
289
- <?php if ( $mo2f_email_as_backup_enabled ) { ?>
290
- <input type="radio" name="mo2f_selected_forgotphone_option"
291
- value="One Time Passcode over Email"
292
- checked="checked"/><?php echo mo2f_lt( 'Send a one time passcode to my registered email' ); ?>
293
- <br><br>
294
- <?php }
295
- if ( $mo2f_kba_as_backup_enabled ) { ?>
296
- <input type="radio" name="mo2f_selected_forgotphone_option"
297
- value="KBA"/><?php echo mo2f_lt( 'Answer your Security Questions (KBA)' ); ?>
298
- <?php } ?>
299
- <br><br>
300
- <input type="button" name="miniorange_validate_otp" value="<?php echo mo2f_lt( 'Continue' ); ?>" class="miniorange_validate_otp"
301
- onclick="mo2fselectforgotphoneoption();"/>
302
- </div>
303
- <?php mo2f_customize_logo();
304
- }
305
- ?>
306
- </div>
307
- </div>
308
- </div>
309
- </div>
310
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
311
- class="mo2f_display_none_forms">
312
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
313
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
314
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
315
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
316
- </form>
317
- <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
318
- <input type="hidden" name="mo2f_configured_2FA_method"/>
319
- <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
320
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' )); ?>"/>
321
- <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
322
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
323
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
324
- </form>
325
-
326
- <script>
327
- function mologinback() {
328
- jQuery('#mo2f_backto_mo_loginform').submit();
329
- }
330
-
331
- function mo2fselectforgotphoneoption() {
332
- var option = jQuery('input[name=mo2f_selected_forgotphone_option]:checked').val();
333
- document.getElementById("mo2f_challenge_forgotphone_form").elements[0].value = option;
334
- jQuery('#mo2f_challenge_forgotphone_form').submit();
335
- }
336
- </script>
337
- </body>
338
- </html>
339
- <?php }
340
-
341
- function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
342
- global $moWpnsUtility;
343
- $mo_wpns_config = new MoWpnsHandler();
344
- $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
345
- $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
346
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
347
- MO2f_Utility::mo2f_debug_file('Prompted KBA validation screen'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
348
- ?>
349
- <html>
350
- <head>
351
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
352
- <meta name="viewport" content="width=device-width, initial-scale=1">
353
- <?php
354
- echo_js_css_files(); ?>
355
- </head>
356
- <body>
357
- <div class="mo2f_modal" tabindex="-1" role="dialog">
358
- <div class="mo2f-modal-backdrop"></div>
359
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
360
- <div class="login mo_customer_validation-modal-content">
361
- <div class="mo2f_modal-header">
362
- <h4 class="mo2f_modal-title">
363
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
364
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
365
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
366
- <?php
367
- echo mo2f_lt( 'Validate Security Questions' ); ?>
368
- </h4>
369
- </div>
370
- <div class="mo2f_modal-body">
371
- <div id="kbaSection" class="kbaSectiondiv">
372
- <div id="otpMessage">
373
- <p style="font-size:13px;"
374
- class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? $login_message : __( 'Please answer the following questions:' ); ?></p>
375
- </div>
376
- <form name="f" id="mo2f_submitkba_loginform" method="post">
377
- <div id="mo2f_kba_content">
378
- <p style="font-size:15px;">
379
- <?php $kba_questions = $cookievalue;
380
- echo esc_html($kba_questions[0]['question']); ?><br>
381
- <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
382
- required="true" autofocus="true"
383
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
384
- title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
385
- autocomplete="off"><br>
386
- <?php echo esc_html($kba_questions[1]['question']); ?><br>
387
- <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
388
- required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
389
- title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
390
- autocomplete="off">
391
-
392
- </p>
393
- </div>
394
- <?php if ( $mo2f_login_option && $mo2f_remember_device_enabled ) {
395
- ?>
396
- <span class="mo2f_rememberdevice">
397
- <input type="checkbox" name="mo2f_trust_device" class="mo2f_trust_device"
398
- id="mo2f_trust_device"/><?php echo mo2f_lt( 'Remember this device.' ); ?>
399
- </span>
400
- <br>
401
- <br>
402
- <?php
403
- }
404
- ?>
405
- <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate"
406
- class="miniorange_kba_validate" style="float:left;"
407
- value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
408
- <input type="hidden" name="miniorange_kba_nonce"
409
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-kba-nonce' )); ?>"/>
410
- <input type="hidden" name="option"
411
- value="miniorange_kba_validate"/>
412
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
413
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
414
- </form>
415
- <br>
416
- </div><br>
417
- <?php
418
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
419
- <div>
420
- <a href="#mo2f_backup_generate">
421
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
422
- </a>
423
- </div>
424
- <?php }else{ ?>
425
- <div>
426
- <a href="#mo2f_backup_option">
427
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
428
- </a>
429
- </div>
430
- <?php }
431
- ?>
432
- <div style="padding:10px;">
433
- <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
434
- </div>
435
-
436
- <?php
437
- mo2f_customize_logo();
438
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
439
- ?>
440
-
441
- </div>
442
- </div>
443
- </div>
444
- </div>
445
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
446
- class="mo2f_display_none_forms">
447
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
448
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
449
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
450
- </form>
451
-
452
- <script>
453
- function mologinback() {
454
- jQuery('#mo2f_backto_mo_loginform').submit();
455
- }
456
- var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
457
- if(is_ajax){
458
- jQuery('#mo2f_answer_1').keypress(function (e) {
459
- if (e.which == 13) {//Enter key pressed
460
- e.preventDefault();
461
- mo2f_kba_ajax();
462
- }
463
- });
464
- jQuery('#mo2f_answer_2').keypress(function (e) {
465
- if (e.which == 13) {//Enter key pressed
466
- e.preventDefault();
467
- mo2f_kba_ajax();
468
- }
469
- });
470
- jQuery("#miniorange_kba_validate").click(function(e){
471
- e.preventDefault();
472
- mo2f_kba_ajax();
473
- });
474
-
475
- function mo2f_kba_ajax(){
476
- jQuery('#mo2f_answer_1').prop('disabled','true');
477
- jQuery('#mo2f_answer_2').prop('disabled','true');
478
- jQuery('#miniorange_kba_validate').prop('disabled','true');
479
- var data = {
480
- "action" : "mo2f_ajax",
481
- "mo2f_ajax_option" : "mo2f_ajax_kba",
482
- "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
483
- "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
484
- "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
485
- "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
486
- "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
487
- "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
488
- };
489
- jQuery.post(my_ajax_object.ajax_url, data, function(response) {
490
- if ( typeof response.data === "undefined") {
491
- jQuery("html").html(response);
492
- }
493
- else
494
- location.href = response.data.redirect;
495
- });
496
- }
497
- }
498
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
499
- jQuery('#mo2f_backup').submit();
500
- });
501
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
502
- jQuery('#mo2f_create_backup_codes').submit();
503
- });
504
- </script>
505
- </body>
506
-
507
- </html>
508
- <?php
509
- }
510
-
511
- function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
512
- ?>
513
- <html>
514
- <head> <meta charset="utf-8"/>
515
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
516
- <meta name="viewport" content="width=device-width, initial-scale=1">
517
- <?php
518
- echo_js_css_files(); ?>
519
- </head>
520
- <body>
521
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
522
- <div class="mo2f-modal-backdrop"></div>
523
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
524
- <div class="login mo_customer_validation-modal-content">
525
- <div class="mo2f_modal-header">
526
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
527
- <?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
528
- </h4>
529
- </div>
530
- <div class="mo2f_modal-body">
531
- <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
532
- <div id="otpMessage" >
533
-
534
- <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
535
- </div>
536
- <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
537
- <div id="mo2f_kba_content">
538
- <p style="font-size:15px;">
539
- <input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
540
- </p>
541
- </div>
542
- <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
543
- <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-validate-backup-nonce')); ?>" />
544
- <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
545
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
546
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
547
- </form>
548
- </br>
549
- </div>
550
- <br /><br /><br />
551
- <?php mo2f_customize_logo() ?>
552
- </div>
553
- </div>
554
- </div>
555
- </div>
556
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
557
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
558
- </form>
559
- </body>
560
- <script>
561
- function mologinback(){
562
- jQuery('#mo2f_backto_mo_loginform').submit();
563
- }
564
- </script>
565
- </html>
566
- <?php
567
- }
568
-
569
- function mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id ){
570
-
571
- $mo_wpns_config = new MoWpnsHandler();
572
-
573
- global $Mo2fdbQueries,$txid,$moWpnsUtility;
574
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
575
- $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
576
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
577
- $mo2f_EV_txid = get_user_meta($user_id,'mo2f_EV_txid',true);
578
- $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
579
-
580
- $current_user = get_user_by('id',$user_id);
581
- MO2f_Utility::mo2f_debug_file('Waiting for duo push notification validation'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
582
- update_user_meta($user_id,'current_user_email',$current_user->user_email);
583
-
584
-
585
- ?>
586
-
587
- <html>
588
- <head>
589
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
590
- <meta name="viewport" content="width=device-width, initial-scale=1">
591
- <?php
592
- echo_js_css_files(); ?>
593
- </head>
594
- <body>
595
- <div class="mo2f_modal" tabindex="-1" role="dialog">
596
- <div class="mo2f-modal-backdrop"></div>
597
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
598
- <div class="login mo_customer_validation-modal-content">
599
- <div class="mo2f_modal-header">
600
- <h4 class="mo2f_modal-title">
601
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
602
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
603
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
604
- <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
605
- </div>
606
- <div class="mo2f_modal-body">
607
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
608
- <div id="otpMessage">
609
- <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
610
- </div>
611
- <?php } ?>
612
- <div id="pushSection">
613
-
614
- <div>
615
- <center>
616
- <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
617
- </center>
618
- </div>
619
- <div id="showPushImage">
620
- <center>
621
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
622
- </center>
623
- </div>
624
-
625
-
626
- <span style="padding-right:2%;">
627
- <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
628
- <center>
629
- <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
630
- <input type="button" name="miniorange_login_forgotphone"
631
- onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
632
- class="miniorange_login_forgotphone"
633
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
634
- <?php } ?>
635
- &emsp;&emsp;
636
-
637
- </center>
638
- <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
639
- <center>
640
- <a href="#mo2f_alternate_login_kba">
641
- <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive push nitification?' ); ?></p>
642
- </a>
643
- </center>
644
- <?php } ?>
645
- </span>
646
- <center>
647
- <?php
648
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
649
- <div>
650
- <a href="#mo2f_backup_generate">
651
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
652
- </a>
653
- </div>
654
- <?php }else{ ?>
655
- <div>
656
- <a href="#mo2f_backup_option">
657
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
658
- </a>
659
- </div>
660
- <?php }
661
- ?>
662
- <div style="padding:10px;">
663
- <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
664
- </div>
665
- </center>
666
- </div>
667
-
668
- <?php
669
- mo2f_customize_logo();
670
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
671
- ?>
672
- </div>
673
- </div>
674
- </div>
675
- </div>
676
- <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
677
- class="mo2f_display_none_forms">
678
- <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
679
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' )); ?>"/>
680
- <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
681
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
682
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
683
- <input type="hidden" name="currentMethod" value="emailVer"/>
684
-
685
- </form>
686
- <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
687
- <input type="hidden" name="miniorange_duo_push_validation_nonce"
688
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' )); ?>"/>
689
- <input type="hidden" name="option" value="miniorange_duo_push_validation">
690
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
691
- <input type="hidden" name="tx_type"/>
692
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
693
- <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
694
-
695
- </form>
696
-
697
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
698
- <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
699
- <input type="hidden" name="miniorange_forgotphone"
700
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
701
- <input type="hidden" name="option" value="miniorange_forgotphone">
702
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
703
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
704
- </form>
705
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
706
- <input type="hidden" name="miniorange_alternate_login_kba_nonce"
707
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce') ); ?>"/>
708
- <input type="hidden" name="option" value="miniorange_alternate_login_kba">
709
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
710
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
711
- </form>
712
-
713
- <script>
714
- var timeout;
715
-
716
- pollPushValidation();
717
- function pollPushValidation()
718
- {
719
- var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
720
- var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
721
- var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
722
- var data={
723
- 'action':'mo2f_duo_ajax_request',
724
- 'call_type':'check_duo_push_auth_status',
725
- 'session_id_encrypt': session_id_encrypt,
726
- 'nonce' : nonce,
727
-
728
-
729
- };
730
-
731
- jQuery.post(ajax_url, data, function(response){
732
-
733
-
734
- if (response == 'SUCCESS') {
735
- jQuery('#mo2f_duo_push_validation_form').submit();
736
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
737
- jQuery('#mo2f_backto_duo_mo_loginform').submit();
738
- } else {
739
- timeout = setTimeout(pollMobileValidation, 3000);
740
- }
741
-
742
- });
743
- }
744
-
745
-
746
-
747
-
748
-
749
-
750
- function mologinforgotphone() {
751
- jQuery('#mo2f_show_forgotphone_loginform').submit();
752
- }
753
-
754
- function mologinback() {
755
- jQuery('#mo2f_backto_duo_mo_loginform').submit();
756
- }
757
-
758
- jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
759
- jQuery('#mo2f_alternate_login_kbaform').submit();
760
- });
761
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
762
- jQuery('#mo2f_backup').submit();
763
- });
764
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
765
- jQuery('#mo2f_create_backup_codes').submit();
766
- });
767
-
768
- </script>
769
- </body>
770
- </html>
771
-
772
- <?php
773
- }
774
-
775
- function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
776
-
777
- $mo_wpns_config = new MoWpnsHandler();
778
- global $Mo2fdbQueries,$txid,$moWpnsUtility;
779
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
780
- $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
781
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
782
- $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
783
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
784
- MO2f_Utility::mo2f_debug_file('Waiting for push notification validation '.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
785
- ?>
786
- <html>
787
- <head>
788
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
789
- <meta name="viewport" content="width=device-width, initial-scale=1">
790
- <?php
791
- echo_js_css_files(); ?>
792
- </head>
793
- <body>
794
- <div class="mo2f_modal" tabindex="-1" role="dialog">
795
- <div class="mo2f-modal-backdrop"></div>
796
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
797
- <div class="login mo_customer_validation-modal-content">
798
- <div class="mo2f_modal-header">
799
- <h4 class="mo2f_modal-title">
800
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
801
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
802
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
803
- <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
804
- </div>
805
- <div class="mo2f_modal-body">
806
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
807
- <div id="otpMessage">
808
- <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
809
- </div>
810
- <?php } ?>
811
- <div id="pushSection">
812
-
813
- <div>
814
- <center>
815
- <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
816
- </center>
817
- </div>
818
- <div id="showPushImage">
819
- <center>
820
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
821
- </center>
822
- </div>
823
-
824
-
825
- <span style="padding-right:2%;">
826
- <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
827
- <center>
828
- <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
829
- <input type="button" name="miniorange_login_forgotphone"
830
- onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
831
- class="miniorange_login_forgotphone"
832
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
833
- <?php } ?>
834
- &emsp;&emsp;
835
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
836
- id="miniorange_login_offline" class="miniorange_login_offline"
837
- value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
838
- </center>
839
- <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
840
- <center>
841
- <a href="#mo2f_alternate_login_kba">
842
- <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive mail?' ); ?></p>
843
- </a>
844
- </center>
845
- <?php } ?>
846
- </span>
847
- <center>
848
- <?php
849
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
850
- <div>
851
- <a href="#mo2f_backup_generate">
852
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
853
- </a>
854
- </div>
855
- <?php }else{ ?>
856
- <div>
857
- <a href="#mo2f_backup_option">
858
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
859
- </a>
860
- </div>
861
- <?php }
862
- ?>
863
- <div style="padding:10px;">
864
- <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
865
- </div>
866
- </center>
867
- </div>
868
-
869
- <?php
870
- mo2f_customize_logo();
871
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
872
- ?>
873
- </div>
874
- </div>
875
- </div>
876
- </div>
877
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
878
- class="mo2f_display_none_forms">
879
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
880
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
881
- <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
882
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
883
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
884
- <input type="hidden" name="currentMethod" value="emailVer"/>
885
-
886
- </form>
887
- <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
888
- <input type="hidden" name="miniorange_mobile_validation_nonce"
889
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' )); ?>"/>
890
- <input type="hidden" name="option" value="miniorange_mobile_validation">
891
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
892
- <input type="hidden" name="tx_type"/>
893
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
894
- <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
895
-
896
- </form>
897
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
898
- <input type="hidden" name="miniorange_softtoken"
899
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-softtoken' )); ?>"/>
900
- <input type="hidden" name="option" value="miniorange_softtoken">
901
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
902
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
903
- </form>
904
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
905
- <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
906
- <input type="hidden" name="miniorange_forgotphone"
907
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
908
- <input type="hidden" name="option" value="miniorange_forgotphone">
909
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
910
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
911
- </form>
912
- <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
913
- <input type="hidden" name="miniorange_alternate_login_kba_nonce"
914
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' )); ?>"/>
915
- <input type="hidden" name="option" value="miniorange_alternate_login_kba">
916
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
917
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
918
- </form>
919
-
920
- <script>
921
- var timeout;
922
- var login_status = '<?php echo esc_html($login_status);?>';
923
- var calls = 0;
924
- var onprem = '<?php echo esc_html(MO2F_IS_ONPREM); ?>';
925
-
926
- if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
927
- {
928
- pollPushValidation();
929
- function pollPushValidation()
930
- { calls = calls + 1;
931
- var data = {'txid':'<?php echo $mo2f_EV_txid;?>'};
932
- jQuery.ajax({
933
- url: '<?php echo get_site_option("siteurl"); ?>'+"/wp-login.php",
934
- type: "POST",
935
- data: data,
936
- success: function (result) {
937
-
938
- var status = result;
939
- if (status == 1) {
940
- jQuery('input[name="tx_type"]').val("EV");
941
- jQuery('#mo2f_mobile_validation_form').submit();
942
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
943
- jQuery('#mo2f_backto_mo_loginform').submit();
944
- } else {
945
- if(calls<300)
946
- {
947
- timeout = setTimeout(pollPushValidation, 1000);
948
- }
949
- else
950
- {
951
- jQuery('#mo2f_backto_mo_loginform').submit();
952
- }
953
- }
954
- }
955
- });
956
- }
957
-
958
-
959
- }
960
- else
961
- {
962
- pollPushValidation();
963
- function pollPushValidation() {
964
- var transId = "<?php echo esc_html($cookievalue);// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
965
- var jsonString = "{\"txId\":\"" + transId + "\"}";
966
- var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
967
-
968
- jQuery.ajax({
969
- url: postUrl,
970
- type: "POST",
971
- dataType: "json",
972
- data: jsonString,
973
- contentType: "application/json; charset=utf-8",
974
- success: function (result) {
975
- var status = JSON.parse(JSON.stringify(result)).status;
976
- if (status == 'SUCCESS') {
977
- jQuery('input[name="tx_type"]').val("PN");
978
- jQuery('#mo2f_mobile_validation_form').submit();
979
- } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
980
- jQuery('#mo2f_backto_mo_loginform').submit();
981
- } else {
982
- timeout = setTimeout(pollPushValidation, 3000);
983
- }
984
- }
985
- });
986
- }
987
- }
988
-
989
- function mologinoffline() {
990
- jQuery('#mo2f_show_softtoken_loginform').submit();
991
- }
992
-
993
- function mologinforgotphone() {
994
- jQuery('#mo2f_show_forgotphone_loginform').submit();
995
- }
996
-
997
- function mologinback() {
998
- jQuery('#mo2f_backto_mo_loginform').submit();
999
- }
1000
-
1001
- jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
1002
- jQuery('#mo2f_alternate_login_kbaform').submit();
1003
- });
1004
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
1005
- jQuery('#mo2f_backup').submit();
1006
- });
1007
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1008
- jQuery('#mo2f_create_backup_codes').submit();
1009
- });
1010
-
1011
- </script>
1012
- </body>
1013
- </html>
1014
- <?php
1015
- }
1016
-
1017
- function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
1018
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1019
- $mo_wpns_config = new MoWpnsHandler();
1020
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1021
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1022
- ?>
1023
- <html>
1024
- <head>
1025
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1026
- <meta name="viewport" content="width=device-width, initial-scale=1">
1027
- <?php
1028
- echo_js_css_files(); ?>
1029
- </head>
1030
- <body>
1031
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1032
- <div class="mo2f-modal-backdrop"></div>
1033
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1034
- <div class="login mo_customer_validation-modal-content">
1035
- <div class="mo2f_modal-header">
1036
- <h4 class="mo2f_modal-title">
1037
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1038
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1039
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1040
- <?php echo mo2f_lt( 'Scan QR Code' ); ?></h4>
1041
- </div>
1042
- <div class="mo2f_modal-body center">
1043
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1044
- <div id="otpMessage">
1045
- <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1046
- </div>
1047
- <br>
1048
- <?php } ?>
1049
- <div id="scanQRSection">
1050
- <div style="margin-bottom:10%;">
1051
- <center>
1052
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Identify yourself by scanning the QR code with miniOrange Authenticator app.' ); ?></p>
1053
- </center>
1054
- </div>
1055
- <div id="showQrCode" style="margin-bottom:10%;">
1056
- <center><?php echo '<img src="data:image/jpg;base64,' . esc_html($qrCode) . '" />'; ?></center>
1057
- </div>
1058
- <span style="padding-right:2%;">
1059
- <center>
1060
- <?php if ( ! $mo2f_is_new_customer ) { ?>
1061
- <?php if ( $mo2f_enable_forgotphone ) { ?>
1062
- <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1063
- id="miniorange_login_forgotphone" class="miniorange_login_forgotphone"
1064
- style="margin-right:5%;"
1065
- value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
1066
- <?php } ?>
1067
- &emsp;&emsp;
1068
- <?php } ?>
1069
- <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
1070
- id="miniorange_login_offline" class="miniorange_login_offline"
1071
- value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
1072
- </center>
1073
- </span>
1074
- <?php
1075
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1076
- <div>
1077
- <a href="#mo2f_backup_generate">
1078
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1079
- </a>
1080
- </div>
1081
- <?php }else{ ?>
1082
- <div>
1083
- <a href="#mo2f_backup_option">
1084
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1085
- </a>
1086
- </div>
1087
- <?php }
1088
- ?>
1089
- <div style="padding:10px;">
1090
- <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1091
- </div>
1092
- </div>
1093
- <?php
1094
- mo2f_customize_logo();
1095
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1096
- ?>
1097
- </div>
1098
- </div>
1099
- </div>
1100
- </div>
1101
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1102
- class="mo2f_display_none_forms">
1103
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1104
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce') ); ?>"/>
1105
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1106
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1107
- </form>
1108
- <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1109
- <input type="hidden" name="miniorange_mobile_validation_nonce"
1110
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' )); ?>"/>
1111
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1112
- <input type="hidden" name="option" value="miniorange_mobile_validation">
1113
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1114
- </form>
1115
- <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1116
- <input type="hidden" name="miniorange_softtoken"
1117
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-softtoken' )); ?>"/>
1118
- <input type="hidden" name="option" value="miniorange_softtoken">
1119
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1120
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1121
- </form>
1122
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1123
- <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1124
- <input type="hidden" name="miniorange_forgotphone"
1125
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
1126
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1127
- <input type="hidden" name="option" value="miniorange_forgotphone">
1128
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1129
- </form>
1130
-
1131
- <script>
1132
- var timeout;
1133
- pollMobileValidation();
1134
-
1135
- function pollMobileValidation() {
1136
- var transId = "<?php echo esc_html($cookievalue);//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1137
- var jsonString = "{\"txId\":\"" + transId + "\"}";
1138
- var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
1139
- jQuery.ajax({
1140
- url: postUrl,
1141
- type: "POST",
1142
- dataType: "json",
1143
- data: jsonString,
1144
- contentType: "application/json; charset=utf-8",
1145
- success: function (result) {
1146
- var status = JSON.parse(JSON.stringify(result)).status;
1147
- if (status == 'SUCCESS') {
1148
- var content = "<div id='success'><center><img src='" + "<?php echo plugins_url( 'includes/images/right.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1149
- jQuery("#showQrCode").empty();
1150
- jQuery("#showQrCode").append(content);
1151
- setTimeout(function () {
1152
- jQuery("#mo2f_mobile_validation_form").submit();
1153
- }, 100);
1154
- } else if (status == 'ERROR' || status == 'FAILED') {
1155
- var content = "<div id='error'><center><img src='" + "<?php echo plugins_url( 'includes/images/wrong.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1156
- jQuery("#showQrCode").empty();
1157
- jQuery("#showQrCode").append(content);
1158
- setTimeout(function () {
1159
- jQuery('#mo2f_backto_mo_loginform').submit();
1160
- }, 1000);
1161
- } else {
1162
- timeout = setTimeout(pollMobileValidation, 3000);
1163
- }
1164
- }
1165
- });
1166
- }
1167
-
1168
- function mologinoffline() {
1169
- jQuery('#mo2f_show_softtoken_loginform').submit();
1170
- }
1171
-
1172
- function mologinforgotphone() {
1173
- jQuery('#mo2f_show_forgotphone_loginform').submit();
1174
- }
1175
-
1176
- function mologinback() {
1177
- jQuery('#mo2f_backto_mo_loginform').submit();
1178
- }
1179
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
1180
- jQuery('#mo2f_backup').submit();
1181
- });
1182
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1183
- jQuery('#mo2f_create_backup_codes').submit();
1184
- });
1185
-
1186
- </script>
1187
- </body>
1188
- </html>
1189
- <?php
1190
- }
1191
-
1192
- function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ,$mo2fa_transaction_id = null ) {
1193
- global $Mo2fdbQueries,$moWpnsUtility;
1194
- $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1195
- $mo_wpns_config = new MoWpnsHandler();
1196
- $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1197
- $attempts = get_option('mo2f_attempts_before_redirect', 3);
1198
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1199
- $mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
1200
-
1201
- MO2f_Utility::mo2f_debug_file('Prompted 2fa validation screen '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1202
- ?>
1203
- <html>
1204
- <head>
1205
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1206
- <meta name="viewport" content="width=device-width, initial-scale=1">
1207
- <?php
1208
- echo_js_css_files();
1209
- ?>
1210
- </head>
1211
- <body>
1212
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1213
- <div class="mo2f-modal-backdrop"></div>
1214
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1215
- <div class="login mo_customer_validation-modal-content">
1216
- <div class="mo2f_modal-header">
1217
- <h4 class="mo2f_modal-title">
1218
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1219
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1220
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1221
- <?php echo mo2f_lt( 'Validate OTP' ); ?>
1222
- </h4>
1223
- </div>
1224
- <div class="mo2f_modal-body center">
1225
- <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1226
- <div id="otpMessage">
1227
- <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1228
- </div>
1229
- <?php } ?><br><?php
1230
- ?>
1231
- <span><b>Attempts left</b>:</span> <?php echo esc_html($attempts);?><br>
1232
- <?php if($attempts==1){?>
1233
- <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1234
- <?php }?>
1235
- <br>
1236
- <div id="showOTP">
1237
- <div class="mo2f-login-container">
1238
- <form name="f" id="mo2f_submitotp_loginform" method="post">
1239
- <center>
1240
- <input type="text" name="mo2fa_softtoken" style="height:28px !important;"
1241
- placeholder="<?php echo mo2f_lt( 'Enter code' ); ?>"
1242
- id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true"
1243
- pattern="[0-9]{4,8}"
1244
- title="<?php echo mo2f_lt( 'Only digits within range 4-8 are allowed.' ); ?>"/>
1245
- </center>
1246
- <br>
1247
- <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
1248
- class="miniorange_otp_token_submit"
1249
- value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
1250
- <?php
1251
-
1252
- if($show_back_button == 1)
1253
- {
1254
- ?>
1255
- <input type="button" name="miniorange_otp_token_back" id="miniorange_otp_token_back"
1256
- class="miniorange_otp_token_submit"
1257
- value="<?php echo mo2f_lt( 'Back' ); ?>"/>
1258
- <?php
1259
- }
1260
- ?>
1261
- <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1262
- <input type="hidden" name="miniorange_soft_token_nonce"
1263
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' )); ?>"/>
1264
- <input type="hidden" name="option" value="miniorange_soft_token">
1265
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1266
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1267
- <?php if($mo2fa_transaction_id!=null){ ?>
1268
- <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo esc_html($mo2fa_transaction_id); ?>"/>
1269
- <?php }?>
1270
- </form>
1271
- <?php
1272
- $Kbaset = get_user_meta( $user_id ,'Security Questions' );
1273
- if ( ! $mo2f_is_new_customer ) { ?>
1274
- <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
1275
- <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1276
- id="miniorange_login_forgotphone"
1277
- class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
1278
- <?php } ?>
1279
- <?php }
1280
- if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1281
- if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1282
- <div>
1283
- <a href="#mo2f_backup_generate">
1284
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1285
- </a>
1286
- </div>
1287
- <?php }else{ ?>
1288
- <div>
1289
- <a href="#mo2f_backup_option">
1290
- <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1291
- </a>
1292
- </div>
1293
- <?php }
1294
- ?>
1295
-
1296
- <div style="padding:10px;">
1297
- <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1298
- </div>
1299
- <?php } ?>
1300
- </div>
1301
- </div>
1302
- </center>
1303
- <?php
1304
- mo2f_customize_logo();
1305
- if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1306
- mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1307
- }
1308
- ?>
1309
- </div>
1310
- </div>
1311
- </div>
1312
- </div>
1313
-
1314
- <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1315
- class="mo2f_display_none_forms">
1316
- <input type="hidden" name="miniorange_back_inline_reg_nonce"
1317
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' )); ?>"/>
1318
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1319
- <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1320
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1321
-
1322
- </form>
1323
-
1324
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1325
- class="mo2f_display_none_forms">
1326
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1327
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
1328
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1329
- </form>
1330
-
1331
- <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1332
- <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1333
- <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1334
- <input type="hidden" name="miniorange_forgotphone"
1335
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
1336
- <input type="hidden" name="option" value="miniorange_forgotphone">
1337
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1338
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1339
- </form>
1340
-
1341
- <?php } ?>
1342
-
1343
- <script>
1344
- jQuery('#miniorange_otp_token_back').click(function(){
1345
- jQuery('#mo2f_backto_inline_registration').submit();
1346
- });
1347
- jQuery('a[href="#mo2f_backup_option"]').click(function() {
1348
- jQuery('#mo2f_backup').submit();
1349
- });
1350
- jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1351
- jQuery('#mo2f_create_backup_codes').submit();
1352
- });
1353
-
1354
- function mologinback() {
1355
- jQuery('#mo2f_backto_mo_loginform').submit();
1356
- }
1357
-
1358
- function mologinforgotphone() {
1359
- jQuery('#mo2f_show_forgotphone_loginform').submit();
1360
- }
1361
- var is_ajax = '<?php echo esc_html(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'));?>';
1362
- if(is_ajax){
1363
- jQuery('#mo2fa_softtoken').keypress(function (e) {
1364
- if (e.which == 13) {//Enter key pressed
1365
- e.preventDefault();
1366
- mo2f_otp_ajax();
1367
- }
1368
- });
1369
- jQuery("#miniorange_otp_token_submit").click(function(e){
1370
- e.preventDefault();
1371
- mo2f_otp_ajax();
1372
- });
1373
-
1374
- function mo2f_otp_ajax(){
1375
- jQuery('#mo2fa_softtoken').prop('disabled','true');
1376
- jQuery('#miniorange_otp_token_submit').prop('disabled','true');
1377
- var data = {
1378
- "action" : "mo2f_ajax",
1379
- "mo2f_ajax_option" : "mo2f_ajax_otp",
1380
- "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
1381
- "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
1382
- "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
1383
- "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
1384
- "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
1385
- };
1386
- jQuery.post(my_ajax_object.ajax_url, data, function(response) {
1387
- if(typeof response.data === "undefined")
1388
- jQuery("html").html(response);
1389
- else if(response.data.reload)
1390
- location.reload( true );
1391
- else
1392
- location.href = response.data.redirect;
1393
- });
1394
- }
1395
- }
1396
- </script>
1397
- </body>
1398
- </html>
1399
- <?php
1400
- }
1401
-
1402
-
1403
- function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1404
- ?>
1405
- <html>
1406
- <head>
1407
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1408
- <meta name="viewport" content="width=device-width, initial-scale=1">
1409
- <?php
1410
- echo_js_css_files();
1411
- ?>
1412
- </head>
1413
- <body>
1414
- <div class="mo2f_modal" tabindex="-1" role="dialog">
1415
- <div class="mo2f-modal-backdrop"></div>
1416
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1417
- <div class="login mo_customer_validation-modal-content">
1418
- <div class="mo2f_modal-header">
1419
- <h4 class="mo2f_modal-title">
1420
- <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1421
- title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1422
- onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1423
-
1424
- <?php echo mo2f_lt( 'Remember Device' ); ?>
1425
- </h4>
1426
- </div>
1427
- <div class="mo2f_modal-body center">
1428
- <div id="mo2f_device_content">
1429
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Do you want to remember this device?' ); ?></p>
1430
- <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();"
1431
- id="miniorange_trust_device_yes" class="mo_green" style="margin-right:5%;"
1432
- value="<?php echo mo2f_lt( 'Yes' ); ?>"/>
1433
- <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();"
1434
- id="miniorange_trust_device_no" class="mo_red"
1435
- value="<?php echo mo2f_lt( 'No' ); ?>"/>
1436
- </div>
1437
- <div id="showLoadingBar" hidden>
1438
- <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1439
- <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__))) ); ?>"/>
1440
- </div>
1441
- <br><br>
1442
- <span>
1443
- <?php echo mo2f_lt( 'Click on ' ); ?>
1444
- <i><b><?php echo mo2f_lt( 'Yes' ); ?></b></i><?php echo mo2f_lt( 'if this is your personal device.' ); ?>
1445
- <br>
1446
- <?php echo mo2f_lt( 'Click on ' ); ?>
1447
- <i><b><?php echo mo2f_lt( 'No ' ); ?></b></i> <?php echo mo2f_lt( 'if this is a public device.' ); ?>
1448
- </span><br><br>
1449
- <?php mo2f_customize_logo() ?>
1450
- </div>
1451
- </div>
1452
- </div>
1453
- </div>
1454
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1455
- class="mo2f_display_none_forms">
1456
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1457
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
1458
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1459
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1460
- </form>
1461
- <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1462
- <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1463
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' )); ?>"/>
1464
- <input type="hidden" name="option" value="miniorange_rba_validate">
1465
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1466
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1467
- </form>
1468
- <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1469
- <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1470
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' )); ?>"/>
1471
- <input type="hidden" name="option" value="miniorange_rba_cancle">
1472
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1473
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1474
- </form>
1475
- <script>
1476
- function mologinback() {
1477
- jQuery('#mo2f_backto_mo_loginform').submit();
1478
- }
1479
-
1480
- function mo_check_device_confirm() {
1481
- jQuery('#mo2f_device_content').css("display", "none");
1482
- jQuery('#showLoadingBar').css("display", "block");
1483
- jQuery('#mo2f_trust_device_confirm_form').submit();
1484
- }
1485
-
1486
- function mo_check_device_cancel() {
1487
- jQuery('#mo2f_device_content').css("display", "none");
1488
- jQuery('#showLoadingBar').css("display", "block");
1489
- jQuery('#mo2f_trust_device_cancel_form').submit();
1490
- }
1491
- </script>
1492
- </body>
1493
- </html>
1494
- <?php }
1495
-
1496
- function mo2f_customize_logo() { ?>
1497
- <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1498
- alt="logo"
1499
- src="<?php echo esc_url(plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__)))); ?>"/></a></div>
1500
-
1501
- <?php }
1502
-
1503
- function echo_js_css_files() {
1504
-
1505
- wp_register_style( 'mo2f_style_settings',plugins_url( 'includes/css/twofa_style_settings.css?version=5.5', dirname(dirname(__FILE__))));
1506
- wp_print_styles( 'mo2f_style_settings' );
1507
-
1508
- wp_register_script( 'mo2f_bootstrap_js',plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__)) ) );
1509
- wp_print_scripts( 'jquery' );
1510
- wp_print_scripts( 'mo2f_bootstrap_js');
1511
- }
1512
-
1513
- function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1514
- global $Mo2fdbQueries;
1515
- update_site_option('mo2f_is_inline_used','1');
1516
- if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
1517
- $encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
1518
- $key = get_option( 'mo2f_encryption_key' );
1519
- $codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
1520
- $codes = explode(",", $codes_string);
1521
- delete_user_meta($id, 'chqwetcsdvnvd');
1522
- $result = true;
1523
- }else{
1524
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1525
- if(empty($mo2f_user_email)){
1526
- $currentuser = get_user_by( 'id', $id );
1527
- $mo2f_user_email = $currentuser->user_email;
1528
- }
1529
- $generate_backup_code = new Customer_Cloud_Setup();
1530
- $codes = $generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
1531
-
1532
- if($codes != 'DBConnectionIssue' && $codes != 'UnableToFetchData' && $codes != 'UserLimitReached' && $codes != 'ERROR' && $codes != 'LimitReached' && $codes != 'AllUsed' && $codes != 'invalid_request' ){
1533
- $codes = explode(' ', $codes);
1534
- $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1535
- update_user_meta($id, 'mo_backup_code_generated', 1);
1536
- $code_generated = 'code_generation_successful';
1537
- }else{
1538
- $code_generated = 'code_generation_failed';
1539
- update_user_meta($id, 'error_during_code_generation',$codes);
1540
- }
1541
-
1542
-
1543
- }
1544
- update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1545
- ?>
1546
- <html>
1547
- <head> <meta charset="utf-8"/>
1548
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1549
- <meta name="viewport" content="width=device-width, initial-scale=1">
1550
- <?php
1551
-
1552
- wp_register_script( 'mo2f_bootstrap_js', plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) );
1553
- wp_print_scripts( 'jquery' );
1554
- wp_print_scripts('mo2f_bootstrap_js');
1555
-
1556
- wp_register_style('mo2f_bootstrap',plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))));
1557
- wp_register_style('mo2f_frontend',plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))));
1558
- wp_register_style('mo2f_style_settings',plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))));
1559
- wp_register_style('mo2f_hide_login',plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))));
1560
-
1561
- wp_print_styles( 'mo2f_bootstrap');
1562
- wp_print_styles( 'mo2f_frontend');
1563
- wp_print_styles( 'mo2f_style_settings');
1564
- wp_print_styles( 'mo2f_hide_login');
1565
- ?>
1566
- <style>
1567
- .mo2f_kba_ques, .mo2f_table_textbox{
1568
- background: whitesmoke none repeat scroll 0% 0%;
1569
- }
1570
- </style>
1571
- </head>
1572
- <body>
1573
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1574
- <div class="mo2f-modal-backdrop"></div>
1575
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1576
- <div class="login mo_customer_validation-modal-content">
1577
- <div class="mo2f_modal-header">
1578
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1579
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1580
- </div>
1581
- <?php if($code_generated == 'code_generation_successful') { ?>
1582
- <div class="mo2f_modal-body center">
1583
-
1584
-
1585
- <h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
1586
-
1587
- <h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
1588
- <br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
1589
-
1590
- <h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
1591
- <br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
1592
- <?php ?>
1593
- <div>
1594
- <div style="display: inline-flex;width: 350px; ">
1595
- <div id="clipboard" style="border: solid;width: 55%;float: left;">
1596
- <?php
1597
- for ($x = 0; $x < sizeof($codes); $x++) {
1598
- $str = $codes[$x];
1599
- echo("<br>".esc_html($str)." <br>");
1600
- }
1601
-
1602
- $str1="";
1603
- for ($x = 0; $x < sizeof($codes); $x++) {
1604
- $str = $codes[$x];
1605
- $str1.=$str;
1606
- if($x != 4){
1607
- $str1.=',';
1608
- }
1609
- }
1610
- ?>
1611
- </div>
1612
- <div style="width: 50%;float: right;">
1613
- <form name="f" method="post" id="mo2f_users_backup1" action="">
1614
- <input type="hidden" name="option" value="mo2f_users_backup1" />
1615
- <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo esc_html($str1); ?>" />
1616
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1617
- <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-backup-nonce')); ?>" />
1618
-
1619
- <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1620
- </form>
1621
- </div>
1622
-
1623
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url());?>" >
1624
- <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1625
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce')); ?>" />
1626
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1627
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1628
- <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1629
- </form>
1630
- </div>
1631
- </div>
1632
-
1633
- <?php
1634
- mo2f_customize_logo() ?>
1635
- </div>
1636
- <?php } else { ?>
1637
- <div style="text-align:center;">
1638
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url());?>" >
1639
- <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1640
- <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce')); ?>" />
1641
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1642
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1643
- <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1644
- </form>
1645
- </div>
1646
- <?php } ?>
1647
- </div>
1648
- </div>
1649
- </div>
1650
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1651
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1652
- </form>
1653
- </body>
1654
- <script>
1655
- function mologinback(){
1656
- jQuery('#mo2f_backto_mo_loginform').submit();
1657
- }
1658
- </script>
1659
- </html>
1660
- <?php
1661
-
1662
-
1663
- }
1664
-
1665
- function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1666
- ?>
1667
- <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1668
- <input type="hidden" name="miniorange_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-backup-nonce')); ?>" />
1669
- <input type="hidden" name="option" value="miniorange_backup_nonce">
1670
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1671
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1672
- </form>
1673
- <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1674
- <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-generate-backup-nonce')); ?>" />
1675
- <input type="hidden" name="option" value="miniorange_create_backup_codes">
1676
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1677
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1678
- <input type="hidden" name="login_status" value="<?php echo esc_html($login_status); ?>" />
1679
- <input type="hidden" name="login_message" value="<?php echo wp_kses($login_message, array('b'=>array())); ?>" />
1680
- </form>
1681
- <?php
1682
- }
1683
-
1684
  ?>
1
+ <?php
2
+ function mo2f_collect_device_attributes_handler( $session_id_encrypt,$redirect_to = null ) {
3
+ ?>
4
+ <html>
5
+ <head>
6
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
7
+ <meta name="viewport" content="width=device-width, initial-scale=1">
8
+ <?php
9
+ wp_print_scripts( 'jquery' );
10
+ ?>
11
+ </head>
12
+ <body>
13
+ <div>
14
+ <form id="morba_loginform" method="post">
15
+ <h1><?php echo mo2f_lt( 'Please wait' ); ?>...</h1>
16
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(dirname(__FILE__)))) ); ?>"/>
17
+ <?php
18
+ if ( get_option( 'mo2f_remember_device' ) ) {
19
+ ?>
20
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
21
+ <?php
22
+ wp_enqueue_script('jquery');
23
+ wp_register_script('mo2f_rba_flash',plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(dirname(__FILE__))) ));
24
+ wp_register_script('mo2f_rba_ua_parser',plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(dirname(__FILE__))) ));
25
+ wp_register_script('mo2f_client',plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(dirname(__FILE__))) ));
26
+ wp_register_script('mo2f_device',plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(dirname(__FILE__))) ));
27
+ wp_register_script('mo2f_swfobject',plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(dirname(__FILE__))) ));
28
+ wp_register_script('mo2f_font',plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(dirname(__FILE__))) ));
29
+ wp_register_script('mo2f_murmur',plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(dirname(__FILE__))) ));
30
+ wp_register_script('mo2f_fd',plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(dirname(__FILE__))) ));
31
+
32
+ wp_print_scripts( 'jquery');
33
+ wp_print_scripts( 'mo2f_rba_flash');
34
+ wp_print_scripts( 'mo2f_rba_ua_parser');
35
+ wp_print_scripts( 'mo2f_client');
36
+ wp_print_scripts( 'mo2f_device');
37
+ wp_print_scripts( 'mo2f_swfobject');
38
+ wp_print_scripts( 'mo2f_font');
39
+ wp_print_scripts( 'mo2f_murmur');
40
+ wp_print_scripts( 'mo2f_fd');
41
+ }
42
+ ?>
43
+ <input type="hidden" name="miniorange_attribute_collection_nonce"
44
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-attribute-collection-nonce' )); ?>"/>
45
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
46
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
47
+ </form>
48
+ </div>
49
+ </body>
50
+ </html>
51
+ <?php
52
+ }
53
+ function mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encrypt,$redirect_to)
54
+ {
55
+ ?>
56
+ <html>
57
+ <head>
58
+ <meta charset="utf-8"/>
59
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
60
+ <meta name="viewport" content="width=device-width, initial-scale=1">
61
+ <?php
62
+ mo2f_inline_css_and_js();
63
+ ?>
64
+ </head>
65
+ <body>
66
+ <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
67
+ <div class="mo2f-modal-backdrop"></div>
68
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
69
+ <div class="login mo_customer_validation-modal-content">
70
+ <div class="mo2f_modal-header">
71
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
72
+
73
+ <?php echo __('Select 2 Factor method for authentication', 'miniorange-2-factor-authentication'); ?></h3>
74
+ </div>
75
+ <div class="mo2f_modal-body">
76
+ <?php
77
+ foreach ($configure_array_method as $key => $value)
78
+ {
79
+ echo'<span >
80
+ <label>
81
+ <input type="radio" name="mo2f_selected_mfactor_method" class ="mo2f-styled-radio_conf" value="'.$value.'"/>';
82
+ echo'<span class="mo2f-styled-radio-text_conf">';
83
+ echo __($value, 'miniorange-2-factor-authentication');
84
+ echo ' </span> </label>
85
+ <br>
86
+ <br>
87
+ </span>';
88
+
89
+ }
90
+
91
+ ?>
92
+
93
+ <?php mo2f_customize_logo() ?>
94
+ </div>
95
+ </div>
96
+ </div>
97
+ </div>
98
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
99
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
100
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
101
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
102
+ </form>
103
+ <form name="f" method="post" action="" id="mo2f_select_mfa_methods_form" style="display:none;">
104
+ <input type="hidden" name="mo2f_selected_mfactor_method" />
105
+ <input type="hidden" name="mo2f_miniorange_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('mo2f_miniorange-2factor-method-nonce')); ?>" />
106
+ <input type="hidden" name="option" value="miniorange_mfactor_method" />
107
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
108
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
109
+ </form>
110
+
111
+ <script>
112
+ function mologinback(){
113
+ jQuery('#mo2f_backto_mo_loginform').submit();
114
+ }
115
+ jQuery('input:radio[name=mo2f_selected_mfactor_method]').click(function() {
116
+ var selectedMethod = jQuery(this).val();
117
+ document.getElementById("mo2f_select_mfa_methods_form").elements[0].value = selectedMethod;
118
+ jQuery('#mo2f_select_mfa_methods_form').submit();
119
+ });
120
+
121
+ </script>
122
+ </body>
123
+ </html>
124
+ <?php
125
+ }
126
+ function miniorange_get_user_role( $user ) {
127
+ return $user->roles;
128
+ }
129
+
130
+ function redirect_user_to( $user, $redirect_to ) {
131
+ $roles = $user->roles;
132
+ $current_role = array_shift( $roles );
133
+ $redirectUrl = isset( $redirect_to ) && ! empty( $redirect_to ) ? $redirect_to : null;
134
+ if ( $current_role == 'administrator' ) {
135
+ $redirectUrl = empty( $redirectUrl ) ? admin_url() : $redirectUrl;
136
+ } else {
137
+ $redirectUrl = empty( $redirectUrl ) ? home_url() : $redirectUrl;
138
+ }
139
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
140
+ $redirect = array(
141
+ 'redirect' => $redirectUrl,
142
+ ) ;
143
+
144
+ wp_send_json_success($redirect);
145
+ }
146
+ else
147
+ wp_redirect( $redirectUrl );
148
+ }
149
+
150
+
151
+ // used in shortcode addon
152
+
153
+ function miniorange_check_if_2fa_enabled_for_roles( $current_roles ) {
154
+ if ( empty( $current_roles ) ) {
155
+ return 0;
156
+ }
157
+
158
+ foreach ( $current_roles as $value ) {
159
+ if ( get_option( 'mo2fa_' . $value ) ) {
160
+ return 1;
161
+ }
162
+ }
163
+
164
+ return 0;
165
+ }
166
+
167
+ function mo2f_register_profile( $email, $deviceKey, $mo2f_rba_status ) {
168
+
169
+ if ( isset( $deviceKey ) && $deviceKey == 'true' ) {
170
+ if ( $mo2f_rba_status['status'] == 'WAIT_FOR_INPUT' && $mo2f_rba_status['decision_flag'] ) {
171
+ $rba_profile = new Miniorange_Rba_Attributes();
172
+ //register profile
173
+ json_decode( $rba_profile->mo2f_register_rba_profile( $email, $mo2f_rba_status['sessionUuid'] ), true );
174
+
175
+ return true;
176
+ } else {
177
+ return false;
178
+ }
179
+ }
180
+
181
+ return false;
182
+ }
183
+
184
+ function mo2f_collect_attributes( $email, $attributes ) {
185
+ $mo2f_rba_status = array();
186
+ $mo2f_rba_status['decision_flag'] = false;
187
+ $mo2f_rba_status['sessionUuid'] = '';
188
+
189
+ if ( get_option( 'mo2f_remember_device' ) ) {
190
+ $rba_attributes = new Miniorange_Rba_Attributes();
191
+ //collect rba attributes
192
+ $rba_response = json_decode( $rba_attributes->mo2f_collect_attributes( $email, $attributes ), true );
193
+ if ( json_last_error() == JSON_ERROR_NONE ) {
194
+ //attributes are collected successfully
195
+ if ( $rba_response['status'] == 'SUCCESS' ) {
196
+ $sessionUuid = $rba_response['sessionUuid'];
197
+ // evaluate the rba risk
198
+ $rba_risk_response = json_decode( $rba_attributes->mo2f_evaluate_risk( $email, $sessionUuid ), true );
199
+
200
+ if ( json_last_error() == JSON_ERROR_NONE ) {
201
+ if ( $rba_risk_response['status'] == 'SUCCESS' || $rba_risk_response['status'] == 'WAIT_FOR_INPUT' ) {
202
+
203
+ $mo2f_rba_status['status'] = $rba_risk_response['status'];
204
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
205
+ $mo2f_rba_status['decision_flag'] = true;
206
+
207
+ } else {
208
+ $mo2f_rba_status['status'] = $rba_risk_response['status'];
209
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
210
+
211
+ }
212
+ } else {
213
+ $mo2f_rba_status['status'] = 'JSON_EVALUATE_ERROR';
214
+ $mo2f_rba_status['sessionUuid'] = $sessionUuid;
215
+
216
+ }
217
+ } else {
218
+ $mo2f_rba_status['status'] = 'ATTR_NOT_COLLECTED';
219
+
220
+ }
221
+ } else {
222
+ $mo2f_rba_status['status'] = 'JSON_ATTR_NOT_COLLECTED';
223
+
224
+ }
225
+ } else {
226
+ $mo2f_rba_status['status'] = 'RBA_NOT_ENABLED';
227
+
228
+ }
229
+
230
+ return $mo2f_rba_status;
231
+ }
232
+
233
+ function mo2f_get_user_2ndfactor( $user ) {
234
+ global $Mo2fdbQueries;
235
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
236
+ $enduser = new Two_Factor_Setup();
237
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $mo2f_user_email ), true );
238
+ if ( json_last_error() == JSON_ERROR_NONE ) {
239
+ if ( $userinfo['status'] == 'ERROR' ) {
240
+ $mo2f_second_factor = 'NONE';
241
+ } else if ( $userinfo['status'] == 'SUCCESS' ) {
242
+ $mo2f_second_factor = $userinfo['authType'];
243
+ } else if ( $userinfo['status'] == 'FAILED' ) {
244
+ $mo2f_second_factor = 'USER_NOT_FOUND';
245
+ } else {
246
+ $mo2f_second_factor = 'NONE';
247
+ }
248
+ } else {
249
+ $mo2f_second_factor = 'NONE';
250
+ }
251
+
252
+ return $mo2f_second_factor;
253
+ }
254
+
255
+ function mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt ) {
256
+ $mo2f_forgotphone_enabled = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
257
+ $mo2f_email_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_email' );
258
+ $mo2f_kba_as_backup_enabled = get_option( 'mo2f_enable_forgotphone_kba' );
259
+ ?>
260
+ <html>
261
+ <head>
262
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
263
+ <meta name="viewport" content="width=device-width, initial-scale=1">
264
+ <?php
265
+ echo_js_css_files(); ?>
266
+ </head>
267
+ <body>
268
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
269
+ <div class="mo2f-modal-backdrop"></div>
270
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
271
+ <div class="login mo_customer_validation-modal-content">
272
+ <div class="mo2f_modal-header">
273
+ <h4 class="mo2f_modal-title">
274
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
275
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
276
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
277
+ <?php echo mo2f_lt( 'How would you like to authenticate yourself?' ); ?>
278
+ </h4>
279
+ </div>
280
+ <div class="mo2f_modal-body">
281
+ <?php if ( $mo2f_forgotphone_enabled ) {
282
+ if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
283
+ <div id="otpMessage" class="mo2fa_display_message_frontend">
284
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
285
+ </div>
286
+ <?php } ?>
287
+ <p class="mo2f_backup_options"><?php echo mo2f_lt( 'Please choose the options from below:' ); ?></p>
288
+ <div class="mo2f_backup_options_div">
289
+ <?php if ( $mo2f_email_as_backup_enabled ) { ?>
290
+ <input type="radio" name="mo2f_selected_forgotphone_option"
291
+ value="One Time Passcode over Email"
292
+ checked="checked"/><?php echo mo2f_lt( 'Send a one time passcode to my registered email' ); ?>
293
+ <br><br>
294
+ <?php }
295
+ if ( $mo2f_kba_as_backup_enabled ) { ?>
296
+ <input type="radio" name="mo2f_selected_forgotphone_option"
297
+ value="KBA"/><?php echo mo2f_lt( 'Answer your Security Questions (KBA)' ); ?>
298
+ <?php } ?>
299
+ <br><br>
300
+ <input type="button" name="miniorange_validate_otp" value="<?php echo mo2f_lt( 'Continue' ); ?>" class="miniorange_validate_otp"
301
+ onclick="mo2fselectforgotphoneoption();"/>
302
+ </div>
303
+ <?php mo2f_customize_logo();
304
+ }
305
+ ?>
306
+ </div>
307
+ </div>
308
+ </div>
309
+ </div>
310
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
311
+ class="mo2f_display_none_forms">
312
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
313
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
314
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
315
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
316
+ </form>
317
+ <form name="f" id="mo2f_challenge_forgotphone_form" method="post" class="mo2f_display_none_forms">
318
+ <input type="hidden" name="mo2f_configured_2FA_method"/>
319
+ <input type="hidden" name="miniorange_challenge_forgotphone_nonce"
320
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-challenge-forgotphone-nonce' )); ?>"/>
321
+ <input type="hidden" name="option" value="miniorange_challenge_forgotphone">
322
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
323
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
324
+ </form>
325
+
326
+ <script>
327
+ function mologinback() {
328
+ jQuery('#mo2f_backto_mo_loginform').submit();
329
+ }
330
+
331
+ function mo2fselectforgotphoneoption() {
332
+ var option = jQuery('input[name=mo2f_selected_forgotphone_option]:checked').val();
333
+ document.getElementById("mo2f_challenge_forgotphone_form").elements[0].value = option;
334
+ jQuery('#mo2f_challenge_forgotphone_form').submit();
335
+ }
336
+ </script>
337
+ </body>
338
+ </html>
339
+ <?php }
340
+
341
+ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt , $cookievalue) {
342
+ global $moWpnsUtility;
343
+ $mo_wpns_config = new MoWpnsHandler();
344
+ $mo2f_login_option = MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option');
345
+ $mo2f_remember_device_enabled = get_option( 'mo2f_remember_device' );
346
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
347
+ MO2f_Utility::mo2f_debug_file('Prompted KBA validation screen'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
348
+ ?>
349
+ <html>
350
+ <head>
351
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
352
+ <meta name="viewport" content="width=device-width, initial-scale=1">
353
+ <?php
354
+ echo_js_css_files(); ?>
355
+ </head>
356
+ <body>
357
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
358
+ <div class="mo2f-modal-backdrop"></div>
359
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
360
+ <div class="login mo_customer_validation-modal-content">
361
+ <div class="mo2f_modal-header">
362
+ <h4 class="mo2f_modal-title">
363
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
364
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
365
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
366
+ <?php
367
+ echo mo2f_lt( 'Validate Security Questions' ); ?>
368
+ </h4>
369
+ </div>
370
+ <div class="mo2f_modal-body">
371
+ <div id="kbaSection" class="kbaSectiondiv">
372
+ <div id="otpMessage">
373
+ <p style="font-size:13px;"
374
+ class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? $login_message : __( 'Please answer the following questions:' ); ?></p>
375
+ </div>
376
+ <form name="f" id="mo2f_submitkba_loginform" method="post">
377
+ <div id="mo2f_kba_content">
378
+ <p style="font-size:15px;">
379
+ <?php $kba_questions = $cookievalue;
380
+ echo esc_html($kba_questions[0]['question']); ?><br>
381
+ <input class="mo2f-textbox" type="password" name="mo2f_answer_1" id="mo2f_answer_1"
382
+ required="true" autofocus="true"
383
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
384
+ title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
385
+ autocomplete="off"><br>
386
+ <?php echo esc_html($kba_questions[1]['question']); ?><br>
387
+ <input class="mo2f-textbox" type="password" name="mo2f_answer_2" id="mo2f_answer_2"
388
+ required="true" pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}"
389
+ title="Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed."
390
+ autocomplete="off">
391
+
392
+ </p>
393
+ </div>
394
+ <?php if ( $mo2f_login_option && $mo2f_remember_device_enabled ) {
395
+ ?>
396
+ <span class="mo2f_rememberdevice">
397
+ <input type="checkbox" name="mo2f_trust_device" class="mo2f_trust_device"
398
+ id="mo2f_trust_device"/><?php echo mo2f_lt( 'Remember this device.' ); ?>
399
+ </span>
400
+ <br>
401
+ <br>
402
+ <?php
403
+ }
404
+ ?>
405
+ <input type="submit" name="miniorange_kba_validate" id="miniorange_kba_validate"
406
+ class="miniorange_kba_validate" style="float:left;"
407
+ value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
408
+ <input type="hidden" name="miniorange_kba_nonce"
409
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-kba-nonce' )); ?>"/>
410
+ <input type="hidden" name="option"
411
+ value="miniorange_kba_validate"/>
412
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
413
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
414
+ </form>
415
+ <br>
416
+ </div><br>
417
+ <?php
418
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
419
+ <div>
420
+ <a href="#mo2f_backup_generate">
421
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
422
+ </a>
423
+ </div>
424
+ <?php }else{ ?>
425
+ <div>
426
+ <a href="#mo2f_backup_option">
427
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
428
+ </a>
429
+ </div>
430
+ <?php }
431
+ ?>
432
+ <div style="padding:10px;">
433
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
434
+ </div>
435
+
436
+ <?php
437
+ mo2f_customize_logo();
438
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
439
+ ?>
440
+
441
+ </div>
442
+ </div>
443
+ </div>
444
+ </div>
445
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
446
+ class="mo2f_display_none_forms">
447
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
448
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
449
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
450
+ </form>
451
+
452
+ <script>
453
+ function mologinback() {
454
+ jQuery('#mo2f_backto_mo_loginform').submit();
455
+ }
456
+ var is_ajax = "<?php echo MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request');?>";
457
+ if(is_ajax){
458
+ jQuery('#mo2f_answer_1').keypress(function (e) {
459
+ if (e.which == 13) {//Enter key pressed
460
+ e.preventDefault();
461
+ mo2f_kba_ajax();
462
+ }
463
+ });
464
+ jQuery('#mo2f_answer_2').keypress(function (e) {
465
+ if (e.which == 13) {//Enter key pressed
466
+ e.preventDefault();
467
+ mo2f_kba_ajax();
468
+ }
469
+ });
470
+ jQuery("#miniorange_kba_validate").click(function(e){
471
+ e.preventDefault();
472
+ mo2f_kba_ajax();
473
+ });
474
+
475
+ function mo2f_kba_ajax(){
476
+ jQuery('#mo2f_answer_1').prop('disabled','true');
477
+ jQuery('#mo2f_answer_2').prop('disabled','true');
478
+ jQuery('#miniorange_kba_validate').prop('disabled','true');
479
+ var data = {
480
+ "action" : "mo2f_ajax",
481
+ "mo2f_ajax_option" : "mo2f_ajax_kba",
482
+ "mo2f_answer_1" : jQuery( "input[name=\'mo2f_answer_1\']" ).val(),
483
+ "mo2f_answer_2" : jQuery( "input[name=\'mo2f_answer_2\']" ).val(),
484
+ "miniorange_kba_nonce" : jQuery( "input[name=\'miniorange_kba_nonce\']" ).val(),
485
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
486
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
487
+ "mo2f_trust_device" : jQuery( "input[name=\'mo2f_trust_device\']" ).val(),
488
+ };
489
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
490
+ if ( typeof response.data === "undefined") {
491
+ jQuery("html").html(response);
492
+ }
493
+ else
494
+ location.href = response.data.redirect;
495
+ });
496
+ }
497
+ }
498
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
499
+ jQuery('#mo2f_backup').submit();
500
+ });
501
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
502
+ jQuery('#mo2f_create_backup_codes').submit();
503
+ });
504
+ </script>
505
+ </body>
506
+
507
+ </html>
508
+ <?php
509
+ }
510
+
511
+ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt){
512
+ ?>
513
+ <html>
514
+ <head> <meta charset="utf-8"/>
515
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
516
+ <meta name="viewport" content="width=device-width, initial-scale=1">
517
+ <?php
518
+ echo_js_css_files(); ?>
519
+ </head>
520
+ <body>
521
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
522
+ <div class="mo2f-modal-backdrop"></div>
523
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
524
+ <div class="login mo_customer_validation-modal-content">
525
+ <div class="mo2f_modal-header">
526
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
527
+ <?php echo __('Validate Backup Code', 'miniorange-2-factor-authentication'); ?>
528
+ </h4>
529
+ </div>
530
+ <div class="mo2f_modal-body">
531
+ <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
532
+ <div id="otpMessage" >
533
+
534
+ <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
535
+ </div>
536
+ <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
537
+ <div id="mo2f_kba_content">
538
+ <p style="font-size:15px;">
539
+ <input class="mo2f-textbox" type="text" name="mo2f_backup_code" id="mo2f_backup_code" required="true" autofocus="true" title="<?php echo __('Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.','miniorange-2-factor-authentication'); ?>" autocomplete="off" ><br />
540
+ </p>
541
+ </div>
542
+ <input type="submit" name="miniorange_backup_validate" id="miniorange_backup_validate" class="miniorange_otp_token_submit" style="float:left;" value="<?php echo mo2f_lt('Validate' ); ?>" />
543
+ <input type="hidden" name="miniorange_validate_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-validate-backup-nonce')); ?>" />
544
+ <input type="hidden" name="option" value="miniorange_validate_backup_nonce">
545
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
546
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
547
+ </form>
548
+ </br>
549
+ </div>
550
+ <br /><br /><br />
551
+ <?php mo2f_customize_logo() ?>
552
+ </div>
553
+ </div>
554
+ </div>
555
+ </div>
556
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
557
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
558
+ </form>
559
+ </body>
560
+ <script>
561
+ function mologinback(){
562
+ jQuery('#mo2f_backto_mo_loginform').submit();
563
+ }
564
+ </script>
565
+ </html>
566
+ <?php
567
+ }
568
+
569
+ function mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id ){
570
+
571
+ $mo_wpns_config = new MoWpnsHandler();
572
+
573
+ global $Mo2fdbQueries,$txid,$moWpnsUtility;
574
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
575
+ $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
576
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
577
+ $mo2f_EV_txid = get_user_meta($user_id,'mo2f_EV_txid',true);
578
+ $user_id = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
579
+
580
+ $current_user = get_user_by('id',$user_id);
581
+ MO2f_Utility::mo2f_debug_file('Waiting for duo push notification validation'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
582
+ update_user_meta($user_id,'current_user_email',$current_user->user_email);
583
+
584
+
585
+ ?>
586
+
587
+ <html>
588
+ <head>
589
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
590
+ <meta name="viewport" content="width=device-width, initial-scale=1">
591
+ <?php
592
+ echo_js_css_files(); ?>
593
+ </head>
594
+ <body>
595
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
596
+ <div class="mo2f-modal-backdrop"></div>
597
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
598
+ <div class="login mo_customer_validation-modal-content">
599
+ <div class="mo2f_modal-header">
600
+ <h4 class="mo2f_modal-title">
601
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
602
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
603
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
604
+ <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
605
+ </div>
606
+ <div class="mo2f_modal-body">
607
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
608
+ <div id="otpMessage">
609
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
610
+ </div>
611
+ <?php } ?>
612
+ <div id="pushSection">
613
+
614
+ <div>
615
+ <center>
616
+ <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
617
+ </center>
618
+ </div>
619
+ <div id="showPushImage">
620
+ <center>
621
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
622
+ </center>
623
+ </div>
624
+
625
+
626
+ <span style="padding-right:2%;">
627
+ <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
628
+ <center>
629
+ <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
630
+ <input type="button" name="miniorange_login_forgotphone"
631
+ onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
632
+ class="miniorange_login_forgotphone"
633
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
634
+ <?php } ?>
635
+ &emsp;&emsp;
636
+
637
+ </center>
638
+ <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
639
+ <center>
640
+ <a href="#mo2f_alternate_login_kba">
641
+ <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive push nitification?' ); ?></p>
642
+ </a>
643
+ </center>
644
+ <?php } ?>
645
+ </span>
646
+ <center>
647
+ <?php
648
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
649
+ <div>
650
+ <a href="#mo2f_backup_generate">
651
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
652
+ </a>
653
+ </div>
654
+ <?php }else{ ?>
655
+ <div>
656
+ <a href="#mo2f_backup_option">
657
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
658
+ </a>
659
+ </div>
660
+ <?php }
661
+ ?>
662
+ <div style="padding:10px;">
663
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
664
+ </div>
665
+ </center>
666
+ </div>
667
+
668
+ <?php
669
+ mo2f_customize_logo();
670
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
671
+ ?>
672
+ </div>
673
+ </div>
674
+ </div>
675
+ </div>
676
+ <form name="f" id="mo2f_backto_duo_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
677
+ class="mo2f_display_none_forms">
678
+ <input type="hidden" name="miniorange_duo_push_validation_failed_nonce"
679
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-push-validation-failed-nonce' )); ?>"/>
680
+ <input type="hidden" name="option" value="miniorange_duo_push_validation_failed">
681
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
682
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
683
+ <input type="hidden" name="currentMethod" value="emailVer"/>
684
+
685
+ </form>
686
+ <form name="f" id="mo2f_duo_push_validation_form" method="post" class="mo2f_display_none_forms">
687
+ <input type="hidden" name="miniorange_duo_push_validation_nonce"
688
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-validation-nonce' )); ?>"/>
689
+ <input type="hidden" name="option" value="miniorange_duo_push_validation">
690
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
691
+ <input type="hidden" name="tx_type"/>
692
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
693
+ <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
694
+
695
+ </form>
696
+
697
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
698
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
699
+ <input type="hidden" name="miniorange_forgotphone"
700
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
701
+ <input type="hidden" name="option" value="miniorange_forgotphone">
702
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
703
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
704
+ </form>
705
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
706
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce"
707
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce') ); ?>"/>
708
+ <input type="hidden" name="option" value="miniorange_alternate_login_kba">
709
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
710
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
711
+ </form>
712
+
713
+ <script>
714
+ var timeout;
715
+
716
+ pollPushValidation();
717
+ function pollPushValidation()
718
+ {
719
+ var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
720
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
721
+ var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
722
+ var data={
723
+ 'action':'mo2f_duo_ajax_request',
724
+ 'call_type':'check_duo_push_auth_status',
725
+ 'session_id_encrypt': session_id_encrypt,
726
+ 'nonce' : nonce,
727
+
728
+
729
+ };
730
+
731
+ jQuery.post(ajax_url, data, function(response){
732
+
733
+
734
+ if (response == 'SUCCESS') {
735
+ jQuery('#mo2f_duo_push_validation_form').submit();
736
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
737
+ jQuery('#mo2f_backto_duo_mo_loginform').submit();
738
+ } else {
739
+ timeout = setTimeout(pollMobileValidation, 3000);
740
+ }
741
+
742
+ });
743
+ }
744
+
745
+
746
+
747
+
748
+
749
+
750
+ function mologinforgotphone() {
751
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
752
+ }
753
+
754
+ function mologinback() {
755
+ jQuery('#mo2f_backto_duo_mo_loginform').submit();
756
+ }
757
+
758
+ jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
759
+ jQuery('#mo2f_alternate_login_kbaform').submit();
760
+ });
761
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
762
+ jQuery('#mo2f_backup').submit();
763
+ });
764
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
765
+ jQuery('#mo2f_create_backup_codes').submit();
766
+ });
767
+
768
+ </script>
769
+ </body>
770
+ </html>
771
+
772
+ <?php
773
+ }
774
+
775
+ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $cookievalue ) {
776
+
777
+ $mo_wpns_config = new MoWpnsHandler();
778
+ global $Mo2fdbQueries,$txid,$moWpnsUtility;
779
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
780
+ $mo2f_KBA_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $id );
781
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
782
+ $mo2f_EV_txid = get_user_meta($id,'mo2f_EV_txid',true);
783
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
784
+ MO2f_Utility::mo2f_debug_file('Waiting for push notification validation '.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
785
+ ?>
786
+ <html>
787
+ <head>
788
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
789
+ <meta name="viewport" content="width=device-width, initial-scale=1">
790
+ <?php
791
+ echo_js_css_files(); ?>
792
+ </head>
793
+ <body>
794
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
795
+ <div class="mo2f-modal-backdrop"></div>
796
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
797
+ <div class="login mo_customer_validation-modal-content">
798
+ <div class="mo2f_modal-header">
799
+ <h4 class="mo2f_modal-title">
800
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
801
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
802
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
803
+ <?php echo mo2f_lt( 'Accept Your Transaction' ); ?></h4>
804
+ </div>
805
+ <div class="mo2f_modal-body">
806
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
807
+ <div id="otpMessage">
808
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
809
+ </div>
810
+ <?php } ?>
811
+ <div id="pushSection">
812
+
813
+ <div>
814
+ <center>
815
+ <p class="mo2f_push_oob_message"><?php echo mo2f_lt( 'Waiting for your approval...' ); ?></p>
816
+ </center>
817
+ </div>
818
+ <div id="showPushImage">
819
+ <center>
820
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
821
+ </center>
822
+ </div>
823
+
824
+
825
+ <span style="padding-right:2%;">
826
+ <?php if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' ) { ?>
827
+ <center>
828
+ <?php if ( $mo2f_enable_forgotphone && ! $mo2f_is_new_customer ) { ?>
829
+ <input type="button" name="miniorange_login_forgotphone"
830
+ onclick="mologinforgotphone();" id="miniorange_login_forgotphone"
831
+ class="miniorange_login_forgotphone"
832
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
833
+ <?php } ?>
834
+ &emsp;&emsp;
835
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
836
+ id="miniorange_login_offline" class="miniorange_login_offline"
837
+ value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
838
+ </center>
839
+ <?php } else if ( isset( $login_status ) && $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' && $mo2f_enable_forgotphone && $mo2f_KBA_config_status ) { ?>
840
+ <center>
841
+ <a href="#mo2f_alternate_login_kba">
842
+ <p class="mo2f_push_oob_backup"><?php echo mo2f_lt( 'Didn\'t receive mail?' ); ?></p>
843
+ </a>
844
+ </center>
845
+ <?php } ?>
846
+ </span>
847
+ <center>
848
+ <?php
849
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
850
+ <div>
851
+ <a href="#mo2f_backup_generate">
852
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
853
+ </a>
854
+ </div>
855
+ <?php }else{ ?>
856
+ <div>
857
+ <a href="#mo2f_backup_option">
858
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
859
+ </a>
860
+ </div>
861
+ <?php }
862
+ ?>
863
+ <div style="padding:10px;">
864
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
865
+ </div>
866
+ </center>
867
+ </div>
868
+
869
+ <?php
870
+ mo2f_customize_logo();
871
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
872
+ ?>
873
+ </div>
874
+ </div>
875
+ </div>
876
+ </div>
877
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>"
878
+ class="mo2f_display_none_forms">
879
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
880
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
881
+ <input type="hidden" name="option" value="miniorange_mobile_validation_failed">
882
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
883
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
884
+ <input type="hidden" name="currentMethod" value="emailVer"/>
885
+
886
+ </form>
887
+ <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
888
+ <input type="hidden" name="miniorange_mobile_validation_nonce"
889
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' )); ?>"/>
890
+ <input type="hidden" name="option" value="miniorange_mobile_validation">
891
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
892
+ <input type="hidden" name="tx_type"/>
893
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
894
+ <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
895
+
896
+ </form>
897
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
898
+ <input type="hidden" name="miniorange_softtoken"
899
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-softtoken' )); ?>"/>
900
+ <input type="hidden" name="option" value="miniorange_softtoken">
901
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
902
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
903
+ </form>
904
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
905
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
906
+ <input type="hidden" name="miniorange_forgotphone"
907
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
908
+ <input type="hidden" name="option" value="miniorange_forgotphone">
909
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
910
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
911
+ </form>
912
+ <form name="f" id="mo2f_alternate_login_kbaform" method="post" class="mo2f_display_none_forms">
913
+ <input type="hidden" name="miniorange_alternate_login_kba_nonce"
914
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-alternate-login-kba-nonce' )); ?>"/>
915
+ <input type="hidden" name="option" value="miniorange_alternate_login_kba">
916
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
917
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
918
+ </form>
919
+
920
+ <script>
921
+ var timeout;
922
+ var login_status = '<?php echo esc_html($login_status);?>';
923
+ var calls = 0;
924
+ var onprem = '<?php echo esc_html(MO2F_IS_ONPREM); ?>';
925
+
926
+ if(login_status != "MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS" && onprem ==1)
927
+ {
928
+ pollPushValidation();
929
+ function pollPushValidation()
930
+ { calls = calls + 1;
931
+ var data = {'txid':'<?php echo $mo2f_EV_txid;?>'};
932
+ jQuery.ajax({
933
+ url: '<?php echo get_site_option("siteurl"); ?>'+"/wp-login.php",
934
+ type: "POST",
935
+ data: data,
936
+ success: function (result) {
937
+
938
+ var status = result;
939
+ if (status == 1) {
940
+ jQuery('input[name="tx_type"]').val("EV");
941
+ jQuery('#mo2f_mobile_validation_form').submit();
942
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED' || status ==0) {
943
+ jQuery('#mo2f_backto_mo_loginform').submit();
944
+ } else {
945
+ if(calls<300)
946
+ {
947
+ timeout = setTimeout(pollPushValidation, 1000);
948
+ }
949
+ else
950
+ {
951
+ jQuery('#mo2f_backto_mo_loginform').submit();
952
+ }
953
+ }
954
+ }
955
+ });
956
+ }
957
+
958
+
959
+ }
960
+ else
961
+ {
962
+ pollPushValidation();
963
+ function pollPushValidation() {
964
+ var transId = "<?php echo esc_html($cookievalue);// echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
965
+ var jsonString = "{\"txId\":\"" + transId + "\"}";
966
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
967
+
968
+ jQuery.ajax({
969
+ url: postUrl,
970
+ type: "POST",
971
+ dataType: "json",
972
+ data: jsonString,
973
+ contentType: "application/json; charset=utf-8",
974
+ success: function (result) {
975
+ var status = JSON.parse(JSON.stringify(result)).status;
976
+ if (status == 'SUCCESS') {
977
+ jQuery('input[name="tx_type"]').val("PN");
978
+ jQuery('#mo2f_mobile_validation_form').submit();
979
+ } else if (status == 'ERROR' || status == 'FAILED' || status == 'DENIED') {
980
+ jQuery('#mo2f_backto_mo_loginform').submit();
981
+ } else {
982
+ timeout = setTimeout(pollPushValidation, 3000);
983
+ }
984
+ }
985
+ });
986
+ }
987
+ }
988
+
989
+ function mologinoffline() {
990
+ jQuery('#mo2f_show_softtoken_loginform').submit();
991
+ }
992
+
993
+ function mologinforgotphone() {
994
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
995
+ }
996
+
997
+ function mologinback() {
998
+ jQuery('#mo2f_backto_mo_loginform').submit();
999
+ }
1000
+
1001
+ jQuery('a[href="#mo2f_alternate_login_kba"]').click(function () {
1002
+ jQuery('#mo2f_alternate_login_kbaform').submit();
1003
+ });
1004
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1005
+ jQuery('#mo2f_backup').submit();
1006
+ });
1007
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1008
+ jQuery('#mo2f_create_backup_codes').submit();
1009
+ });
1010
+
1011
+ </script>
1012
+ </body>
1013
+ </html>
1014
+ <?php
1015
+ }
1016
+
1017
+ function mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt , $cookievalue) {
1018
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1019
+ $mo_wpns_config = new MoWpnsHandler();
1020
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1021
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1022
+ ?>
1023
+ <html>
1024
+ <head>
1025
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1026
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1027
+ <?php
1028
+ echo_js_css_files(); ?>
1029
+ </head>
1030
+ <body>
1031
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1032
+ <div class="mo2f-modal-backdrop"></div>
1033
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1034
+ <div class="login mo_customer_validation-modal-content">
1035
+ <div class="mo2f_modal-header">
1036
+ <h4 class="mo2f_modal-title">
1037
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1038
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1039
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1040
+ <?php echo mo2f_lt( 'Scan QR Code' ); ?></h4>
1041
+ </div>
1042
+ <div class="mo2f_modal-body center">
1043
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1044
+ <div id="otpMessage">
1045
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1046
+ </div>
1047
+ <br>
1048
+ <?php } ?>
1049
+ <div id="scanQRSection">
1050
+ <div style="margin-bottom:10%;">
1051
+ <center>
1052
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Identify yourself by scanning the QR code with miniOrange Authenticator app.' ); ?></p>
1053
+ </center>
1054
+ </div>
1055
+ <div id="showQrCode" style="margin-bottom:10%;">
1056
+ <center><?php echo '<img src="data:image/jpg;base64,' . esc_html($qrCode) . '" />'; ?></center>
1057
+ </div>
1058
+ <span style="padding-right:2%;">
1059
+ <center>
1060
+ <?php if ( ! $mo2f_is_new_customer ) { ?>
1061
+ <?php if ( $mo2f_enable_forgotphone ) { ?>
1062
+ <input type="button" name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1063
+ id="miniorange_login_forgotphone" class="miniorange_login_forgotphone"
1064
+ style="margin-right:5%;"
1065
+ value="<?php echo mo2f_lt( 'Forgot Phone?' ); ?>"/>
1066
+ <?php } ?>
1067
+ &emsp;&emsp;
1068
+ <?php } ?>
1069
+ <input type="button" name="miniorange_login_offline" onclick="mologinoffline();"
1070
+ id="miniorange_login_offline" class="miniorange_login_offline"
1071
+ value="<?php echo mo2f_lt( 'Phone is Offline?' ); ?>"/>
1072
+ </center>
1073
+ </span>
1074
+ <?php
1075
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1076
+ <div>
1077
+ <a href="#mo2f_backup_generate">
1078
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1079
+ </a>
1080
+ </div>
1081
+ <?php }else{ ?>
1082
+ <div>
1083
+ <a href="#mo2f_backup_option">
1084
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1085
+ </a>
1086
+ </div>
1087
+ <?php }
1088
+ ?>
1089
+ <div style="padding:10px;">
1090
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1091
+ </div>
1092
+ </div>
1093
+ <?php
1094
+ mo2f_customize_logo();
1095
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1096
+ ?>
1097
+ </div>
1098
+ </div>
1099
+ </div>
1100
+ </div>
1101
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1102
+ class="mo2f_display_none_forms">
1103
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1104
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce') ); ?>"/>
1105
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1106
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1107
+ </form>
1108
+ <form name="f" id="mo2f_mobile_validation_form" method="post" class="mo2f_display_none_forms">
1109
+ <input type="hidden" name="miniorange_mobile_validation_nonce"
1110
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-nonce' )); ?>"/>
1111
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1112
+ <input type="hidden" name="option" value="miniorange_mobile_validation">
1113
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1114
+ </form>
1115
+ <form name="f" id="mo2f_show_softtoken_loginform" method="post" class="mo2f_display_none_forms">
1116
+ <input type="hidden" name="miniorange_softtoken"
1117
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-softtoken' )); ?>"/>
1118
+ <input type="hidden" name="option" value="miniorange_softtoken">
1119
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1120
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1121
+ </form>
1122
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" class="mo2f_display_none_forms">
1123
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1124
+ <input type="hidden" name="miniorange_forgotphone"
1125
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
1126
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1127
+ <input type="hidden" name="option" value="miniorange_forgotphone">
1128
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1129
+ </form>
1130
+
1131
+ <script>
1132
+ var timeout;
1133
+ pollMobileValidation();
1134
+
1135
+ function pollMobileValidation() {
1136
+ var transId = "<?php echo esc_html($cookievalue);//echo MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId',$session_id_encrypt ); ?>";
1137
+ var jsonString = "{\"txId\":\"" + transId + "\"}";
1138
+ var postUrl = "<?php echo esc_url(MO_HOST_NAME); ?>" + "/moas/api/auth/auth-status";
1139
+ jQuery.ajax({
1140
+ url: postUrl,
1141
+ type: "POST",
1142
+ dataType: "json",
1143
+ data: jsonString,
1144
+ contentType: "application/json; charset=utf-8",
1145
+ success: function (result) {
1146
+ var status = JSON.parse(JSON.stringify(result)).status;
1147
+ if (status == 'SUCCESS') {
1148
+ var content = "<div id='success'><center><img src='" + "<?php echo plugins_url( 'includes/images/right.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1149
+ jQuery("#showQrCode").empty();
1150
+ jQuery("#showQrCode").append(content);
1151
+ setTimeout(function () {
1152
+ jQuery("#mo2f_mobile_validation_form").submit();
1153
+ }, 100);
1154
+ } else if (status == 'ERROR' || status == 'FAILED') {
1155
+ var content = "<div id='error'><center><img src='" + "<?php echo plugins_url( 'includes/images/wrong.png', dirname(dirname(__FILE__)));?>" + "' /></center></div>";
1156
+ jQuery("#showQrCode").empty();
1157
+ jQuery("#showQrCode").append(content);
1158
+ setTimeout(function () {
1159
+ jQuery('#mo2f_backto_mo_loginform').submit();
1160
+ }, 1000);
1161
+ } else {
1162
+ timeout = setTimeout(pollMobileValidation, 3000);
1163
+ }
1164
+ }
1165
+ });
1166
+ }
1167
+
1168
+ function mologinoffline() {
1169
+ jQuery('#mo2f_show_softtoken_loginform').submit();
1170
+ }
1171
+
1172
+ function mologinforgotphone() {
1173
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
1174
+ }
1175
+
1176
+ function mologinback() {
1177
+ jQuery('#mo2f_backto_mo_loginform').submit();
1178
+ }
1179
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1180
+ jQuery('#mo2f_backup').submit();
1181
+ });
1182
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1183
+ jQuery('#mo2f_create_backup_codes').submit();
1184
+ });
1185
+
1186
+ </script>
1187
+ </body>
1188
+ </html>
1189
+ <?php
1190
+ }
1191
+
1192
+ function mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to,$session_id_encrypt,$user_id,$show_back_button =null ,$mo2fa_transaction_id = null ) {
1193
+ global $Mo2fdbQueries,$moWpnsUtility;
1194
+ $mo2f_enable_forgotphone = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option');
1195
+ $mo_wpns_config = new MoWpnsHandler();
1196
+ $mo2f_is_new_customer = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
1197
+ $attempts = get_option('mo2f_attempts_before_redirect', 3);
1198
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1199
+ $mo2f_otp_over_email_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_OTPOverEmail_config_status', $user_id );
1200
+
1201
+ MO2f_Utility::mo2f_debug_file('Prompted 2fa validation screen '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1202
+ ?>
1203
+ <html>
1204
+ <head>
1205
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1206
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1207
+ <?php
1208
+ echo_js_css_files();
1209
+ ?>
1210
+ </head>
1211
+ <body>
1212
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1213
+ <div class="mo2f-modal-backdrop"></div>
1214
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1215
+ <div class="login mo_customer_validation-modal-content">
1216
+ <div class="mo2f_modal-header">
1217
+ <h4 class="mo2f_modal-title">
1218
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1219
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1220
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1221
+ <?php echo mo2f_lt( 'Validate OTP' ); ?>
1222
+ </h4>
1223
+ </div>
1224
+ <div class="mo2f_modal-body center">
1225
+ <?php if ( isset( $login_message ) && ! empty( $login_message ) ) { ?>
1226
+ <div id="otpMessage">
1227
+ <p class="mo2fa_display_message_frontend"><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1228
+ </div>
1229
+ <?php } ?><br><?php
1230
+ ?>
1231
+ <span><b>Attempts left</b>:</span> <?php echo esc_html($attempts);?><br>
1232
+ <?php if($attempts==1){?>
1233
+ <span style='color:red;'><b>If you fail to verify your identity, you will be redirected back to login page to verify your credentials.</b></span> <br>
1234
+ <?php }?>
1235
+ <br>
1236
+ <div id="showOTP">
1237
+ <div class="mo2f-login-container">
1238
+ <form name="f" id="mo2f_submitotp_loginform" method="post">
1239
+ <center>
1240
+ <input type="text" name="mo2fa_softtoken" style="height:28px !important;"
1241
+ placeholder="<?php echo mo2f_lt( 'Enter code' ); ?>"
1242
+ id="mo2fa_softtoken" required="true" class="mo_otp_token" autofocus="true"
1243
+ pattern="[0-9]{4,8}"
1244
+ title="<?php echo mo2f_lt( 'Only digits within range 4-8 are allowed.' ); ?>"/>
1245
+ </center>
1246
+ <br>
1247
+ <input type="submit" name="miniorange_otp_token_submit" id="miniorange_otp_token_submit"
1248
+ class="miniorange_otp_token_submit"
1249
+ value="<?php echo mo2f_lt( 'Validate' ); ?>"/>
1250
+ <?php
1251
+
1252
+ if($show_back_button == 1)
1253
+ {
1254
+ ?>
1255
+ <input type="button" name="miniorange_otp_token_back" id="miniorange_otp_token_back"
1256
+ class="miniorange_otp_token_submit"
1257
+ value="<?php echo mo2f_lt( 'Back' ); ?>"/>
1258
+ <?php
1259
+ }
1260
+ ?>
1261
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1262
+ <input type="hidden" name="miniorange_soft_token_nonce"
1263
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-soft-token-nonce' )); ?>"/>
1264
+ <input type="hidden" name="option" value="miniorange_soft_token">
1265
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1266
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1267
+ <?php if($mo2fa_transaction_id!=null){ ?>
1268
+ <input type="hidden" name="mo2fa_transaction_id" id="mo2fa_transaction_id" value="<?php echo esc_html($mo2fa_transaction_id); ?>"/>
1269
+ <?php }?>
1270
+ </form>
1271
+ <?php
1272
+ $Kbaset = get_user_meta( $user_id ,'Security Questions' );
1273
+ if ( ! $mo2f_is_new_customer ) { ?>
1274
+ <?php if ( $mo2f_enable_forgotphone && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && (sizeof($Kbaset) != 0 ) ) { ?>
1275
+ <a name="miniorange_login_forgotphone" onclick="mologinforgotphone();"
1276
+ id="miniorange_login_forgotphone"
1277
+ class="mo2f-link"><?php echo mo2f_lt( 'Forgot Phone ?' ); ?></a>
1278
+ <?php } ?>
1279
+ <?php }
1280
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1281
+ if(empty(get_user_meta($user_id, 'mo_backup_code_generated', true))){ ?>
1282
+ <div>
1283
+ <a href="#mo2f_backup_generate">
1284
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Send backup codes on email', 'miniorange-2-factor-authentication');?></p>
1285
+ </a>
1286
+ </div>
1287
+ <?php }else{ ?>
1288
+ <div>
1289
+ <a href="#mo2f_backup_option">
1290
+ <p style="font-size:14px; font-weight:bold;"><?php echo __('Use Backup Codes', 'miniorange-2-factor-authentication');?></p>
1291
+ </a>
1292
+ </div>
1293
+ <?php }
1294
+ ?>
1295
+
1296
+ <div style="padding:10px;">
1297
+ <p><a href="<?php echo esc_url($mo_wpns_config->lockedOutlink());?>" target="_blank" style="color:#ca2963;font-weight:bold;">I'm locked out & unable to login.</a></p>
1298
+ </div>
1299
+ <?php } ?>
1300
+ </div>
1301
+ </div>
1302
+ </center>
1303
+ <?php
1304
+ mo2f_customize_logo();
1305
+ if($login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || ($login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' && $mo2f_otp_over_email_config_status)){
1306
+ mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message);
1307
+ }
1308
+ ?>
1309
+ </div>
1310
+ </div>
1311
+ </div>
1312
+ </div>
1313
+
1314
+ <form name="f" id="mo2f_backto_inline_registration" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1315
+ class="mo2f_display_none_forms">
1316
+ <input type="hidden" name="miniorange_back_inline_reg_nonce"
1317
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-back-inline-reg-nonce' )); ?>"/>
1318
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1319
+ <input type="hidden" name="option" value="miniorange2f_back_to_inline_registration">
1320
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1321
+
1322
+ </form>
1323
+
1324
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1325
+ class="mo2f_display_none_forms">
1326
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1327
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
1328
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1329
+ </form>
1330
+
1331
+ <?php if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_forgotphone', 'get_option') && isset( $login_status ) && $login_status != 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) { ?>
1332
+ <form name="f" id="mo2f_show_forgotphone_loginform" method="post" action="" class="mo2f_display_none_forms">
1333
+ <input type="hidden" name="request_origin_method" value="<?php echo esc_html($login_status); ?>"/>
1334
+ <input type="hidden" name="miniorange_forgotphone"
1335
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-forgotphone' )); ?>"/>
1336
+ <input type="hidden" name="option" value="miniorange_forgotphone">
1337
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1338
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1339
+ </form>
1340
+
1341
+ <?php } ?>
1342
+
1343
+ <script>
1344
+ jQuery('#miniorange_otp_token_back').click(function(){
1345
+ jQuery('#mo2f_backto_inline_registration').submit();
1346
+ });
1347
+ jQuery('a[href="#mo2f_backup_option"]').click(function() {
1348
+ jQuery('#mo2f_backup').submit();
1349
+ });
1350
+ jQuery('a[href="#mo2f_backup_generate"]').click(function() {
1351
+ jQuery('#mo2f_create_backup_codes').submit();
1352
+ });
1353
+
1354
+ function mologinback() {
1355
+ jQuery('#mo2f_backto_mo_loginform').submit();
1356
+ }
1357
+
1358
+ function mologinforgotphone() {
1359
+ jQuery('#mo2f_show_forgotphone_loginform').submit();
1360
+ }
1361
+ var is_ajax = '<?php echo esc_html(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'));?>';
1362
+ if(is_ajax){
1363
+ jQuery('#mo2fa_softtoken').keypress(function (e) {
1364
+ if (e.which == 13) {//Enter key pressed
1365
+ e.preventDefault();
1366
+ mo2f_otp_ajax();
1367
+ }
1368
+ });
1369
+ jQuery("#miniorange_otp_token_submit").click(function(e){
1370
+ e.preventDefault();
1371
+ mo2f_otp_ajax();
1372
+ });
1373
+
1374
+ function mo2f_otp_ajax(){
1375
+ jQuery('#mo2fa_softtoken').prop('disabled','true');
1376
+ jQuery('#miniorange_otp_token_submit').prop('disabled','true');
1377
+ var data = {
1378
+ "action" : "mo2f_ajax",
1379
+ "mo2f_ajax_option" : "mo2f_ajax_otp",
1380
+ "mo2fa_softtoken" : jQuery( "input[name=\'mo2fa_softtoken\']" ).val(),
1381
+ "miniorange_soft_token_nonce" : jQuery( "input[name=\'miniorange_soft_token_nonce\']" ).val(),
1382
+ "session_id" : jQuery( "input[name=\'session_id\']" ).val(),
1383
+ "redirect_to" : jQuery( "input[name=\'redirect_to\']" ).val(),
1384
+ "request_origin_method" : jQuery( "input[name=\'request_origin_method\']" ).val(),
1385
+ };
1386
+ jQuery.post(my_ajax_object.ajax_url, data, function(response) {
1387
+ if(typeof response.data === "undefined")
1388
+ jQuery("html").html(response);
1389
+ else if(response.data.reload)
1390
+ location.reload( true );
1391
+ else
1392
+ location.href = response.data.redirect;
1393
+ });
1394
+ }
1395
+ }
1396
+ </script>
1397
+ </body>
1398
+ </html>
1399
+ <?php
1400
+ }
1401
+
1402
+
1403
+ function mo2f_get_device_form( $redirect_to, $session_id_encrypt ) {
1404
+ ?>
1405
+ <html>
1406
+ <head>
1407
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1408
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1409
+ <?php
1410
+ echo_js_css_files();
1411
+ ?>
1412
+ </head>
1413
+ <body>
1414
+ <div class="mo2f_modal" tabindex="-1" role="dialog">
1415
+ <div class="mo2f-modal-backdrop"></div>
1416
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
1417
+ <div class="login mo_customer_validation-modal-content">
1418
+ <div class="mo2f_modal-header">
1419
+ <h4 class="mo2f_modal-title">
1420
+ <button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close"
1421
+ title="<?php echo mo2f_lt( 'Back to login' ); ?>"
1422
+ onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1423
+
1424
+ <?php echo mo2f_lt( 'Remember Device' ); ?>
1425
+ </h4>
1426
+ </div>
1427
+ <div class="mo2f_modal-body center">
1428
+ <div id="mo2f_device_content">
1429
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Do you want to remember this device?' ); ?></p>
1430
+ <input type="button" name="miniorange_trust_device_yes" onclick="mo_check_device_confirm();"
1431
+ id="miniorange_trust_device_yes" class="mo_green" style="margin-right:5%;"
1432
+ value="<?php echo mo2f_lt( 'Yes' ); ?>"/>
1433
+ <input type="button" name="miniorange_trust_device_no" onclick="mo_check_device_cancel();"
1434
+ id="miniorange_trust_device_no" class="mo_red"
1435
+ value="<?php echo mo2f_lt( 'No' ); ?>"/>
1436
+ </div>
1437
+ <div id="showLoadingBar" hidden>
1438
+ <p class="mo2f_login_prompt_messages"><?php echo mo2f_lt( 'Please wait...We are taking you into your account.' ); ?></p>
1439
+ <img src="<?php echo esc_url(plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__))) ); ?>"/>
1440
+ </div>
1441
+ <br><br>
1442
+ <span>
1443
+ <?php echo mo2f_lt( 'Click on ' ); ?>
1444
+ <i><b><?php echo mo2f_lt( 'Yes' ); ?></b></i><?php echo mo2f_lt( 'if this is your personal device.' ); ?>
1445
+ <br>
1446
+ <?php echo mo2f_lt( 'Click on ' ); ?>
1447
+ <i><b><?php echo mo2f_lt( 'No ' ); ?></b></i> <?php echo mo2f_lt( 'if this is a public device.' ); ?>
1448
+ </span><br><br>
1449
+ <?php mo2f_customize_logo() ?>
1450
+ </div>
1451
+ </div>
1452
+ </div>
1453
+ </div>
1454
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>"
1455
+ class="mo2f_display_none_forms">
1456
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce"
1457
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-mobile-validation-failed-nonce' )); ?>"/>
1458
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1459
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1460
+ </form>
1461
+ <form name="f" id="mo2f_trust_device_confirm_form" method="post" action="" class="mo2f_display_none_forms">
1462
+ <input type="hidden" name="mo2f_trust_device_confirm_nonce"
1463
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-trust-device-confirm-nonce' )); ?>"/>
1464
+ <input type="hidden" name="option" value="miniorange_rba_validate">
1465
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1466
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1467
+ </form>
1468
+ <form name="f" id="mo2f_trust_device_cancel_form" method="post" action="" class="mo2f_display_none_forms">
1469
+ <input type="hidden" name="mo2f_trust_device_cancel_nonce"
1470
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-trust-device-cancel-nonce' )); ?>"/>
1471
+ <input type="hidden" name="option" value="miniorange_rba_cancle">
1472
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1473
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1474
+ </form>
1475
+ <script>
1476
+ function mologinback() {
1477
+ jQuery('#mo2f_backto_mo_loginform').submit();
1478
+ }
1479
+
1480
+ function mo_check_device_confirm() {
1481
+ jQuery('#mo2f_device_content').css("display", "none");
1482
+ jQuery('#showLoadingBar').css("display", "block");
1483
+ jQuery('#mo2f_trust_device_confirm_form').submit();
1484
+ }
1485
+
1486
+ function mo_check_device_cancel() {
1487
+ jQuery('#mo2f_device_content').css("display", "none");
1488
+ jQuery('#showLoadingBar').css("display", "block");
1489
+ jQuery('#mo2f_trust_device_cancel_form').submit();
1490
+ }
1491
+ </script>
1492
+ </body>
1493
+ </html>
1494
+ <?php }
1495
+
1496
+ function mo2f_customize_logo() { ?>
1497
+ <div style="float:right;"><a target="_blank" href="http://miniorange.com/2-factor-authentication"><img
1498
+ alt="logo"
1499
+ src="<?php echo esc_url(plugins_url( 'includes/images/miniOrange2.png', dirname(dirname(__FILE__)))); ?>"/></a></div>
1500
+
1501
+ <?php }
1502
+
1503
+ function echo_js_css_files() {
1504
+
1505
+ wp_register_style( 'mo2f_style_settings',plugins_url( 'includes/css/twofa_style_settings.css?version=5.5', dirname(dirname(__FILE__))));
1506
+ wp_print_styles( 'mo2f_style_settings' );
1507
+
1508
+ wp_register_script( 'mo2f_bootstrap_js',plugins_url( 'includes/js/bootstrap.min.js', dirname(dirname(__FILE__)) ) );
1509
+ wp_print_scripts( 'jquery' );
1510
+ wp_print_scripts( 'mo2f_bootstrap_js');
1511
+ }
1512
+
1513
+ function mo2f_backup_codes_generate($id, $redirect_to, $session_id_encrypt){
1514
+ global $Mo2fdbQueries;
1515
+ update_site_option('mo2f_is_inline_used','1');
1516
+ if(get_user_meta($id, 'mo_backup_code_generated', true) && !get_user_meta($id, 'mo_backup_code_downloaded', true)){
1517
+ $encrypted_codes =get_user_meta($id, 'chqwetcsdvnvd', true);
1518
+ $key = get_option( 'mo2f_encryption_key' );
1519
+ $codes_string = MO2f_Utility::decrypt_data( $encrypted_codes, $key );
1520
+ $codes = explode(",", $codes_string);
1521
+ delete_user_meta($id, 'chqwetcsdvnvd');
1522
+ $result = true;
1523
+ }else{
1524
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
1525
+ if(empty($mo2f_user_email)){
1526
+ $currentuser = get_user_by( 'id', $id );
1527
+ $mo2f_user_email = $currentuser->user_email;
1528
+ }
1529
+ $generate_backup_code = new Customer_Cloud_Setup();
1530
+ $codes = $generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
1531
+
1532
+ if($codes != 'DBConnectionIssue' && $codes != 'UnableToFetchData' && $codes != 'UserLimitReached' && $codes != 'ERROR' && $codes != 'LimitReached' && $codes != 'AllUsed' && $codes != 'invalid_request' ){
1533
+ $codes = explode(' ', $codes);
1534
+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
1535
+ update_user_meta($id, 'mo_backup_code_generated', 1);
1536
+ $code_generated = 'code_generation_successful';
1537
+ }else{
1538
+ $code_generated = 'code_generation_failed';
1539
+ update_user_meta($id, 'error_during_code_generation',$codes);
1540
+ }
1541
+
1542
+
1543
+ }
1544
+ update_user_meta($id, 'mo_backup_code_screen_shown', 1);
1545
+ ?>
1546
+ <html>
1547
+ <head> <meta charset="utf-8"/>
1548
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1549
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1550
+ <?php
1551
+
1552
+ wp_register_script( 'mo2f_bootstrap_js', plugins_url('includes/js/bootstrap.min.js', dirname(dirname(__FILE__))) );
1553
+ wp_print_scripts( 'jquery' );
1554
+ wp_print_scripts('mo2f_bootstrap_js');
1555
+
1556
+ wp_register_style('mo2f_bootstrap',plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))));
1557
+ wp_register_style('mo2f_frontend',plugins_url('includes/css/front_end_login.css', dirname(dirname(__FILE__))));
1558
+ wp_register_style('mo2f_style_settings',plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))));
1559
+ wp_register_style('mo2f_hide_login',plugins_url('includes/css/hide-login.css', dirname(dirname(__FILE__))));
1560
+
1561
+ wp_print_styles( 'mo2f_bootstrap');
1562
+ wp_print_styles( 'mo2f_frontend');
1563
+ wp_print_styles( 'mo2f_style_settings');
1564
+ wp_print_styles( 'mo2f_hide_login');
1565
+ ?>
1566
+ <style>
1567
+ .mo2f_kba_ques, .mo2f_table_textbox{
1568
+ background: whitesmoke none repeat scroll 0% 0%;
1569
+ }
1570
+ </style>
1571
+ </head>
1572
+ <body>
1573
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1574
+ <div class="mo2f-modal-backdrop"></div>
1575
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1576
+ <div class="login mo_customer_validation-modal-content">
1577
+ <div class="mo2f_modal-header">
1578
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1579
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1580
+ </div>
1581
+ <?php if($code_generated == 'code_generation_successful') { ?>
1582
+ <div class="mo2f_modal-body center">
1583
+
1584
+
1585
+ <h3> <?php echo __('Please download the backup codes for account recovery.'); ?></h3>
1586
+
1587
+ <h4> <?php echo __('You will receive the backup codes via email if you have your SMTP configured.
1588
+ <br>If you have received the codes on your email and do not wish to download the codes, click on Finish. '); ?></h4>
1589
+
1590
+ <h4> <?php echo __('Backup Codes can be used to login into user account in case you forget your phone or get locked out.
1591
+ <br>Please use this carefully as each code can only be used once. Please do not share these codes with anyone.'); ?></h4>
1592
+ <?php ?>
1593
+ <div>
1594
+ <div style="display: inline-flex;width: 350px; ">
1595
+ <div id="clipboard" style="border: solid;width: 55%;float: left;">
1596
+ <?php
1597
+ for ($x = 0; $x < sizeof($codes); $x++) {
1598
+ $str = $codes[$x];
1599
+ echo("<br>".esc_html($str)." <br>");
1600
+ }
1601
+
1602
+ $str1="";
1603
+ for ($x = 0; $x < sizeof($codes); $x++) {
1604
+ $str = $codes[$x];
1605
+ $str1.=$str;
1606
+ if($x != 4){
1607
+ $str1.=',';
1608
+ }
1609
+ }
1610
+ ?>
1611
+ </div>
1612
+ <div style="width: 50%;float: right;">
1613
+ <form name="f" method="post" id="mo2f_users_backup1" action="">
1614
+ <input type="hidden" name="option" value="mo2f_users_backup1" />
1615
+ <input type="hidden" name="mo2f_inline_backup_codes" value="<?php echo esc_html($str1); ?>" />
1616
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1617
+ <input type="hidden" name="mo2f_inline_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-backup-nonce')); ?>" />
1618
+
1619
+ <input type="submit" name="Generate Codes1" id="codes" style="display:inline;width:100%;margin-left: 20%;margin-bottom: 37%;margin-top: 29%" class="button button-primary button-large" value="<?php echo __('Download Codes','miniorange-2-factor-authentication');?>" />
1620
+ </form>
1621
+ </div>
1622
+
1623
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url());?>" >
1624
+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1625
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce')); ?>" />
1626
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1627
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1628
+ <input type="submit" name="login_page" id="login_page" style="display:inline;margin-left:-198%;margin-top: 289% !important;margin-right: 24% !important;width: 209%" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1629
+ </form>
1630
+ </div>
1631
+ </div>
1632
+
1633
+ <?php
1634
+ mo2f_customize_logo() ?>
1635
+ </div>
1636
+ <?php } else { ?>
1637
+ <div style="text-align:center;">
1638
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url());?>" >
1639
+ <input type="hidden" name="option" value="mo2f_goto_wp_dashboard" />
1640
+ <input type="hidden" name="mo2f_inline_wp_dashboard_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-wp-dashboard-nonce')); ?>" />
1641
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1642
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
1643
+ <input type="submit" name="login_page" id="login_page" style ="margin-top: 7px" class="button button-primary button-large" value="<?php echo __('Finish','miniorange-2-factor-authentication');?>" /><br>
1644
+ </form>
1645
+ </div>
1646
+ <?php } ?>
1647
+ </div>
1648
+ </div>
1649
+ </div>
1650
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1651
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1652
+ </form>
1653
+ </body>
1654
+ <script>
1655
+ function mologinback(){
1656
+ jQuery('#mo2f_backto_mo_loginform').submit();
1657
+ }
1658
+ </script>
1659
+ </html>
1660
+ <?php
1661
+
1662
+
1663
+ }
1664
+
1665
+ function mo2f_create_backup_form($redirect_to, $session_id_encrypt, $login_status, $login_message){
1666
+ ?>
1667
+ <form name="f" id="mo2f_backup" method="post" action="" style="display:none;">
1668
+ <input type="hidden" name="miniorange_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-backup-nonce')); ?>" />
1669
+ <input type="hidden" name="option" value="miniorange_backup_nonce">
1670
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1671
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1672
+ </form>
1673
+ <form name="f" id="mo2f_create_backup_codes" method="post" action="" style="display:none;">
1674
+ <input type="hidden" name="miniorange_generate_backup_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-generate-backup-nonce')); ?>" />
1675
+ <input type="hidden" name="option" value="miniorange_create_backup_codes">
1676
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>" />
1677
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>" />
1678
+ <input type="hidden" name="login_status" value="<?php echo esc_html($login_status); ?>" />
1679
+ <input type="hidden" name="login_message" value="<?php echo wp_kses($login_message, array('b'=>array())); ?>" />
1680
+ </form>
1681
+ <?php
1682
+ }
1683
+
1684
  ?>
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -1,1552 +1,1552 @@
1
- <?php
2
- function fetch_methods($current_user = null){
3
- $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
4
- if(!is_null($current_user) && ($current_user->roles[0] != 'administrator') && !mo2f_is_customer_registered()){
5
- $methods = array("GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
6
- }
7
- if(get_site_option('duo_credentials_save_successfully'))
8
- array_push($methods,"DUO");
9
- return $methods;
10
- }
11
-
12
- function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
13
-
14
- global $Mo2fdbQueries;
15
- $current_user = get_userdata($current_user_id);
16
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
17
-
18
- if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
19
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
20
- prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
21
- else
22
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
23
- }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
24
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
25
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
26
- else
27
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
28
- }else if($current_selected_method == 'OTP Over Telegram' or $current_selected_method == 'OTP OVER TELEGRAM')
29
- {
30
- $current_selected_method = 'OTP Over Telegram';
31
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
32
- }
33
- else if($current_selected_method == 'Duo Authenticator'){
34
- prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
35
- }
36
- else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
37
- prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
38
- }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
39
- prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
40
- }else if($current_selected_method == 'KBA' ){
41
- prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
42
- }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
43
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
44
- if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
45
- if(!MO2F_IS_ONPREM)
46
- {
47
- $current_user = get_userdata($current_user_id);
48
- $email = $current_user->user_email;
49
- $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
50
- if(isset($tempEmail) and $tempEmail != '')
51
- $email = $tempEmail;
52
- create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
53
- }
54
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
55
- $pass2fa= new Miniorange_Password_2Factor_Login();
56
- $pass2fa->mo2fa_pass2login($redirect_to, $session_id);
57
- }
58
- prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
59
- }else{
60
- $current_user = get_userdata($current_user_id);
61
- if(isset($current_user->roles[0]))
62
- $current_user_role=$current_user->roles[0];
63
- $opt=fetch_methods($current_user);
64
- ?>
65
- <html>
66
- <head>
67
- <meta charset="utf-8"/>
68
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
69
- <meta name="viewport" content="width=device-width, initial-scale=1">
70
- <?php
71
- mo2f_inline_css_and_js();
72
- ?>
73
- </head>
74
- <body>
75
- <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
76
- <div class="mo2f-modal-backdrop"></div>
77
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
78
- <div class="login mo_customer_validation-modal-content">
79
- <div class="mo2f_modal-header">
80
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
81
-
82
- <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
83
- </div>
84
- <div class="mo2f_modal-body">
85
- <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
86
- if(isset($login_message) && !empty($login_message)) {
87
- echo '<br><br>';
88
-
89
- ?>
90
-
91
- <div id="otpMessage">
92
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
93
- </div>
94
- <?php }else
95
- echo '<br>';
96
- ?>
97
-
98
- <br>
99
- <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
100
- <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
101
- <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
102
- <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
103
- (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
104
- </label>
105
- <br>
106
- </span>
107
- <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
108
- <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
109
- <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
110
- <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
111
- </label>
112
- <br>
113
- </span>
114
- <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
115
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
116
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
117
- <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
118
- </label>
119
- <br>
120
- </span>
121
- <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
122
- <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
123
- <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
124
- <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
125
- </label>
126
- <br>
127
- </span>
128
- <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
129
- <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
130
- <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
131
- <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
132
- </label>
133
- <br>
134
- </span>
135
- <span class="<?php if( !(in_array("OTP OVER TELEGRAM", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
136
- <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
137
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER TELEGRAM" />
138
- <?php echo __('OTP Over TELEGRAM', 'miniorange-2-factor-authentication'); ?>
139
- </label>
140
- <br>
141
- </span>
142
- <span class="<?php if( !(in_array("OTP OVER WHATSAPP", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
143
- <label title="<?php echo __('You will get an OTP on your WHATSAPP app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
144
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER WHATSAPP" />
145
- <?php echo __('OTP Over WHATSAPP', 'miniorange-2-factor-authentication'); ?>
146
- </label>
147
- <br>
148
- </span>
149
- <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
150
- <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
151
- <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
152
- <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
153
- </label>
154
- <br>
155
- </span>
156
- <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
157
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
158
- <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
159
- <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
160
- </label>
161
- <br>
162
- </span>
163
- <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
164
- <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
165
- <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
166
- <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
167
- </label>
168
- <br>
169
- </span>
170
- <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
171
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
172
- <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
173
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
174
- </label>
175
- <br>
176
- </span>
177
- <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
178
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
179
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
180
- <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
181
- </label>
182
- <br>
183
- </span>
184
- <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
185
- <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
186
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
187
- <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
188
- </label>
189
- <br>
190
- </span>
191
- <span class="<?php if( !(in_array("DUO", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
192
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
193
- <input type="radio" name="mo2f_selected_2factor_method" value=" DUO PUSH NOTIFICATIONS" />
194
- <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
195
- </label>
196
- <br>
197
- </span>
198
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
199
- <br />
200
- <?php mo2f_customize_logo() ?>
201
- </div>
202
- </div>
203
- </div>
204
- </div>
205
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
206
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
207
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
208
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
209
- </form>
210
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
- <input type="hidden" name="mo2f_selected_2factor_method" />
212
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
213
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
215
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
216
- </form>
217
-
218
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
- <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
- <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
221
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
222
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
223
- </form>
224
-
225
- <script>
226
- function mologinback(){
227
- jQuery('#mo2f_backto_mo_loginform').submit();
228
- }
229
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
230
- var selectedMethod = jQuery(this).val();
231
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
232
- jQuery('#mo2f_select_2fa_methods_form').submit();
233
- });
234
- jQuery('a[href="#skiptwofactor"]').click(function(e) {
235
-
236
- jQuery('#mo2f_skip_loginform').submit();
237
- });
238
- </script>
239
- </body>
240
- </html>
241
- <?php
242
- }
243
- }
244
-
245
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
246
- {
247
-
248
- global $Mo2fdbQueries;
249
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
250
- if(isset($mo2f_user_email) and $mo2f_user_email != '')
251
- $email = $mo2f_user_email;
252
-
253
- $current_user = get_userdata($current_user_id);
254
- if($current_user_id == get_option('mo2f_miniorange_admin'))
255
- $email = get_option('mo2f_email');
256
-
257
- $enduser = new Two_Factor_Setup();
258
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
259
-
260
- if(json_last_error() == JSON_ERROR_NONE){
261
-
262
- if($check_user['status'] == 'ERROR'){
263
- return Mo2fConstants:: langTranslate( $check_user['message']);
264
-
265
- }
266
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
267
-
268
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
269
- 'user_registration_with_miniorange' =>'SUCCESS',
270
- 'mo2f_user_email' =>$email,
271
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
272
- ) );
273
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
274
-
275
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
276
- }
277
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
278
-
279
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
280
- if(json_last_error() == JSON_ERROR_NONE) {
281
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
282
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
283
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
284
- 'user_registration_with_miniorange' =>'SUCCESS',
285
- 'mo2f_user_email' =>$email,
286
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
287
- ) );
288
-
289
- $mo2fa_login_message = '';
290
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
291
- }
292
- }
293
-
294
-
295
- }
296
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
297
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
298
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
299
- mo2f_inline_email_form($email,$current_user_id);
300
- exit;
301
- }
302
-
303
- }
304
-
305
- }
306
-
307
- function mo2f_inline_email_form($email,$current_user_id)
308
- {
309
- ?>
310
- <html>
311
- <head>
312
- <meta charset="utf-8"/>
313
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
314
- <meta name="viewport" content="width=device-width, initial-scale=1">
315
- <?php
316
- mo2f_inline_css_and_js();
317
- ?>
318
- </head>
319
- <body>
320
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
321
- <div class="mo2f-modal-backdrop"></div>
322
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
323
- <div class="login mo_customer_validation-modal-content">
324
- <div class="mo2f_modal-header">
325
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
326
- <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
327
- </div>
328
- <div class="mo2f_modal-body">
329
- <form action="" method="post" name="f">
330
- <p>The Email assoicated with your account is already registered in miniOrange. Please use a different email address or contact miniOrange.
331
- </p><br>
332
- <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
333
- <br>
334
- <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
- <br>
336
- <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-email-change-nonce')); ?>" />
337
- <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
- <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
340
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
341
- </form>
342
- <br>
343
- <?php mo2f_customize_logo() ?>
344
- </div>
345
- </div>
346
- </div>
347
- </div>
348
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
350
- </form>
351
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
- <input type="hidden" name="mo2f_selected_2factor_method" />
353
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
354
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
356
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
357
- </form>
358
- <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
- <input type="hidden" name="miniorange_skip_2fa" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
361
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
362
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
363
- </form>
364
- <?php } ?>
365
-
366
- <script type="text/javascript">
367
- jQuery('#save_entered_email_inlinecloud1').click(function(){
368
- var email = jQuery('#emailInlineCloud').val();
369
- var nonce = '<?php echo esc_html(wp_create_nonce("checkuserinminiOrangeNonce"));?>';
370
- var data = {
371
- 'action' : 'mo_two_factor_ajax',
372
- 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
373
- 'email' : email,
374
- 'nonce' : nonce
375
-
376
- };
377
-
378
- var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
379
-
380
-
381
- jQuery.post(ajaxurl, data, function(response) {
382
-
383
- if(response == 'alreadyExist')
384
- {
385
- jQuery('#emailalredyused').show();
386
- }
387
- else if(response =='USERCANBECREATED')
388
- {
389
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
390
- jQuery('#mo2f_select_2fa_methods_form').submit();
391
- }
392
- });
393
-
394
- });
395
-
396
-
397
- </script>
398
- </body>
399
-
400
- <?php
401
- }
402
- function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
403
-
404
- global $Mo2fdbQueries;
405
- if(isset($qrCode)){
406
- $qrCodedata = $qrCode['mo2f-login-qrCode'];
407
- $showqrCode = $qrCode['mo2f_show_qr_code'];
408
- }
409
- $current_user = get_userdata($current_user_id);
410
- $email = $current_user->user_email;
411
-
412
- $opt=fetch_methods($current_user);
413
-
414
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
415
- ?>
416
- <html>
417
- <head> <meta charset="utf-8"/>
418
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
419
- <meta name="viewport" content="width=device-width, initial-scale=1">
420
- <?php
421
- mo2f_inline_css_and_js();
422
- ?>
423
- </head>
424
- <body>
425
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
426
- <div class="mo2f-modal-backdrop"></div>
427
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
428
- <div class="login mo_customer_validation-modal-content">
429
- <div class="mo2f_modal-header">
430
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
431
- <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
432
- </div>
433
- <div class="mo2f_modal-body">
434
- <?php if(isset($login_message) && !empty($login_message)) { ?>
435
-
436
- <div id="otpMessage">
437
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
438
- </div>
439
- <?php } ?>
440
- <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
441
- <div class="mo_margin_left">
442
- <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
443
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
444
- <center>
445
- <?php if (sizeof($opt) > 1) { ?>
446
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
447
- <?php } ?>
448
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
449
- </center>
450
- </div>
451
- <?php
452
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
453
- initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
454
- <?php } ?>
455
-
456
- <?php mo2f_customize_logo() ?>
457
- </div>
458
- <br>
459
- <br>
460
- </div>
461
- </div>
462
- </div>
463
- </div>
464
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
466
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
467
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
468
- </form>
469
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
472
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
473
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
474
- </form>
475
- <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
- <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
478
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
479
- <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce')); ?>" />
480
- </form>
481
- <?php if (sizeof($opt) > 1) { ?>
482
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
- <input type="hidden" name="option" value="miniorange_back_inline"/>
484
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
485
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
486
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
487
- </form>
488
- <?php } ?>
489
- <script>
490
- function mologinback(){
491
- jQuery('#mo2f_backto_mo_loginform').submit();
492
- }
493
- function moconfigureapp(){
494
- jQuery('#mo2f_inline_configureapp_form').submit();
495
- }
496
- jQuery('#mo2f_inline_back_btn').click(function() {
497
- jQuery('#mo2f_goto_two_factor_form').submit();
498
- });
499
- <?php
500
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
501
- ?>
502
- <?php } ?>
503
- </script>
504
- </body>
505
- </html>
506
- <?php
507
- }
508
- function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
509
- global $Mo2fdbQueries;
510
- $current_user = get_userdata($current_user_id);
511
- $email = $current_user->user_email;
512
- $opt=fetch_methods($current_user);
513
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
514
-
515
- ?>
516
- <html>
517
- <head> <meta charset="utf-8"/>
518
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
519
- <meta name="viewport" content="width=device-width, initial-scale=1">
520
- <?php
521
- mo2f_inline_css_and_js();
522
- ?>
523
- </head>
524
- <body>
525
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
526
- <div class="mo2f-modal-backdrop"></div>
527
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
528
- <div class="login mo_customer_validation-modal-content">
529
- <div class="mo2f_modal-header">
530
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
531
- <?php echo __('Setup Duo', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
532
- </div>
533
- <div class="mo2f_modal-body">
534
- <?php if(isset($login_message) && !empty($login_message)) { ?>
535
-
536
- <div id="otpMessage">
537
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
538
- </div>
539
- <?php } ?>
540
- <div style="margin-right:7px;"><?php mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registration_status);
541
-
542
- ?></div>
543
- <div class="mo_margin_left">
544
- <h3><?php echo __('Step-2 : Setup Duo Push Notification', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
545
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to setup duo push notification.', 'miniorange-2-factor-authentication'); ?></h4>
546
- <center>
547
- <?php if (sizeof($opt) > 1) { ?>
548
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
549
- <?php } ?>
550
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
551
- </center>
552
- </div>
553
- <?php
554
-
555
- if(isset($_POST['option']) && $_POST['option'] =='miniorange_inline_duo_auth_mobile_complete'){
556
- go_for_user_enroll_on_duo($current_user,$session_id);
557
- ?>
558
- <?php }else if(isset($_POST['option']) && $_POST['option'] == 'duo_mobile_send_push_notification_for_inline_form') {
559
-
560
- initialize_inline_duo_auth_registration($current_user,$session_id);
561
- ?>
562
-
563
- <?php }?>
564
-
565
- <?php mo2f_customize_logo() ?>
566
- </div>
567
- <br>
568
- <br>
569
- </div>
570
- </div>
571
- </div>
572
- </div>
573
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
574
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
575
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
576
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
577
- </form>
578
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
581
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
582
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
583
- </form>
584
- <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
- <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
587
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
588
- <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce')); ?>" />
589
- </form>
590
- <?php if (sizeof($opt) > 1) { ?>
591
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
- <input type="hidden" name="option" value="miniorange_back_inline"/>
593
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
594
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
595
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
596
- </form>
597
- <?php } ?>
598
- <script>
599
- function mologinback(){
600
- jQuery('#mo2f_backto_mo_loginform').submit();
601
- }
602
- function moconfigureapp(){
603
- jQuery('#mo2f_inline_duo_auth_register_form').submit();
604
- }
605
- jQuery('#mo2f_inline_back_btn').click(function() {
606
- jQuery('#mo2f_goto_two_factor_form').submit();
607
- });
608
- <?php
609
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
610
- ?>
611
- <?php } ?>
612
- </script>
613
- </body>
614
- </html>
615
- <?php
616
- }
617
-
618
- function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
619
- $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
620
- $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
621
- global $Mo2fdbQueries;
622
- if(empty($data)){
623
- $user = get_user_by('ID',$current_user_id);
624
- if(!MO2F_IS_ONPREM){
625
- if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
626
- Miniorange_Authentication::mo2f_get_GA_parameters($user);
627
- }
628
- $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
629
- $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
630
- $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
631
- MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $mo2f_google_auth['ga_secret']);
632
- MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
633
- }else{
634
- include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR . 'handler'.DIRECTORY_SEPARATOR . 'twofa'. DIRECTORY_SEPARATOR . 'gaonprem.php';
635
- $gauth_obj = new Google_auth_onpremise();
636
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user->ID);
637
- $onpremise_secret = $gauth_obj->createSecret();
638
- $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
639
- $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
640
- $data = $url;
641
- MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $onpremise_secret);
642
- MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $url);
643
-
644
- }
645
- }
646
- wp_register_script('mo2f_qr_code_js',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))) );
647
- wp_register_script('mo2f_qr_code_minjs',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))) );
648
- ?>
649
- <html>
650
- <head> <meta charset="utf-8"/>
651
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
652
- <meta name="viewport" content="width=device-width, initial-scale=1">
653
- <?php
654
- mo2f_inline_css_and_js();
655
- ?>
656
- </head>
657
- <style>
658
- * {
659
- box-sizing: border-box;
660
- }
661
- [class*="mcol-"] {
662
- float: left;
663
- padding: 15px;
664
- }
665
- /* For desktop: */
666
- .mcol-1 {width: 50%;}
667
- .mcol-2 {width: 50%;}
668
- @media only screen and (max-width: 768px) {
669
- /* For mobile phones: */
670
- [class*="mcol-"] {
671
- width: 100%;
672
- }
673
- }
674
- </style>
675
- <body>
676
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
677
- <div class="mo2f-modal-backdrop"></div>
678
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
679
- <div class="login mo_customer_validation-modal-content">
680
- <div class="mo2f_modal-header">
681
- <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
682
- <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
683
- </div>
684
- <div class="mo2f_modal-body">
685
- <?php
686
-
687
- $current_user = get_userdata($current_user_id);
688
- $opt=fetch_methods($current_user);
689
- ?>
690
- <?php if(isset($login_message) && !empty($login_message)) { ?>
691
- <div id="otpMessage"
692
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
693
- >
694
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
695
- </div>
696
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
697
- <?php } ?>
698
- <div class="mcol-1">
699
- <div id="mo2f_choose_app_tour">
700
- <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
701
-
702
- <select id="authenticator_type">
703
- <option value="google_authenticator">Google Authenticator</option>
704
- <option value="msft_authenticator">Microsoft Authenticator</option>
705
- <option value="authy_authenticator">Authy Authenticator</option>
706
- <option value="last_pass_auth">LastPass Authenticator</option>
707
- <option value="free_otp_auth">FreeOTP Authenticator</option>
708
- <option value="duo_auth">Duo Mobile Authenticator</option>
709
- </select>
710
- <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
711
- <span id="links_to_apps">
712
- <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
713
- <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
714
-
715
- </span>
716
- </div>
717
- </div>
718
- <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
719
- <ol>
720
- <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
721
- <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
722
- <br>
723
- <?php if(MO2F_IS_ONPREM){ ?>
724
- <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
725
- <?php
726
-
727
- } else{ ?>
728
- <div style="margin-left: 14%;">
729
- <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
730
- <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
731
- </div>
732
- </div>
733
- <?php }
734
- ?>
735
- <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
736
-
737
- </ol>
738
- <div id="mo2f_scanbarcode_a" hidden>
739
- <ol >
740
- <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
741
- <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
742
- <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
743
- <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
744
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
745
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
746
- <?php echo esc_html($ga_secret) ?>
747
- </div>
748
- <div style="font-size: 80%;color: #666666;">
749
- <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
750
- </div>
751
- </div>
752
- <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
753
- <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
754
- </ol>
755
- </div>
756
- </div>
757
- <div class="mcol-2">
758
- <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
759
- <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
760
- <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
761
- <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
762
- <br />
763
- <input type="hidden" name="option" value="miniorange_inline_ga_validate">
764
- <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
765
- <div class="center">
766
- <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
767
- </div>
768
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
769
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
770
- <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce')); ?>" />
771
- </form>
772
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
- <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
- <input type="hidden" name="option" value="miniorange_back_inline"/>
775
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
776
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
777
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
778
- </form>
779
- </div>
780
- <br>
781
- <br>
782
- <?php mo2f_customize_logo() ?>
783
- </div>
784
- </div>
785
- </div>
786
- </div>
787
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
789
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
790
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
791
- </form>
792
- <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
793
- <input type="hidden" name="google_phone_type" />
794
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
795
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
796
- <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce')); ?>" />
797
- </form>
798
-
799
- <script>
800
- jQuery('#authenticator_type').change(function(){
801
- var auth_type = jQuery(this).val();
802
- if(auth_type == 'google_authenticator'){
803
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
804
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
805
- '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
806
- jQuery('#mo2f_change_app_name').show();
807
- jQuery('#links_to_apps').show();
808
- }else if(auth_type == 'msft_authenticator'){
809
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
810
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
811
- '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
812
- jQuery('#links_to_apps').show();
813
- }else if(auth_type == 'free_otp_auth'){
814
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
815
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
816
- '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
817
- jQuery('#links_to_apps').show();
818
- }else if(auth_type == 'duo_auth'){
819
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
820
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
821
- '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
822
- jQuery('#links_to_apps').show();
823
- }else if(auth_type == 'authy_authenticator'){
824
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
825
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
826
- '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
827
- jQuery('#links_to_apps').show();
828
- }else{
829
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
830
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
831
- '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
832
- jQuery('#mo2f_change_app_name').show();
833
- jQuery('#links_to_apps').show();
834
- }
835
- });
836
- function mologinback(){
837
- jQuery('#mo2f_backto_mo_loginform').submit();
838
- }
839
- jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
840
- var selectedPhone = jQuery(this).val();
841
- document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
842
- jQuery('#mo2f_inline_app_type_ga_form').submit();
843
- });
844
- jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
845
- jQuery("#mo2f_scanbarcode_a").toggle();
846
- });
847
- jQuery(document).ready(function() {
848
- jQuery('.mo2f_gauth').qrcode({
849
- 'render': 'image',
850
- size: 175,
851
- 'text': jQuery('.mo2f_gauth').data('qrcode')
852
- });
853
- });
854
- </script>
855
- </body>
856
- <?php
857
- echo '<head>';
858
- wp_print_scripts( 'mo2f_qr_code_js' );
859
- wp_print_scripts( 'mo2f_qr_code_minjs' );
860
- echo '</head>';
861
- }
862
-
863
- function mo2f_inline_css_and_js(){
864
-
865
- wp_register_style( 'mo2f_bootstrap',plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))));
866
- wp_register_style('mo2f_front_end_login',plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))));
867
- wp_register_style('mo2f_style_setting',plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))));
868
- wp_register_style('mo2f_hide-login',plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))));
869
-
870
- wp_print_styles( 'mo2f_bootstrap');
871
- wp_print_styles( 'mo2f_front_end_login');
872
- wp_print_styles( 'mo2f_style_setting');
873
- wp_print_styles( 'mo2f_hide-login');
874
-
875
- wp_register_script('mo2f_bootstrap_js',plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))));
876
- wp_print_scripts( 'jquery');
877
- wp_print_scripts( 'mo2f_bootstrap_js' );
878
- }
879
-
880
-
881
- function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
882
- $data = $qrCode;
883
-
884
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_transactionId' );
885
-
886
- $url = MO_HOST_NAME;
887
- $opt=fetch_methods($current_user);
888
- ?>
889
- <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
890
- <div class="red" style="color:#E74C3C;">
891
- <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
892
- <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
893
- <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
894
- <ol>
895
- <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
896
- <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
897
- <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
898
- </ol>
899
- </div>
900
- <table class="mo2f_settings_table">
901
- <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
902
- <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . $data . '" />'; ?>
903
- </div>
904
- </table>
905
- <center>
906
- <?php
907
- if (sizeof($opt) > 1) { ?>
908
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
909
- <?php }
910
- ?>
911
- </center>
912
- <script>
913
- jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
914
- jQuery('#mo2f_inline_configureapp_form').submit();
915
- });
916
- jQuery("#mo2f_configurePhone").empty();
917
- jQuery("#mo2f_app_div").hide();
918
- var timeout;
919
- pollInlineMobileRegistration();
920
- function pollInlineMobileRegistration()
921
- {
922
- var transId = "<?php echo $mo2f_login_transaction_id; ?>";
923
- var jsonString = "{\"txId\":\""+ transId + "\"}";
924
- var postUrl = "<?php echo $url; ?>" + "/moas/api/auth/registration-status";
925
- jQuery.ajax({
926
- url: postUrl,
927
- type : "POST",
928
- dataType : "json",
929
- data : jsonString,
930
- contentType : "application/json; charset=utf-8",
931
- success : function(result) {
932
- var status = JSON.parse(JSON.stringify(result)).status;
933
- if (status == 'SUCCESS') {
934
- var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
935
- jQuery("#displayInlineQrCode").empty();
936
- jQuery("#displayInlineQrCode").append(content);
937
- setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
938
- } else if (status == 'ERROR' || status == 'FAILED') {
939
- var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
940
- jQuery("#displayInlineQrCode").empty();
941
- jQuery("#displayInlineQrCode").append(content);
942
- jQuery("#messages").empty();
943
- jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
944
- } else {
945
- timeout = setTimeout(pollInlineMobileRegistration, 3000);
946
- }
947
- }
948
- });
949
- }
950
- </script>
951
- <?php
952
- }
953
-
954
- function initialize_inline_duo_auth_registration($current_user,$session_id_encrypt){
955
-
956
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
957
- update_user_meta($user_id,'current_user_email',$current_user->user_email);
958
-
959
-
960
- $opt=fetch_methods($current_user);
961
- ?>
962
- <h3><?php echo mo2f_lt( 'Test Duo Authenticator' ); ?></h3>
963
- <hr>
964
- <div>
965
- <br>
966
- <br>
967
- <center>
968
- <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
969
- <br>
970
- <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
971
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
972
- </center>
973
-
974
- <input type="button" name="back" id="go_back" class="button button-primary button-large"
975
- value="<?php echo mo2f_lt( 'Back' ); ?>"
976
- style="margin-top:100px;margin-left:10px;"/>
977
- </div>
978
-
979
- <form name="f" method="post" action="" id="mo2f_go_back_form">
980
- <input type="hidden" name="option" value="mo2f_go_back"/>
981
- <input type="hidden" name="mo2f_go_back_nonce"
982
- value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
983
- </form>
984
- <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
- <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
987
- <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
- value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-success-nonce" )) ?>"/>
989
- </form>
990
- <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
- <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
993
- <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
- value="<?php echo esc_html(wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" )) ?>"/>
995
- </form>
996
-
997
- <script>
998
- jQuery('#go_back').click(function () {
999
- jQuery('#mo2f_go_back_form').submit();
1000
- });
1001
- jQuery("#mo2f_configurePhone").empty();
1002
- jQuery("#mo2f_app_div").hide();
1003
- var timeout;
1004
-
1005
-
1006
-
1007
- pollMobileValidation();
1008
- function pollMobileValidation() {
1009
- var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1010
- var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
1011
- var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
1012
-
1013
- var data={
1014
- 'action':'mo2f_duo_ajax_request',
1015
- 'call_type':'check_duo_push_auth_status',
1016
- 'session_id_encrypt': session_id_encrypt,
1017
- 'nonce': nonce,
1018
-
1019
- };
1020
-
1021
- jQuery.post(ajax_url, data, function(response){
1022
-
1023
- if (response == 'SUCCESS') {
1024
- jQuery('#mo2f_inline_duo_authenticator_success_form').submit();
1025
- } else if (response == 'ERROR' || response == 'FAILED' || response == 'DENIED') {
1026
-
1027
- jQuery('#mo2f_duo_authenticator_error_form').submit();
1028
- } else {
1029
- timeout = setTimeout(pollMobileValidation, 3000);
1030
- }
1031
-
1032
- });
1033
-
1034
- }
1035
-
1036
- </script>
1037
-
1038
- <?php
1039
- }
1040
- function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1041
- $current_user = get_userdata($current_user_id);
1042
- $opt=fetch_methods($current_user);
1043
-
1044
- ?>
1045
- <html>
1046
- <head> <meta charset="utf-8"/>
1047
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1048
- <meta name="viewport" content="width=device-width, initial-scale=1">
1049
- <?php
1050
- mo2f_inline_css_and_js();
1051
- ?>
1052
- <style>
1053
- .mo2f_kba_ques, .mo2f_table_textbox{
1054
- background: whitesmoke none repeat scroll 0% 0%;
1055
- }
1056
- </style>
1057
- </head>
1058
- <body>
1059
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1060
- <div class="mo2f-modal-backdrop"></div>
1061
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1062
- <div class="login mo_customer_validation-modal-content">
1063
- <div class="mo2f_modal-header">
1064
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1065
- <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
1066
- </div>
1067
- <div class="mo2f_modal-body">
1068
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1069
- <div id="otpMessage">
1070
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
1071
- </div>
1072
- <?php } ?>
1073
- <form name="f" method="post" action="" >
1074
- <?php mo2f_configure_kba_questions(); ?>
1075
- <br />
1076
- <div class ="row">
1077
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1078
- <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1079
- <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
1080
-
1081
- </div>
1082
- </div>
1083
- <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1085
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1086
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1087
- </form>
1088
- <?php if (sizeof($opt) > 1) { ?>
1089
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
1090
- <div class ="row">
1091
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1092
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1093
- </div>
1094
- </div>
1095
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1096
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1097
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1098
- </form>
1099
- <?php } ?>
1100
-
1101
- <?php mo2f_customize_logo() ?>
1102
- </div>
1103
- </div>
1104
- </div>
1105
- </div>
1106
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1108
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1109
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1110
- </form>
1111
-
1112
- <script>
1113
- function mologinback(){
1114
- jQuery('#mo2f_backto_mo_loginform').submit();
1115
- }
1116
-
1117
- function mobackinline(){
1118
- jQuery('#mo2f_goto_two_factor_form').submit();
1119
- }
1120
- </script>
1121
- </body>
1122
- </html>
1123
- <?php
1124
- }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1125
- $current_user = get_userdata($current_user_id);
1126
- $opt=fetch_methods($current_user);
1127
- ?>
1128
- <html>
1129
- <head> <meta charset="utf-8"/>
1130
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1131
- <meta name="viewport" content="width=device-width, initial-scale=1">
1132
- <?php
1133
- mo2f_inline_css_and_js();
1134
- ?>
1135
- <style>
1136
- .mo2f_kba_ques, .mo2f_table_textbox{
1137
- background: whitesmoke none repeat scroll 0% 0%;
1138
- }
1139
- </style>
1140
- </head>
1141
- <body>
1142
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1143
- <div class="mo2f-modal-backdrop"></div>
1144
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1145
- <div class="login mo_customer_validation-modal-content">
1146
- <div class="mo2f_modal-header">
1147
- <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1148
- <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
1149
- </div>
1150
- <div class="mo2f_modal-body">
1151
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1152
- <div id="otpMessage">
1153
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1154
- </div>
1155
- <?php } ?>
1156
- <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1157
- <input type="hidden" name="option" value="miniorange_inline_register" />
1158
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1159
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1160
- <p>This method requires you to have an account with miniOrange.</p>
1161
- <table class="mo_wpns_settings_table">
1162
- <tr>
1163
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1164
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
1165
- required placeholder="person@example.com"/></td>
1166
- </tr>
1167
- <tr>
1168
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1169
- <td><input class="mo_wpns_table_textbox" required type="password"
1170
- name="password" placeholder="Choose your password (Min. length 6)" /></td>
1171
- </tr>
1172
- <tr>
1173
- <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1174
- <td><input class="mo_wpns_table_textbox" required type="password"
1175
- name="confirmPassword" placeholder="Confirm your password" /></td>
1176
- </tr>
1177
- <tr>
1178
- <td>&nbsp;</td>
1179
- <td><br><input type="submit" name="submit" value="Create Account"
1180
- class="miniorange_button" />
1181
- <a href="#mo2f_account_exist">Already have an account?</a>
1182
- </tr>
1183
- </table>
1184
- </form>
1185
- <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1186
- <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1187
- <input type="hidden" name="option" value="miniorange_inline_login"/>
1188
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1189
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1190
- <table class="mo_wpns_settings_table">
1191
- <tr>
1192
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1193
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
1194
- required placeholder="person@example.com"
1195
- /></td>
1196
- </tr>
1197
- <tr>
1198
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1199
- <td><input class="mo_wpns_table_textbox" required type="password"
1200
- name="password" placeholder="Enter your miniOrange password" /></td>
1201
- </tr>
1202
- <tr>
1203
- <td>&nbsp;</td>
1204
- <td><input type="submit" class="miniorange_button" />
1205
- <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
1206
- </tr>
1207
- </table>
1208
- </form>
1209
- <br>
1210
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
1211
- <?php mo2f_customize_logo() ?>
1212
- </div>
1213
- </div>
1214
- </div>
1215
- </div>
1216
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1219
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1220
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1221
- </form>
1222
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1223
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1224
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1225
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1226
- </form>
1227
-
1228
- <script>
1229
- jQuery('#mo2f_inline_back_btn').click(function() {
1230
- jQuery('#mo2f_goto_two_factor_form').submit();
1231
- });
1232
- jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1233
- jQuery('#mo2f_inline_login_form').show();
1234
- jQuery('#mo2f_inline_register_form').hide();
1235
- });
1236
- jQuery('#cancel_link').click(function(){
1237
- jQuery('#mo2f_inline_register_form').show();
1238
- jQuery('#mo2f_inline_login_form').hide();
1239
- });
1240
- function mologinback(){
1241
- jQuery('#mo2f_backto_mo_loginform').submit();
1242
- }
1243
- </script>
1244
- </body>
1245
- </html>
1246
- <?php
1247
- }
1248
- function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
1249
- global $Mo2fdbQueries;
1250
- ?>
1251
- <html>
1252
- <head> <meta charset="utf-8"/>
1253
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1254
- <meta name="viewport" content="width=device-width, initial-scale=1">
1255
- <?php
1256
- mo2f_inline_css_and_js();
1257
- ?>
1258
- <style>
1259
- .mo2f_kba_ques, .mo2f_table_textbox{
1260
- background: whitesmoke none repeat scroll 0% 0%;
1261
- }
1262
- </style>
1263
- </head>
1264
- <body>
1265
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1266
- <div class="mo2f-modal-backdrop"></div>
1267
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1268
- <div class="login mo_customer_validation-modal-content">
1269
- <div class="mo2f_modal-header">
1270
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1271
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1272
- </div>
1273
- <div class="mo2f_modal-body center">
1274
- <?php
1275
- global $Mo2fdbQueries;
1276
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1277
- if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1278
- $mo2f_second_factor = 'Email Verification';
1279
- }else if($mo2f_second_factor == 'SMS'){
1280
- $mo2f_second_factor = 'OTP over SMS';
1281
- }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1282
- $mo2f_second_factor = 'OTP_OVER_EMAIL';
1283
- }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1284
- $mo2f_second_factor = 'Phone Call Verification';
1285
- }else if($mo2f_second_factor == 'SOFT TOKEN'){
1286
- $mo2f_second_factor = 'Soft Token';
1287
- }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1288
- $mo2f_second_factor = 'QR Code Authentication';
1289
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1290
- $mo2f_second_factor = 'Push Notification';
1291
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1292
- if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1293
- $mo2f_second_factor = 'Google Authenticator';
1294
- }else{
1295
- $mo2f_second_factor = 'Authy 2-Factor Authentication';
1296
- }
1297
- }else if($mo2f_second_factor == 'KBA'){
1298
- $mo2f_second_factor = 'Security Questions (KBA)';
1299
- }
1300
- $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1301
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1302
-
1303
- if(get_site_option( 'mo2f_disable_kba' )!=1){
1304
- if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1305
- ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1306
- <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1307
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1308
- <div id="otpMessage">
1309
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1310
- </div>
1311
- <?php } ?>
1312
- <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1313
- <form name="f" method="post" action="" >
1314
- <?php mo2f_configure_kba_questions(); ?>
1315
- <br>
1316
- <center>
1317
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1318
- </center>
1319
- <input type="hidden" name="mo2f_inline_kba_option" />
1320
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1321
- <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo esc_html($login_status); ?>" />
1322
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1323
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1324
- </form>
1325
- </div>
1326
- <?php }
1327
- }else{
1328
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1329
- $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1330
- $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1331
- }
1332
- if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1333
- if(get_site_option('mo2f_remember_device')!=1)
1334
- {
1335
- $pass2fa= new Miniorange_Password_2Factor_Login();
1336
- $pass2fa->mo2fa_pass2login(site_url(), $session_id);
1337
- ?>
1338
- <center>
1339
- <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1340
- <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1341
- </p>
1342
- </center>
1343
- <br>
1344
- <center>
1345
- <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1346
- <br>
1347
- </center>
1348
- <?php
1349
- }else{
1350
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? sanitize_url($_POST[ 'redirect_to' ]) : null;
1351
- $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1352
- mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1353
- }
1354
- }
1355
- mo2f_customize_logo() ?>
1356
- </div>
1357
- </div>
1358
- </div>
1359
- </div>
1360
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1361
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1362
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1363
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1364
- </form>
1365
-
1366
- <script>
1367
- function mologinback(){
1368
- jQuery('#mo2f_backto_mo_loginform').submit();
1369
- }
1370
- </script>
1371
- </body>
1372
- </html>
1373
- <?php
1374
- }
1375
-
1376
- function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
1377
- $current_user = get_userdata($current_user_id);
1378
- $opt=fetch_methods($current_user);
1379
- global $Mo2fdbQueries;
1380
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1381
- $current_user = get_userdata($current_user_id);
1382
- $email = $current_user->user_email;
1383
- ?>
1384
- <html>
1385
- <head> <meta charset="utf-8"/>
1386
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1387
- <meta name="viewport" content="width=device-width, initial-scale=1">
1388
- <?php
1389
- mo2f_inline_css_and_js();
1390
-
1391
- wp_register_script('mo2f_bootstrap_js', plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))));
1392
- wp_register_script('mo2f_phone_js', plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))));
1393
- wp_print_scripts( 'mo2f_bootstrap_js' );
1394
- wp_print_scripts( 'mo2f_phone_js');
1395
-
1396
- wp_register_style('mo2f_phone',plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))));
1397
- wp_print_styles( 'mo2f_phone' );
1398
- ?>
1399
- </head>
1400
- <body>
1401
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1402
- <div class="mo2f-modal-backdrop"></div>
1403
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1404
- <div class="login mo_customer_validation-modal-content">
1405
- <div class="mo2f_modal-header">
1406
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1407
- <?php
1408
- if($current_selected_method == 'SMS AND EMAIL'){?>
1409
- <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1410
- <?php }
1411
- else if($current_selected_method == 'OTP Over Telegram')
1412
- {
1413
- echo __('Verify Your Telegram Details', 'miniorange-2-factor-authentication');
1414
- }
1415
- else if($current_selected_method == 'OTP OVER EMAIL'){
1416
- ?>
1417
- <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1418
- <?php }
1419
- else{
1420
- ?>
1421
- <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1422
- <?php } ?>
1423
- </div>
1424
- <div class="mo2f_modal-body">
1425
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1426
- <div id="otpMessage"
1427
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1428
- >
1429
- <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1430
- </div>
1431
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
1432
- <?php } ?>
1433
- <div class="mo2f_row">
1434
- <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1435
- <p>
1436
- <?php
1437
- if($current_selected_method == 'SMS AND EMAIL'){?>
1438
- <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1439
- <?php
1440
- }else if($current_selected_method == 'OTP OVER EMAIL'){
1441
- //no message
1442
- }else if($current_selected_method == 'OTP Over Telegram')
1443
- {
1444
- echo __('1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message', 'miniorange-2-factor-authentication');
1445
- echo "<br><br><br>";
1446
- echo __('2. Enter the recieved Chat ID here below::', 'miniorange-2-factor-authentication');
1447
- $chat_id = get_user_meta($current_user_id,'mo2f_chat_id',true);
1448
-
1449
- if($chat_id == '')
1450
- $chat_id = get_user_meta($current_user_id,'mo2f_temp_chatID',true);
1451
-
1452
- ?>
1453
- <input type="text" name="verify_chatID" id="chatID"
1454
- value="<?php echo esc_html($chat_id); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter chat ID without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1455
-
1456
- <?php
1457
- echo "<br>";
1458
-
1459
- }
1460
- else{
1461
- ?>
1462
- <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1463
- <?php }
1464
- if(!($current_selected_method == 'OTP OVER EMAIL') and $current_selected_method !='OTP Over Telegram'and $current_selected_method !='OTP Over Whatsapp'){
1465
- ?>
1466
- <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1467
- value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1468
- <?php } ?>
1469
- <?php
1470
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1471
- if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1472
- <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1473
- value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1474
- <?php } ?>
1475
- <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
- <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
- <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce')); ?>" />
1478
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1479
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1480
- </form>
1481
- </div>
1482
- <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1483
- <p>
1484
- <?php
1485
- if($current_selected_method == 'SMS AND EMAIL'){?>
1486
- <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1487
- <?php }
1488
- else{
1489
- ?>
1490
- <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1491
- <?php } ?>
1492
- <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1493
- <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1494
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1495
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1496
- <?php } else if($current_selected_method != 'OTP Over Telegram'){
1497
- ?>
1498
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1499
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1500
- <?php } ?>
1501
- <br /><br />
1502
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1503
- <?php if (sizeof($opt) > 1) { ?>
1504
-
1505
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1506
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1507
- <?php } ?>
1508
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1509
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1510
- <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
- <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce')); ?>" />
1512
- </form>
1513
- <?php mo2f_customize_logo() ?>
1514
- </div>
1515
- </div>
1516
- </div>
1517
- </div>
1518
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1520
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1521
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1522
- </form>
1523
- <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
- <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce')); ?>" />
1525
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1526
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1527
- </form>
1528
- <?php if (sizeof($opt) > 1) { ?>
1529
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1532
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1533
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1534
- </form>
1535
- <?php } ?>
1536
- <script>
1537
- jQuery("#phone").intlTelInput();
1538
- function mologinback(){
1539
- jQuery('#mo2f_backto_mo_loginform').submit();
1540
- }
1541
- jQuery('#mo2f_inline_back_btn').click(function() {
1542
- jQuery('#mo2f_goto_two_factor_form').submit();
1543
- });
1544
- jQuery('a[href="#resendsmslink"]').click(function(e) {
1545
- jQuery('#mo2fa_inline_resend_otp_form').submit();
1546
- });
1547
- </script>
1548
- </body>
1549
-
1550
- </html>
1551
- <?php
1552
  }
1
+ <?php
2
+ function fetch_methods($current_user = null){
3
+ $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
4
+ if(!is_null($current_user) && ($current_user->roles[0] != 'administrator') && !mo2f_is_customer_registered()){
5
+ $methods = array("GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
6
+ }
7
+ if(get_site_option('duo_credentials_save_successfully'))
8
+ array_push($methods,"DUO");
9
+ return $methods;
10
+ }
11
+
12
+ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
13
+
14
+ global $Mo2fdbQueries;
15
+ $current_user = get_userdata($current_user_id);
16
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
17
+
18
+ if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
19
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
20
+ prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
21
+ else
22
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
23
+ }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
24
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
25
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
26
+ else
27
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
28
+ }else if($current_selected_method == 'OTP Over Telegram' or $current_selected_method == 'OTP OVER TELEGRAM')
29
+ {
30
+ $current_selected_method = 'OTP Over Telegram';
31
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
32
+ }
33
+ else if($current_selected_method == 'Duo Authenticator'){
34
+ prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
35
+ }
36
+ else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
37
+ prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
38
+ }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
39
+ prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
40
+ }else if($current_selected_method == 'KBA' ){
41
+ prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
42
+ }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
43
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
44
+ if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
45
+ if(!MO2F_IS_ONPREM)
46
+ {
47
+ $current_user = get_userdata($current_user_id);
48
+ $email = $current_user->user_email;
49
+ $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
50
+ if(isset($tempEmail) and $tempEmail != '')
51
+ $email = $tempEmail;
52
+ create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
53
+ }
54
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
55
+ $pass2fa= new Miniorange_Password_2Factor_Login();
56
+ $pass2fa->mo2fa_pass2login($redirect_to, $session_id);
57
+ }
58
+ prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
59
+ }else{
60
+ $current_user = get_userdata($current_user_id);
61
+ if(isset($current_user->roles[0]))
62
+ $current_user_role=$current_user->roles[0];
63
+ $opt=fetch_methods($current_user);
64
+ ?>
65
+ <html>
66
+ <head>
67
+ <meta charset="utf-8"/>
68
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
69
+ <meta name="viewport" content="width=device-width, initial-scale=1">
70
+ <?php
71
+ mo2f_inline_css_and_js();
72
+ ?>
73
+ </head>
74
+ <body>
75
+ <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
76
+ <div class="mo2f-modal-backdrop"></div>
77
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
78
+ <div class="login mo_customer_validation-modal-content">
79
+ <div class="mo2f_modal-header">
80
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
81
+
82
+ <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
83
+ </div>
84
+ <div class="mo2f_modal-body">
85
+ <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
86
+ if(isset($login_message) && !empty($login_message)) {
87
+ echo '<br><br>';
88
+
89
+ ?>
90
+
91
+ <div id="otpMessage">
92
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
93
+ </div>
94
+ <?php }else
95
+ echo '<br>';
96
+ ?>
97
+
98
+ <br>
99
+ <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
100
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
101
+ <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
102
+ <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
103
+ (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
104
+ </label>
105
+ <br>
106
+ </span>
107
+ <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
108
+ <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
109
+ <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
110
+ <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
111
+ </label>
112
+ <br>
113
+ </span>
114
+ <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
115
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
116
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
117
+ <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
118
+ </label>
119
+ <br>
120
+ </span>
121
+ <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
122
+ <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
123
+ <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
124
+ <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
125
+ </label>
126
+ <br>
127
+ </span>
128
+ <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
129
+ <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
130
+ <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
131
+ <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
132
+ </label>
133
+ <br>
134
+ </span>
135
+ <span class="<?php if( !(in_array("OTP OVER TELEGRAM", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
136
+ <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
137
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER TELEGRAM" />
138
+ <?php echo __('OTP Over TELEGRAM', 'miniorange-2-factor-authentication'); ?>
139
+ </label>
140
+ <br>
141
+ </span>
142
+ <span class="<?php if( !(in_array("OTP OVER WHATSAPP", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
143
+ <label title="<?php echo __('You will get an OTP on your WHATSAPP app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
144
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER WHATSAPP" />
145
+ <?php echo __('OTP Over WHATSAPP', 'miniorange-2-factor-authentication'); ?>
146
+ </label>
147
+ <br>
148
+ </span>
149
+ <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
150
+ <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
151
+ <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
152
+ <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
153
+ </label>
154
+ <br>
155
+ </span>
156
+ <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
157
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
158
+ <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
159
+ <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
160
+ </label>
161
+ <br>
162
+ </span>
163
+ <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
164
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
165
+ <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
166
+ <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
167
+ </label>
168
+ <br>
169
+ </span>
170
+ <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
171
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
172
+ <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
173
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
174
+ </label>
175
+ <br>
176
+ </span>
177
+ <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
178
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
179
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
180
+ <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
181
+ </label>
182
+ <br>
183
+ </span>
184
+ <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
185
+ <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
186
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
187
+ <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
188
+ </label>
189
+ <br>
190
+ </span>
191
+ <span class="<?php if( !(in_array("DUO", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
192
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
193
+ <input type="radio" name="mo2f_selected_2factor_method" value=" DUO PUSH NOTIFICATIONS" />
194
+ <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
195
+ </label>
196
+ <br>
197
+ </span>
198
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
199
+ <br />
200
+ <?php mo2f_customize_logo() ?>
201
+ </div>
202
+ </div>
203
+ </div>
204
+ </div>
205
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
206
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
207
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
208
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
209
+ </form>
210
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
+ <input type="hidden" name="mo2f_selected_2factor_method" />
212
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
213
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
215
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
216
+ </form>
217
+
218
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
+ <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
+ <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
221
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
222
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
223
+ </form>
224
+
225
+ <script>
226
+ function mologinback(){
227
+ jQuery('#mo2f_backto_mo_loginform').submit();
228
+ }
229
+ jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
230
+ var selectedMethod = jQuery(this).val();
231
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
232
+ jQuery('#mo2f_select_2fa_methods_form').submit();
233
+ });
234
+ jQuery('a[href="#skiptwofactor"]').click(function(e) {
235
+
236
+ jQuery('#mo2f_skip_loginform').submit();
237
+ });
238
+ </script>
239
+ </body>
240
+ </html>
241
+ <?php
242
+ }
243
+ }
244
+
245
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
246
+ {
247
+
248
+ global $Mo2fdbQueries;
249
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
250
+ if(isset($mo2f_user_email) and $mo2f_user_email != '')
251
+ $email = $mo2f_user_email;
252
+
253
+ $current_user = get_userdata($current_user_id);
254
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
255
+ $email = get_option('mo2f_email');
256
+
257
+ $enduser = new Two_Factor_Setup();
258
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
259
+
260
+ if(json_last_error() == JSON_ERROR_NONE){
261
+
262
+ if($check_user['status'] == 'ERROR'){
263
+ return Mo2fConstants:: langTranslate( $check_user['message']);
264
+
265
+ }
266
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
267
+
268
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
269
+ 'user_registration_with_miniorange' =>'SUCCESS',
270
+ 'mo2f_user_email' =>$email,
271
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
272
+ ) );
273
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
274
+
275
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
276
+ }
277
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
278
+
279
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
280
+ if(json_last_error() == JSON_ERROR_NONE) {
281
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
282
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
283
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
284
+ 'user_registration_with_miniorange' =>'SUCCESS',
285
+ 'mo2f_user_email' =>$email,
286
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
287
+ ) );
288
+
289
+ $mo2fa_login_message = '';
290
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
291
+ }
292
+ }
293
+
294
+
295
+ }
296
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
297
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
298
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
299
+ mo2f_inline_email_form($email,$current_user_id);
300
+ exit;
301
+ }
302
+
303
+ }
304
+
305
+ }
306
+
307
+ function mo2f_inline_email_form($email,$current_user_id)
308
+ {
309
+ ?>
310
+ <html>
311
+ <head>
312
+ <meta charset="utf-8"/>
313
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
314
+ <meta name="viewport" content="width=device-width, initial-scale=1">
315
+ <?php
316
+ mo2f_inline_css_and_js();
317
+ ?>
318
+ </head>
319
+ <body>
320
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
321
+ <div class="mo2f-modal-backdrop"></div>
322
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
323
+ <div class="login mo_customer_validation-modal-content">
324
+ <div class="mo2f_modal-header">
325
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
326
+ <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
327
+ </div>
328
+ <div class="mo2f_modal-body">
329
+ <form action="" method="post" name="f">
330
+ <p>The Email assoicated with your account is already registered in miniOrange. Please use a different email address or contact miniOrange.
331
+ </p><br>
332
+ <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
333
+ <br>
334
+ <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
+ <br>
336
+ <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-email-change-nonce')); ?>" />
337
+ <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
+ <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
340
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
341
+ </form>
342
+ <br>
343
+ <?php mo2f_customize_logo() ?>
344
+ </div>
345
+ </div>
346
+ </div>
347
+ </div>
348
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
350
+ </form>
351
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
+ <input type="hidden" name="mo2f_selected_2factor_method" />
353
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
354
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
356
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
357
+ </form>
358
+ <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
+ <input type="hidden" name="miniorange_skip_2fa" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
361
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
362
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
363
+ </form>
364
+ <?php } ?>
365
+
366
+ <script type="text/javascript">
367
+ jQuery('#save_entered_email_inlinecloud1').click(function(){
368
+ var email = jQuery('#emailInlineCloud').val();
369
+ var nonce = '<?php echo esc_html(wp_create_nonce("checkuserinminiOrangeNonce"));?>';
370
+ var data = {
371
+ 'action' : 'mo_two_factor_ajax',
372
+ 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
373
+ 'email' : email,
374
+ 'nonce' : nonce
375
+
376
+ };
377
+
378
+ var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
379
+
380
+
381
+ jQuery.post(ajaxurl, data, function(response) {
382
+
383
+ if(response == 'alreadyExist')
384
+ {
385
+ jQuery('#emailalredyused').show();
386
+ }
387
+ else if(response =='USERCANBECREATED')
388
+ {
389
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
390
+ jQuery('#mo2f_select_2fa_methods_form').submit();
391
+ }
392
+ });
393
+
394
+ });
395
+
396
+
397
+ </script>
398
+ </body>
399
+
400
+ <?php
401
+ }
402
+ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
403
+
404
+ global $Mo2fdbQueries;
405
+ if(isset($qrCode)){
406
+ $qrCodedata = $qrCode['mo2f-login-qrCode'];
407
+ $showqrCode = $qrCode['mo2f_show_qr_code'];
408
+ }
409
+ $current_user = get_userdata($current_user_id);
410
+ $email = $current_user->user_email;
411
+
412
+ $opt=fetch_methods($current_user);
413
+
414
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
415
+ ?>
416
+ <html>
417
+ <head> <meta charset="utf-8"/>
418
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
419
+ <meta name="viewport" content="width=device-width, initial-scale=1">
420
+ <?php
421
+ mo2f_inline_css_and_js();
422
+ ?>
423
+ </head>
424
+ <body>
425
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
426
+ <div class="mo2f-modal-backdrop"></div>
427
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
428
+ <div class="login mo_customer_validation-modal-content">
429
+ <div class="mo2f_modal-header">
430
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
431
+ <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
432
+ </div>
433
+ <div class="mo2f_modal-body">
434
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
435
+
436
+ <div id="otpMessage">
437
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
438
+ </div>
439
+ <?php } ?>
440
+ <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
441
+ <div class="mo_margin_left">
442
+ <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
443
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
444
+ <center>
445
+ <?php if (sizeof($opt) > 1) { ?>
446
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
447
+ <?php } ?>
448
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
449
+ </center>
450
+ </div>
451
+ <?php
452
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
453
+ initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
454
+ <?php } ?>
455
+
456
+ <?php mo2f_customize_logo() ?>
457
+ </div>
458
+ <br>
459
+ <br>
460
+ </div>
461
+ </div>
462
+ </div>
463
+ </div>
464
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
466
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
467
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
468
+ </form>
469
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
472
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
473
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
474
+ </form>
475
+ <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
+ <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
478
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
479
+ <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce')); ?>" />
480
+ </form>
481
+ <?php if (sizeof($opt) > 1) { ?>
482
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
484
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
485
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
486
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
487
+ </form>
488
+ <?php } ?>
489
+ <script>
490
+ function mologinback(){
491
+ jQuery('#mo2f_backto_mo_loginform').submit();
492
+ }
493
+ function moconfigureapp(){
494
+ jQuery('#mo2f_inline_configureapp_form').submit();
495
+ }
496
+ jQuery('#mo2f_inline_back_btn').click(function() {
497
+ jQuery('#mo2f_goto_two_factor_form').submit();
498
+ });
499
+ <?php
500
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
501
+ ?>
502
+ <?php } ?>
503
+ </script>
504
+ </body>
505
+ </html>
506
+ <?php
507
+ }
508
+ function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
509
+ global $Mo2fdbQueries;
510
+ $current_user = get_userdata($current_user_id);
511
+ $email = $current_user->user_email;
512
+ $opt=fetch_methods($current_user);
513
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
514
+
515
+ ?>
516
+ <html>
517
+ <head> <meta charset="utf-8"/>
518
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
519
+ <meta name="viewport" content="width=device-width, initial-scale=1">
520
+ <?php
521
+ mo2f_inline_css_and_js();
522
+ ?>
523
+ </head>
524
+ <body>
525
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
526
+ <div class="mo2f-modal-backdrop"></div>
527
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
528
+ <div class="login mo_customer_validation-modal-content">
529
+ <div class="mo2f_modal-header">
530
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
531
+ <?php echo __('Setup Duo', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
532
+ </div>
533
+ <div class="mo2f_modal-body">
534
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
535
+
536
+ <div id="otpMessage">
537
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
538
+ </div>
539
+ <?php } ?>
540
+ <div style="margin-right:7px;"><?php mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registration_status);
541
+
542
+ ?></div>
543
+ <div class="mo_margin_left">
544
+ <h3><?php echo __('Step-2 : Setup Duo Push Notification', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
545
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to setup duo push notification.', 'miniorange-2-factor-authentication'); ?></h4>
546
+ <center>
547
+ <?php if (sizeof($opt) > 1) { ?>
548
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
549
+ <?php } ?>
550
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
551
+ </center>
552
+ </div>
553
+ <?php
554
+
555
+ if(isset($_POST['option']) && $_POST['option'] =='miniorange_inline_duo_auth_mobile_complete'){
556
+ go_for_user_enroll_on_duo($current_user,$session_id);
557
+ ?>
558
+ <?php }else if(isset($_POST['option']) && $_POST['option'] == 'duo_mobile_send_push_notification_for_inline_form') {
559
+
560
+ initialize_inline_duo_auth_registration($current_user,$session_id);
561
+ ?>
562
+
563
+ <?php }?>
564
+
565
+ <?php mo2f_customize_logo() ?>
566
+ </div>
567
+ <br>
568
+ <br>
569
+ </div>
570
+ </div>
571
+ </div>
572
+ </div>
573
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
574
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
575
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
576
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
577
+ </form>
578
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
581
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
582
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
583
+ </form>
584
+ <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
+ <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
587
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
588
+ <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce')); ?>" />
589
+ </form>
590
+ <?php if (sizeof($opt) > 1) { ?>
591
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
593
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
594
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
595
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
596
+ </form>
597
+ <?php } ?>
598
+ <script>
599
+ function mologinback(){
600
+ jQuery('#mo2f_backto_mo_loginform').submit();
601
+ }
602
+ function moconfigureapp(){
603
+ jQuery('#mo2f_inline_duo_auth_register_form').submit();
604
+ }
605
+ jQuery('#mo2f_inline_back_btn').click(function() {
606
+ jQuery('#mo2f_goto_two_factor_form').submit();
607
+ });
608
+ <?php
609
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
610
+ ?>
611
+ <?php } ?>
612
+ </script>
613
+ </body>
614
+ </html>
615
+ <?php
616
+ }
617
+
618
+ function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
619
+ $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
620
+ $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
621
+ global $Mo2fdbQueries;
622
+ if(empty($data)){
623
+ $user = get_user_by('ID',$current_user_id);
624
+ if(!MO2F_IS_ONPREM){
625
+ if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
626
+ Miniorange_Authentication::mo2f_get_GA_parameters($user);
627
+ }
628
+ $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
629
+ $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
630
+ $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
631
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $mo2f_google_auth['ga_secret']);
632
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
633
+ }else{
634
+ include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR . 'handler'.DIRECTORY_SEPARATOR . 'twofa'. DIRECTORY_SEPARATOR . 'gaonprem.php';
635
+ $gauth_obj = new Google_auth_onpremise();
636
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user->ID);
637
+ $onpremise_secret = $gauth_obj->createSecret();
638
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
639
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
640
+ $data = $url;
641
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $onpremise_secret);
642
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $url);
643
+
644
+ }
645
+ }
646
+ wp_register_script('mo2f_qr_code_js',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))) );
647
+ wp_register_script('mo2f_qr_code_minjs',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))) );
648
+ ?>
649
+ <html>
650
+ <head> <meta charset="utf-8"/>
651
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
652
+ <meta name="viewport" content="width=device-width, initial-scale=1">
653
+ <?php
654
+ mo2f_inline_css_and_js();
655
+ ?>
656
+ </head>
657
+ <style>
658
+ * {
659
+ box-sizing: border-box;
660
+ }
661
+ [class*="mcol-"] {
662
+ float: left;
663
+ padding: 15px;
664
+ }
665
+ /* For desktop: */
666
+ .mcol-1 {width: 50%;}
667
+ .mcol-2 {width: 50%;}
668
+ @media only screen and (max-width: 768px) {
669
+ /* For mobile phones: */
670
+ [class*="mcol-"] {
671
+ width: 100%;
672
+ }
673
+ }
674
+ </style>
675
+ <body>
676
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
677
+ <div class="mo2f-modal-backdrop"></div>
678
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
679
+ <div class="login mo_customer_validation-modal-content">
680
+ <div class="mo2f_modal-header">
681
+ <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
682
+ <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
683
+ </div>
684
+ <div class="mo2f_modal-body">
685
+ <?php
686
+
687
+ $current_user = get_userdata($current_user_id);
688
+ $opt=fetch_methods($current_user);
689
+ ?>
690
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
691
+ <div id="otpMessage"
692
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
693
+ >
694
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
695
+ </div>
696
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
697
+ <?php } ?>
698
+ <div class="mcol-1">
699
+ <div id="mo2f_choose_app_tour">
700
+ <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
701
+
702
+ <select id="authenticator_type">
703
+ <option value="google_authenticator">Google Authenticator</option>
704
+ <option value="msft_authenticator">Microsoft Authenticator</option>
705
+ <option value="authy_authenticator">Authy Authenticator</option>
706
+ <option value="last_pass_auth">LastPass Authenticator</option>
707
+ <option value="free_otp_auth">FreeOTP Authenticator</option>
708
+ <option value="duo_auth">Duo Mobile Authenticator</option>
709
+ </select>
710
+ <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
711
+ <span id="links_to_apps">
712
+ <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
713
+ <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
714
+
715
+ </span>
716
+ </div>
717
+ </div>
718
+ <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
719
+ <ol>
720
+ <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
721
+ <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
722
+ <br>
723
+ <?php if(MO2F_IS_ONPREM){ ?>
724
+ <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
725
+ <?php
726
+
727
+ } else{ ?>
728
+ <div style="margin-left: 14%;">
729
+ <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
730
+ <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
731
+ </div>
732
+ </div>
733
+ <?php }
734
+ ?>
735
+ <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
736
+
737
+ </ol>
738
+ <div id="mo2f_scanbarcode_a" hidden>
739
+ <ol >
740
+ <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
741
+ <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
742
+ <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
743
+ <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
744
+ <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
745
+ <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
746
+ <?php echo esc_html($ga_secret) ?>
747
+ </div>
748
+ <div style="font-size: 80%;color: #666666;">
749
+ <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
750
+ </div>
751
+ </div>
752
+ <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
753
+ <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
754
+ </ol>
755
+ </div>
756
+ </div>
757
+ <div class="mcol-2">
758
+ <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
759
+ <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
760
+ <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
761
+ <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
762
+ <br />
763
+ <input type="hidden" name="option" value="miniorange_inline_ga_validate">
764
+ <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
765
+ <div class="center">
766
+ <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
767
+ </div>
768
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
769
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
770
+ <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce')); ?>" />
771
+ </form>
772
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
+ <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
775
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
776
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
777
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
778
+ </form>
779
+ </div>
780
+ <br>
781
+ <br>
782
+ <?php mo2f_customize_logo() ?>
783
+ </div>
784
+ </div>
785
+ </div>
786
+ </div>
787
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
789
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
790
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
791
+ </form>
792
+ <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
793
+ <input type="hidden" name="google_phone_type" />
794
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
795
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
796
+ <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce')); ?>" />
797
+ </form>
798
+
799
+ <script>
800
+ jQuery('#authenticator_type').change(function(){
801
+ var auth_type = jQuery(this).val();
802
+ if(auth_type == 'google_authenticator'){
803
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
804
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
805
+ '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
806
+ jQuery('#mo2f_change_app_name').show();
807
+ jQuery('#links_to_apps').show();
808
+ }else if(auth_type == 'msft_authenticator'){
809
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
810
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
811
+ '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
812
+ jQuery('#links_to_apps').show();
813
+ }else if(auth_type == 'free_otp_auth'){
814
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
815
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
816
+ '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
817
+ jQuery('#links_to_apps').show();
818
+ }else if(auth_type == 'duo_auth'){
819
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
820
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
821
+ '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
822
+ jQuery('#links_to_apps').show();
823
+ }else if(auth_type == 'authy_authenticator'){
824
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
825
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
826
+ '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
827
+ jQuery('#links_to_apps').show();
828
+ }else{
829
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
830
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
831
+ '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
832
+ jQuery('#mo2f_change_app_name').show();
833
+ jQuery('#links_to_apps').show();
834
+ }
835
+ });
836
+ function mologinback(){
837
+ jQuery('#mo2f_backto_mo_loginform').submit();
838
+ }
839
+ jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
840
+ var selectedPhone = jQuery(this).val();
841
+ document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
842
+ jQuery('#mo2f_inline_app_type_ga_form').submit();
843
+ });
844
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
845
+ jQuery("#mo2f_scanbarcode_a").toggle();
846
+ });
847
+ jQuery(document).ready(function() {
848
+ jQuery('.mo2f_gauth').qrcode({
849
+ 'render': 'image',
850
+ size: 175,
851
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
852
+ });
853
+ });
854
+ </script>
855
+ </body>
856
+ <?php
857
+ echo '<head>';
858
+ wp_print_scripts( 'mo2f_qr_code_js' );
859
+ wp_print_scripts( 'mo2f_qr_code_minjs' );
860
+ echo '</head>';
861
+ }
862
+
863
+ function mo2f_inline_css_and_js(){
864
+
865
+ wp_register_style( 'mo2f_bootstrap',plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))));
866
+ wp_register_style('mo2f_front_end_login',plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))));
867
+ wp_register_style('mo2f_style_setting',plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))));
868
+ wp_register_style('mo2f_hide-login',plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))));
869
+
870
+ wp_print_styles( 'mo2f_bootstrap');
871
+ wp_print_styles( 'mo2f_front_end_login');
872
+ wp_print_styles( 'mo2f_style_setting');
873
+ wp_print_styles( 'mo2f_hide-login');
874
+
875
+ wp_register_script('mo2f_bootstrap_js',plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))));
876
+ wp_print_scripts( 'jquery');
877
+ wp_print_scripts( 'mo2f_bootstrap_js' );
878
+ }
879
+
880
+
881
+ function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
882
+ $data = $qrCode;
883
+
884
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_transactionId' );
885
+
886
+ $url = MO_HOST_NAME;
887
+ $opt=fetch_methods($current_user);
888
+ ?>
889
+ <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
890
+ <div class="red" style="color:#E74C3C;">
891
+ <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
892
+ <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
893
+ <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
894
+ <ol>
895
+ <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
896
+ <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
897
+ <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
898
+ </ol>
899
+ </div>
900
+ <table class="mo2f_settings_table">
901
+ <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
902
+ <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . esc_html($data) . '" />'; ?>
903
+ </div>
904
+ </table>
905
+ <center>
906
+ <?php
907
+ if (sizeof($opt) > 1) { ?>
908
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
909
+ <?php }
910
+ ?>
911
+ </center>
912
+ <script>
913
+ jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
914
+ jQuery('#mo2f_inline_configureapp_form').submit();
915
+ });
916
+ jQuery("#mo2f_configurePhone").empty();
917
+ jQuery("#mo2f_app_div").hide();
918
+ var timeout;
919
+ pollInlineMobileRegistration();
920
+ function pollInlineMobileRegistration()
921
+ {
922
+ var transId = "<?php echo esc_html($mo2f_login_transaction_id); ?>";
923
+ var jsonString = "{\"txId\":\""+ transId + "\"}";
924
+ var postUrl = "<?php echo esc_html($url); ?>" + "/moas/api/auth/registration-status";
925
+ jQuery.ajax({
926
+ url: postUrl,
927
+ type : "POST",
928
+ dataType : "json",
929
+ data : jsonString,
930
+ contentType : "application/json; charset=utf-8",
931
+ success : function(result) {
932
+ var status = JSON.parse(JSON.stringify(result)).status;
933
+ if (status == 'SUCCESS') {
934
+ var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
935
+ jQuery("#displayInlineQrCode").empty();
936
+ jQuery("#displayInlineQrCode").append(content);
937
+ setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
938
+ } else if (status == 'ERROR' || status == 'FAILED') {
939
+ var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
940
+ jQuery("#displayInlineQrCode").empty();
941
+ jQuery("#displayInlineQrCode").append(content);
942
+ jQuery("#messages").empty();
943
+ jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
944
+ } else {
945
+ timeout = setTimeout(pollInlineMobileRegistration, 3000);
946
+ }
947
+ }
948
+ });
949
+ }
950
+ </script>
951
+ <?php
952
+ }
953
+
954
+ function initialize_inline_duo_auth_registration($current_user,$session_id_encrypt){
955
+
956
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
957
+ update_user_meta($user_id,'current_user_email',$current_user->user_email);
958
+
959
+
960
+ $opt=fetch_methods($current_user);
961
+ ?>
962
+ <h3><?php echo mo2f_lt( 'Test Duo Authenticator' ); ?></h3>
963
+ <hr>
964
+ <div>
965
+ <br>
966
+ <br>
967
+ <center>
968
+ <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
969
+ <br>
970
+ <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
971
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
972
+ </center>
973
+
974
+ <input type="button" name="back" id="go_back" class="button button-primary button-large"
975
+ value="<?php echo mo2f_lt( 'Back' ); ?>"
976
+ style="margin-top:100px;margin-left:10px;"/>
977
+ </div>
978
+
979
+ <form name="f" method="post" action="" id="mo2f_go_back_form">
980
+ <input type="hidden" name="option" value="mo2f_go_back"/>
981
+ <input type="hidden" name="mo2f_go_back_nonce"
982
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
983
+ </form>
984
+ <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
+ <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
987
+ <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-success-nonce" )) ?>"/>
989
+ </form>
990
+ <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
+ <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
993
+ <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" )) ?>"/>
995
+ </form>
996
+
997
+ <script>
998
+ jQuery('#go_back').click(function () {
999
+ jQuery('#mo2f_go_back_form').submit();
1000
+ });
1001
+ jQuery("#mo2f_configurePhone").empty();
1002
+ jQuery("#mo2f_app_div").hide();
1003
+ var timeout;
1004
+
1005
+
1006
+
1007
+ pollMobileValidation();
1008
+ function pollMobileValidation() {
1009
+ var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1010
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
1011
+ var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
1012
+
1013
+ var data={
1014
+ 'action':'mo2f_duo_ajax_request',
1015
+ 'call_type':'check_duo_push_auth_status',
1016
+ 'session_id_encrypt': session_id_encrypt,
1017
+ 'nonce': nonce,
1018
+
1019
+ };
1020
+
1021
+ jQuery.post(ajax_url, data, function(response){
1022
+
1023
+ if (response == 'SUCCESS') {
1024
+ jQuery('#mo2f_inline_duo_authenticator_success_form').submit();
1025
+ } else if (response == 'ERROR' || response == 'FAILED' || response == 'DENIED') {
1026
+
1027
+ jQuery('#mo2f_duo_authenticator_error_form').submit();
1028
+ } else {
1029
+ timeout = setTimeout(pollMobileValidation, 3000);
1030
+ }
1031
+
1032
+ });
1033
+
1034
+ }
1035
+
1036
+ </script>
1037
+
1038
+ <?php
1039
+ }
1040
+ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1041
+ $current_user = get_userdata($current_user_id);
1042
+ $opt=fetch_methods($current_user);
1043
+
1044
+ ?>
1045
+ <html>
1046
+ <head> <meta charset="utf-8"/>
1047
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1048
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1049
+ <?php
1050
+ mo2f_inline_css_and_js();
1051
+ ?>
1052
+ <style>
1053
+ .mo2f_kba_ques, .mo2f_table_textbox{
1054
+ background: whitesmoke none repeat scroll 0% 0%;
1055
+ }
1056
+ </style>
1057
+ </head>
1058
+ <body>
1059
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1060
+ <div class="mo2f-modal-backdrop"></div>
1061
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1062
+ <div class="login mo_customer_validation-modal-content">
1063
+ <div class="mo2f_modal-header">
1064
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1065
+ <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
1066
+ </div>
1067
+ <div class="mo2f_modal-body">
1068
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1069
+ <div id="otpMessage">
1070
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo esc_html($login_message); ?></p>
1071
+ </div>
1072
+ <?php } ?>
1073
+ <form name="f" method="post" action="" >
1074
+ <?php mo2f_configure_kba_questions(); ?>
1075
+ <br />
1076
+ <div class ="row">
1077
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1078
+ <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1079
+ <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
1080
+
1081
+ </div>
1082
+ </div>
1083
+ <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1085
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1086
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1087
+ </form>
1088
+ <?php if (sizeof($opt) > 1) { ?>
1089
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
1090
+ <div class ="row">
1091
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1092
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1093
+ </div>
1094
+ </div>
1095
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1096
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1097
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1098
+ </form>
1099
+ <?php } ?>
1100
+
1101
+ <?php mo2f_customize_logo() ?>
1102
+ </div>
1103
+ </div>
1104
+ </div>
1105
+ </div>
1106
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1108
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1109
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1110
+ </form>
1111
+
1112
+ <script>
1113
+ function mologinback(){
1114
+ jQuery('#mo2f_backto_mo_loginform').submit();
1115
+ }
1116
+
1117
+ function mobackinline(){
1118
+ jQuery('#mo2f_goto_two_factor_form').submit();
1119
+ }
1120
+ </script>
1121
+ </body>
1122
+ </html>
1123
+ <?php
1124
+ }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1125
+ $current_user = get_userdata($current_user_id);
1126
+ $opt=fetch_methods($current_user);
1127
+ ?>
1128
+ <html>
1129
+ <head> <meta charset="utf-8"/>
1130
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1131
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1132
+ <?php
1133
+ mo2f_inline_css_and_js();
1134
+ ?>
1135
+ <style>
1136
+ .mo2f_kba_ques, .mo2f_table_textbox{
1137
+ background: whitesmoke none repeat scroll 0% 0%;
1138
+ }
1139
+ </style>
1140
+ </head>
1141
+ <body>
1142
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1143
+ <div class="mo2f-modal-backdrop"></div>
1144
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1145
+ <div class="login mo_customer_validation-modal-content">
1146
+ <div class="mo2f_modal-header">
1147
+ <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1148
+ <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
1149
+ </div>
1150
+ <div class="mo2f_modal-body">
1151
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1152
+ <div id="otpMessage">
1153
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1154
+ </div>
1155
+ <?php } ?>
1156
+ <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1157
+ <input type="hidden" name="option" value="miniorange_inline_register" />
1158
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1159
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1160
+ <p>This method requires you to have an account with miniOrange.</p>
1161
+ <table class="mo_wpns_settings_table">
1162
+ <tr>
1163
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1164
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
1165
+ required placeholder="person@example.com"/></td>
1166
+ </tr>
1167
+ <tr>
1168
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1169
+ <td><input class="mo_wpns_table_textbox" required type="password"
1170
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
1171
+ </tr>
1172
+ <tr>
1173
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1174
+ <td><input class="mo_wpns_table_textbox" required type="password"
1175
+ name="confirmPassword" placeholder="Confirm your password" /></td>
1176
+ </tr>
1177
+ <tr>
1178
+ <td>&nbsp;</td>
1179
+ <td><br><input type="submit" name="submit" value="Create Account"
1180
+ class="miniorange_button" />
1181
+ <a href="#mo2f_account_exist">Already have an account?</a>
1182
+ </tr>
1183
+ </table>
1184
+ </form>
1185
+ <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1186
+ <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1187
+ <input type="hidden" name="option" value="miniorange_inline_login"/>
1188
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1189
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1190
+ <table class="mo_wpns_settings_table">
1191
+ <tr>
1192
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1193
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
1194
+ required placeholder="person@example.com"
1195
+ /></td>
1196
+ </tr>
1197
+ <tr>
1198
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1199
+ <td><input class="mo_wpns_table_textbox" required type="password"
1200
+ name="password" placeholder="Enter your miniOrange password" /></td>
1201
+ </tr>
1202
+ <tr>
1203
+ <td>&nbsp;</td>
1204
+ <td><input type="submit" class="miniorange_button" />
1205
+ <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
1206
+ </tr>
1207
+ </table>
1208
+ </form>
1209
+ <br>
1210
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
1211
+ <?php mo2f_customize_logo() ?>
1212
+ </div>
1213
+ </div>
1214
+ </div>
1215
+ </div>
1216
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1219
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1220
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1221
+ </form>
1222
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1223
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1224
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1225
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1226
+ </form>
1227
+
1228
+ <script>
1229
+ jQuery('#mo2f_inline_back_btn').click(function() {
1230
+ jQuery('#mo2f_goto_two_factor_form').submit();
1231
+ });
1232
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1233
+ jQuery('#mo2f_inline_login_form').show();
1234
+ jQuery('#mo2f_inline_register_form').hide();
1235
+ });
1236
+ jQuery('#cancel_link').click(function(){
1237
+ jQuery('#mo2f_inline_register_form').show();
1238
+ jQuery('#mo2f_inline_login_form').hide();
1239
+ });
1240
+ function mologinback(){
1241
+ jQuery('#mo2f_backto_mo_loginform').submit();
1242
+ }
1243
+ </script>
1244
+ </body>
1245
+ </html>
1246
+ <?php
1247
+ }
1248
+ function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
1249
+ global $Mo2fdbQueries;
1250
+ ?>
1251
+ <html>
1252
+ <head> <meta charset="utf-8"/>
1253
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1254
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1255
+ <?php
1256
+ mo2f_inline_css_and_js();
1257
+ ?>
1258
+ <style>
1259
+ .mo2f_kba_ques, .mo2f_table_textbox{
1260
+ background: whitesmoke none repeat scroll 0% 0%;
1261
+ }
1262
+ </style>
1263
+ </head>
1264
+ <body>
1265
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1266
+ <div class="mo2f-modal-backdrop"></div>
1267
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1268
+ <div class="login mo_customer_validation-modal-content">
1269
+ <div class="mo2f_modal-header">
1270
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1271
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1272
+ </div>
1273
+ <div class="mo2f_modal-body center">
1274
+ <?php
1275
+ global $Mo2fdbQueries;
1276
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1277
+ if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1278
+ $mo2f_second_factor = 'Email Verification';
1279
+ }else if($mo2f_second_factor == 'SMS'){
1280
+ $mo2f_second_factor = 'OTP over SMS';
1281
+ }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1282
+ $mo2f_second_factor = 'OTP_OVER_EMAIL';
1283
+ }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1284
+ $mo2f_second_factor = 'Phone Call Verification';
1285
+ }else if($mo2f_second_factor == 'SOFT TOKEN'){
1286
+ $mo2f_second_factor = 'Soft Token';
1287
+ }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1288
+ $mo2f_second_factor = 'QR Code Authentication';
1289
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1290
+ $mo2f_second_factor = 'Push Notification';
1291
+ }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1292
+ if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1293
+ $mo2f_second_factor = 'Google Authenticator';
1294
+ }else{
1295
+ $mo2f_second_factor = 'Authy 2-Factor Authentication';
1296
+ }
1297
+ }else if($mo2f_second_factor == 'KBA'){
1298
+ $mo2f_second_factor = 'Security Questions (KBA)';
1299
+ }
1300
+ $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1301
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1302
+
1303
+ if(get_site_option( 'mo2f_disable_kba' )!=1){
1304
+ if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1305
+ ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1306
+ <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1307
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1308
+ <div id="otpMessage">
1309
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1310
+ </div>
1311
+ <?php } ?>
1312
+ <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1313
+ <form name="f" method="post" action="" >
1314
+ <?php mo2f_configure_kba_questions(); ?>
1315
+ <br>
1316
+ <center>
1317
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1318
+ </center>
1319
+ <input type="hidden" name="mo2f_inline_kba_option" />
1320
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1321
+ <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo esc_html($login_status); ?>" />
1322
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1323
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1324
+ </form>
1325
+ </div>
1326
+ <?php }
1327
+ }else{
1328
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1329
+ $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1330
+ $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1331
+ }
1332
+ if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1333
+ if(get_site_option('mo2f_remember_device')!=1)
1334
+ {
1335
+ $pass2fa= new Miniorange_Password_2Factor_Login();
1336
+ $pass2fa->mo2fa_pass2login(site_url(), $session_id);
1337
+ ?>
1338
+ <center>
1339
+ <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1340
+ <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1341
+ </p>
1342
+ </center>
1343
+ <br>
1344
+ <center>
1345
+ <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1346
+ <br>
1347
+ </center>
1348
+ <?php
1349
+ }else{
1350
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? sanitize_url($_POST[ 'redirect_to' ]) : null;
1351
+ $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1352
+ mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1353
+ }
1354
+ }
1355
+ mo2f_customize_logo() ?>
1356
+ </div>
1357
+ </div>
1358
+ </div>
1359
+ </div>
1360
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1361
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1362
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1363
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1364
+ </form>
1365
+
1366
+ <script>
1367
+ function mologinback(){
1368
+ jQuery('#mo2f_backto_mo_loginform').submit();
1369
+ }
1370
+ </script>
1371
+ </body>
1372
+ </html>
1373
+ <?php
1374
+ }
1375
+
1376
+ function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
1377
+ $current_user = get_userdata($current_user_id);
1378
+ $opt=fetch_methods($current_user);
1379
+ global $Mo2fdbQueries;
1380
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1381
+ $current_user = get_userdata($current_user_id);
1382
+ $email = $current_user->user_email;
1383
+ ?>
1384
+ <html>
1385
+ <head> <meta charset="utf-8"/>
1386
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1387
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1388
+ <?php
1389
+ mo2f_inline_css_and_js();
1390
+
1391
+ wp_register_script('mo2f_bootstrap_js', plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))));
1392
+ wp_register_script('mo2f_phone_js', plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))));
1393
+ wp_print_scripts( 'mo2f_bootstrap_js' );
1394
+ wp_print_scripts( 'mo2f_phone_js');
1395
+
1396
+ wp_register_style('mo2f_phone',plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))));
1397
+ wp_print_styles( 'mo2f_phone' );
1398
+ ?>
1399
+ </head>
1400
+ <body>
1401
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1402
+ <div class="mo2f-modal-backdrop"></div>
1403
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1404
+ <div class="login mo_customer_validation-modal-content">
1405
+ <div class="mo2f_modal-header">
1406
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1407
+ <?php
1408
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1409
+ <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1410
+ <?php }
1411
+ else if($current_selected_method == 'OTP Over Telegram')
1412
+ {
1413
+ echo __('Verify Your Telegram Details', 'miniorange-2-factor-authentication');
1414
+ }
1415
+ else if($current_selected_method == 'OTP OVER EMAIL'){
1416
+ ?>
1417
+ <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1418
+ <?php }
1419
+ else{
1420
+ ?>
1421
+ <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1422
+ <?php } ?>
1423
+ </div>
1424
+ <div class="mo2f_modal-body">
1425
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1426
+ <div id="otpMessage"
1427
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1428
+ >
1429
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1430
+ </div>
1431
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
1432
+ <?php } ?>
1433
+ <div class="mo2f_row">
1434
+ <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1435
+ <p>
1436
+ <?php
1437
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1438
+ <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1439
+ <?php
1440
+ }else if($current_selected_method == 'OTP OVER EMAIL'){
1441
+ //no message
1442
+ }else if($current_selected_method == 'OTP Over Telegram')
1443
+ {
1444
+ echo __('1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message', 'miniorange-2-factor-authentication');
1445
+ echo "<br><br><br>";
1446
+ echo __('2. Enter the recieved Chat ID here below::', 'miniorange-2-factor-authentication');
1447
+ $chat_id = get_user_meta($current_user_id,'mo2f_chat_id',true);
1448
+
1449
+ if($chat_id == '')
1450
+ $chat_id = get_user_meta($current_user_id,'mo2f_temp_chatID',true);
1451
+
1452
+ ?>
1453
+ <input type="text" name="verify_chatID" id="chatID"
1454
+ value="<?php echo esc_html($chat_id); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter chat ID without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1455
+
1456
+ <?php
1457
+ echo "<br>";
1458
+
1459
+ }
1460
+ else{
1461
+ ?>
1462
+ <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1463
+ <?php }
1464
+ if(!($current_selected_method == 'OTP OVER EMAIL') and $current_selected_method !='OTP Over Telegram'and $current_selected_method !='OTP Over Whatsapp'){
1465
+ ?>
1466
+ <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1467
+ value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1468
+ <?php } ?>
1469
+ <?php
1470
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1471
+ if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1472
+ <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1473
+ value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1474
+ <?php } ?>
1475
+ <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
+ <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce')); ?>" />
1478
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1479
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1480
+ </form>
1481
+ </div>
1482
+ <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1483
+ <p>
1484
+ <?php
1485
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1486
+ <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1487
+ <?php }
1488
+ else{
1489
+ ?>
1490
+ <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1491
+ <?php } ?>
1492
+ <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1493
+ <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1494
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1495
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1496
+ <?php } else if($current_selected_method != 'OTP Over Telegram'){
1497
+ ?>
1498
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1499
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1500
+ <?php } ?>
1501
+ <br /><br />
1502
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1503
+ <?php if (sizeof($opt) > 1) { ?>
1504
+
1505
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1506
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1507
+ <?php } ?>
1508
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1509
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1510
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
+ <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce')); ?>" />
1512
+ </form>
1513
+ <?php mo2f_customize_logo() ?>
1514
+ </div>
1515
+ </div>
1516
+ </div>
1517
+ </div>
1518
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1520
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1521
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1522
+ </form>
1523
+ <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
+ <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce')); ?>" />
1525
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1526
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1527
+ </form>
1528
+ <?php if (sizeof($opt) > 1) { ?>
1529
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1532
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1533
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1534
+ </form>
1535
+ <?php } ?>
1536
+ <script>
1537
+ jQuery("#phone").intlTelInput();
1538
+ function mologinback(){
1539
+ jQuery('#mo2f_backto_mo_loginform').submit();
1540
+ }
1541
+ jQuery('#mo2f_inline_back_btn').click(function() {
1542
+ jQuery('#mo2f_goto_two_factor_form').submit();
1543
+ });
1544
+ jQuery('a[href="#resendsmslink"]').click(function(e) {
1545
+ jQuery('#mo2fa_inline_resend_otp_form').submit();
1546
+ });
1547
+ </script>
1548
+ </body>
1549
+
1550
+ </html>
1551
+ <?php
1552
  }
controllers/twofa/setup_twofa.php CHANGED
@@ -1,50 +1,50 @@
1
- <?php
2
-
3
- $email_registered = 1;
4
- global $Mo2fdbQueries;
5
- $email =$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', get_current_user_id() );
6
- if($email == '' or !isset($email))
7
- $email = wp_get_current_user()->user_email;
8
-
9
- if(isset($email))
10
- $email_registered = 1;
11
- else
12
- $email_registered = 0;
13
-
14
- $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
15
-
16
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
17
- {
18
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
19
- {
20
- case "mo2f_enable_2FA_on_login_page_option":
21
- wpns_handle_enable_2fa_login_prompt(($_POST));
22
- break;
23
- }
24
- }
25
-
26
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup_twofa.php';
27
-
28
- function wpns_handle_enable_2fa_login_prompt($postvalue)
29
- {
30
- if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page']))
31
- {
32
- update_site_option('mo2f_enable_2fa_prompt_on_login_page',sanitize_text_field($postvalue['mo2f_enable_2fa_prompt_on_login_page']));
33
-
34
- }
35
- else update_site_option('mo2f_enable_2fa_prompt_on_login_page',0 );
36
-
37
-
38
- if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_site_option') == 1 )
39
- {
40
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_ENABLED'),'SUCCESS');
41
- }
42
- else{
43
-
44
- if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page'])){
45
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_PROMPT_LOGIN_PAGE'),'ERROR');
46
- }else{
47
- do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_DISABLED'),'ERROR');
48
- }
49
- }
50
- }
1
+ <?php
2
+
3
+ $email_registered = 1;
4
+ global $Mo2fdbQueries;
5
+ $email =$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', get_current_user_id() );
6
+ if($email == '' or !isset($email))
7
+ $email = wp_get_current_user()->user_email;
8
+
9
+ if(isset($email))
10
+ $email_registered = 1;
11
+ else
12
+ $email_registered = 0;
13
+
14
+ $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
15
+
16
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
17
+ {
18
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
19
+ {
20
+ case "mo2f_enable_2FA_on_login_page_option":
21
+ wpns_handle_enable_2fa_login_prompt(($_POST));
22
+ break;
23
+ }
24
+ }
25
+
26
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'setup_twofa.php';
27
+
28
+ function wpns_handle_enable_2fa_login_prompt($postvalue)
29
+ {
30
+ if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page']))
31
+ {
32
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page',sanitize_text_field($postvalue['mo2f_enable_2fa_prompt_on_login_page']));
33
+
34
+ }
35
+ else update_site_option('mo2f_enable_2fa_prompt_on_login_page',0 );
36
+
37
+
38
+ if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_site_option') == 1 )
39
+ {
40
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_ENABLED'),'SUCCESS');
41
+ }
42
+ else{
43
+
44
+ if(isset($postvalue['mo2f_enable_2fa_prompt_on_login_page'])){
45
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_PROMPT_LOGIN_PAGE'),'ERROR');
46
+ }else{
47
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('TWO_FA_ON_LOGIN_PROMPT_DISABLED'),'ERROR');
48
+ }
49
+ }
50
+ }
controllers/twofa/two_fa_unlimittedUser_ajax.php CHANGED
@@ -1,47 +1,47 @@
1
- <?php
2
-
3
- class WPNS_unlimittedUser
4
- {
5
- function __construct(){
6
-
7
- add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
- }
9
-
10
- function mo_two_fa_unlimittedUser_ajax(){
11
- add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
- }
13
-
14
- function wpns_two_fa_unlimittedUser(){
15
- switch(sanitize_post($_POST['wpns_unlimittedUser_ajax']))
16
- {
17
- case 'save':
18
- $this->wpns_handle_save(); break;
19
- }
20
- }
21
- function wpns_handle_save()
22
- {
23
-
24
- if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
- wp_send_json('ERROR');
26
- return;
27
- }
28
- global $wp_roles;
29
- if (!isset($wp_roles))
30
- $wp_roles = new WP_Roles();
31
- foreach($wp_roles->role_names as $id => $name) {
32
- update_option('mo2fa_'.$id, 0);
33
- }
34
- $enabledrole = $_POST['enabledrole'];
35
- foreach($enabledrole as $role){
36
- update_option($role, 1);
37
- }
38
- update_option('mo2fa_author_login_url', sanitize_url( $_POST['mo2fa_author_login_url']));
39
- update_option('mo2fa_subscriber_login_url', sanitize_url($_POST['mo2fa_subscriber_login_url']));
40
- update_option('mo2fa_contributor_login_url', sanitize_url($_POST['mo2fa_contributor_login_url']));
41
- update_option('mo2fa_editor_login_url', sanitize_url($_POST['mo2fa_editor_login_url']));
42
- update_option('mo2fa_administrator_login_url', sanitize_url($_POST['mo2fa_administrator_login_url']));
43
- wp_send_json('true');
44
- return;
45
- }
46
- }new WPNS_unlimittedUser();
47
  ?>
1
+ <?php
2
+
3
+ class WPNS_unlimittedUser
4
+ {
5
+ function __construct(){
6
+
7
+ add_action( 'admin_init' , array( $this, 'mo_two_fa_unlimittedUser_ajax' ));
8
+ }
9
+
10
+ function mo_two_fa_unlimittedUser_ajax(){
11
+ add_action( 'wp_ajax_wpns_two_fa_unlimittedUser', array($this,'wpns_two_fa_unlimittedUser') );
12
+ }
13
+
14
+ function wpns_two_fa_unlimittedUser(){
15
+ switch(sanitize_post($_POST['wpns_unlimittedUser_ajax']))
16
+ {
17
+ case 'save':
18
+ $this->wpns_handle_save(); break;
19
+ }
20
+ }
21
+ function wpns_handle_save()
22
+ {
23
+
24
+ if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
25
+ wp_send_json('ERROR');
26
+ return;
27
+ }
28
+ global $wp_roles;
29
+ if (!isset($wp_roles))
30
+ $wp_roles = new WP_Roles();
31
+ foreach($wp_roles->role_names as $id => $name) {
32
+ update_option('mo2fa_'.$id, 0);
33
+ }
34
+ $enabledrole = $_POST['enabledrole'];
35
+ foreach($enabledrole as $role){
36
+ update_option($role, 1);
37
+ }
38
+ update_option('mo2fa_author_login_url', sanitize_url( $_POST['mo2fa_author_login_url']));
39
+ update_option('mo2fa_subscriber_login_url', sanitize_url($_POST['mo2fa_subscriber_login_url']));
40
+ update_option('mo2fa_contributor_login_url', sanitize_url($_POST['mo2fa_contributor_login_url']));
41
+ update_option('mo2fa_editor_login_url', sanitize_url($_POST['mo2fa_editor_login_url']));
42
+ update_option('mo2fa_administrator_login_url', sanitize_url($_POST['mo2fa_administrator_login_url']));
43
+ wp_send_json('true');
44
+ return;
45
+ }
46
+ }new WPNS_unlimittedUser();
47
  ?>
controllers/twofa/two_factor_ajax.php CHANGED
@@ -1,1284 +1,1284 @@
1
- <?php
2
- class mo_2f_ajax
3
- {
4
- function __construct(){
5
-
6
- add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
- }
8
-
9
- function mo_2f_two_factor(){
10
- add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
- add_action( 'wp_ajax_nopriv_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
12
- }
13
-
14
- function mo_two_factor_ajax(){
15
- $GLOBALS['mo2f_is_ajax_request'] = true;
16
- switch (sanitize_text_field(wp_unslash($_POST['mo_2f_two_factor_ajax']))) {
17
- case 'mo2f_ajax_login_redirect':
18
- $this->mo2f_ajax_login_redirect(); break;
19
- case 'mo2f_save_email_verification':
20
- $this->mo2f_save_email_verification(); break;
21
- case 'mo2f_unlimitted_user':
22
- $this->mo2f_unlimitted_user();break;
23
- case 'mo2f_check_user_exist_miniOrange':
24
- $this->mo2f_check_user_exist_miniOrange();break;
25
- case 'mo2f_single_user':
26
- $this->mo2f_single_user();break;
27
- case 'CheckEVStatus':
28
- $this->CheckEVStatus(); break;
29
- case 'mo2f_role_based_2_factor':
30
- $this->mo2f_role_based_2_factor();break;
31
- case 'mo2f_enable_disable_twofactor':
32
- $this->mo2f_enable_disable_twofactor(); break;
33
- case 'mo2f_enable_disable_inline':
34
- $this->mo2f_enable_disable_inline(); break;
35
- case 'mo2f_enable_disable_configurd_methods':
36
- $this->mo2f_enable_disable_configurd_methods(); break;
37
- case 'mo2f_shift_to_onprem':
38
- $this->mo2f_shift_to_onprem();break;
39
- case 'mo2f_enable_disable_twofactor_prompt_on_login':
40
- $this->mo2f_enable_disable_twofactor_prompt_on_login();break;
41
- case 'mo2f_save_custom_form_settings':
42
- $this ->mo2f_save_custom_form_settings();
43
- break;
44
- case 'mo2f_enable_disable_debug_log':
45
- $this ->mo2f_enable_disable_debug_log();
46
- break;
47
- case 'mo2f_delete_log_file':
48
- $this->mo2f_delete_log_file();
49
- break;
50
- case 'select_method_setup_wizard':
51
- $this->mo2f_select_method_setup_wizard();
52
- break;
53
- case 'mo_wpns_register_verify_customer':
54
- $this->mo_wpns_register_verify_customer();
55
- break;
56
- case 'mo_2fa_configure_GA_setup_wizard':
57
- $this->mo_2fa_configure_GA_setup_wizard();
58
- break;
59
- case 'mo_2fa_verify_GA_setup_wizard':
60
- $this->mo_2fa_verify_GA_setup_wizard();
61
- break;
62
- case 'mo_2fa_configure_OTPOverSMS_setup_wizard':
63
- $this->mo_2fa_configure_OTPOverSMS_setup_wizard();
64
- break;
65
- case 'mo_2fa_configure_OTPOverEmail_setup_wizard':
66
- $this->mo_2fa_configure_OTPOverEmail_setup_wizard();
67
- break;
68
- case 'mo_2fa_verify_OTPOverEmail_setup_wizard':
69
- $this->mo_2fa_verify_OTPOverEmail_setup_wizard();
70
- break;
71
- case 'mo_2fa_verify_OTPOverSMS_setup_wizard':
72
- $this->mo_2fa_verify_OTPOverSMS_setup_wizard();
73
- break;
74
- case 'mo_2fa_configure_KBA_setup_wizard':
75
- $this->mo_2fa_configure_KBA_setup_wizard();
76
- break;
77
- case 'mo_2fa_verify_KBA_setup_wizard':
78
- $this->mo_2fa_verify_KBA_setup_wizard();
79
- break;
80
- case 'mo_2fa_send_otp_token':
81
- $this->mo_2fa_send_otp_token();
82
- break;
83
- case "mo2f_set_otp_over_sms":
84
- $this->mo2f_set_otp_over_sms(); break;
85
- case "mo2f_set_miniorange_methods":
86
- $this->mo2f_set_miniorange_methods(); break;
87
- case "mo2f_set_GA":
88
- $this->mo2f_set_GA(); break;
89
- }
90
- }
91
- function mo_2fa_verify_KBA_setup_wizard()
92
- {
93
- global $Mo2fdbQueries;
94
- $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
95
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
96
- $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
97
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
98
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
99
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
100
- $user = wp_get_current_user();
101
- $this->mo2f_check_and_create_user($user->ID);
102
- if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
103
- echo "Invalid Questions or Answers";
104
- exit;
105
- }
106
- if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
107
- echo "The questions you select must be unique.";
108
- exit;
109
- }
110
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
111
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
112
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
113
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
114
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
115
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
116
- $email = $user->user_email;
117
- $kba_registration = new Two_Factor_Setup();
118
- $Mo2fdbQueries->update_user_details( $user->ID, array(
119
- 'mo2f_SecurityQuestions_config_status' => true,
120
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
121
- 'mo2f_user_email' => $email
122
- ));
123
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
124
-
125
- if($kba_reg_reponse['status']=='SUCCESS')
126
- {
127
- echo "SUCCESS";
128
- exit;
129
- }
130
- else
131
- {
132
- echo "An error has occured while saving KBA details. Please try again.";
133
- exit;
134
- }
135
- }
136
- function mo_2fa_send_otp_token()
137
- {
138
- $enduser = new Customer_Setup();
139
- $email = sanitize_email($_POST['phone']);
140
- $customer_key = get_site_option('mo2f_customerKey');
141
- $api_key = get_site_option('mo2f_api_key');
142
- $selected_2FA_method = sanitize_text_field($_POST['selected_2FA_method']);
143
- $user_id = wp_get_current_user()->ID;
144
-
145
- if($selected_2FA_method == 'OTP Over Email')
146
- {
147
- update_user_meta($user_id,'tempRegEmail',$email);
148
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
149
- $emailErr = "Invalid email format";
150
- echo $emailErr;
151
- exit;
152
- }
153
- }
154
- else if($selected_2FA_method == 'OTP Over SMS')
155
- {
156
-
157
- }
158
- $content = $enduser->send_otp_token($email,$selected_2FA_method,$customer_key,$api_key);
159
- $content = json_decode($content);
160
-
161
- if($content->status =='SUCCESS')
162
- {
163
- echo 'SUCCESS';
164
- update_user_meta($user_id,'txId',$content->txId);
165
- update_user_meta($user_id,'tempRegPhone',$email);
166
- exit;
167
- }
168
- else
169
- echo "An error has occured while sending the OTP.";
170
- exit;
171
- }
172
- function mo2f_check_and_create_user($user_id)
173
- {
174
- global $Mo2fdbQueries;
175
- $twofactor_transactions = new Mo2fDB;
176
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
177
- if($exceeded){
178
- echo 'User Limit has been exceeded';
179
- exit;
180
- }
181
- $Mo2fdbQueries->insert_user( $user_id );
182
- }
183
- function mo_2fa_verify_OTPOverSMS_setup_wizard()
184
- {
185
- global $Mo2fdbQueries;
186
- $enduser = new Customer_Setup();
187
- $current_user = wp_get_current_user();
188
- $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
189
- $user_id = wp_get_current_user()->ID;
190
- $email = get_user_meta($user_id,'tempRegPhone',true);
191
- $content = json_decode($enduser->validate_otp_token( 'SMS', null, get_user_meta($user_id,'txId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
192
-
193
- if($content['status'] == 'SUCCESS')
194
- {
195
- $this->mo2f_check_and_create_user($user_id);
196
- $Mo2fdbQueries->update_user_details( $user_id, array(
197
- 'mo2f_OTPOverSMS_config_status' => true,
198
- 'mo2f_configured_2FA_method' => "OTP Over SMS",
199
- 'mo2f_user_phone' => $email,
200
- 'user_registration_with_miniorange' => 'SUCCESS',
201
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
202
- ) );
203
- echo "SUCCESS";
204
- }
205
- else
206
- {
207
- echo "Invalid OTP";
208
- }
209
- exit;
210
-
211
- }
212
- function mo_2fa_verify_OTPOverEmail_setup_wizard()
213
- {
214
- global $Mo2fdbQueries;
215
- $enduser = new Customer_Setup();
216
- $current_user = wp_get_current_user();
217
- $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
218
- $user_id = wp_get_current_user()->ID;
219
- $email = get_user_meta($user_id,'tempRegEmail',true);
220
- $content = json_decode($enduser->validate_otp_token( 'OTP_OVER_EMAIL', null, get_user_meta($current_user->ID,'mo2f_transactionId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
221
-
222
- if($content['status'] == 'SUCCESS')
223
- {
224
- $this->mo2f_check_and_create_user($user_id);
225
- $Mo2fdbQueries->update_user_details( $user_id, array(
226
- 'mo2f_OTPOverEmail_config_status' => true,
227
- 'mo2f_configured_2FA_method' => "OTP Over Email",
228
- 'mo2f_user_email' => $email,
229
- 'user_registration_with_miniorange' => 'SUCCESS',
230
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
231
- ) );
232
- echo "SUCCESS";
233
- }
234
- else
235
- {
236
- echo "Invalid OTP";
237
- }
238
- exit;
239
- }
240
- function mo_2fa_verify_GA_setup_wizard()
241
- {
242
- global $Mo2fdbQueries;
243
- $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
244
- include_once $path;
245
- $obj_google_auth = new Google_auth_onpremise();
246
- $user_id = wp_get_current_user()->ID;
247
- $otpToken = sanitize_text_field($_POST['mo2f_google_auth_code']);
248
- $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
249
- $secret= $obj_google_auth->mo_GAuth_get_secret($user_id);
250
- if($session_id_encrypt){
251
- $secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
252
- }
253
- $content = $obj_google_auth->verifyCode($secret, $otpToken);
254
- $content = json_decode($content);
255
- if($content->status== 'false')
256
- echo "Invalid One time Passcode. Please enter again";
257
- else
258
- {
259
- $obj_google_auth->mo_GAuth_set_secret($user_id,$secret);
260
- $this->mo2f_check_and_create_user($user_id);
261
- $Mo2fdbQueries->update_user_details( $user_id, array(
262
- 'mo2f_GoogleAuthenticator_config_status' => true,
263
- 'mo2f_AuthyAuthenticator_config_status' => false,
264
- 'mo2f_configured_2FA_method' => "Google Authenticator",
265
- 'user_registration_with_miniorange' => 'SUCCESS',
266
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
267
- ) );
268
-
269
- echo 'SUCCESS';
270
- }
271
- exit;
272
- }
273
- function mo_2fa_configure_GA_setup_wizard()
274
- {
275
- $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
276
- include_once $path;
277
- $obj_google_auth = new Google_auth_onpremise();
278
- update_option('mo2f_google_appname',$_SERVER['SERVER_NAME']);
279
- $res = $obj_google_auth->mo_GAuth_get_details(true);
280
- return $res;
281
- }
282
- function mo_2fa_configure_OTPOverSMS_setup_wizard()
283
- {
284
- global $Mo2fdbQueries;
285
- $user = wp_get_current_user();
286
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
287
- $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
288
- $session_id_encrypt = MO2f_Utility::random_str(20);
289
-
290
- ?>
291
- <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo intval(esc_html(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')));?> </b></h4>
292
- <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
- <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
- <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
295
- <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
- value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" )) ?>"/>
297
-
298
- <div style="display:inline;">
299
- <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px;" type="text" name="phone" id="phone"
300
- value="<?php echo esc_html($user_phone) ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
301
- title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/><br>
302
- <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
303
- value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
304
- </div>
305
- </form>
306
- <br>
307
- <form name="f" method="post" action="" id="mo2f_validateotp_form">
308
- <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
- <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
310
- <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
- value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" )) ?>"/>
312
- <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
313
- <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px" autofocus="true" type="text" name="mo2f_otp_token" id="mo2f_otp_token"
314
- placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
315
- <br><br>
316
- </form><br>
317
-
318
- <?php
319
- exit;
320
- }
321
- function mo_2fa_configure_OTPOverEmail_setup_wizard()
322
- {
323
- $session_id_encrypt = MO2f_Utility::random_str(20);
324
- $user_email = wp_get_current_user()->user_email;
325
- ?>
326
- <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo intval(esc_html(get_site_option('cmVtYWluaW5nT1RQ')));?> </b></h4>
327
- <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
- <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
- <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
330
- <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
- value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" )) ?>"/>
332
-
333
- <div style="display:inline;">
334
- <b>Email Address: </b>
335
- <input class="mo2f_table_textbox" style="width:280px;height: 30px;" type="email" name="verify_phone" id="phone"
336
- value="<?php echo esc_html($user_email) ?>"
337
- title="<?php echo mo2f_lt( 'Enter your email address without any space or dashes' ); ?>"/><br><br>
338
- <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
339
- value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
340
- </div>
341
- </form>
342
- <br><br>
343
- <form name="f" method="post" action="" id="mo2f_validateotp_form">
344
- <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
- <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
346
- <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
- value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" )) ?>"/>
348
- <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
349
- <input class="mo2f_table_textbox" style="width:200px;height: 30px;" autofocus="true" type="text" name="mo2f_otp_token" id ="mo2f_otp_token"
350
- placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/></b>
351
- <br><br>
352
- </form><br>
353
-
354
- <?php
355
- exit;
356
- }
357
- function mo_2fa_configure_KBA_setup_wizard()
358
- {
359
- ?>
360
- <div class="mo2f_kba_header"><?php echo mo2f_lt( 'Please choose 3 questions' ); ?></div>
361
- <br>
362
- <table cellspacing="10">
363
- <tr class="mo2f_kba_header">
364
- <th style="width: 10%;">
365
- <?php echo mo2f_lt( 'Sr. No.' ); ?>
366
- </th>
367
- <th class="mo2f_kba_tb_data">
368
- <?php echo mo2f_lt( 'Questions' ); ?>
369
- </th>
370
- <th>
371
- <?php echo mo2f_lt( 'Answers' ); ?>
372
- </th>
373
- </tr>
374
- <tr class="mo2f_kba_body">
375
- <td>
376
- <center>1.</center>
377
- </td>
378
- <td class="mo2f_kba_tb_data">
379
- <select name="mo2f_kbaquestion_1" id="mo2f_kbaquestion_1" class="mo2f_kba_ques" required="true"
380
- >
381
- <option value="" selected="selected">
382
- -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
383
- -------------------------
384
- </option>
385
- <option id="mq1_1"
386
- value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
387
- <option id="mq2_1"
388
- value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
389
- <option id="mq3_1"
390
- value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
391
- <option id="mq4_1"
392
- value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
393
- <option id="mq5_1"
394
- value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
395
- <option id="mq6_1"
396
- value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
397
- <option id="mq7_1"
398
- value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
399
- <option id="mq8_1"
400
- value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
401
- <option id="mq9_1"
402
- value="What is your grandmother's maiden name?"><?php echo mo2f_lt( "What is your grandmother's maiden name?" ); ?></option>
403
- <option id="mq10_1"
404
- value="What was your first vehicle's registration number?"><?php echo mo2f_lt( "What was your first vehicle's registration number?" ); ?></option>
405
- </select>
406
- </td>
407
- <td style="text-align: end;">
408
- <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans1" id="mo2f_kba_ans1"
409
- title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
410
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true" autofocus="true"
411
- placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
412
- </td>
413
- </tr>
414
- <tr class="mo2f_kba_body">
415
- <td>
416
- <center>2.</center>
417
- </td>
418
- <td class="mo2f_kba_tb_data">
419
- <select name="mo2f_kbaquestion_2" id="mo2f_kbaquestion_2" class="mo2f_kba_ques" required="true"
420
- >
421
- <option value="" selected="selected">
422
- -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
423
- -------------------------
424
- </option>
425
- <option id="mq1_2"
426
- value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
427
- <option id="mq2_2"
428
- value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
429
- <option id="mq3_2"
430
- value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
431
- <option id="mq4_2"
432
- value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
433
- <option id="mq5_2"
434
- value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
435
- <option id="mq6_2"
436
- value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
437
- <option id="mq7_2"
438
- value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
439
- <option id="mq8_2"
440
- value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
441
- <option id="mq9_2"
442
- value="What is your grandmother's maiden name?"><?php echo mo2f_lt( 'What is your grandmother\'s maiden name?' ); ?></option>
443
- <option id="mq10_2"
444
- value="What was your first vehicle's registration number?"><?php echo mo2f_lt( 'What was your first vehicle\'s registration number?' ); ?></option>
445
- </select>
446
- </td>
447
- <td style="text-align: end;">
448
- <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans2" id="mo2f_kba_ans2"
449
- title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
450
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
451
- placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
452
- </td>
453
- </tr>
454
- <tr class="mo2f_kba_body">
455
- <td>
456
- <center>3.</center>
457
- </td>
458
- <td class="mo2f_kba_tb_data">
459
- <input class="mo2f_kba_ques" type="text" style="width: 100%;"name="mo2f_kbaquestion_3" id="mo2f_kbaquestion_3"
460
- required="true"
461
- placeholder="<?php echo mo2f_lt( 'Enter your custom question here' ); ?>"/>
462
- </td>
463
- <td style="text-align: end;">
464
- <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans3" id="mo2f_kba_ans3"
465
- title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
466
- pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
467
- placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
468
- </td>
469
- </tr>
470
- </table>
471
- <script type="text/javascript">
472
- var mo_option_to_hide1;
473
- //hidden element in dropdown list 2
474
- var mo_option_to_hide2;
475
-
476
- function mo_option_hide(list) {
477
- //grab the team selected by the user in the dropdown list
478
- var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
479
- //if an element is currently hidden, unhide it
480
- if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
481
- mo_option_to_hide1.style.display = 'block';
482
- } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
483
- mo_option_to_hide2.style.display = 'block';
484
- }
485
- //select the element to hide and then hide it
486
- if (list == 1) {
487
- if (list_selected != 0) {
488
- mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
489
- mo_option_to_hide2.style.display = 'none';
490
- }
491
- }
492
- if (list == 2) {
493
- if (list_selected != 0) {
494
- mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
495
- mo_option_to_hide1.style.display = 'none';
496
- }
497
- }
498
- }
499
-
500
-
501
- </script>
502
-
503
- <?php
504
- exit;
505
- }
506
-
507
- function mo2f_register_customer($post)
508
- {
509
- //validate and sanitize
510
- global $moWpnsUtility, $Mo2fdbQueries;
511
- $user = wp_get_current_user();
512
- $email = sanitize_email($post['email']);
513
- $company = $_SERVER["SERVER_NAME"];
514
-
515
- $password = $post['password'];
516
- $confirmPassword = $post['confirmPassword'];
517
-
518
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
519
- {
520
- return "Password length is less then expected";
521
- }
522
-
523
- if( $password != $confirmPassword )
524
- {
525
- return "Password and confirm Password does not match.";
526
- }
527
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
528
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
529
- {
530
- return "Unknown Error has occured.";
531
- }
532
-
533
- update_option( 'mo2f_email', $email );
534
-
535
- update_option( 'mo_wpns_company' , $company );
536
-
537
- update_option( 'mo_wpns_password' , $password );
538
-
539
- $customer = new MocURL();
540
- $content = json_decode($customer->check_customer($email), true);
541
- $Mo2fdbQueries->insert_user( $user->ID );
542
-
543
- switch ($content['status'])
544
- {
545
- case 'CUSTOMER_NOT_FOUND':
546
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
547
-
548
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
549
- {
550
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
551
- update_option( 'mo2f_email', $email );
552
- $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
553
- $this->_get_current_customer($email,$password);
554
- return "SUCCESS";
555
- }
556
-
557
- break;
558
- default:
559
- $res = $this->_get_current_customer($email,$password);
560
- if($res == "SUCCESS")
561
- return $res;
562
- return "Email is already registered in miniOrange. Please try to login to your account.";
563
-
564
- }
565
-
566
- }
567
- function _verify_customer($post)
568
- {
569
- global $moWpnsUtility;
570
- $email = sanitize_email( $post['email'] );
571
- $password = sanitize_text_field( $post['password'] );
572
-
573
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
574
- {
575
- return "Username or Password is missing.";
576
- }
577
- return $this->_get_current_customer($email,$password);
578
- }
579
- function _get_current_customer($email,$password)
580
- {
581
- global $Mo2fdbQueries;
582
- $user = wp_get_current_user();
583
- $customer = new MocURL();
584
- $content = $customer->get_customer_key($email, $password);
585
- $customerKey = json_decode($content, true);
586
- if(json_last_error() == JSON_ERROR_NONE)
587
- {
588
- if(isset($customerKey['phone'])){
589
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
590
- }
591
- update_option('mo2f_email',$email);
592
-
593
- $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
594
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
595
- $customerT = new Customer_Cloud_Setup();
596
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
597
- if($content['status'] == 'SUCCESS')
598
- {
599
- update_site_option('mo2f_license_type','PREMIUM');
600
- }
601
- else
602
- {
603
- update_site_option('mo2f_license_type','DEMO');
604
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
605
- }
606
- if(isset($content['smsRemaining']))
607
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
608
- else if($content['status'] =='SUCCESS')
609
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
610
-
611
- if(isset($content['emailRemaining']))
612
- {
613
- if($content['emailRemaining']>30)
614
- {
615
- $currentTransaction = $content['emailRemaining'];
616
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
617
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
618
- }
619
- else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
620
- {
621
- update_site_option('cmVtYWluaW5nT1RQ',30);
622
- }
623
- }
624
- return "SUCCESS";
625
- }
626
- else
627
- {
628
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
629
- update_option('mo_wpns_verify_customer', 'true');
630
- delete_option('mo_wpns_new_registration');
631
- return "Invalid Username or Password";
632
- }
633
- }
634
-
635
-
636
- function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
637
- {
638
- global $Mo2fdbQueries;
639
-
640
- $user = wp_get_current_user();
641
- update_option( 'mo2f_customerKey' , $id );
642
- update_option( 'mo2f_api_key' , $apiKey );
643
- update_option( 'mo2f_customer_token' , $token );
644
- update_option( 'mo2f_app_secret' , $appSecret );
645
- update_option( 'mo_wpns_enable_log_requests' , true );
646
- update_option( 'mo2f_miniorange_admin', $user->ID );
647
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
648
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
649
-
650
- $Mo2fdbQueries->update_user_details( $user->ID, array(
651
- 'mo2f_user_email' => $email,
652
- 'user_registration_with_miniorange' => 'SUCCESS'
653
- ) );
654
- $enduser = new Two_Factor_Setup();
655
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
656
-
657
-
658
- delete_option( 'mo_wpns_verify_customer' );
659
- delete_option( 'mo_wpns_registration_status' );
660
- delete_option( 'mo_wpns_password' );
661
- }
662
-
663
- function mo_wpns_register_verify_customer()
664
- {
665
- $res ="";
666
- if(isset($_POST['Login_and_Continue']) && sanitize_text_field($_POST['Login_and_Continue']) =='Login and Continue')
667
- $res = $this->_verify_customer($_POST);
668
-
669
- else
670
- $res = $this->mo2f_register_customer($_POST);
671
- wp_send_json($res);
672
- }
673
- function mo2f_select_method_setup_wizard()
674
- {
675
- global $Mo2fdbQueries;
676
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-select-method-setup-wizard'))
677
- {
678
- wp_send_json("ERROR");
679
- }
680
-
681
- $current_user = wp_get_current_user();
682
- $selected_2FA_method = sanitize_text_field($_POST['mo2f_method']);
683
-
684
- if(!MO2F_IS_ONPREM)
685
- {
686
- update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
687
- update_user_meta( $current_user->ID, 'register_account_popup', 1 );
688
- update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
689
- wp_send_json("SUCCESS");
690
-
691
- }
692
-
693
-
694
- $exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($current_user->ID);
695
- if(!$exceeded)
696
- $Mo2fdbQueries->insert_user( $current_user->ID );
697
-
698
- if($selected_2FA_method == 'OTP Over Email')
699
- {
700
- wp_send_json("SUCCESS");
701
- }
702
- update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
703
-
704
- $mo_2factor_admin_registration_status = get_option('mo_2factor_admin_registration_status');
705
- if($selected_2FA_method == 'OTP Over SMS' && $mo_2factor_admin_registration_status != 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
706
- {
707
- update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
708
- update_user_meta( $current_user->ID, 'register_account_popup', 1 );
709
- }
710
- else
711
- update_user_meta( $current_user->ID, 'configure_2FA', 1);
712
- wp_send_json("SUCCESS");
713
- }
714
- function mo2f_set_miniorange_methods(){
715
- $nonce = sanitize_text_field($_POST['nonce']);
716
- if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
717
- $error = new WP_Error();
718
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
719
- wp_send_json_error($error);
720
- exit;
721
- }
722
- global $Mo2fdbQueries;
723
- $transient_id=sanitize_text_field($_POST['transient_id']);
724
- $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
725
- if(empty($user_id)){
726
- wp_send_json('UserIdNotFound');
727
- }
728
- $user = get_user_by('id',$user_id);
729
- $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
730
- $otpToken=sanitize_text_field($_POST['code']);
731
- $customer = new Customer_Setup();
732
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
733
- wp_send_json($content);
734
- }
735
- function mo2f_set_otp_over_sms(){
736
- $nonce = sanitize_text_field($_POST['nonce']);
737
- if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
738
- $error = new WP_Error();
739
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
740
- wp_send_json_error($error);
741
- exit;
742
- }
743
- global $Mo2fdbQueries;
744
- $transient_id=sanitize_text_field($_POST['transient_id']);
745
- $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
746
- if(empty($user_id)){
747
- wp_send_json('UserIdNotFound');
748
- }
749
- $user = get_user_by('id',$user_id);
750
- $new_phone = sanitize_text_field($_POST['phone']);
751
- $new_phone = str_replace(' ','',$new_phone);
752
- $Mo2fdbQueries->update_user_details($user_id, array("mo2f_user_phone" => $new_phone) );
753
- $user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user_id );
754
- wp_send_json($user_phone);
755
- }
756
- function mo2f_set_GA(){
757
- $nonce = sanitize_text_field($_POST['nonce']);
758
- if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
759
- $error = new WP_Error();
760
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
761
- wp_send_json_error($error);
762
- exit;
763
- }
764
- include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR.'handler'. DIRECTORY_SEPARATOR.'twofa'. DIRECTORY_SEPARATOR. 'gaonprem.php';
765
- global $Mo2fdbQueries;
766
- $transient_id=sanitize_text_field($_POST['transient_id']);
767
- $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
768
- if(empty($user_id)){
769
- wp_send_json('UserIdNotFound');
770
- }
771
- $google_auth = new Miniorange_Rba_Attributes();
772
- $user = get_user_by('id',$user_id);
773
- $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
774
- $otpToken = sanitize_text_field($_POST['code']);
775
- $ga_secret = sanitize_text_field($_POST['ga_secret']);
776
- if(MO2F_IS_ONPREM){
777
- $gauth_obj = new Google_auth_onpremise();
778
- $gauth_obj->mo_GAuth_set_secret($user_id, $ga_secret);
779
- }else{
780
-
781
- $google_auth = new Miniorange_Rba_Attributes();
782
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, 'miniOrangeAu' ), true );
783
- }
784
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
785
- wp_send_json($google_response['status']);
786
- }
787
- function mo2f_ajax_login_redirect()
788
- {
789
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
790
- {
791
- wp_send_json("ERROR");
792
- exit;
793
- }
794
- $username = sanitize_text_field($_POST['username']);
795
- $password = $_POST['password'];
796
- apply_filters( 'authenticate', null, $username, $password );
797
- }
798
- function mo2f_save_custom_form_settings()
799
- {
800
-
801
- $customForm = false;
802
- $nonce = sanitize_text_field($_POST['mo2f_nonce_save_form_settings']);
803
-
804
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-save-form-settings' ) ) {
805
- $error = new WP_Error();
806
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
807
- //return $error;
808
- }
809
- if(isset($_POST['submit_selector']) and
810
- isset($_POST['email_selector']) and
811
- isset($_POST['authType']) and
812
- isset($_POST['customForm']) and
813
- isset($_POST['form_selector']) and
814
-
815
- $_POST['submit_selector']!="" and
816
- $_POST['email_selector']!="" and
817
- $_POST['customForm']!="" and
818
- $_POST['form_selector']!="")
819
- {
820
- $submit_selector = sanitize_text_field($_POST['submit_selector']);
821
- $form_selector = sanitize_text_field($_POST['form_selector']);
822
- $email_selector = sanitize_text_field($_POST['email_selector']);
823
- $phone_selector = sanitize_text_field($_POST['phone_selector']);
824
- $authType = sanitize_text_field($_POST['authType']);
825
- $customForm = sanitize_text_field( $_POST['customForm']);
826
- $enableShortcode = sanitize_text_field($_POST['enableShortcode']);
827
-
828
- switch ($form_selector)
829
- {
830
- case '.bbp-login-form':
831
- update_site_option('mo2f_custom_reg_bbpress',true);
832
- update_site_option('mo2f_custom_reg_wocommerce',false);
833
- update_site_option('mo2f_custom_reg_custom',false);
834
- break;
835
- case '.woocommerce-form woocommerce-form-register':
836
- update_site_option('mo2f_custom_reg_bbpress',false);
837
- update_site_option('mo2f_custom_reg_wocommerce',true);
838
- update_site_option('mo2f_custom_reg_custom',false);
839
- break;
840
- default:
841
- update_site_option('mo2f_custom_reg_bbpress',false);
842
- update_site_option('mo2f_custom_reg_wocommerce',false);
843
- update_site_option('mo2f_custom_reg_custom',true);
844
- }
845
-
846
- update_site_option('mo2f_custom_form_name', $form_selector);
847
- update_site_option('mo2f_custom_email_selector', $email_selector);
848
- update_site_option('mo2f_custom_phone_selector', $phone_selector);
849
- update_site_option('mo2f_custom_submit_selector', $submit_selector);
850
- update_site_option('mo2f_custom_auth_type', $authType);
851
-
852
- update_site_option('enable_form_shortcode',$enableShortcode);
853
- $saved = true;
854
- }
855
- else
856
- {
857
- $submit_selector = 'NA';
858
- $form_selector = 'NA';
859
- $email_selector = 'NA';
860
- $authType ='NA';
861
- $saved = false;
862
- }
863
- $return = array(
864
- 'authType' => $authType,
865
- 'submit' => $submit_selector,
866
- 'emailSelector' => $email_selector,
867
- 'phone_selector' => $phone_selector,
868
- 'form' => $form_selector,
869
- 'saved' => $saved,
870
- 'customForm' => $customForm,
871
- 'enableShortcode' => $enableShortcode
872
- );
873
-
874
- return wp_send_json($return);
875
- }
876
-
877
- function mo2f_check_user_exist_miniOrange()
878
- {
879
- $nonce = sanitize_text_field($_POST['nonce']);
880
-
881
- if ( ! wp_verify_nonce( $nonce, 'checkuserinminiOrangeNonce' ) ) {
882
- $error = new WP_Error();
883
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
884
- echo "NonceDidNotMatch";
885
- exit;
886
- }
887
-
888
- if(!get_option('mo2f_customerKey')){
889
- echo "NOTLOGGEDIN";
890
- exit;
891
- }
892
- $user = wp_get_current_user();
893
- global $Mo2fdbQueries;
894
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
895
- if($email == '' or is_null($email))
896
- $email = $user->user_email;
897
-
898
-
899
-
900
- if(isset($_POST['email']))
901
- {
902
- $email = sanitize_email($_POST['email']);
903
- }
904
-
905
- $enduser = new Two_Factor_Setup();
906
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
907
-
908
-
909
- if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
910
- echo "alreadyExist";
911
- exit;
912
- }
913
- else
914
- {
915
-
916
- update_user_meta($user->ID,'mo2f_email_miniOrange',$email);
917
- echo "USERCANBECREATED";
918
- exit;
919
- }
920
-
921
- }
922
- function mo2f_shift_to_onprem(){
923
-
924
- $current_user = wp_get_current_user();
925
- $current_userID = $current_user->ID;
926
- $miniorangeID = get_option( 'mo2f_miniorange_admin' );
927
- if(is_null($miniorangeID) or $miniorangeID =='')
928
- $is_customer_admin = true;
929
- else
930
- $is_customer_admin = $miniorangeID == $current_userID ? true : false;
931
- if($is_customer_admin)
932
- {
933
- update_option('is_onprem', 1);
934
- update_option( 'mo2f_remember_device',0);
935
- wp_send_json('true');
936
- }
937
- else
938
- {
939
- $adminUser = get_user_by('id',$miniorangeID);
940
- $email = $adminUser->user_email;
941
- wp_send_json($email);
942
- }
943
-
944
- }
945
-
946
-
947
- function mo2f_delete_log_file(){
948
- $nonce = sanitize_text_field($_POST['mo2f_nonce_delete_log']);
949
-
950
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-delete-log' ) ) {
951
- $error = new WP_Error();
952
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
953
-
954
- }else{
955
- $debug_log_path = wp_upload_dir();
956
- $debug_log_path = $debug_log_path['basedir'];
957
- $file_name = 'miniorange_debug_log.txt';
958
- $status = file_exists( $debug_log_path.DIRECTORY_SEPARATOR.$file_name);
959
- if($status){
960
- unlink($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
961
- wp_send_json('true');
962
- }
963
- else{
964
- wp_send_json('false');
965
- }
966
- }
967
- }
968
- function mo2f_enable_disable_debug_log(){
969
-
970
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_debug_log']);
971
-
972
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-debug-log' ) ) {
973
- $error = new WP_Error();
974
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
975
-
976
- }
977
-
978
- $enable = sanitize_text_field($_POST['mo2f_enable_debug_log']);
979
- if($enable == 'true'){
980
- update_site_option('mo2f_enable_debug_log' , 1);
981
- wp_send_json('true');
982
- }
983
- else{
984
- update_site_option('mo2f_enable_debug_log' , 0);
985
- wp_send_json('false');
986
- }
987
- }
988
-
989
- function mo2f_enable_disable_twofactor(){
990
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA']);
991
-
992
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-2FA' ) ) {
993
- $error = new WP_Error();
994
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
995
-
996
- }
997
-
998
- $enable = sanitize_text_field($_POST['mo2f_enable_2fa']);
999
- if($enable == 'true'){
1000
- update_option('mo2f_activate_plugin' , 1);
1001
- wp_send_json('true');
1002
- }
1003
- else{
1004
- update_option('mo2f_activate_plugin' , 0);
1005
- wp_send_json('false');
1006
- }
1007
- }
1008
-
1009
- function mo2f_enable_disable_twofactor_prompt_on_login(){
1010
-
1011
- global $Mo2fdbQueries;
1012
- $user = wp_get_current_user();
1013
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA_prompt_on_login']);
1014
- $auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1015
- if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-on-login-page-option-nonce' ) ) {
1016
- $error = new WP_Error();
1017
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1018
-
1019
- }
1020
- $enable= sanitize_text_field($_POST['mo2f_enable_2fa_prompt_on_login']);
1021
- if(!($auth_method == "Google Authenticator" || $auth_method =="miniOrange Soft Token" || $auth_method == "Authy Authenticator"))
1022
- {
1023
- update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1024
- if(!MO2F_IS_ONPREM)
1025
- wp_send_json('false_method_cloud');
1026
- else
1027
- wp_send_json('false_method_onprem');
1028
-
1029
- }
1030
- else if($enable == 'true'){
1031
- update_site_option('mo2f_enable_2fa_prompt_on_login_page' , true);
1032
- wp_send_json('true');
1033
- }
1034
- else{
1035
- update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1036
- wp_send_json('false');
1037
- }
1038
- }
1039
-
1040
- function mo2f_enable_disable_inline(){
1041
- $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_inline']);
1042
-
1043
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-inline' ) ) {
1044
- wp_send_json("error");
1045
- }
1046
- $enable = sanitize_text_field($_POST['mo2f_inline_registration']);
1047
- if($enable == 'true'){
1048
- update_site_option('mo2f_inline_registration' , 1);
1049
- wp_send_json('true');
1050
- }
1051
- else{
1052
- update_site_option('mo2f_inline_registration' , 0);
1053
- wp_send_json('false');
1054
- }
1055
- }
1056
- function mo2f_enable_disable_configurd_methods(){
1057
- $nonce = sanitize_text_field($_POST['nonce']);
1058
-
1059
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce_configurd_methods' ) ) {
1060
- wp_send_json_error("error");
1061
- }
1062
- $enable = sanitize_text_field($_POST['mo2f_nonce_enable_configured_methods']);
1063
-
1064
- if($enable == 'true'){
1065
- update_site_option('mo2f_nonce_enable_configured_methods' ,true);
1066
- wp_send_json('true');
1067
- }
1068
- else{
1069
- update_site_option('mo2f_nonce_enable_configured_methods' , false);
1070
- wp_send_json('false');
1071
- }
1072
- }
1073
-
1074
- function mo2f_role_based_2_factor(){
1075
- if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
1076
- wp_send_json('ERROR');
1077
- return;
1078
- }
1079
- global $wp_roles;
1080
- if (!isset($wp_roles))
1081
- $wp_roles = new WP_Roles();
1082
- foreach($wp_roles->role_names as $id => $name) {
1083
- update_option('mo2fa_'.$id, 0);
1084
- }
1085
-
1086
- if(isset($_POST['enabledrole'])){
1087
- $enabledrole = $_POST['enabledrole'];
1088
- }
1089
- else{
1090
- $enabledrole = array();
1091
- }
1092
- foreach($enabledrole as $role){
1093
- update_option($role, 1);
1094
- }
1095
- wp_send_json('true');
1096
- return;
1097
- }
1098
- function mo2f_single_user()
1099
- {
1100
- if(!wp_verify_nonce($_POST['nonce'],'singleUserNonce'))
1101
- {
1102
- echo "NonceDidNotMatch";
1103
- exit;
1104
- }
1105
- else
1106
- {
1107
- $current_user = wp_get_current_user();
1108
- $current_userID = $current_user->ID;
1109
- $miniorangeID = get_option( 'mo2f_miniorange_admin' );
1110
- $is_customer_admin = $miniorangeID == $current_userID ? true : false;
1111
-
1112
- if(is_null($miniorangeID) or $miniorangeID =='')
1113
- $is_customer_admin = true;
1114
-
1115
- if($is_customer_admin)
1116
- {
1117
- update_option('is_onprem', 0);
1118
- wp_send_json('true');
1119
- }
1120
- else
1121
- {
1122
- $adminUser = get_user_by('id',$miniorangeID);
1123
- $email = $adminUser->user_email;
1124
- wp_send_json($email);
1125
- }
1126
-
1127
- }
1128
- }
1129
-
1130
- function mo2f_unlimitted_user()
1131
- {
1132
- if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
1133
- {
1134
- echo "NonceDidNotMatch";
1135
- exit;
1136
- }
1137
- else
1138
- {
1139
- if($_POST['enableOnPremise'] == 'on')
1140
- {
1141
- global $wp_roles;
1142
- if (!isset($wp_roles))
1143
- $wp_roles = new WP_Roles();
1144
- foreach($wp_roles->role_names as $id => $name) {
1145
- add_site_option('mo2fa_'.$id, 1);
1146
- if($id == 'administrator'){
1147
- add_option('mo2fa_'.$id.'_login_url',admin_url());
1148
- }else{
1149
- add_option('mo2fa_'.$id.'_login_url',home_url());
1150
- }
1151
- }
1152
- echo "OnPremiseActive";
1153
- exit;
1154
- }
1155
- else
1156
- {
1157
- echo "OnPremiseDeactive";
1158
- exit;
1159
- }
1160
- }
1161
- }
1162
-
1163
- function mo2f_save_email_verification()
1164
- {
1165
-
1166
- if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
1167
- {
1168
- echo "NonceDidNotMatch";
1169
- exit;
1170
- }
1171
- else
1172
- {
1173
- $user_id = get_current_user_id();
1174
- $twofactor_transactions = new Mo2fDB;
1175
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
1176
-
1177
- if($exceeded){
1178
- echo "USER_LIMIT_EXCEEDED";
1179
- exit;
1180
- }
1181
- $email = sanitize_email($_POST['email']);
1182
- $currentMethod = sanitize_text_field($_POST['current_method']);
1183
- $error = false;
1184
-
1185
- $customer_key = get_site_option( 'mo2f_customerKey' );
1186
- $api_key = get_site_option( 'mo2f_api_key' );
1187
-
1188
-
1189
- if (!filter_var($email, FILTER_VALIDATE_EMAIL))
1190
- {
1191
- $error = true;
1192
- }
1193
- if($email!='' && !$error)
1194
- {
1195
- global $Mo2fdbQueries;
1196
- if($currentMethod == 'EmailVerification')
1197
- {
1198
-
1199
-
1200
-
1201
- if(MO2F_IS_ONPREM){
1202
-
1203
- update_user_meta($user_id,'tempEmail',$email);
1204
- $enduser = new Customer_Setup();
1205
- $content = $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key);
1206
- $decoded = json_decode($content,true);
1207
- if($decoded['status'] == 'FAILED'){
1208
- echo "smtpnotset";
1209
- exit;
1210
- }
1211
-
1212
- update_user_meta($user_id,'Mo2fTxid',$decoded['txId']);
1213
- $otpToken = '';
1214
- $otpToken .= rand(0,9);
1215
- update_user_meta($user_id,'Mo2fOtpToken',$otpToken);
1216
-
1217
- }
1218
-
1219
-
1220
-
1221
- //for cloud
1222
- if(! MO2F_IS_ONPREM){
1223
- $enduser = new Two_Factor_Setup();
1224
- $enduser->mo2f_update_userinfo($email, "OUT OF BAND EMAIL",null,null,null);
1225
- }
1226
- // }
1227
-
1228
- echo "settingsSaved";
1229
- exit;
1230
- }
1231
- elseif ($currentMethod == 'OTPOverEmail')
1232
- {
1233
- update_user_meta($user_id,'tempEmail',$email);
1234
- $enduser = new Customer_Setup();
1235
- $content = $enduser->send_otp_token($email,"OTP Over Email",$customer_key,$api_key);
1236
-
1237
- $decoded = json_decode($content,true);
1238
- if($decoded['status'] == 'FAILED'){
1239
-
1240
-
1241
- echo "smtpnotset";
1242
- exit;
1243
-
1244
- }
1245
- MO2f_Utility::mo2f_debug_file('OTP has been sent successfully over Email');
1246
- update_user_meta( $user_id, 'configure_2FA', 1 );
1247
- update_user_meta($user_id,'Mo2fOtpOverEmailtxId',$decoded['txId']);
1248
-
1249
-
1250
- }
1251
- update_user_meta($user_id,'tempRegEmail',$email);
1252
- echo "settingsSaved";
1253
- exit;
1254
- }
1255
- else
1256
- {
1257
- echo "invalidEmail";
1258
- exit;
1259
- }
1260
-
1261
- }
1262
-
1263
- }
1264
-
1265
- function CheckEVStatus()
1266
- {
1267
- if(isset($_POST['txid']))
1268
- {
1269
- $txid = sanitize_text_field($_POST['txid']);
1270
- $status = get_site_option($txid);
1271
- if($status ==1 || $status ==0)
1272
- delete_site_option($_POST['txid']);
1273
- echo esc_html($status);
1274
- exit();
1275
- }
1276
- echo "empty txid";
1277
- exit;
1278
- }
1279
-
1280
-
1281
- }
1282
-
1283
- new mo_2f_ajax;
1284
- ?>
1
+ <?php
2
+ class mo_2f_ajax
3
+ {
4
+ function __construct(){
5
+
6
+ add_action( 'admin_init' , array( $this, 'mo_2f_two_factor' ) );
7
+ }
8
+
9
+ function mo_2f_two_factor(){
10
+ add_action( 'wp_ajax_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
11
+ add_action( 'wp_ajax_nopriv_mo_two_factor_ajax', array($this,'mo_two_factor_ajax') );
12
+ }
13
+
14
+ function mo_two_factor_ajax(){
15
+ $GLOBALS['mo2f_is_ajax_request'] = true;
16
+ switch (sanitize_text_field(wp_unslash($_POST['mo_2f_two_factor_ajax']))) {
17
+ case 'mo2f_ajax_login_redirect':
18
+ $this->mo2f_ajax_login_redirect(); break;
19
+ case 'mo2f_save_email_verification':
20
+ $this->mo2f_save_email_verification(); break;
21
+ case 'mo2f_unlimitted_user':
22
+ $this->mo2f_unlimitted_user();break;
23
+ case 'mo2f_check_user_exist_miniOrange':
24
+ $this->mo2f_check_user_exist_miniOrange();break;
25
+ case 'mo2f_single_user':
26
+ $this->mo2f_single_user();break;
27
+ case 'CheckEVStatus':
28
+ $this->CheckEVStatus(); break;
29
+ case 'mo2f_role_based_2_factor':
30
+ $this->mo2f_role_based_2_factor();break;
31
+ case 'mo2f_enable_disable_twofactor':
32
+ $this->mo2f_enable_disable_twofactor(); break;
33
+ case 'mo2f_enable_disable_inline':
34
+ $this->mo2f_enable_disable_inline(); break;
35
+ case 'mo2f_enable_disable_configurd_methods':
36
+ $this->mo2f_enable_disable_configurd_methods(); break;
37
+ case 'mo2f_shift_to_onprem':
38
+ $this->mo2f_shift_to_onprem();break;
39
+ case 'mo2f_enable_disable_twofactor_prompt_on_login':
40
+ $this->mo2f_enable_disable_twofactor_prompt_on_login();break;
41
+ case 'mo2f_save_custom_form_settings':
42
+ $this ->mo2f_save_custom_form_settings();
43
+ break;
44
+ case 'mo2f_enable_disable_debug_log':
45
+ $this ->mo2f_enable_disable_debug_log();
46
+ break;
47
+ case 'mo2f_delete_log_file':
48
+ $this->mo2f_delete_log_file();
49
+ break;
50
+ case 'select_method_setup_wizard':
51
+ $this->mo2f_select_method_setup_wizard();
52
+ break;
53
+ case 'mo_wpns_register_verify_customer':
54
+ $this->mo_wpns_register_verify_customer();
55
+ break;
56
+ case 'mo_2fa_configure_GA_setup_wizard':
57
+ $this->mo_2fa_configure_GA_setup_wizard();
58
+ break;
59
+ case 'mo_2fa_verify_GA_setup_wizard':
60
+ $this->mo_2fa_verify_GA_setup_wizard();
61
+ break;
62
+ case 'mo_2fa_configure_OTPOverSMS_setup_wizard':
63
+ $this->mo_2fa_configure_OTPOverSMS_setup_wizard();
64
+ break;
65
+ case 'mo_2fa_configure_OTPOverEmail_setup_wizard':
66
+ $this->mo_2fa_configure_OTPOverEmail_setup_wizard();
67
+ break;
68
+ case 'mo_2fa_verify_OTPOverEmail_setup_wizard':
69
+ $this->mo_2fa_verify_OTPOverEmail_setup_wizard();
70
+ break;
71
+ case 'mo_2fa_verify_OTPOverSMS_setup_wizard':
72
+ $this->mo_2fa_verify_OTPOverSMS_setup_wizard();
73
+ break;
74
+ case 'mo_2fa_configure_KBA_setup_wizard':
75
+ $this->mo_2fa_configure_KBA_setup_wizard();
76
+ break;
77
+ case 'mo_2fa_verify_KBA_setup_wizard':
78
+ $this->mo_2fa_verify_KBA_setup_wizard();
79
+ break;
80
+ case 'mo_2fa_send_otp_token':
81
+ $this->mo_2fa_send_otp_token();
82
+ break;
83
+ case "mo2f_set_otp_over_sms":
84
+ $this->mo2f_set_otp_over_sms(); break;
85
+ case "mo2f_set_miniorange_methods":
86
+ $this->mo2f_set_miniorange_methods(); break;
87
+ case "mo2f_set_GA":
88
+ $this->mo2f_set_GA(); break;
89
+ }
90
+ }
91
+ function mo_2fa_verify_KBA_setup_wizard()
92
+ {
93
+ global $Mo2fdbQueries;
94
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
95
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
96
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
97
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
98
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
99
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
100
+ $user = wp_get_current_user();
101
+ $this->mo2f_check_and_create_user($user->ID);
102
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
103
+ echo "Invalid Questions or Answers";
104
+ exit;
105
+ }
106
+ if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
107
+ echo "The questions you select must be unique.";
108
+ exit;
109
+ }
110
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
111
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
112
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
113
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
114
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
115
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
116
+ $email = $user->user_email;
117
+ $kba_registration = new Two_Factor_Setup();
118
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
119
+ 'mo2f_SecurityQuestions_config_status' => true,
120
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
121
+ 'mo2f_user_email' => $email
122
+ ));
123
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
124
+
125
+ if($kba_reg_reponse['status']=='SUCCESS')
126
+ {
127
+ echo "SUCCESS";
128
+ exit;
129
+ }
130
+ else
131
+ {
132
+ echo "An error has occured while saving KBA details. Please try again.";
133
+ exit;
134
+ }
135
+ }
136
+ function mo_2fa_send_otp_token()
137
+ {
138
+ $enduser = new Customer_Setup();
139
+ $email = sanitize_email($_POST['phone']);
140
+ $customer_key = get_site_option('mo2f_customerKey');
141
+ $api_key = get_site_option('mo2f_api_key');
142
+ $selected_2FA_method = sanitize_text_field($_POST['selected_2FA_method']);
143
+ $user_id = wp_get_current_user()->ID;
144
+
145
+ if($selected_2FA_method == 'OTP Over Email')
146
+ {
147
+ update_user_meta($user_id,'tempRegEmail',$email);
148
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
149
+ $emailErr = "Invalid email format";
150
+ echo $emailErr;
151
+ exit;
152
+ }
153
+ }
154
+ else if($selected_2FA_method == 'OTP Over SMS')
155
+ {
156
+
157
+ }
158
+ $content = $enduser->send_otp_token($email,$selected_2FA_method,$customer_key,$api_key);
159
+ $content = json_decode($content);
160
+
161
+ if($content->status =='SUCCESS')
162
+ {
163
+ echo 'SUCCESS';
164
+ update_user_meta($user_id,'txId',$content->txId);
165
+ update_user_meta($user_id,'tempRegPhone',$email);
166
+ exit;
167
+ }
168
+ else
169
+ echo "An error has occured while sending the OTP.";
170
+ exit;
171
+ }
172
+ function mo2f_check_and_create_user($user_id)
173
+ {
174
+ global $Mo2fdbQueries;
175
+ $twofactor_transactions = new Mo2fDB;
176
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
177
+ if($exceeded){
178
+ echo 'User Limit has been exceeded';
179
+ exit;
180
+ }
181
+ $Mo2fdbQueries->insert_user( $user_id );
182
+ }
183
+ function mo_2fa_verify_OTPOverSMS_setup_wizard()
184
+ {
185
+ global $Mo2fdbQueries;
186
+ $enduser = new Customer_Setup();
187
+ $current_user = wp_get_current_user();
188
+ $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
189
+ $user_id = wp_get_current_user()->ID;
190
+ $email = get_user_meta($user_id,'tempRegPhone',true);
191
+ $content = json_decode($enduser->validate_otp_token( 'SMS', null, get_user_meta($user_id,'txId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
192
+
193
+ if($content['status'] == 'SUCCESS')
194
+ {
195
+ $this->mo2f_check_and_create_user($user_id);
196
+ $Mo2fdbQueries->update_user_details( $user_id, array(
197
+ 'mo2f_OTPOverSMS_config_status' => true,
198
+ 'mo2f_configured_2FA_method' => "OTP Over SMS",
199
+ 'mo2f_user_phone' => $email,
200
+ 'user_registration_with_miniorange' => 'SUCCESS',
201
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
202
+ ) );
203
+ echo "SUCCESS";
204
+ }
205
+ else
206
+ {
207
+ echo "Invalid OTP";
208
+ }
209
+ exit;
210
+
211
+ }
212
+ function mo_2fa_verify_OTPOverEmail_setup_wizard()
213
+ {
214
+ global $Mo2fdbQueries;
215
+ $enduser = new Customer_Setup();
216
+ $current_user = wp_get_current_user();
217
+ $otpToken = sanitize_text_field($_POST['mo2f_otp_token']);
218
+ $user_id = wp_get_current_user()->ID;
219
+ $email = get_user_meta($user_id,'tempRegEmail',true);
220
+ $content = json_decode($enduser->validate_otp_token( 'OTP_OVER_EMAIL', null, get_user_meta($current_user->ID,'mo2f_transactionId',true), $otpToken, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
221
+
222
+ if($content['status'] == 'SUCCESS')
223
+ {
224
+ $this->mo2f_check_and_create_user($user_id);
225
+ $Mo2fdbQueries->update_user_details( $user_id, array(
226
+ 'mo2f_OTPOverEmail_config_status' => true,
227
+ 'mo2f_configured_2FA_method' => "OTP Over Email",
228
+ 'mo2f_user_email' => $email,
229
+ 'user_registration_with_miniorange' => 'SUCCESS',
230
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
231
+ ) );
232
+ echo "SUCCESS";
233
+ }
234
+ else
235
+ {
236
+ echo "Invalid OTP";
237
+ }
238
+ exit;
239
+ }
240
+ function mo_2fa_verify_GA_setup_wizard()
241
+ {
242
+ global $Mo2fdbQueries;
243
+ $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
244
+ include_once $path;
245
+ $obj_google_auth = new Google_auth_onpremise();
246
+ $user_id = wp_get_current_user()->ID;
247
+ $otpToken = sanitize_text_field($_POST['mo2f_google_auth_code']);
248
+ $session_id_encrypt = isset($_POST['mo2f_session_id']) ? sanitize_text_field($_POST['mo2f_session_id']) : null;
249
+ $secret= $obj_google_auth->mo_GAuth_get_secret($user_id);
250
+ if($session_id_encrypt){
251
+ $secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
252
+ }
253
+ $content = $obj_google_auth->verifyCode($secret, $otpToken);
254
+ $content = json_decode($content);
255
+ if($content->status== 'false')
256
+ echo "Invalid One time Passcode. Please enter again";
257
+ else
258
+ {
259
+ $obj_google_auth->mo_GAuth_set_secret($user_id,$secret);
260
+ $this->mo2f_check_and_create_user($user_id);
261
+ $Mo2fdbQueries->update_user_details( $user_id, array(
262
+ 'mo2f_GoogleAuthenticator_config_status' => true,
263
+ 'mo2f_AuthyAuthenticator_config_status' => false,
264
+ 'mo2f_configured_2FA_method' => "Google Authenticator",
265
+ 'user_registration_with_miniorange' => 'SUCCESS',
266
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
267
+ ) );
268
+
269
+ echo 'SUCCESS';
270
+ }
271
+ exit;
272
+ }
273
+ function mo_2fa_configure_GA_setup_wizard()
274
+ {
275
+ $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
276
+ include_once $path;
277
+ $obj_google_auth = new Google_auth_onpremise();
278
+ update_option('mo2f_google_appname',$_SERVER['SERVER_NAME']);
279
+ $res = $obj_google_auth->mo_GAuth_get_details(true);
280
+ return $res;
281
+ }
282
+ function mo_2fa_configure_OTPOverSMS_setup_wizard()
283
+ {
284
+ global $Mo2fdbQueries;
285
+ $user = wp_get_current_user();
286
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
287
+ $user_phone = $mo2f_user_phone ? $mo2f_user_phone : get_option( 'user_phone_temp' );
288
+ $session_id_encrypt = MO2f_Utility::random_str(20);
289
+
290
+ ?>
291
+ <h4 style="padding:10px; background-color: #a7c5eb;font-weight:normal"> Remaining SMS Transactions: <b><?php echo intval(esc_html(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')));?> </b></h4>
292
+ <form name="f" method="post" action="" id="mo2f_verifyphone_form">
293
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_send_otp"/>
294
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
295
+ <input type="hidden" name="mo2f_configure_otp_over_sms_send_otp_nonce"
296
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-send-otp-nonce" )) ?>"/>
297
+
298
+ <div style="display:inline;">
299
+ <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px;" type="text" name="phone" id="phone"
300
+ value="<?php echo esc_html($user_phone) ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}"
301
+ title="<?php echo mo2f_lt( 'Enter phone number without any space or dashes' ); ?>"/><br>
302
+ <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
303
+ value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
304
+ </div>
305
+ </form>
306
+ <br>
307
+ <form name="f" method="post" action="" id="mo2f_validateotp_form">
308
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
309
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
310
+ <input type="hidden" name="mo2f_configure_otp_over_sms_validate_nonce"
311
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-sms-validate-nonce" )) ?>"/>
312
+ <p><?php echo mo2f_lt( 'Enter One Time Passcode' ); ?></p>
313
+ <input class="mo2f_table_textbox_phone" style="width:200px;height: 30px" autofocus="true" type="text" name="mo2f_otp_token" id="mo2f_otp_token"
314
+ placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/>
315
+ <br><br>
316
+ </form><br>
317
+
318
+ <?php
319
+ exit;
320
+ }
321
+ function mo_2fa_configure_OTPOverEmail_setup_wizard()
322
+ {
323
+ $session_id_encrypt = MO2f_Utility::random_str(20);
324
+ $user_email = wp_get_current_user()->user_email;
325
+ ?>
326
+ <h4 style="padding:10px; background-color: #f1f3f5"> Remaining Email Transactions: <b><?php echo intval(esc_html(get_site_option('cmVtYWluaW5nT1RQ')));?> </b></h4>
327
+ <form name="f" method="post" action="" id="mo2f_verifyemail_form">
328
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_email_send_otp"/>
329
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
330
+ <input type="hidden" name="mo2f_configure_otp_over_email_send_otp_nonce"
331
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-email-send-otp-nonce" )) ?>"/>
332
+
333
+ <div style="display:inline;">
334
+ <b>Email Address: </b>
335
+ <input class="mo2f_table_textbox" style="width:280px;height: 30px;" type="email" name="verify_phone" id="phone"
336
+ value="<?php echo esc_html($user_email) ?>"
337
+ title="<?php echo mo2f_lt( 'Enter your email address without any space or dashes' ); ?>"/><br><br>
338
+ <input type="button" name="mo2f_send_otp" id="mo2f_send_otp" class="miniorange_button"
339
+ value="<?php echo mo2f_lt( 'Send OTP' ); ?>"/>
340
+ </div>
341
+ </form>
342
+ <br><br>
343
+ <form name="f" method="post" action="" id="mo2f_validateotp_form">
344
+ <input type="hidden" name="option" value="mo2f_configure_otp_over_sms_validate"/>
345
+ <input type="hidden" name="mo2f_session_id" value="<?php echo esc_html($session_id_encrypt) ?>"/>
346
+ <input type="hidden" name="mo2f_configure_otp_over_email_validate_nonce"
347
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-configure-otp-over-email-validate-nonce" )) ?>"/>
348
+ <b><?php echo mo2f_lt( 'Enter One Time Passcode:' ); ?>
349
+ <input class="mo2f_table_textbox" style="width:200px;height: 30px;" autofocus="true" type="text" name="mo2f_otp_token" id ="mo2f_otp_token"
350
+ placeholder="<?php echo mo2f_lt( 'Enter OTP' ); ?>" style="width:95%;"/></b>
351
+ <br><br>
352
+ </form><br>
353
+
354
+ <?php
355
+ exit;
356
+ }
357
+ function mo_2fa_configure_KBA_setup_wizard()
358
+ {
359
+ ?>
360
+ <div class="mo2f_kba_header"><?php echo mo2f_lt( 'Please choose 3 questions' ); ?></div>
361
+ <br>
362
+ <table cellspacing="10">
363
+ <tr class="mo2f_kba_header">
364
+ <th style="width: 10%;">
365
+ <?php echo mo2f_lt( 'Sr. No.' ); ?>
366
+ </th>
367
+ <th class="mo2f_kba_tb_data">
368
+ <?php echo mo2f_lt( 'Questions' ); ?>
369
+ </th>
370
+ <th>
371
+ <?php echo mo2f_lt( 'Answers' ); ?>
372
+ </th>
373
+ </tr>
374
+ <tr class="mo2f_kba_body">
375
+ <td>
376
+ <center>1.</center>
377
+ </td>
378
+ <td class="mo2f_kba_tb_data">
379
+ <select name="mo2f_kbaquestion_1" id="mo2f_kbaquestion_1" class="mo2f_kba_ques" required="true"
380
+ >
381
+ <option value="" selected="selected">
382
+ -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
383
+ -------------------------
384
+ </option>
385
+ <option id="mq1_1"
386
+ value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
387
+ <option id="mq2_1"
388
+ value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
389
+ <option id="mq3_1"
390
+ value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
391
+ <option id="mq4_1"
392
+ value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
393
+ <option id="mq5_1"
394
+ value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
395
+ <option id="mq6_1"
396
+ value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
397
+ <option id="mq7_1"
398
+ value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
399
+ <option id="mq8_1"
400
+ value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
401
+ <option id="mq9_1"
402
+ value="What is your grandmother's maiden name?"><?php echo mo2f_lt( "What is your grandmother's maiden name?" ); ?></option>
403
+ <option id="mq10_1"
404
+ value="What was your first vehicle's registration number?"><?php echo mo2f_lt( "What was your first vehicle's registration number?" ); ?></option>
405
+ </select>
406
+ </td>
407
+ <td style="text-align: end;">
408
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans1" id="mo2f_kba_ans1"
409
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
410
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true" autofocus="true"
411
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
412
+ </td>
413
+ </tr>
414
+ <tr class="mo2f_kba_body">
415
+ <td>
416
+ <center>2.</center>
417
+ </td>
418
+ <td class="mo2f_kba_tb_data">
419
+ <select name="mo2f_kbaquestion_2" id="mo2f_kbaquestion_2" class="mo2f_kba_ques" required="true"
420
+ >
421
+ <option value="" selected="selected">
422
+ -------------------------<?php echo mo2f_lt( 'Select your question' ); ?>
423
+ -------------------------
424
+ </option>
425
+ <option id="mq1_2"
426
+ value="What is your first company name?"><?php echo mo2f_lt( 'What is your first company name?' ); ?></option>
427
+ <option id="mq2_2"
428
+ value="What was your childhood nickname?"><?php echo mo2f_lt( 'What was your childhood nickname?' ); ?></option>
429
+ <option id="mq3_2"
430
+ value="In what city did you meet your spouse/significant other?"><?php echo mo2f_lt( 'In what city did you meet your spouse/significant other?' ); ?></option>
431
+ <option id="mq4_2"
432
+ value="What is the name of your favorite childhood friend?"><?php echo mo2f_lt( 'What is the name of your favorite childhood friend?' ); ?></option>
433
+ <option id="mq5_2"
434
+ value="What school did you attend for sixth grade?"><?php echo mo2f_lt( 'What school did you attend for sixth grade?' ); ?></option>
435
+ <option id="mq6_2"
436
+ value="In what city or town was your first job?"><?php echo mo2f_lt( 'In what city or town was your first job?' ); ?></option>
437
+ <option id="mq7_2"
438
+ value="What is your favourite sport?"><?php echo mo2f_lt( 'What is your favourite sport?' ); ?></option>
439
+ <option id="mq8_2"
440
+ value="Who is your favourite sports player?"><?php echo mo2f_lt( 'Who is your favourite sports player?' ); ?></option>
441
+ <option id="mq9_2"
442
+ value="What is your grandmother's maiden name?"><?php echo mo2f_lt( 'What is your grandmother\'s maiden name?' ); ?></option>
443
+ <option id="mq10_2"
444
+ value="What was your first vehicle's registration number?"><?php echo mo2f_lt( 'What was your first vehicle\'s registration number?' ); ?></option>
445
+ </select>
446
+ </td>
447
+ <td style="text-align: end;">
448
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans2" id="mo2f_kba_ans2"
449
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
450
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
451
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
452
+ </td>
453
+ </tr>
454
+ <tr class="mo2f_kba_body">
455
+ <td>
456
+ <center>3.</center>
457
+ </td>
458
+ <td class="mo2f_kba_tb_data">
459
+ <input class="mo2f_kba_ques" type="text" style="width: 100%;"name="mo2f_kbaquestion_3" id="mo2f_kbaquestion_3"
460
+ required="true"
461
+ placeholder="<?php echo mo2f_lt( 'Enter your custom question here' ); ?>"/>
462
+ </td>
463
+ <td style="text-align: end;">
464
+ <input class="mo2f_table_textbox_KBA" type="password" name="mo2f_kba_ans3" id="mo2f_kba_ans3"
465
+ title="<?php echo mo2f_lt( 'Only alphanumeric letters with special characters(_@.$#&amp;+-) are allowed.' ); ?>"
466
+ pattern="(?=\S)[A-Za-z0-9_@.$#&amp;+\-\s]{1,100}" required="true"
467
+ placeholder="<?php echo mo2f_lt( 'Enter your answer' ); ?>"/>
468
+ </td>
469
+ </tr>
470
+ </table>
471
+ <script type="text/javascript">
472
+ var mo_option_to_hide1;
473
+ //hidden element in dropdown list 2
474
+ var mo_option_to_hide2;
475
+
476
+ function mo_option_hide(list) {
477
+ //grab the team selected by the user in the dropdown list
478
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
479
+ //if an element is currently hidden, unhide it
480
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
481
+ mo_option_to_hide1.style.display = 'block';
482
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
483
+ mo_option_to_hide2.style.display = 'block';
484
+ }
485
+ //select the element to hide and then hide it
486
+ if (list == 1) {
487
+ if (list_selected != 0) {
488
+ mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
489
+ mo_option_to_hide2.style.display = 'none';
490
+ }
491
+ }
492
+ if (list == 2) {
493
+ if (list_selected != 0) {
494
+ mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
495
+ mo_option_to_hide1.style.display = 'none';
496
+ }
497
+ }
498
+ }
499
+
500
+
501
+ </script>
502
+
503
+ <?php
504
+ exit;
505
+ }
506
+
507
+ function mo2f_register_customer($post)
508
+ {
509
+ //validate and sanitize
510
+ global $moWpnsUtility, $Mo2fdbQueries;
511
+ $user = wp_get_current_user();
512
+ $email = sanitize_email($post['email']);
513
+ $company = $_SERVER["SERVER_NAME"];
514
+
515
+ $password = $post['password'];
516
+ $confirmPassword = $post['confirmPassword'];
517
+
518
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
519
+ {
520
+ return "Password length is less then expected";
521
+ }
522
+
523
+ if( $password != $confirmPassword )
524
+ {
525
+ return "Password and confirm Password does not match.";
526
+ }
527
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
528
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
529
+ {
530
+ return "Unknown Error has occured.";
531
+ }
532
+
533
+ update_option( 'mo2f_email', $email );
534
+
535
+ update_option( 'mo_wpns_company' , $company );
536
+
537
+ update_option( 'mo_wpns_password' , $password );
538
+
539
+ $customer = new MocURL();
540
+ $content = json_decode($customer->check_customer($email), true);
541
+ $Mo2fdbQueries->insert_user( $user->ID );
542
+
543
+ switch ($content['status'])
544
+ {
545
+ case 'CUSTOMER_NOT_FOUND':
546
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
547
+
548
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
549
+ {
550
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
551
+ update_option( 'mo2f_email', $email );
552
+ $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
553
+ $this->_get_current_customer($email,$password);
554
+ return "SUCCESS";
555
+ }
556
+
557
+ break;
558
+ default:
559
+ $res = $this->_get_current_customer($email,$password);
560
+ if($res == "SUCCESS")
561
+ return $res;
562
+ return "Email is already registered in miniOrange. Please try to login to your account.";
563
+
564
+ }
565
+
566
+ }
567
+ function _verify_customer($post)
568
+ {
569
+ global $moWpnsUtility;
570
+ $email = sanitize_email( $post['email'] );
571
+ $password = sanitize_text_field( $post['password'] );
572
+
573
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
574
+ {
575
+ return "Username or Password is missing.";
576
+ }
577
+ return $this->_get_current_customer($email,$password);
578
+ }
579
+ function _get_current_customer($email,$password)
580
+ {
581
+ global $Mo2fdbQueries;
582
+ $user = wp_get_current_user();
583
+ $customer = new MocURL();
584
+ $content = $customer->get_customer_key($email, $password);
585
+ $customerKey = json_decode($content, true);
586
+ if(json_last_error() == JSON_ERROR_NONE)
587
+ {
588
+ if(isset($customerKey['phone'])){
589
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
590
+ }
591
+ update_option('mo2f_email',$email);
592
+
593
+ $this->save_success_customer_config($email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
594
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
595
+ $customerT = new Customer_Cloud_Setup();
596
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'PREMIUM' ), true );
597
+ if($content['status'] == 'SUCCESS')
598
+ {
599
+ update_site_option('mo2f_license_type','PREMIUM');
600
+ }
601
+ else
602
+ {
603
+ update_site_option('mo2f_license_type','DEMO');
604
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
605
+ }
606
+ if(isset($content['smsRemaining']))
607
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
608
+ else if($content['status'] =='SUCCESS')
609
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
610
+
611
+ if(isset($content['emailRemaining']))
612
+ {
613
+ if($content['emailRemaining']>30)
614
+ {
615
+ $currentTransaction = $content['emailRemaining'];
616
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
617
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
618
+ }
619
+ else if($content['emailRemaining'] == 10 and get_site_option('cmVtYWluaW5nT1RQ')>30)
620
+ {
621
+ update_site_option('cmVtYWluaW5nT1RQ',30);
622
+ }
623
+ }
624
+ return "SUCCESS";
625
+ }
626
+ else
627
+ {
628
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER' );
629
+ update_option('mo_wpns_verify_customer', 'true');
630
+ delete_option('mo_wpns_new_registration');
631
+ return "Invalid Username or Password";
632
+ }
633
+ }
634
+
635
+
636
+ function save_success_customer_config($email, $id, $apiKey, $token, $appSecret)
637
+ {
638
+ global $Mo2fdbQueries;
639
+
640
+ $user = wp_get_current_user();
641
+ update_option( 'mo2f_customerKey' , $id );
642
+ update_option( 'mo2f_api_key' , $apiKey );
643
+ update_option( 'mo2f_customer_token' , $token );
644
+ update_option( 'mo2f_app_secret' , $appSecret );
645
+ update_option( 'mo_wpns_enable_log_requests' , true );
646
+ update_option( 'mo2f_miniorange_admin', $user->ID );
647
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
648
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
649
+
650
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
651
+ 'mo2f_user_email' => $email,
652
+ 'user_registration_with_miniorange' => 'SUCCESS'
653
+ ) );
654
+ $enduser = new Two_Factor_Setup();
655
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $email ), true );
656
+
657
+
658
+ delete_option( 'mo_wpns_verify_customer' );
659
+ delete_option( 'mo_wpns_registration_status' );
660
+ delete_option( 'mo_wpns_password' );
661
+ }
662
+
663
+ function mo_wpns_register_verify_customer()
664
+ {
665
+ $res ="";
666
+ if(isset($_POST['Login_and_Continue']) && sanitize_text_field($_POST['Login_and_Continue']) =='Login and Continue')
667
+ $res = $this->_verify_customer($_POST);
668
+
669
+ else
670
+ $res = $this->mo2f_register_customer($_POST);
671
+ wp_send_json($res);
672
+ }
673
+ function mo2f_select_method_setup_wizard()
674
+ {
675
+ global $Mo2fdbQueries;
676
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-select-method-setup-wizard'))
677
+ {
678
+ wp_send_json("ERROR");
679
+ }
680
+
681
+ $current_user = wp_get_current_user();
682
+ $selected_2FA_method = sanitize_text_field($_POST['mo2f_method']);
683
+
684
+ if(!MO2F_IS_ONPREM)
685
+ {
686
+ update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
687
+ update_user_meta( $current_user->ID, 'register_account_popup', 1 );
688
+ update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
689
+ wp_send_json("SUCCESS");
690
+
691
+ }
692
+
693
+
694
+ $exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($current_user->ID);
695
+ if(!$exceeded)
696
+ $Mo2fdbQueries->insert_user( $current_user->ID );
697
+
698
+ if($selected_2FA_method == 'OTP Over Email')
699
+ {
700
+ wp_send_json("SUCCESS");
701
+ }
702
+ update_user_meta( $current_user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
703
+
704
+ $mo_2factor_admin_registration_status = get_option('mo_2factor_admin_registration_status');
705
+ if($selected_2FA_method == 'OTP Over SMS' && $mo_2factor_admin_registration_status != 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
706
+ {
707
+ update_option('mo_2factor_user_registration_status','REGISTRATION_STARTED');
708
+ update_user_meta( $current_user->ID, 'register_account_popup', 1 );
709
+ }
710
+ else
711
+ update_user_meta( $current_user->ID, 'configure_2FA', 1);
712
+ wp_send_json("SUCCESS");
713
+ }
714
+ function mo2f_set_miniorange_methods(){
715
+ $nonce = sanitize_text_field($_POST['nonce']);
716
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
717
+ $error = new WP_Error();
718
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
719
+ wp_send_json_error($error);
720
+ exit;
721
+ }
722
+ global $Mo2fdbQueries;
723
+ $transient_id=sanitize_text_field($_POST['transient_id']);
724
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
725
+ if(empty($user_id)){
726
+ wp_send_json('UserIdNotFound');
727
+ }
728
+ $user = get_user_by('id',$user_id);
729
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
730
+ $otpToken=sanitize_text_field($_POST['code']);
731
+ $customer = new Customer_Setup();
732
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
733
+ wp_send_json($content);
734
+ }
735
+ function mo2f_set_otp_over_sms(){
736
+ $nonce = sanitize_text_field($_POST['nonce']);
737
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
738
+ $error = new WP_Error();
739
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
740
+ wp_send_json_error($error);
741
+ exit;
742
+ }
743
+ global $Mo2fdbQueries;
744
+ $transient_id=sanitize_text_field($_POST['transient_id']);
745
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
746
+ if(empty($user_id)){
747
+ wp_send_json('UserIdNotFound');
748
+ }
749
+ $user = get_user_by('id',$user_id);
750
+ $new_phone = sanitize_text_field($_POST['phone']);
751
+ $new_phone = str_replace(' ','',$new_phone);
752
+ $Mo2fdbQueries->update_user_details($user_id, array("mo2f_user_phone" => $new_phone) );
753
+ $user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user_id );
754
+ wp_send_json($user_phone);
755
+ }
756
+ function mo2f_set_GA(){
757
+ $nonce = sanitize_text_field($_POST['nonce']);
758
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-update-mobile-nonce' ) ) {
759
+ $error = new WP_Error();
760
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
761
+ wp_send_json_error($error);
762
+ exit;
763
+ }
764
+ include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR.'handler'. DIRECTORY_SEPARATOR.'twofa'. DIRECTORY_SEPARATOR. 'gaonprem.php';
765
+ global $Mo2fdbQueries;
766
+ $transient_id=sanitize_text_field($_POST['transient_id']);
767
+ $user_id = MO2f_Utility::mo2f_get_transient($transient_id, 'mo2f_user_id');
768
+ if(empty($user_id)){
769
+ wp_send_json('UserIdNotFound');
770
+ }
771
+ $google_auth = new Miniorange_Rba_Attributes();
772
+ $user = get_user_by('id',$user_id);
773
+ $email = !empty($Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ))?$Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id ):$user->user_email;
774
+ $otpToken = sanitize_text_field($_POST['code']);
775
+ $ga_secret = sanitize_text_field($_POST['ga_secret']);
776
+ if(MO2F_IS_ONPREM){
777
+ $gauth_obj = new Google_auth_onpremise();
778
+ $gauth_obj->mo_GAuth_set_secret($user_id, $ga_secret);
779
+ }else{
780
+
781
+ $google_auth = new Miniorange_Rba_Attributes();
782
+ $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, 'miniOrangeAu' ), true );
783
+ }
784
+ $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
785
+ wp_send_json($google_response['status']);
786
+ }
787
+ function mo2f_ajax_login_redirect()
788
+ {
789
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
790
+ {
791
+ wp_send_json("ERROR");
792
+ exit;
793
+ }
794
+ $username = sanitize_text_field($_POST['username']);
795
+ $password = $_POST['password'];
796
+ apply_filters( 'authenticate', null, $username, $password );
797
+ }
798
+ function mo2f_save_custom_form_settings()
799
+ {
800
+
801
+ $customForm = false;
802
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_save_form_settings']);
803
+
804
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-save-form-settings' ) ) {
805
+ $error = new WP_Error();
806
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
807
+ //return $error;
808
+ }
809
+ if(isset($_POST['submit_selector']) and
810
+ isset($_POST['email_selector']) and
811
+ isset($_POST['authType']) and
812
+ isset($_POST['customForm']) and
813
+ isset($_POST['form_selector']) and
814
+
815
+ $_POST['submit_selector']!="" and
816
+ $_POST['email_selector']!="" and
817
+ $_POST['customForm']!="" and
818
+ $_POST['form_selector']!="")
819
+ {
820
+ $submit_selector = sanitize_text_field($_POST['submit_selector']);
821
+ $form_selector = sanitize_text_field($_POST['form_selector']);
822
+ $email_selector = sanitize_text_field($_POST['email_selector']);
823
+ $phone_selector = sanitize_text_field($_POST['phone_selector']);
824
+ $authType = sanitize_text_field($_POST['authType']);
825
+ $customForm = sanitize_text_field( $_POST['customForm']);
826
+ $enableShortcode = sanitize_text_field($_POST['enableShortcode']);
827
+
828
+ switch ($form_selector)
829
+ {
830
+ case '.bbp-login-form':
831
+ update_site_option('mo2f_custom_reg_bbpress',true);
832
+ update_site_option('mo2f_custom_reg_wocommerce',false);
833
+ update_site_option('mo2f_custom_reg_custom',false);
834
+ break;
835
+ case '.woocommerce-form woocommerce-form-register':
836
+ update_site_option('mo2f_custom_reg_bbpress',false);
837
+ update_site_option('mo2f_custom_reg_wocommerce',true);
838
+ update_site_option('mo2f_custom_reg_custom',false);
839
+ break;
840
+ default:
841
+ update_site_option('mo2f_custom_reg_bbpress',false);
842
+ update_site_option('mo2f_custom_reg_wocommerce',false);
843
+ update_site_option('mo2f_custom_reg_custom',true);
844
+ }
845
+
846
+ update_site_option('mo2f_custom_form_name', $form_selector);
847
+ update_site_option('mo2f_custom_email_selector', $email_selector);
848
+ update_site_option('mo2f_custom_phone_selector', $phone_selector);
849
+ update_site_option('mo2f_custom_submit_selector', $submit_selector);
850
+ update_site_option('mo2f_custom_auth_type', $authType);
851
+
852
+ update_site_option('enable_form_shortcode',$enableShortcode);
853
+ $saved = true;
854
+ }
855
+ else
856
+ {
857
+ $submit_selector = 'NA';
858
+ $form_selector = 'NA';
859
+ $email_selector = 'NA';
860
+ $authType ='NA';
861
+ $saved = false;
862
+ }
863
+ $return = array(
864
+ 'authType' => $authType,
865
+ 'submit' => $submit_selector,
866
+ 'emailSelector' => $email_selector,
867
+ 'phone_selector' => $phone_selector,
868
+ 'form' => $form_selector,
869
+ 'saved' => $saved,
870
+ 'customForm' => $customForm,
871
+ 'enableShortcode' => $enableShortcode
872
+ );
873
+
874
+ return wp_send_json($return);
875
+ }
876
+
877
+ function mo2f_check_user_exist_miniOrange()
878
+ {
879
+ $nonce = sanitize_text_field($_POST['nonce']);
880
+
881
+ if ( ! wp_verify_nonce( $nonce, 'checkuserinminiOrangeNonce' ) ) {
882
+ $error = new WP_Error();
883
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
884
+ echo "NonceDidNotMatch";
885
+ exit;
886
+ }
887
+
888
+ if(!get_option('mo2f_customerKey')){
889
+ echo "NOTLOGGEDIN";
890
+ exit;
891
+ }
892
+ $user = wp_get_current_user();
893
+ global $Mo2fdbQueries;
894
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
895
+ if($email == '' or is_null($email))
896
+ $email = $user->user_email;
897
+
898
+
899
+
900
+ if(isset($_POST['email']))
901
+ {
902
+ $email = sanitize_email($_POST['email']);
903
+ }
904
+
905
+ $enduser = new Two_Factor_Setup();
906
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
907
+
908
+
909
+ if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0 ){
910
+ echo "alreadyExist";
911
+ exit;
912
+ }
913
+ else
914
+ {
915
+
916
+ update_user_meta($user->ID,'mo2f_email_miniOrange',$email);
917
+ echo "USERCANBECREATED";
918
+ exit;
919
+ }
920
+
921
+ }
922
+ function mo2f_shift_to_onprem(){
923
+
924
+ $current_user = wp_get_current_user();
925
+ $current_userID = $current_user->ID;
926
+ $miniorangeID = get_option( 'mo2f_miniorange_admin' );
927
+ if(is_null($miniorangeID) or $miniorangeID =='')
928
+ $is_customer_admin = true;
929
+ else
930
+ $is_customer_admin = $miniorangeID == $current_userID ? true : false;
931
+ if($is_customer_admin)
932
+ {
933
+ update_option('is_onprem', 1);
934
+ update_option( 'mo2f_remember_device',0);
935
+ wp_send_json('true');
936
+ }
937
+ else
938
+ {
939
+ $adminUser = get_user_by('id',$miniorangeID);
940
+ $email = $adminUser->user_email;
941
+ wp_send_json($email);
942
+ }
943
+
944
+ }
945
+
946
+
947
+ function mo2f_delete_log_file(){
948
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_delete_log']);
949
+
950
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-delete-log' ) ) {
951
+ $error = new WP_Error();
952
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
953
+
954
+ }else{
955
+ $debug_log_path = wp_upload_dir();
956
+ $debug_log_path = $debug_log_path['basedir'];
957
+ $file_name = 'miniorange_debug_log.txt';
958
+ $status = file_exists( $debug_log_path.DIRECTORY_SEPARATOR.$file_name);
959
+ if($status){
960
+ unlink($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
961
+ wp_send_json('true');
962
+ }
963
+ else{
964
+ wp_send_json('false');
965
+ }
966
+ }
967
+ }
968
+ function mo2f_enable_disable_debug_log(){
969
+
970
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_debug_log']);
971
+
972
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-debug-log' ) ) {
973
+ $error = new WP_Error();
974
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
975
+
976
+ }
977
+
978
+ $enable = sanitize_text_field($_POST['mo2f_enable_debug_log']);
979
+ if($enable == 'true'){
980
+ update_site_option('mo2f_enable_debug_log' , 1);
981
+ wp_send_json('true');
982
+ }
983
+ else{
984
+ update_site_option('mo2f_enable_debug_log' , 0);
985
+ wp_send_json('false');
986
+ }
987
+ }
988
+
989
+ function mo2f_enable_disable_twofactor(){
990
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA']);
991
+
992
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-2FA' ) ) {
993
+ $error = new WP_Error();
994
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
995
+
996
+ }
997
+
998
+ $enable = sanitize_text_field($_POST['mo2f_enable_2fa']);
999
+ if($enable == 'true'){
1000
+ update_option('mo2f_activate_plugin' , 1);
1001
+ wp_send_json('true');
1002
+ }
1003
+ else{
1004
+ update_option('mo2f_activate_plugin' , 0);
1005
+ wp_send_json('false');
1006
+ }
1007
+ }
1008
+
1009
+ function mo2f_enable_disable_twofactor_prompt_on_login(){
1010
+
1011
+ global $Mo2fdbQueries;
1012
+ $user = wp_get_current_user();
1013
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_2FA_prompt_on_login']);
1014
+ $auth_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1015
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-on-login-page-option-nonce' ) ) {
1016
+ $error = new WP_Error();
1017
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1018
+
1019
+ }
1020
+ $enable= sanitize_text_field($_POST['mo2f_enable_2fa_prompt_on_login']);
1021
+ if(!($auth_method == "Google Authenticator" || $auth_method =="miniOrange Soft Token" || $auth_method == "Authy Authenticator"))
1022
+ {
1023
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1024
+ if(!MO2F_IS_ONPREM)
1025
+ wp_send_json('false_method_cloud');
1026
+ else
1027
+ wp_send_json('false_method_onprem');
1028
+
1029
+ }
1030
+ else if($enable == 'true'){
1031
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page' , true);
1032
+ wp_send_json('true');
1033
+ }
1034
+ else{
1035
+ update_site_option('mo2f_enable_2fa_prompt_on_login_page' , false);
1036
+ wp_send_json('false');
1037
+ }
1038
+ }
1039
+
1040
+ function mo2f_enable_disable_inline(){
1041
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_enable_inline']);
1042
+
1043
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-enable-inline' ) ) {
1044
+ wp_send_json("error");
1045
+ }
1046
+ $enable = sanitize_text_field($_POST['mo2f_inline_registration']);
1047
+ if($enable == 'true'){
1048
+ update_site_option('mo2f_inline_registration' , 1);
1049
+ wp_send_json('true');
1050
+ }
1051
+ else{
1052
+ update_site_option('mo2f_inline_registration' , 0);
1053
+ wp_send_json('false');
1054
+ }
1055
+ }
1056
+ function mo2f_enable_disable_configurd_methods(){
1057
+ $nonce = sanitize_text_field($_POST['nonce']);
1058
+
1059
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce_configurd_methods' ) ) {
1060
+ wp_send_json_error("error");
1061
+ }
1062
+ $enable = sanitize_text_field($_POST['mo2f_nonce_enable_configured_methods']);
1063
+
1064
+ if($enable == 'true'){
1065
+ update_site_option('mo2f_nonce_enable_configured_methods' ,true);
1066
+ wp_send_json('true');
1067
+ }
1068
+ else{
1069
+ update_site_option('mo2f_nonce_enable_configured_methods' , false);
1070
+ wp_send_json('false');
1071
+ }
1072
+ }
1073
+
1074
+ function mo2f_role_based_2_factor(){
1075
+ if ( !wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce') ){
1076
+ wp_send_json('ERROR');
1077
+ return;
1078
+ }
1079
+ global $wp_roles;
1080
+ if (!isset($wp_roles))
1081
+ $wp_roles = new WP_Roles();
1082
+ foreach($wp_roles->role_names as $id => $name) {
1083
+ update_option('mo2fa_'.$id, 0);
1084
+ }
1085
+
1086
+ if(isset($_POST['enabledrole'])){
1087
+ $enabledrole = $_POST['enabledrole'];
1088
+ }
1089
+ else{
1090
+ $enabledrole = array();
1091
+ }
1092
+ foreach($enabledrole as $role){
1093
+ update_option($role, 1);
1094
+ }
1095
+ wp_send_json('true');
1096
+ return;
1097
+ }
1098
+ function mo2f_single_user()
1099
+ {
1100
+ if(!wp_verify_nonce($_POST['nonce'],'singleUserNonce'))
1101
+ {
1102
+ echo "NonceDidNotMatch";
1103
+ exit;
1104
+ }
1105
+ else
1106
+ {
1107
+ $current_user = wp_get_current_user();
1108
+ $current_userID = $current_user->ID;
1109
+ $miniorangeID = get_option( 'mo2f_miniorange_admin' );
1110
+ $is_customer_admin = $miniorangeID == $current_userID ? true : false;
1111
+
1112
+ if(is_null($miniorangeID) or $miniorangeID =='')
1113
+ $is_customer_admin = true;
1114
+
1115
+ if($is_customer_admin)
1116
+ {
1117
+ update_option('is_onprem', 0);
1118
+ wp_send_json('true');
1119
+ }
1120
+ else
1121
+ {
1122
+ $adminUser = get_user_by('id',$miniorangeID);
1123
+ $email = $adminUser->user_email;
1124
+ wp_send_json($email);
1125
+ }
1126
+
1127
+ }
1128
+ }
1129
+
1130
+ function mo2f_unlimitted_user()
1131
+ {
1132
+ if(!wp_verify_nonce($_POST['nonce'],'unlimittedUserNonce'))
1133
+ {
1134
+ echo "NonceDidNotMatch";
1135
+ exit;
1136
+ }
1137
+ else
1138
+ {
1139
+ if($_POST['enableOnPremise'] == 'on')
1140
+ {
1141
+ global $wp_roles;
1142
+ if (!isset($wp_roles))
1143
+ $wp_roles = new WP_Roles();
1144
+ foreach($wp_roles->role_names as $id => $name) {
1145
+ add_site_option('mo2fa_'.$id, 1);
1146
+ if($id == 'administrator'){
1147
+ add_option('mo2fa_'.$id.'_login_url',admin_url());
1148
+ }else{
1149
+ add_option('mo2fa_'.$id.'_login_url',home_url());
1150
+ }
1151
+ }
1152
+ echo "OnPremiseActive";
1153
+ exit;
1154
+ }
1155
+ else
1156
+ {
1157
+ echo "OnPremiseDeactive";
1158
+ exit;
1159
+ }
1160
+ }
1161
+ }
1162
+
1163
+ function mo2f_save_email_verification()
1164
+ {
1165
+
1166
+ if(!wp_verify_nonce($_POST['nonce'],'EmailVerificationSaveNonce'))
1167
+ {
1168
+ echo "NonceDidNotMatch";
1169
+ exit;
1170
+ }
1171
+ else
1172
+ {
1173
+ $user_id = get_current_user_id();
1174
+ $twofactor_transactions = new Mo2fDB;
1175
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
1176
+
1177
+ if($exceeded){
1178
+ echo "USER_LIMIT_EXCEEDED";
1179
+ exit;
1180
+ }
1181
+ $email = sanitize_email($_POST['email']);
1182
+ $currentMethod = sanitize_text_field($_POST['current_method']);
1183
+ $error = false;
1184
+
1185
+ $customer_key = get_site_option( 'mo2f_customerKey' );
1186
+ $api_key = get_site_option( 'mo2f_api_key' );
1187
+
1188
+
1189
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL))
1190
+ {
1191
+ $error = true;
1192
+ }
1193
+ if($email!='' && !$error)
1194
+ {
1195
+ global $Mo2fdbQueries;
1196
+ if($currentMethod == 'EmailVerification')
1197
+ {
1198
+
1199
+
1200
+
1201
+ if(MO2F_IS_ONPREM){
1202
+
1203
+ update_user_meta($user_id,'tempEmail',$email);
1204
+ $enduser = new Customer_Setup();
1205
+ $content = $enduser->send_otp_token($email,'OUT OF BAND EMAIL',$customer_key,$api_key);
1206
+ $decoded = json_decode($content,true);
1207
+ if($decoded['status'] == 'FAILED'){
1208
+ echo "smtpnotset";
1209
+ exit;
1210
+ }
1211
+
1212
+ update_user_meta($user_id,'Mo2fTxid',$decoded['txId']);
1213
+ $otpToken = '';
1214
+ $otpToken .= rand(0,9);
1215
+ update_user_meta($user_id,'Mo2fOtpToken',$otpToken);
1216
+
1217
+ }
1218
+
1219
+
1220
+
1221
+ //for cloud
1222
+ if(! MO2F_IS_ONPREM){
1223
+ $enduser = new Two_Factor_Setup();
1224
+ $enduser->mo2f_update_userinfo($email, "OUT OF BAND EMAIL",null,null,null);
1225
+ }
1226
+ // }
1227
+
1228
+ echo "settingsSaved";
1229
+ exit;
1230
+ }
1231
+ elseif ($currentMethod == 'OTPOverEmail')
1232
+ {
1233
+ update_user_meta($user_id,'tempEmail',$email);
1234
+ $enduser = new Customer_Setup();
1235
+ $content = $enduser->send_otp_token($email,"OTP Over Email",$customer_key,$api_key);
1236
+
1237
+ $decoded = json_decode($content,true);
1238
+ if($decoded['status'] == 'FAILED'){
1239
+
1240
+
1241
+ echo "smtpnotset";
1242
+ exit;
1243
+
1244
+ }
1245
+ MO2f_Utility::mo2f_debug_file('OTP has been sent successfully over Email');
1246
+ update_user_meta( $user_id, 'configure_2FA', 1 );
1247
+ update_user_meta($user_id,'Mo2fOtpOverEmailtxId',$decoded['txId']);
1248
+
1249
+
1250
+ }
1251
+ update_user_meta($user_id,'tempRegEmail',$email);
1252
+ echo "settingsSaved";
1253
+ exit;
1254
+ }
1255
+ else
1256
+ {
1257
+ echo "invalidEmail";
1258
+ exit;
1259
+ }
1260
+
1261
+ }
1262
+
1263
+ }
1264
+
1265
+ function CheckEVStatus()
1266
+ {
1267
+ if(isset($_POST['txid']))
1268
+ {
1269
+ $txid = sanitize_text_field($_POST['txid']);
1270
+ $status = get_site_option($txid);
1271
+ if($status ==1 || $status ==0)
1272
+ delete_site_option($_POST['txid']);
1273
+ echo esc_html($status);
1274
+ exit();
1275
+ }
1276
+ echo "empty txid";
1277
+ exit;
1278
+ }
1279
+
1280
+
1281
+ }
1282
+
1283
+ new mo_2f_ajax;
1284
+ ?>
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -1,1413 +1,1413 @@
1
- <?php
2
- class wpns_ajax
3
- {
4
- function __construct(){
5
- //add comment here
6
- add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
- add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
- }
9
-
10
- function mo_login_security_ajax(){
11
-
12
- add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
- add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
- add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
- }
16
-
17
- function mo2f_ajax(){
18
- $GLOBALS['mo2f_is_ajax_request'] = true;
19
- switch (sanitize_text_field(wp_unslash($_POST['mo2f_ajax_option']))) {
20
- case "mo2f_ajax_kba":
21
- $this->mo2f_ajax_kba();break;
22
- case "mo2f_ajax_login":
23
- $this->mo2f_ajax_login(); break;
24
- case "mo2f_ajax_otp":
25
- $this->mo2f_ajax_otp(); break;
26
- }
27
- }
28
- function mo2fa_elementor_ajax_fun()
29
- {
30
-
31
- if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
- $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
- wp_send_json('ERROR');
35
- }
36
- if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
- {
38
- $info = array();
39
- $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
- $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
- $info['remember'] = false;
42
- $user_signon = wp_signon($info, false);
43
- if (is_wp_error($user_signon)) {
44
- wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
- }
46
- }
47
- }
48
- }
49
- function wpns_login_security(){
50
- switch(sanitize_text_field(wp_unslash($_POST['wpns_loginsecurity_ajax'])))
51
- {
52
- case "wpns_bruteforce_form":
53
- $this->wpns_handle_bf_configuration_form(); break;
54
- case "wpns_save_captcha":
55
- $this->wpns_captcha_settings();break;
56
- case "save_strong_password":
57
- $this->wpns_strong_password_settings();break;
58
- case 'wpns_ManualIPBlock_form':
59
- $this->wpns_handle_IP_blocking();break;
60
- case 'wpns_WhitelistIP_form':
61
- $this->wpns_whitelist_ip(); break;
62
- case 'wpns_waf_settings_form':
63
- $this->wpns_waf_settings_form(); break;
64
- case 'wpns_waf_rate_limiting_form':
65
- $this->wpns_waf_rate_limiting_form(); break;
66
- case 'wpns_waf_realtime_ip_block_free':
67
- $this->wpns_waf_realtime_ip_block_free();break;
68
- case 'wpns_ip_lookup':
69
- $this->wpns_ip_lookup(); break;
70
- case 'wpns_all_plans':
71
- $this->wpns_all_plans(); break;
72
- case 'wpns_logout_form':
73
- $this->wpns_logout_form(); break;
74
- case 'wpns_check_transaction':
75
- $this->wpns_check_transaction(); break;
76
- case 'waf_settings_mail_form_notify':
77
- $this->waf_settings_mail_form_notify(); break;
78
- case 'waf_settings_IP_mail_form':
79
- $this->waf_settings_IP_mail_form();break;
80
- case 'update_plan':
81
- $this->update_plan(); break;
82
- }
83
- }
84
-
85
- function update_plan(){
86
- $mo2f_all_plannames = sanitize_text_field($_POST['planname']);
87
- $mo_2fa_plan_type = sanitize_text_field($_POST['planType']);
88
- update_site_option('mo2f_planname', $mo2f_all_plannames);
89
- if ($mo2f_all_plannames == 'addon_plan')
90
- {
91
- update_site_option('mo2f_planname', 'addon_plan');
92
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
- }
94
- elseif ($mo2f_all_plannames == '2fa_plan')
95
- {
96
- update_site_option('mo2f_planname', '2fa_plan');
97
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
- }
99
- }
100
-
101
-
102
- function mo2f_ajax_otp(){
103
- $obj = new Miniorange_Password_2Factor_Login();
104
- $obj->check_miniorange_soft_token($_POST);
105
- }
106
- function mo2f_ajax_kba(){
107
- $obj = new Miniorange_Password_2Factor_Login();
108
- $obj->check_kba_validation($_POST);
109
- }
110
-
111
- function wpns_check_transaction()
112
- {
113
- $customerT = new Customer_Cloud_Setup();
114
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option('mo2f_api_key'),'WP_OTP_VERIFICATION_PLUGIN)' ), true );
115
-
116
- if($content['status'] == 'SUCCESS')
117
- {
118
- update_site_option('mo2f_license_type','PREMIUM');
119
- }
120
- else
121
- {
122
- update_site_option('mo2f_license_type','DEMO');
123
- $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
- }
125
- if(isset($content['smsRemaining']))
126
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
- else if($content['status'] =='SUCCESS')
128
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
-
130
-
131
- if(isset($content['emailRemaining']))
132
- {
133
- $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
- if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
- {
136
- $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
- if($available_transaction>30)
138
- $currentTransaction = $currentTransaction-$available_transaction;
139
-
140
- update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
- update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
- }
143
-
144
- }
145
-
146
- }
147
-
148
- function mo2f_ajax_login()
149
- {
150
- if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
- {
152
- wp_send_json("ERROR");
153
- exit;
154
- }
155
- else
156
- {
157
- $username = sanitize_text_field($_POST['username']);
158
- $password = sanitize_text_field($_POST['password'] );
159
- apply_filters( 'authenticate', null, $username, $password );
160
- }
161
- }
162
- function wpns_logout_form()
163
- {
164
- global $moWpnsUtility;
165
- if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
- delete_option('mo2f_email');
167
- }
168
- delete_option('mo2f_customerKey');
169
- delete_option('mo2f_api_key');
170
- delete_option('mo2f_customer_token');
171
- delete_option('mo_wpns_transactionId');
172
- delete_site_option('EmailTransactionCurrent');
173
- delete_option('mo_wpns_registration_status');
174
- delete_option( 'mo_2factor_admin_registration_status' );
175
-
176
- $two_fa_settings = new Miniorange_Authentication();
177
- $two_fa_settings->mo_auth_deactivate();
178
-
179
- }
180
-
181
- function waf_settings_mail_form_notify()
182
- {
183
- $nonce = sanitize_text_field($_POST['nonce']);
184
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
- wp_send_json('ERROR');
186
- return;
187
- }
188
- if(isset($_POST['S_mail']))
189
- {
190
- $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
- update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
- wp_send_json('true');
193
- }
194
- else{
195
- wp_send_json('false');
196
-
197
- }
198
- }
199
- function waf_settings_IP_mail_form()
200
- {
201
- $nonce = sanitize_text_field($_POST['nonce']);
202
- if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
- wp_send_json('ERROR');
204
- return;
205
- }
206
- $mo2f_mail_noyifying_IP = sanitize_email($_POST['Smail']);
207
- update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
- if($mo2f_mail_noyifying_IP == "on"){
209
- wp_send_json('true');
210
- }
211
- else if($mo2f_mail_noyifying_IP == ""){
212
- wp_send_json('false');
213
- }
214
- }
215
- function wpns_all_plans()
216
- {
217
- $mo2f_all_plannames = sanitize_text_field($_POST['planname']);
218
- $mo_2fa_plan_type = sanitize_text_field($_POST['planType']);
219
- update_site_option('mo2f_planname', $mo2f_all_plannames);
220
- if ($mo2f_all_plannames == 'addon_plan')
221
- {
222
- update_site_option('mo2f_planname', 'addon_plan');
223
- update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
- }
225
- elseif ($mo2f_all_plannames == '2fa_plan')
226
- {
227
- update_site_option('mo2f_planname', '2fa_plan');
228
- update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
- }
230
- }
231
- function wpns_handle_bf_configuration_form(){
232
-
233
- $nonce = sanitize_text_field($_POST['nonce']);
234
- if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
- wp_send_json('ERROR');
236
- return;
237
- }
238
- $brute_force =sanitize_text_field($_POST['bf_enabled/disabled']);
239
- if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
- $login_attempts = sanitize_text_field($_POST['allwed_login_attempts']);
241
- $blocking_type = sanitize_text_field($_POST['time_of_blocking_type']);
242
- $blocking_value = isset($_POST['time_of_blocking_val']) ? sanitize_text_field($_POST['time_of_blocking_val']) : false;
243
- $show_login_attempts= sanitize_text_field($_POST['show_remaining_attempts']);
244
- if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
- if($brute_force == 'on' && $login_attempts == "" ){
246
- wp_send_json('empty');
247
- return;
248
- }
249
- update_option( 'mo2f_enable_brute_force' , $brute_force );
250
- update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
- update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
- update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
- update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
- if($brute_force == "on"){
255
- update_site_option('bruteforce_notification_option',1);
256
- wp_send_json('true');
257
- }
258
- else if($brute_force == ""){
259
- wp_send_json('false');
260
- }
261
-
262
- }
263
- function wpns_handle_IP_blocking()
264
- {
265
-
266
-
267
- global $mo2f_dirName;
268
- if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
269
- {
270
- echo "NonceDidNotMatch";
271
- exit;
272
- }
273
- else
274
- {
275
-
276
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
277
- }
278
-
279
- }
280
- function wpns_whitelist_ip()
281
- {
282
- global $mo2f_dirName;
283
- if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
284
- {
285
- echo "NonceDidNotMatch";
286
- exit;
287
- }
288
- else
289
- {
290
- include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
291
- }
292
- }
293
-
294
- function wpns_ip_lookup()
295
- {
296
-
297
-
298
-
299
- if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
300
- {
301
- echo "NonceDidNotMatch";
302
- exit;
303
- }
304
- else
305
- {
306
-
307
-
308
- $ip = $_POST['IP'];
309
- if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
310
- {
311
- echo("INVALID_IP_FORMAT");
312
- exit;
313
- }
314
- else if(! filter_var($ip, FILTER_VALIDATE_IP)){
315
- echo("INVALID_IP");
316
- exit;
317
- }
318
- $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$ip);
319
-
320
-
321
-
322
-
323
- if( !is_wp_error( $result ) ) {
324
- $result=json_decode(wp_remote_retrieve_body( $result), true);
325
- }
326
-
327
-
328
- try{
329
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
330
- $timeoffset = $timeoffset/3600;
331
-
332
- }catch(Exception $e){
333
- $result["geoplugin_timezone"]="";
334
- $timeoffset="";
335
- }
336
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
337
- if($result['geoplugin_request']==$ip) {
338
-
339
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
340
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
341
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
342
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
343
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
344
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
345
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
346
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
347
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
348
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
349
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
350
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
351
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
352
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
353
-
354
- $result['ipDetails'] = $ipLookUpTemplate;
355
- }else{
356
- $result["ipDetails"]["status"]="ERROR";
357
- }
358
- wp_send_json( $result );
359
- }
360
- }
361
- function wpns_waf_settings_form()
362
- {
363
- $dir_name = dirname(__FILE__);
364
- $dir_name1 = explode('wp-content', $dir_name);
365
- $dir_name = $dir_name1[0];
366
- $filepath = str_replace('\\', '/', $dir_name1[0]);
367
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
368
-
369
- if(!file_exists($fileName))
370
- {
371
- $file = fopen($fileName, "a+");
372
- $string = "<?php".PHP_EOL;
373
- $string .= '$SQL=1;'.PHP_EOL;
374
- $string .= '$XSS=1;'.PHP_EOL;
375
- $string .= '$RCE=0;'.PHP_EOL;
376
- $string .= '$LFI=0;'.PHP_EOL;
377
- $string .= '$RFI=0;'.PHP_EOL;
378
- $string .= '$RateLimiting=1;'.PHP_EOL;
379
- $string .= '$RequestsPMin=120;'.PHP_EOL;
380
- $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
381
- $string .= '?>'.PHP_EOL;
382
-
383
- fwrite($file, $string);
384
- fclose($file);
385
- }
386
- else
387
- {
388
- if(!is_writable($fileName) or !is_readable($fileName))
389
- {
390
- echo "FilePermissionDenied";
391
- exit;
392
- }
393
- }
394
-
395
- if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
396
- {
397
- var_dump("NonceDidNotMatch");
398
- exit;
399
- }
400
- else
401
- {
402
- switch (sanitize_text_field(wp_unslash($_POST['optionValue']))) {
403
- case "SQL":
404
- $this->savesql(); break;
405
- case "XSS":
406
- $this->savexss(); break;
407
- case "RCE":
408
- $this->saverce(); break;
409
- case "RFI":
410
- $this->saverfi(); break;
411
- case "LFI":
412
- $this->savelfi(); break;
413
- case "WAF":
414
- $this->saveWAF(); break;
415
- case "HWAF":
416
- $this->saveHWAF(); break;
417
- case "backupHtaccess":
418
- $this->backupHtaccess(); break;
419
- case "limitAttack":
420
- $this->limitAttack(); break;
421
- default:
422
- break;
423
- }
424
-
425
- }
426
-
427
- }
428
- function wpns_waf_realtime_ip_block_free()
429
- {
430
- $nonce = sanitize_text_field($_POST['nonce']);
431
- if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
432
- {
433
- echo "NonceDidNotMatch";
434
- exit;
435
- }
436
- else
437
- {
438
- $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
439
-
440
- if($mo2f_realtime_ip_block_free == 'on')
441
- {
442
- update_site_option('mo2f_realtime_ip_block_free',1);
443
- if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
444
- wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
445
- }
446
- wp_send_json('realtime_block_free_enable');
447
- }
448
- else
449
- {
450
- update_site_option('mo2f_realtime_ip_block_free',0);
451
- $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
452
- wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
453
- wp_send_json('realtime_block_free_disable');
454
- }
455
-
456
-
457
- }
458
-
459
- }
460
- function wpns_waf_rate_limiting_form()
461
- {
462
- if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
463
- {
464
- echo "NonceDidNotMatch";
465
- exit;
466
- }
467
- else
468
- {
469
- if(get_site_option('WAFEnabled') != 1)
470
- {
471
- echo "WAFNotEnabled";
472
- exit;
473
- }
474
-
475
- if($_POST['Requests']!='')
476
- {
477
- if(is_numeric($_POST['Requests']))
478
- {
479
- $dir_name = dirname(__FILE__);
480
- $dir_name1 = explode('wp-content', $dir_name);
481
- $dir_name = $dir_name1[0];
482
- $filepath = str_replace('\\', '/', $dir_name1[0]);
483
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
484
-
485
- $file = file_get_contents($fileName);
486
- $data = $file;
487
-
488
- $req = sanitize_text_field($_POST['Requests']);
489
- if($req >1)
490
- {
491
- update_option('Rate_request',$req);
492
- if(isset($_POST['rateCheck']))
493
- {
494
- if(sanitize_text_field($_POST['rateCheck']) == 'on')
495
- {
496
- update_option('Rate_limiting','1');
497
- echo "RateEnabled";
498
- if(strpos($file, 'RateLimiting')!=false)
499
- {
500
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
501
- $data = $file;
502
- file_put_contents($fileName,$file);
503
-
504
- }
505
- else
506
- {
507
- $content = explode('?>', $file);
508
- $file = $content[0];
509
- $file .= PHP_EOL;
510
- $file .= '$RateLimiting=1;'.PHP_EOL;
511
- $file .='?>';
512
- file_put_contents($fileName,$file);
513
- $data = $file;
514
- }
515
-
516
-
517
- }
518
- }
519
- else
520
- {
521
- update_option('Rate_limiting','0');
522
- echo "Ratedisabled";
523
- if(strpos($file, 'RateLimiting')!=false)
524
- {
525
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
526
- $data = $file;
527
- file_put_contents($fileName,$file);
528
- }
529
- else
530
- {
531
- $content = explode('?>', $file);
532
- $file = $content[0];
533
- $file .= PHP_EOL;
534
- $file .= '$RateLimiting=0;'.PHP_EOL;
535
- $file .='?>';
536
- file_put_contents($fileName,$file);
537
- $data = $file;
538
- }
539
-
540
- }
541
-
542
-
543
- $file = $data;
544
- if(strpos($file, 'RequestsPMin')!=false)
545
- {
546
- $content = explode(PHP_EOL, $file);
547
- $con = '';
548
- $len = sizeof($content);
549
-
550
- for($i=0;$i<$len;$i++)
551
- {
552
- if(strpos($content[$i], 'RequestsPMin')!=false)
553
- {
554
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
555
- }
556
- else
557
- {
558
- $con .= $content[$i].PHP_EOL;
559
- }
560
- }
561
-
562
- file_put_contents($fileName,$con);
563
- $data = $con;
564
-
565
- }
566
-
567
- else
568
- {
569
- $content = explode('?>', $file);
570
- $file = $content[0];
571
- $file .= PHP_EOL;
572
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
573
- $file .='?>';
574
- file_put_contents($fileName,$file);
575
- $data = $file;
576
- }
577
-
578
- if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
579
- {
580
- update_option('actionRateL',1);
581
-
582
- $file = $data;
583
- if(strpos($file, 'actionRateL')!=false)
584
- {
585
- $content = explode(PHP_EOL, $file);
586
- $con = '';
587
- foreach ($content as $line => $lineV) {
588
- if(strpos($lineV, 'actionRateL')!=false)
589
- {
590
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
591
- }
592
- else
593
- {
594
- $con .= $lineV.PHP_EOL;
595
- }
596
- }
597
- file_put_contents($fileName,$con);
598
- }
599
- else
600
- {
601
- $content = explode('?>', $file);
602
- $file = $content[0];
603
- $file .= PHP_EOL;
604
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
605
- $file .='?>';
606
- file_put_contents($fileName,$file);
607
- $file = $data;
608
- }
609
- }
610
- else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
611
- {
612
-
613
- $file = $data;
614
- update_option('actionRateL',0);
615
- if(strpos($file, 'actionRateL')!=false)
616
- {
617
- $content = explode(PHP_EOL, $file);
618
- $con = '';
619
- foreach ($content as $line => $lineV) {
620
- if(strpos($lineV, 'actionRateL')!=false)
621
- {
622
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
623
- }
624
- else
625
- {
626
- $con .= $lineV.PHP_EOL;
627
- }
628
- }
629
- file_put_contents($fileName,$con);
630
- }
631
- else
632
- {
633
- $content = explode('?>', $file);
634
- $file = $content[0];
635
- $file .= PHP_EOL;
636
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
637
- $file .='?>';
638
- file_put_contents($fileName,$file);
639
- }
640
- }
641
-
642
- }
643
- exit;
644
- }
645
-
646
-
647
-
648
- }
649
- echo("Error");
650
- exit;
651
- }
652
-
653
-
654
- }
655
-
656
- private function saveWAF()
657
- {
658
- if(isset($_POST['pluginWAF']))
659
- {
660
- if($_POST['pluginWAF']=='on')
661
- {
662
- update_option('WAF','PluginLevel');
663
- update_option('WAFEnabled','1');
664
- echo("PWAFenabled");exit;
665
- }
666
- }
667
- else
668
- {
669
- update_option('WAFEnabled','0');
670
- update_option('WAF','wafDisable');
671
- echo("PWAFdisabled");exit;
672
- }
673
- }
674
- private function saveHWAF()
675
- {
676
- if(!function_exists('mysqli_connect'))
677
- {
678
- echo "mysqliDoesNotExit";
679
- exit;
680
- }
681
- if(isset($_POST['htaccessWAF']))
682
- {
683
- if($_POST['htaccessWAF']=='on')
684
- {
685
- update_option('WAF','HtaccessLevel');
686
- update_option('WAFEnabled','1');
687
- $dir_name = dirname(__FILE__);
688
- $dirN = $dir_name;
689
- $dirN = str_replace('\\', '/', $dirN);
690
- $dirN = str_replace('controllers', 'handler', $dirN);
691
-
692
- $dir_name1 = explode('wp-content', $dir_name);
693
- $dir_name = $dir_name1[0];
694
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
695
- $dir_name .='.htaccess';
696
- $file = file_get_contents($dir_name);
697
- if(strpos($file, 'php_value auto_prepend_file')!=false)
698
- {
699
- echo("WAFConflicts");
700
- exit;
701
- }
702
-
703
- $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
704
- $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
705
- $cont .= '# END miniOrange WAF'.PHP_EOL;
706
- file_put_contents($dir_name, $cont);
707
-
708
- $filecontent = file_get_contents($dir_name);
709
-
710
- $dir_name = dirname(__FILE__);
711
- $dir_name1 = explode('wp-content', $dir_name);
712
- $dir_name = $dir_name1[0];
713
- $filepath = str_replace('\\', '/', $dir_name1[0]);
714
- $fileName = $filepath.'mo-check.php';
715
- $file = fopen($fileName, 'w+');
716
- $dir_name = dirname(__FILE__);
717
- $filepath = str_replace('\\', '/', $dir_name);
718
- $filepath = explode('controllers', $filepath);
719
- $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
720
-
721
- $string = '<?php'.PHP_EOL;
722
- $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
723
- $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
724
- $string .= '?>'.PHP_EOL;
725
-
726
- fwrite($file, $string);
727
- fclose($file);
728
-
729
- if(strpos($filecontent,'mo-check.php')!=false)
730
- {
731
- echo "HWAFEnabled";
732
- exit;
733
- }
734
- else
735
- {
736
- echo "HWAFEnabledFailed";
737
- exit;
738
- }
739
- }
740
- }
741
- else
742
- {
743
- update_option('WAF','wafDisable');
744
- if(isset($_POST['pluginWAF']))
745
- {
746
- if($_POST['pluginWAF'] == 'on')
747
- {
748
- update_option('WAFEnabled',1);
749
- update_option('WAF','PluginLevel');
750
- }
751
- }
752
- else
753
- update_option('WAFEnabled',0);
754
- $dir_name = dirname(__FILE__);
755
- $dirN = $dir_name;
756
- $dirN = str_replace('\\', '/', $dirN);
757
- $dirN = explode('wp-content', $dirN);
758
- $dir_name1 = explode('wp-content', $dir_name);
759
- $dir_name = $dir_name1[0];
760
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
761
- $dir_name00 = $dir_name1;
762
- $dir_name1 .='.htaccess';
763
- $file = file_get_contents($dir_name1);
764
-
765
- $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
766
- $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
767
- $cont .= '# END miniOrange WAF'.PHP_EOL;
768
- $file =str_replace($cont,'',$file);
769
- file_put_contents($dir_name1, $file);
770
-
771
- $filecontent = file_get_contents($dir_name1);
772
- if(strpos($filecontent,'mo-check.php')==false)
773
- {
774
- echo "HWAFdisabled";
775
- exit;
776
- }
777
- else
778
- {
779
- echo "HWAFdisabledFailed";
780
- exit;
781
- }
782
- }
783
-
784
-
785
- }
786
- private function savesql()
787
- {
788
- if(isset($_POST['SQL']))
789
- {
790
- if($_POST['SQL']=='on')
791
- {
792
- update_option('SQLInjection',1);
793
- $dir_name = dirname(__FILE__);
794
- $dir_name1 = explode('wp-content', $dir_name);
795
- $dir_name = $dir_name1[0];
796
- $filepath = str_replace('\\', '/', $dir_name1[0]);
797
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
798
-
799
- $file = file_get_contents($fileName);
800
- if(strpos($file, 'SQL')!=false)
801
- {
802
- $file = str_replace('$SQL=0;', '$SQL=1;', $file);
803
- file_put_contents($fileName,$file);
804
- }
805
- else
806
- {
807
- $content = explode('?>', $file);
808
- $file = $content[0];
809
- $file .= PHP_EOL;
810
- $file .= '$SQL=1;'.PHP_EOL;
811
- $file .='?>';
812
- file_put_contents($fileName,$file);
813
- }
814
- echo("SQLenable");
815
- exit;
816
-
817
- }
818
- }
819
- else
820
- {
821
- update_option('SQLInjection',0);
822
-
823
- $dir_name = dirname(__FILE__);
824
- $dir_name1 = explode('wp-content', $dir_name);
825
- $dir_name = $dir_name1[0];
826
- $filepath = str_replace('\\', '/', $dir_name1[0]);
827
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
828
-
829
- $file = file_get_contents($fileName);
830
- if(strpos($file, '$SQL')!=false)
831
- {
832
- $file = str_replace('$SQL=1;', '$SQL=0;', $file);
833
- file_put_contents($fileName,$file);
834
- }
835
- else
836
- {
837
- $content = explode('?>', $file);
838
- $file = $content[0];
839
- $file .= PHP_EOL;
840
- $file .= '$SQL=0;'.PHP_EOL;
841
- $file .='?>';
842
- file_put_contents($fileName,$file);
843
- }
844
-
845
- echo("SQLdisable");
846
- exit;
847
-
848
- }
849
-
850
- }
851
- private function saverce()
852
- {
853
- if(isset($_POST['RCE']))
854
- {
855
- if($_POST['RCE']=='on')
856
- {
857
- update_option('RCEAttack',1);
858
-
859
- $dir_name = dirname(__FILE__);
860
- $dir_name1 = explode('wp-content', $dir_name);
861
- $dir_name = $dir_name1[0];
862
- $filepath = str_replace('\\', '/', $dir_name1[0]);
863
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
864
-
865
- $file = file_get_contents($fileName);
866
- if(strpos($file, 'RCE')!=false)
867
- {
868
- $file = str_replace('$RCE=0;', '$RCE=1;', $file);
869
- file_put_contents($fileName,$file);
870
- }
871
- else
872
- {
873
- $content = explode('?>', $file);
874
- $file = $content[0];
875
- $file .= PHP_EOL;
876
- $file .= '$RCE=1;'.PHP_EOL;
877
- $file .='?>';
878
- file_put_contents($fileName,$file);
879
- }
880
- echo("RCEenable");
881
- exit;
882
- }
883
- }
884
- else
885
- {
886
- update_option('RCEAttack',0);
887
-
888
- $dir_name = dirname(__FILE__);
889
- $dir_name1 = explode('wp-content', $dir_name);
890
- $dir_name = $dir_name1[0];
891
- $filepath = str_replace('\\', '/', $dir_name1[0]);
892
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
893
-
894
- $file = file_get_contents($fileName);
895
- if(strpos($file, '$RCE')!=false)
896
- {
897
- $file = str_replace('$RCE=1;', '$RCE=0;', $file);
898
- file_put_contents($fileName,$file);
899
- }
900
- else
901
- {
902
- $content = explode('?>', $file);
903
- $file = $content[0];
904
- $file .= PHP_EOL;
905
- $file .= '$RCE=0;'.PHP_EOL;
906
- $file .='?>';
907
- file_put_contents($fileName,$file);
908
- }
909
- echo("RCEdisable");
910
- exit;
911
-
912
- }
913
-
914
- }
915
- private function savexss()
916
- {
917
- if(isset($_POST['XSS']))
918
- {
919
- if($_POST['XSS']=='on')
920
- {
921
- update_option('XSSAttack',1);
922
- $dir_name = dirname(__FILE__);
923
- $dir_name1 = explode('wp-content', $dir_name);
924
- $dir_name = $dir_name1[0];
925
- $filepath = str_replace('\\', '/', $dir_name1[0]);
926
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
927
-
928
- $file = file_get_contents($fileName);
929
- if(strpos($file, 'XSS')!=false)
930
- {
931
- $file = str_replace('$XSS=0;', '$XSS=1;', $file);
932
- file_put_contents($fileName,$file);
933
- }
934
- else
935
- {
936
- $content = explode('?>', $file);
937
- $file = $content[0];
938
- $file .= PHP_EOL;
939
- $file .= '$XSS=1;'.PHP_EOL;
940
- $file .='?>';
941
- file_put_contents($fileName,$file);
942
- }
943
- echo("XSSenable");
944
- exit;
945
- }
946
- }
947
- else
948
- {
949
- update_option('XSSAttack',0);
950
- $dir_name = dirname(__FILE__);
951
- $dir_name1 = explode('wp-content', $dir_name);
952
- $dir_name = $dir_name1[0];
953
- $filepath = str_replace('\\', '/', $dir_name1[0]);
954
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
955
-
956
- $file = file_get_contents($fileName);
957
- if(strpos($file, '$XSS')!=false)
958
- {
959
- $file = str_replace('$XSS=1;', '$XSS=0;', $file);
960
- file_put_contents($fileName,$file);
961
- }
962
- else
963
- {
964
- $content = explode('?>', $file);
965
- $file = $content[0];
966
- $file .= PHP_EOL;
967
- $file .= '$XSS=0;'.PHP_EOL;
968
- $file .='?>';
969
- file_put_contents($fileName,$file);
970
- }
971
- echo("XSSdisable");
972
- exit;
973
- }
974
-
975
- }
976
- private function savelfi()
977
- {
978
- if(isset($_POST['LFI']))
979
- {
980
- if($_POST['LFI']=='on')
981
- {
982
- update_option('LFIAttack',1);
983
- $dir_name = dirname(__FILE__);
984
- $dir_name1 = explode('wp-content', $dir_name);
985
- $dir_name = $dir_name1[0];
986
- $filepath = str_replace('\\', '/', $dir_name1[0]);
987
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
988
-
989
- $file = file_get_contents($fileName);
990
- if(strpos($file, 'LFI')!=false)
991
- {
992
- $file = str_replace("LFI=0;", "LFI=1;", $file);
993
- file_put_contents($fileName,$file);
994
- }
995
- else
996
- {
997
- $content = explode('?>', $file);
998
- $file = $content[0];
999
- $file .= PHP_EOL;
1000
- $file .= '$LFI=1;'.PHP_EOL;
1001
- $file .='?>';
1002
- file_put_contents($fileName,$file);
1003
- }
1004
- $file = file_get_contents($fileName);
1005
-
1006
- echo("LFIenable");
1007
- exit;
1008
- }
1009
- }
1010
- else
1011
- {
1012
- update_option('LFIAttack',0);
1013
- $dir_name = dirname(__FILE__);
1014
- $dir_name1 = explode('wp-content', $dir_name);
1015
- $dir_name = $dir_name1[0];
1016
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1017
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1018
-
1019
- $file = file_get_contents($fileName);
1020
- if(strpos($file, '$LFI')!=false)
1021
- {
1022
- $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1023
- file_put_contents($fileName,$file);
1024
- }
1025
- else
1026
- {
1027
- $content = explode('?>', $file);
1028
- $file = $content[0];
1029
- $file .= PHP_EOL;
1030
- $file .= '$LFI=0;'.PHP_EOL;
1031
- $file .='?>';
1032
- file_put_contents($fileName,$file);
1033
- }
1034
- echo("LFIdisable");
1035
- exit;
1036
- }
1037
-
1038
- }
1039
- private function saverfi()
1040
- {
1041
- if(isset($_POST['RFI']))
1042
- {
1043
- if($_POST['RFI']=='on')
1044
- {
1045
- update_option('RFIAttack',1);
1046
- $dir_name = dirname(__FILE__);
1047
- $dir_name1 = explode('wp-content', $dir_name);
1048
- $dir_name = $dir_name1[0];
1049
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1050
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1051
-
1052
- $file = file_get_contents($fileName);
1053
- if(strpos($file, 'RFI')!=false)
1054
- {
1055
- $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1056
- file_put_contents($fileName,$file);
1057
- }
1058
- else
1059
- {
1060
- $content = explode('?>', $file);
1061
- $file = $content[0];
1062
- $file .= PHP_EOL;
1063
- $file .= '$RFI=1;'.PHP_EOL;
1064
- $file .='?>';
1065
- file_put_contents($fileName,$file);
1066
- }
1067
- echo("RFIenable");
1068
- exit;
1069
- }
1070
- }
1071
- else
1072
- {
1073
- update_option('RFIAttack',0);
1074
- $dir_name = dirname(__FILE__);
1075
- $dir_name1 = explode('wp-content', $dir_name);
1076
- $dir_name = $dir_name1[0];
1077
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1078
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1079
-
1080
- $file = file_get_contents($fileName);
1081
- if(strpos($file, '$RFI')!=false)
1082
- {
1083
- $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1084
- file_put_contents($fileName,$file);
1085
- }
1086
- else
1087
- {
1088
- $content = explode('?>', $file);
1089
- $file = $content[0];
1090
- $file .= PHP_EOL;
1091
- $file .= '$RFI=0;'.PHP_EOL;
1092
- $file .='?>';
1093
- file_put_contents($fileName,$file);
1094
- }
1095
- echo("RFIdisable");
1096
- exit;
1097
- }
1098
-
1099
- }
1100
- private function saveRateL()
1101
- {
1102
-
1103
- if($_POST['time']!='' && $_POST['req']!='')
1104
- {
1105
- if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1106
- {
1107
- $dir_name = dirname(__FILE__);
1108
- $dir_name1 = explode('wp-content', $dir_name);
1109
- $dir_name = $dir_name1[0];
1110
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1111
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1112
-
1113
- $file = file_get_contents($fileName);
1114
- $data = $file;
1115
- $time = sanitize_text_field($_POST['time']);
1116
- $req = sanitize_text_field($_POST['req']);
1117
- if($time>0 && $req >0)
1118
- {
1119
- update_option('Rate_time',$time);
1120
- update_option('Rate_request',$req);
1121
- update_option('Rate_limiting','1');
1122
-
1123
- if(strpos($file, 'RateLimiting')!=false)
1124
- {
1125
- $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1126
- $data = $file;
1127
- file_put_contents($fileName,$file);
1128
- }
1129
- else
1130
- {
1131
- $content = explode('?>', $file);
1132
- $file = $content[0];
1133
- $file .= PHP_EOL;
1134
- $file .= '$RateLimiting=1;'.PHP_EOL;
1135
- $file .='?>';
1136
- file_put_contents($fileName,$file);
1137
- $data = $file;
1138
- }
1139
-
1140
- $file = $data;
1141
- if(strpos($file, 'RequestsPMin')!=false)
1142
- {
1143
- $content = explode(PHP_EOL, $file);
1144
- $con = '';
1145
- $len = sizeof($content);
1146
-
1147
- for($i=0;$i<$len;$i++)
1148
- {
1149
- if(strpos($content[$i], 'RequestsPMin')!=false)
1150
- {
1151
- $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1152
- }
1153
- else
1154
- {
1155
- $con .= $content[$i].PHP_EOL;
1156
- }
1157
- }
1158
-
1159
- file_put_contents($fileName,$con);
1160
- $data = $con;
1161
-
1162
- }
1163
-
1164
- else
1165
- {
1166
- $content = explode('?>', $file);
1167
- $file = $content[0];
1168
- $file .= PHP_EOL;
1169
- $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1170
- $file .='?>';
1171
- file_put_contents($fileName,$file);
1172
- $data = $file;
1173
- }
1174
-
1175
-
1176
-
1177
- if($_POST['action']=='BlockIP')
1178
- {
1179
- update_option('actionRateL',1);
1180
-
1181
- $file = $data;
1182
- if(strpos($file, 'actionRateL')!=false)
1183
- {
1184
- $content = explode(PHP_EOL, $file);
1185
- $con = '';
1186
- foreach ($content as $line => $lineV) {
1187
- if(strpos($lineV, 'actionRateL')!=false)
1188
- {
1189
- $con.='$actionRateL="BlockIP";'.PHP_EOL;
1190
- }
1191
- else
1192
- {
1193
- $con .= $lineV.PHP_EOL;
1194
- }
1195
- }
1196
- file_put_contents($fileName,$con);
1197
- }
1198
- else
1199
- {
1200
- $content = explode('?>', $file);
1201
- $file = $content[0];
1202
- $file .= PHP_EOL;
1203
- $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1204
- $file .='?>';
1205
- file_put_contents($fileName,$file);
1206
- $file = $data;
1207
- }
1208
- }
1209
- elseif($_POST['action']=='ThrottleIP')
1210
- {
1211
- $file = $data;
1212
- update_option('actionRateL',0);
1213
- if(strpos($file, 'actionRateL')!=false)
1214
- {
1215
- $content = explode(PHP_EOL, $file);
1216
- $con = '';
1217
- foreach ($content as $line => $lineV) {
1218
- if(strpos($lineV, 'actionRateL')!=false)
1219
- {
1220
- $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1221
- }
1222
- else
1223
- {
1224
- $con .= $lineV.PHP_EOL;
1225
- }
1226
- }
1227
- file_put_contents($fileName,$con);
1228
- }
1229
- else
1230
- {
1231
- $content = explode('?>', $file);
1232
- $file = $content[0];
1233
- $file .= PHP_EOL;
1234
- $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1235
- $file .='?>';
1236
- file_put_contents($fileName,$file);
1237
- }
1238
- }
1239
-
1240
- }
1241
-
1242
- }
1243
-
1244
- }
1245
-
1246
- }
1247
- private function disableRL()
1248
- {
1249
- update_option('Rate_limiting',0);
1250
-
1251
- $dir_name = dirname(__FILE__);
1252
- $dir_name1 = explode('wp-content', $dir_name);
1253
- $dir_name = $dir_name1[0];
1254
- $filepath = str_replace('\\', '/', $dir_name1[0]);
1255
- $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1256
- $file = file_get_contents($fileName);
1257
-
1258
- if(strpos($file, 'RateLimiting')!=false)
1259
- {
1260
- $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1261
- file_put_contents($fileName,$file);
1262
- }
1263
- else
1264
- {
1265
- $content = explode('?>', $file);
1266
- $file = $content[0];
1267
- $file .= PHP_EOL;
1268
- $file .= '$RateLimiting=0;'.PHP_EOL;
1269
- $file .='?>';
1270
- file_put_contents($fileName,$file);
1271
- }
1272
-
1273
- }
1274
- private function backupHtaccess()
1275
- {
1276
- if(isset($_POST['htaccessWAF']))
1277
- {
1278
- if($_POST['htaccessWAF']=='on')
1279
- {
1280
- $dir_name = dirname(__FILE__);
1281
- $dirN = $dir_name;
1282
- $dirN = str_replace('\\', '/', $dirN);
1283
- $dir_name1 = explode('wp-content', $dir_name);
1284
- $dir_name = $dir_name1[0];
1285
- $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1286
- $dir_name =$dir_name1.'.htaccess';
1287
- $file = file_get_contents($dir_name);
1288
- $dir_backup = $dir_name1.'htaccess';
1289
- $handle = fopen($dir_backup, 'c+');
1290
- fwrite($handle,$file);
1291
- }
1292
- }
1293
- }
1294
- private function limitAttack()
1295
- {
1296
- if(isset($_POST['limitAttack']))
1297
- {
1298
- $value = sanitize_text_field($_POST['limitAttack']);
1299
- if($value>1)
1300
- {
1301
- update_option('limitAttack',$value);
1302
- echo "limitSaved";
1303
- exit;
1304
- }
1305
- else
1306
- {
1307
- echo "limitIsLT1";
1308
- exit;
1309
- }
1310
-
1311
- }
1312
- }
1313
-
1314
-
1315
-
1316
- function wpns_captcha_settings(){
1317
-
1318
- $nonce=sanitize_text_field($_POST['nonce']);
1319
- if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1320
- wp_send_json('ERROR');
1321
- return;
1322
- }
1323
-
1324
- $site_key = sanitize_text_field($_POST['site_key']);
1325
- $secret_key = sanitize_text_field($_POST['secret_key']);
1326
- $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1327
- $login_form_captcha = sanitize_text_field($_POST['login_form']);
1328
- $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1329
-
1330
- if((isset($_POST['version'])))
1331
- {
1332
- $mo2f_g_version = sanitize_text_field($_POST['version']);
1333
- }
1334
- else $mo2f_g_version='reCAPTCHA_v3';
1335
-
1336
- if($enable_captcha == 'true') $enable_captcha = "on";
1337
- else if($enable_captcha == 'false') $enable_captcha = "";
1338
-
1339
- if($login_form_captcha == 'true') $login_form_captcha = "on";
1340
- else if($login_form_captcha == 'false') $login_form_captcha = "";
1341
-
1342
- if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1343
- else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1344
-
1345
- if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1346
- wp_send_json('empty');
1347
- return;
1348
- }
1349
-
1350
-
1351
- if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1352
- wp_send_json('version_select');
1353
- return;
1354
- }
1355
- if($mo2f_g_version=='reCAPTCHA_v2')
1356
- {
1357
-
1358
- update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1359
- update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1360
- }
1361
- if($mo2f_g_version=='reCAPTCHA_v3')
1362
- {
1363
-
1364
- update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1365
- update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1366
- }
1367
-
1368
- update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1369
- update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1370
-
1371
-
1372
- if($enable_captcha == "on"){
1373
- update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1374
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1375
- update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1376
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1377
- update_site_option('recaptcha_notification_option',1);
1378
- wp_send_json('true');
1379
- }
1380
- else if($enable_captcha == ""){
1381
- update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1382
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1383
- update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1384
- update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1385
- wp_send_json('false');
1386
- }
1387
-
1388
- }
1389
-
1390
- function wpns_strong_password_settings(){
1391
- $nonce = $_POST['nonce'];
1392
- if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1393
- wp_send_json('ERROR');
1394
- return;
1395
- }
1396
- $enable_strong_pass = $_POST['enable_strong_pass'];
1397
- if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1398
- $strong_pass_accounts = $_POST['accounts_strong_pass'];
1399
- update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1400
- update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1401
- if($enable_strong_pass){
1402
- update_option('mo_wpns_enable_rename_login_url',"");
1403
- wp_send_json('true');
1404
- }
1405
- else{
1406
- wp_send_json('false');
1407
- }
1408
- }
1409
-
1410
- }
1411
- new wpns_ajax;
1412
-
1413
- ?>
1
+ <?php
2
+ class wpns_ajax
3
+ {
4
+ function __construct(){
5
+ //add comment here
6
+ add_action( 'admin_init' , array( $this, 'mo_login_security_ajax' ) );
7
+ add_action('init', array( $this, 'mo2fa_elementor_ajax_fun' ));
8
+ }
9
+
10
+ function mo_login_security_ajax(){
11
+
12
+ add_action( 'wp_ajax_wpns_login_security', array($this,'wpns_login_security') );
13
+ add_action( 'wp_ajax_mo2f_ajax', array($this,'mo2f_ajax') );
14
+ add_action( 'wp_ajax_nopriv_mo2f_ajax', array($this,'mo2f_ajax') );
15
+ }
16
+
17
+ function mo2f_ajax(){
18
+ $GLOBALS['mo2f_is_ajax_request'] = true;
19
+ switch (sanitize_text_field(wp_unslash($_POST['mo2f_ajax_option']))) {
20
+ case "mo2f_ajax_kba":
21
+ $this->mo2f_ajax_kba();break;
22
+ case "mo2f_ajax_login":
23
+ $this->mo2f_ajax_login(); break;
24
+ case "mo2f_ajax_otp":
25
+ $this->mo2f_ajax_otp(); break;
26
+ }
27
+ }
28
+ function mo2fa_elementor_ajax_fun()
29
+ {
30
+
31
+ if (isset( $_POST['miniorange_elementor_login_nonce'])){
32
+ $nonce = sanitize_text_field($_POST['miniorange_elementor_login_nonce']);
33
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ){
34
+ wp_send_json('ERROR');
35
+ }
36
+ if(isset($_POST['mo2fa_elementor_user_password']) && !empty($_POST['mo2fa_elementor_user_password']) && isset($_POST['mo2fa_elementor_user_name']))
37
+ {
38
+ $info = array();
39
+ $info['user_login'] = sanitize_text_field($_POST['mo2fa_elementor_user_name']);
40
+ $info['user_password'] = $_POST['mo2fa_elementor_user_password'];
41
+ $info['remember'] = false;
42
+ $user_signon = wp_signon($info, false);
43
+ if (is_wp_error($user_signon)) {
44
+ wp_send_json(array('loggedin'=>false, 'message'=>__('Wrong username or password.')));
45
+ }
46
+ }
47
+ }
48
+ }
49
+ function wpns_login_security(){
50
+ switch(sanitize_text_field(wp_unslash($_POST['wpns_loginsecurity_ajax'])))
51
+ {
52
+ case "wpns_bruteforce_form":
53
+ $this->wpns_handle_bf_configuration_form(); break;
54
+ case "wpns_save_captcha":
55
+ $this->wpns_captcha_settings();break;
56
+ case "save_strong_password":
57
+ $this->wpns_strong_password_settings();break;
58
+ case 'wpns_ManualIPBlock_form':
59
+ $this->wpns_handle_IP_blocking();break;
60
+ case 'wpns_WhitelistIP_form':
61
+ $this->wpns_whitelist_ip(); break;
62
+ case 'wpns_waf_settings_form':
63
+ $this->wpns_waf_settings_form(); break;
64
+ case 'wpns_waf_rate_limiting_form':
65
+ $this->wpns_waf_rate_limiting_form(); break;
66
+ case 'wpns_waf_realtime_ip_block_free':
67
+ $this->wpns_waf_realtime_ip_block_free();break;
68
+ case 'wpns_ip_lookup':
69
+ $this->wpns_ip_lookup(); break;
70
+ case 'wpns_all_plans':
71
+ $this->wpns_all_plans(); break;
72
+ case 'wpns_logout_form':
73
+ $this->wpns_logout_form(); break;
74
+ case 'wpns_check_transaction':
75
+ $this->wpns_check_transaction(); break;
76
+ case 'waf_settings_mail_form_notify':
77
+ $this->waf_settings_mail_form_notify(); break;
78
+ case 'waf_settings_IP_mail_form':
79
+ $this->waf_settings_IP_mail_form();break;
80
+ case 'update_plan':
81
+ $this->update_plan(); break;
82
+ }
83
+ }
84
+
85
+ function update_plan(){
86
+ $mo2f_all_plannames = sanitize_text_field($_POST['planname']);
87
+ $mo_2fa_plan_type = sanitize_text_field($_POST['planType']);
88
+ update_site_option('mo2f_planname', $mo2f_all_plannames);
89
+ if ($mo2f_all_plannames == 'addon_plan')
90
+ {
91
+ update_site_option('mo2f_planname', 'addon_plan');
92
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
93
+ }
94
+ elseif ($mo2f_all_plannames == '2fa_plan')
95
+ {
96
+ update_site_option('mo2f_planname', '2fa_plan');
97
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
98
+ }
99
+ }
100
+
101
+
102
+ function mo2f_ajax_otp(){
103
+ $obj = new Miniorange_Password_2Factor_Login();
104
+ $obj->check_miniorange_soft_token($_POST);
105
+ }
106
+ function mo2f_ajax_kba(){
107
+ $obj = new Miniorange_Password_2Factor_Login();
108
+ $obj->check_kba_validation($_POST);
109
+ }
110
+
111
+ function wpns_check_transaction()
112
+ {
113
+ $customerT = new Customer_Cloud_Setup();
114
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option('mo2f_api_key'),'WP_OTP_VERIFICATION_PLUGIN)' ), true );
115
+
116
+ if($content['status'] == 'SUCCESS')
117
+ {
118
+ update_site_option('mo2f_license_type','PREMIUM');
119
+ }
120
+ else
121
+ {
122
+ update_site_option('mo2f_license_type','DEMO');
123
+ $content = json_decode( $customerT->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),'DEMO' ), true );
124
+ }
125
+ if(isset($content['smsRemaining']))
126
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$content['smsRemaining']);
127
+ else if($content['status'] =='SUCCESS')
128
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',0);
129
+
130
+
131
+ if(isset($content['emailRemaining']))
132
+ {
133
+ $available_transaction = get_site_option('EmailTransactionCurrent', 30);
134
+ if($content['emailRemaining']>$available_transaction and $content['emailRemaining']>10)
135
+ {
136
+ $currentTransaction = $content['emailRemaining']+get_site_option('cmVtYWluaW5nT1RQ');
137
+ if($available_transaction>30)
138
+ $currentTransaction = $currentTransaction-$available_transaction;
139
+
140
+ update_site_option('cmVtYWluaW5nT1RQ',$currentTransaction);
141
+ update_site_option('EmailTransactionCurrent',$content['emailRemaining']);
142
+ }
143
+
144
+ }
145
+
146
+ }
147
+
148
+ function mo2f_ajax_login()
149
+ {
150
+ if(!wp_verify_nonce(sanitize_text_field($_POST['nonce']),'miniorange-2-factor-login-nonce'))
151
+ {
152
+ wp_send_json("ERROR");
153
+ exit;
154
+ }
155
+ else
156
+ {
157
+ $username = sanitize_text_field($_POST['username']);
158
+ $password = sanitize_text_field($_POST['password'] );
159
+ apply_filters( 'authenticate', null, $username, $password );
160
+ }
161
+ }
162
+ function wpns_logout_form()
163
+ {
164
+ global $moWpnsUtility;
165
+ if( !$moWpnsUtility->check_empty_or_null( get_option('mo_wpns_registration_status') ) ) {
166
+ delete_option('mo2f_email');
167
+ }
168
+ delete_option('mo2f_customerKey');
169
+ delete_option('mo2f_api_key');
170
+ delete_option('mo2f_customer_token');
171
+ delete_option('mo_wpns_transactionId');
172
+ delete_site_option('EmailTransactionCurrent');
173
+ delete_option('mo_wpns_registration_status');
174
+ delete_option( 'mo_2factor_admin_registration_status' );
175
+
176
+ $two_fa_settings = new Miniorange_Authentication();
177
+ $two_fa_settings->mo_auth_deactivate();
178
+
179
+ }
180
+
181
+ function waf_settings_mail_form_notify()
182
+ {
183
+ $nonce = sanitize_text_field($_POST['nonce']);
184
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
+ wp_send_json('ERROR');
186
+ return;
187
+ }
188
+ if(isset($_POST['S_mail']))
189
+ {
190
+ $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
191
+ update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
192
+ wp_send_json('true');
193
+ }
194
+ else{
195
+ wp_send_json('false');
196
+
197
+ }
198
+ }
199
+ function waf_settings_IP_mail_form()
200
+ {
201
+ $nonce = sanitize_text_field($_POST['nonce']);
202
+ if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
203
+ wp_send_json('ERROR');
204
+ return;
205
+ }
206
+ $mo2f_mail_noyifying_IP = sanitize_email($_POST['Smail']);
207
+ update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
+ if($mo2f_mail_noyifying_IP == "on"){
209
+ wp_send_json('true');
210
+ }
211
+ else if($mo2f_mail_noyifying_IP == ""){
212
+ wp_send_json('false');
213
+ }
214
+ }
215
+ function wpns_all_plans()
216
+ {
217
+ $mo2f_all_plannames = sanitize_text_field($_POST['planname']);
218
+ $mo_2fa_plan_type = sanitize_text_field($_POST['planType']);
219
+ update_site_option('mo2f_planname', $mo2f_all_plannames);
220
+ if ($mo2f_all_plannames == 'addon_plan')
221
+ {
222
+ update_site_option('mo2f_planname', 'addon_plan');
223
+ update_site_option('mo_2fa_addon_plan_type',$mo_2fa_plan_type);
224
+ }
225
+ elseif ($mo2f_all_plannames == '2fa_plan')
226
+ {
227
+ update_site_option('mo2f_planname', '2fa_plan');
228
+ update_site_option('mo_2fa_plan_type',$mo_2fa_plan_type);
229
+ }
230
+ }
231
+ function wpns_handle_bf_configuration_form(){
232
+
233
+ $nonce = sanitize_text_field($_POST['nonce']);
234
+ if ( ! wp_verify_nonce( $nonce, 'wpns-brute-force' ) ){
235
+ wp_send_json('ERROR');
236
+ return;
237
+ }
238
+ $brute_force =sanitize_text_field($_POST['bf_enabled/disabled']);
239
+ if($brute_force == 'true'){$brute_force = "on";}else if($brute_force == 'false') {$brute_force = "";}
240
+ $login_attempts = sanitize_text_field($_POST['allwed_login_attempts']);
241
+ $blocking_type = sanitize_text_field($_POST['time_of_blocking_type']);
242
+ $blocking_value = isset($_POST['time_of_blocking_val']) ? sanitize_text_field($_POST['time_of_blocking_val']) : false;
243
+ $show_login_attempts= sanitize_text_field($_POST['show_remaining_attempts']);
244
+ if($show_login_attempts == 'true'){$show_login_attempts = "on";} else if($show_login_attempts == 'false') { $show_login_attempts = "";}
245
+ if($brute_force == 'on' && $login_attempts == "" ){
246
+ wp_send_json('empty');
247
+ return;
248
+ }
249
+ update_option( 'mo2f_enable_brute_force' , $brute_force );
250
+ update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
251
+ update_option( 'mo_wpns_time_of_blocking_type' , $blocking_type );
252
+ update_option( 'mo_wpns_time_of_blocking_val' , $blocking_value );
253
+ update_option('mo2f_show_remaining_attempts' , $show_login_attempts );
254
+ if($brute_force == "on"){
255
+ update_site_option('bruteforce_notification_option',1);
256
+ wp_send_json('true');
257
+ }
258
+ else if($brute_force == ""){
259
+ wp_send_json('false');
260
+ }
261
+
262
+ }
263
+ function wpns_handle_IP_blocking()
264
+ {
265
+
266
+
267
+ global $mo2f_dirName;
268
+ if(!wp_verify_nonce($_POST['nonce'],'manualIPBlockingNonce'))
269
+ {
270
+ echo "NonceDidNotMatch";
271
+ exit;
272
+ }
273
+ else
274
+ {
275
+
276
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
277
+ }
278
+
279
+ }
280
+ function wpns_whitelist_ip()
281
+ {
282
+ global $mo2f_dirName;
283
+ if(!wp_verify_nonce($_POST['nonce'],'IPWhiteListingNonce'))
284
+ {
285
+ echo "NonceDidNotMatch";
286
+ exit;
287
+ }
288
+ else
289
+ {
290
+ include_once($mo2f_dirName.'controllers'.DIRECTORY_SEPARATOR.'ip-blocking.php');
291
+ }
292
+ }
293
+
294
+ function wpns_ip_lookup()
295
+ {
296
+
297
+
298
+
299
+ if(!wp_verify_nonce($_POST['nonce'],'IPLookUPNonce'))
300
+ {
301
+ echo "NonceDidNotMatch";
302
+ exit;
303
+ }
304
+ else
305
+ {
306
+
307
+
308
+ $ip = $_POST['IP'];
309
+ if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
310
+ {
311
+ echo("INVALID_IP_FORMAT");
312
+ exit;
313
+ }
314
+ else if(! filter_var($ip, FILTER_VALIDATE_IP)){
315
+ echo("INVALID_IP");
316
+ exit;
317
+ }
318
+ $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$ip);
319
+
320
+
321
+
322
+
323
+ if( !is_wp_error( $result ) ) {
324
+ $result=json_decode(wp_remote_retrieve_body( $result), true);
325
+ }
326
+
327
+
328
+ try{
329
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
330
+ $timeoffset = $timeoffset/3600;
331
+
332
+ }catch(Exception $e){
333
+ $result["geoplugin_timezone"]="";
334
+ $timeoffset="";
335
+ }
336
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
337
+ if($result['geoplugin_request']==$ip) {
338
+
339
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
340
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
341
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
342
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
343
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
344
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
345
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
346
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
347
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
348
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
349
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
350
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
351
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
352
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
353
+
354
+ $result['ipDetails'] = $ipLookUpTemplate;
355
+ }else{
356
+ $result["ipDetails"]["status"]="ERROR";
357
+ }
358
+ wp_send_json( $result );
359
+ }
360
+ }
361
+ function wpns_waf_settings_form()
362
+ {
363
+ $dir_name = dirname(__FILE__);
364
+ $dir_name1 = explode('wp-content', $dir_name);
365
+ $dir_name = $dir_name1[0];
366
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
367
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
368
+
369
+ if(!file_exists($fileName))
370
+ {
371
+ $file = fopen($fileName, "a+");
372
+ $string = "<?php".PHP_EOL;
373
+ $string .= '$SQL=1;'.PHP_EOL;
374
+ $string .= '$XSS=1;'.PHP_EOL;
375
+ $string .= '$RCE=0;'.PHP_EOL;
376
+ $string .= '$LFI=0;'.PHP_EOL;
377
+ $string .= '$RFI=0;'.PHP_EOL;
378
+ $string .= '$RateLimiting=1;'.PHP_EOL;
379
+ $string .= '$RequestsPMin=120;'.PHP_EOL;
380
+ $string .= '$actionRateL="ThrottleIP";'.PHP_EOL;
381
+ $string .= '?>'.PHP_EOL;
382
+
383
+ fwrite($file, $string);
384
+ fclose($file);
385
+ }
386
+ else
387
+ {
388
+ if(!is_writable($fileName) or !is_readable($fileName))
389
+ {
390
+ echo "FilePermissionDenied";
391
+ exit;
392
+ }
393
+ }
394
+
395
+ if(!wp_verify_nonce($_POST['nonce'],'WAFsettingNonce'))
396
+ {
397
+ var_dump("NonceDidNotMatch");
398
+ exit;
399
+ }
400
+ else
401
+ {
402
+ switch (sanitize_text_field(wp_unslash($_POST['optionValue']))) {
403
+ case "SQL":
404
+ $this->savesql(); break;
405
+ case "XSS":
406
+ $this->savexss(); break;
407
+ case "RCE":
408
+ $this->saverce(); break;
409
+ case "RFI":
410
+ $this->saverfi(); break;
411
+ case "LFI":
412
+ $this->savelfi(); break;
413
+ case "WAF":
414
+ $this->saveWAF(); break;
415
+ case "HWAF":
416
+ $this->saveHWAF(); break;
417
+ case "backupHtaccess":
418
+ $this->backupHtaccess(); break;
419
+ case "limitAttack":
420
+ $this->limitAttack(); break;
421
+ default:
422
+ break;
423
+ }
424
+
425
+ }
426
+
427
+ }
428
+ function wpns_waf_realtime_ip_block_free()
429
+ {
430
+ $nonce = sanitize_text_field($_POST['nonce']);
431
+ if(!wp_verify_nonce($nonce,'mo2f_realtime_ip_block_free'))
432
+ {
433
+ echo "NonceDidNotMatch";
434
+ exit;
435
+ }
436
+ else
437
+ {
438
+ $mo2f_realtime_ip_block_free = sanitize_text_field($_POST['mo2f_realtime_ip_block_free']);
439
+
440
+ if($mo2f_realtime_ip_block_free == 'on')
441
+ {
442
+ update_site_option('mo2f_realtime_ip_block_free',1);
443
+ if (!wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook')) {
444
+ wp_schedule_event( time(), 'mo2f_realtime_ipblock_free', 'mo2f_realtime_ip_block_free_hook' );
445
+ }
446
+ wp_send_json('realtime_block_free_enable');
447
+ }
448
+ else
449
+ {
450
+ update_site_option('mo2f_realtime_ip_block_free',0);
451
+ $timestamp = wp_next_scheduled( 'mo2f_realtime_ip_block_free_hook' );
452
+ wp_unschedule_event( $timestamp, 'mo2f_realtime_ip_block_free_hook' );
453
+ wp_send_json('realtime_block_free_disable');
454
+ }
455
+
456
+
457
+ }
458
+
459
+ }
460
+ function wpns_waf_rate_limiting_form()
461
+ {
462
+ if(!wp_verify_nonce($_POST['nonce'],'RateLimitingNonce'))
463
+ {
464
+ echo "NonceDidNotMatch";
465
+ exit;
466
+ }
467
+ else
468
+ {
469
+ if(get_site_option('WAFEnabled') != 1)
470
+ {
471
+ echo "WAFNotEnabled";
472
+ exit;
473
+ }
474
+
475
+ if($_POST['Requests']!='')
476
+ {
477
+ if(is_numeric($_POST['Requests']))
478
+ {
479
+ $dir_name = dirname(__FILE__);
480
+ $dir_name1 = explode('wp-content', $dir_name);
481
+ $dir_name = $dir_name1[0];
482
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
483
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
484
+
485
+ $file = file_get_contents($fileName);
486
+ $data = $file;
487
+
488
+ $req = sanitize_text_field($_POST['Requests']);
489
+ if($req >1)
490
+ {
491
+ update_option('Rate_request',$req);
492
+ if(isset($_POST['rateCheck']))
493
+ {
494
+ if(sanitize_text_field($_POST['rateCheck']) == 'on')
495
+ {
496
+ update_option('Rate_limiting','1');
497
+ echo "RateEnabled";
498
+ if(strpos($file, 'RateLimiting')!=false)
499
+ {
500
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
501
+ $data = $file;
502
+ file_put_contents($fileName,$file);
503
+
504
+ }
505
+ else
506
+ {
507
+ $content = explode('?>', $file);
508
+ $file = $content[0];
509
+ $file .= PHP_EOL;
510
+ $file .= '$RateLimiting=1;'.PHP_EOL;
511
+ $file .='?>';
512
+ file_put_contents($fileName,$file);
513
+ $data = $file;
514
+ }
515
+
516
+
517
+ }
518
+ }
519
+ else
520
+ {
521
+ update_option('Rate_limiting','0');
522
+ echo "Ratedisabled";
523
+ if(strpos($file, 'RateLimiting')!=false)
524
+ {
525
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
526
+ $data = $file;
527
+ file_put_contents($fileName,$file);
528
+ }
529
+ else
530
+ {
531
+ $content = explode('?>', $file);
532
+ $file = $content[0];
533
+ $file .= PHP_EOL;
534
+ $file .= '$RateLimiting=0;'.PHP_EOL;
535
+ $file .='?>';
536
+ file_put_contents($fileName,$file);
537
+ $data = $file;
538
+ }
539
+
540
+ }
541
+
542
+
543
+ $file = $data;
544
+ if(strpos($file, 'RequestsPMin')!=false)
545
+ {
546
+ $content = explode(PHP_EOL, $file);
547
+ $con = '';
548
+ $len = sizeof($content);
549
+
550
+ for($i=0;$i<$len;$i++)
551
+ {
552
+ if(strpos($content[$i], 'RequestsPMin')!=false)
553
+ {
554
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
555
+ }
556
+ else
557
+ {
558
+ $con .= $content[$i].PHP_EOL;
559
+ }
560
+ }
561
+
562
+ file_put_contents($fileName,$con);
563
+ $data = $con;
564
+
565
+ }
566
+
567
+ else
568
+ {
569
+ $content = explode('?>', $file);
570
+ $file = $content[0];
571
+ $file .= PHP_EOL;
572
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
573
+ $file .='?>';
574
+ file_put_contents($fileName,$file);
575
+ $data = $file;
576
+ }
577
+
578
+ if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
579
+ {
580
+ update_option('actionRateL',1);
581
+
582
+ $file = $data;
583
+ if(strpos($file, 'actionRateL')!=false)
584
+ {
585
+ $content = explode(PHP_EOL, $file);
586
+ $con = '';
587
+ foreach ($content as $line => $lineV) {
588
+ if(strpos($lineV, 'actionRateL')!=false)
589
+ {
590
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
591
+ }
592
+ else
593
+ {
594
+ $con .= $lineV.PHP_EOL;
595
+ }
596
+ }
597
+ file_put_contents($fileName,$con);
598
+ }
599
+ else
600
+ {
601
+ $content = explode('?>', $file);
602
+ $file = $content[0];
603
+ $file .= PHP_EOL;
604
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
605
+ $file .='?>';
606
+ file_put_contents($fileName,$file);
607
+ $file = $data;
608
+ }
609
+ }
610
+ else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
611
+ {
612
+
613
+ $file = $data;
614
+ update_option('actionRateL',0);
615
+ if(strpos($file, 'actionRateL')!=false)
616
+ {
617
+ $content = explode(PHP_EOL, $file);
618
+ $con = '';
619
+ foreach ($content as $line => $lineV) {
620
+ if(strpos($lineV, 'actionRateL')!=false)
621
+ {
622
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
623
+ }
624
+ else
625
+ {
626
+ $con .= $lineV.PHP_EOL;
627
+ }
628
+ }
629
+ file_put_contents($fileName,$con);
630
+ }
631
+ else
632
+ {
633
+ $content = explode('?>', $file);
634
+ $file = $content[0];
635
+ $file .= PHP_EOL;
636
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
637
+ $file .='?>';
638
+ file_put_contents($fileName,$file);
639
+ }
640
+ }
641
+
642
+ }
643
+ exit;
644
+ }
645
+
646
+
647
+
648
+ }
649
+ echo("Error");
650
+ exit;
651
+ }
652
+
653
+
654
+ }
655
+
656
+ private function saveWAF()
657
+ {
658
+ if(isset($_POST['pluginWAF']))
659
+ {
660
+ if($_POST['pluginWAF']=='on')
661
+ {
662
+ update_option('WAF','PluginLevel');
663
+ update_option('WAFEnabled','1');
664
+ echo("PWAFenabled");exit;
665
+ }
666
+ }
667
+ else
668
+ {
669
+ update_option('WAFEnabled','0');
670
+ update_option('WAF','wafDisable');
671
+ echo("PWAFdisabled");exit;
672
+ }
673
+ }
674
+ private function saveHWAF()
675
+ {
676
+ if(!function_exists('mysqli_connect'))
677
+ {
678
+ echo "mysqliDoesNotExit";
679
+ exit;
680
+ }
681
+ if(isset($_POST['htaccessWAF']))
682
+ {
683
+ if($_POST['htaccessWAF']=='on')
684
+ {
685
+ update_option('WAF','HtaccessLevel');
686
+ update_option('WAFEnabled','1');
687
+ $dir_name = dirname(__FILE__);
688
+ $dirN = $dir_name;
689
+ $dirN = str_replace('\\', '/', $dirN);
690
+ $dirN = str_replace('controllers', 'handler', $dirN);
691
+
692
+ $dir_name1 = explode('wp-content', $dir_name);
693
+ $dir_name = $dir_name1[0];
694
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
695
+ $dir_name .='.htaccess';
696
+ $file = file_get_contents($dir_name);
697
+ if(strpos($file, 'php_value auto_prepend_file')!=false)
698
+ {
699
+ echo("WAFConflicts");
700
+ exit;
701
+ }
702
+
703
+ $cont = $file.PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
704
+ $cont .= 'php_value auto_prepend_file '.$dir_name1.'mo-check.php'.PHP_EOL;
705
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
706
+ file_put_contents($dir_name, $cont);
707
+
708
+ $filecontent = file_get_contents($dir_name);
709
+
710
+ $dir_name = dirname(__FILE__);
711
+ $dir_name1 = explode('wp-content', $dir_name);
712
+ $dir_name = $dir_name1[0];
713
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
714
+ $fileName = $filepath.'mo-check.php';
715
+ $file = fopen($fileName, 'w+');
716
+ $dir_name = dirname(__FILE__);
717
+ $filepath = str_replace('\\', '/', $dir_name);
718
+ $filepath = explode('controllers', $filepath);
719
+ $filepath = $filepath[0].'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf.php';
720
+
721
+ $string = '<?php'.PHP_EOL;
722
+ $string .= 'if(file_exists("'.$filepath.'"))'.PHP_EOL;
723
+ $string .= 'include_once("'.$filepath.'");'.PHP_EOL;
724
+ $string .= '?>'.PHP_EOL;
725
+
726
+ fwrite($file, $string);
727
+ fclose($file);
728
+
729
+ if(strpos($filecontent,'mo-check.php')!=false)
730
+ {
731
+ echo "HWAFEnabled";
732
+ exit;
733
+ }
734
+ else
735
+ {
736
+ echo "HWAFEnabledFailed";
737
+ exit;
738
+ }
739
+ }
740
+ }
741
+ else
742
+ {
743
+ update_option('WAF','wafDisable');
744
+ if(isset($_POST['pluginWAF']))
745
+ {
746
+ if($_POST['pluginWAF'] == 'on')
747
+ {
748
+ update_option('WAFEnabled',1);
749
+ update_option('WAF','PluginLevel');
750
+ }
751
+ }
752
+ else
753
+ update_option('WAFEnabled',0);
754
+ $dir_name = dirname(__FILE__);
755
+ $dirN = $dir_name;
756
+ $dirN = str_replace('\\', '/', $dirN);
757
+ $dirN = explode('wp-content', $dirN);
758
+ $dir_name1 = explode('wp-content', $dir_name);
759
+ $dir_name = $dir_name1[0];
760
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
761
+ $dir_name00 = $dir_name1;
762
+ $dir_name1 .='.htaccess';
763
+ $file = file_get_contents($dir_name1);
764
+
765
+ $cont = PHP_EOL.'# BEGIN miniOrange WAF'.PHP_EOL;
766
+ $cont .= 'php_value auto_prepend_file '.$dir_name00.'mo-check.php'.PHP_EOL;
767
+ $cont .= '# END miniOrange WAF'.PHP_EOL;
768
+ $file =str_replace($cont,'',$file);
769
+ file_put_contents($dir_name1, $file);
770
+
771
+ $filecontent = file_get_contents($dir_name1);
772
+ if(strpos($filecontent,'mo-check.php')==false)
773
+ {
774
+ echo "HWAFdisabled";
775
+ exit;
776
+ }
777
+ else
778
+ {
779
+ echo "HWAFdisabledFailed";
780
+ exit;
781
+ }
782
+ }
783
+
784
+
785
+ }
786
+ private function savesql()
787
+ {
788
+ if(isset($_POST['SQL']))
789
+ {
790
+ if($_POST['SQL']=='on')
791
+ {
792
+ update_option('SQLInjection',1);
793
+ $dir_name = dirname(__FILE__);
794
+ $dir_name1 = explode('wp-content', $dir_name);
795
+ $dir_name = $dir_name1[0];
796
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
797
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
798
+
799
+ $file = file_get_contents($fileName);
800
+ if(strpos($file, 'SQL')!=false)
801
+ {
802
+ $file = str_replace('$SQL=0;', '$SQL=1;', $file);
803
+ file_put_contents($fileName,$file);
804
+ }
805
+ else
806
+ {
807
+ $content = explode('?>', $file);
808
+ $file = $content[0];
809
+ $file .= PHP_EOL;
810
+ $file .= '$SQL=1;'.PHP_EOL;
811
+ $file .='?>';
812
+ file_put_contents($fileName,$file);
813
+ }
814
+ echo("SQLenable");
815
+ exit;
816
+
817
+ }
818
+ }
819
+ else
820
+ {
821
+ update_option('SQLInjection',0);
822
+
823
+ $dir_name = dirname(__FILE__);
824
+ $dir_name1 = explode('wp-content', $dir_name);
825
+ $dir_name = $dir_name1[0];
826
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
827
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
828
+
829
+ $file = file_get_contents($fileName);
830
+ if(strpos($file, '$SQL')!=false)
831
+ {
832
+ $file = str_replace('$SQL=1;', '$SQL=0;', $file);
833
+ file_put_contents($fileName,$file);
834
+ }
835
+ else
836
+ {
837
+ $content = explode('?>', $file);
838
+ $file = $content[0];
839
+ $file .= PHP_EOL;
840
+ $file .= '$SQL=0;'.PHP_EOL;
841
+ $file .='?>';
842
+ file_put_contents($fileName,$file);
843
+ }
844
+
845
+ echo("SQLdisable");
846
+ exit;
847
+
848
+ }
849
+
850
+ }
851
+ private function saverce()
852
+ {
853
+ if(isset($_POST['RCE']))
854
+ {
855
+ if($_POST['RCE']=='on')
856
+ {
857
+ update_option('RCEAttack',1);
858
+
859
+ $dir_name = dirname(__FILE__);
860
+ $dir_name1 = explode('wp-content', $dir_name);
861
+ $dir_name = $dir_name1[0];
862
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
863
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
864
+
865
+ $file = file_get_contents($fileName);
866
+ if(strpos($file, 'RCE')!=false)
867
+ {
868
+ $file = str_replace('$RCE=0;', '$RCE=1;', $file);
869
+ file_put_contents($fileName,$file);
870
+ }
871
+ else
872
+ {
873
+ $content = explode('?>', $file);
874
+ $file = $content[0];
875
+ $file .= PHP_EOL;
876
+ $file .= '$RCE=1;'.PHP_EOL;
877
+ $file .='?>';
878
+ file_put_contents($fileName,$file);
879
+ }
880
+ echo("RCEenable");
881
+ exit;
882
+ }
883
+ }
884
+ else
885
+ {
886
+ update_option('RCEAttack',0);
887
+
888
+ $dir_name = dirname(__FILE__);
889
+ $dir_name1 = explode('wp-content', $dir_name);
890
+ $dir_name = $dir_name1[0];
891
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
892
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
893
+
894
+ $file = file_get_contents($fileName);
895
+ if(strpos($file, '$RCE')!=false)
896
+ {
897
+ $file = str_replace('$RCE=1;', '$RCE=0;', $file);
898
+ file_put_contents($fileName,$file);
899
+ }
900
+ else
901
+ {
902
+ $content = explode('?>', $file);
903
+ $file = $content[0];
904
+ $file .= PHP_EOL;
905
+ $file .= '$RCE=0;'.PHP_EOL;
906
+ $file .='?>';
907
+ file_put_contents($fileName,$file);
908
+ }
909
+ echo("RCEdisable");
910
+ exit;
911
+
912
+ }
913
+
914
+ }
915
+ private function savexss()
916
+ {
917
+ if(isset($_POST['XSS']))
918
+ {
919
+ if($_POST['XSS']=='on')
920
+ {
921
+ update_option('XSSAttack',1);
922
+ $dir_name = dirname(__FILE__);
923
+ $dir_name1 = explode('wp-content', $dir_name);
924
+ $dir_name = $dir_name1[0];
925
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
926
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
927
+
928
+ $file = file_get_contents($fileName);
929
+ if(strpos($file, 'XSS')!=false)
930
+ {
931
+ $file = str_replace('$XSS=0;', '$XSS=1;', $file);
932
+ file_put_contents($fileName,$file);
933
+ }
934
+ else
935
+ {
936
+ $content = explode('?>', $file);
937
+ $file = $content[0];
938
+ $file .= PHP_EOL;
939
+ $file .= '$XSS=1;'.PHP_EOL;
940
+ $file .='?>';
941
+ file_put_contents($fileName,$file);
942
+ }
943
+ echo("XSSenable");
944
+ exit;
945
+ }
946
+ }
947
+ else
948
+ {
949
+ update_option('XSSAttack',0);
950
+ $dir_name = dirname(__FILE__);
951
+ $dir_name1 = explode('wp-content', $dir_name);
952
+ $dir_name = $dir_name1[0];
953
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
954
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
955
+
956
+ $file = file_get_contents($fileName);
957
+ if(strpos($file, '$XSS')!=false)
958
+ {
959
+ $file = str_replace('$XSS=1;', '$XSS=0;', $file);
960
+ file_put_contents($fileName,$file);
961
+ }
962
+ else
963
+ {
964
+ $content = explode('?>', $file);
965
+ $file = $content[0];
966
+ $file .= PHP_EOL;
967
+ $file .= '$XSS=0;'.PHP_EOL;
968
+ $file .='?>';
969
+ file_put_contents($fileName,$file);
970
+ }
971
+ echo("XSSdisable");
972
+ exit;
973
+ }
974
+
975
+ }
976
+ private function savelfi()
977
+ {
978
+ if(isset($_POST['LFI']))
979
+ {
980
+ if($_POST['LFI']=='on')
981
+ {
982
+ update_option('LFIAttack',1);
983
+ $dir_name = dirname(__FILE__);
984
+ $dir_name1 = explode('wp-content', $dir_name);
985
+ $dir_name = $dir_name1[0];
986
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
987
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
988
+
989
+ $file = file_get_contents($fileName);
990
+ if(strpos($file, 'LFI')!=false)
991
+ {
992
+ $file = str_replace("LFI=0;", "LFI=1;", $file);
993
+ file_put_contents($fileName,$file);
994
+ }
995
+ else
996
+ {
997
+ $content = explode('?>', $file);
998
+ $file = $content[0];
999
+ $file .= PHP_EOL;
1000
+ $file .= '$LFI=1;'.PHP_EOL;
1001
+ $file .='?>';
1002
+ file_put_contents($fileName,$file);
1003
+ }
1004
+ $file = file_get_contents($fileName);
1005
+
1006
+ echo("LFIenable");
1007
+ exit;
1008
+ }
1009
+ }
1010
+ else
1011
+ {
1012
+ update_option('LFIAttack',0);
1013
+ $dir_name = dirname(__FILE__);
1014
+ $dir_name1 = explode('wp-content', $dir_name);
1015
+ $dir_name = $dir_name1[0];
1016
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1017
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1018
+
1019
+ $file = file_get_contents($fileName);
1020
+ if(strpos($file, '$LFI')!=false)
1021
+ {
1022
+ $file = str_replace('$LFI=1;', '$LFI=0;', $file);
1023
+ file_put_contents($fileName,$file);
1024
+ }
1025
+ else
1026
+ {
1027
+ $content = explode('?>', $file);
1028
+ $file = $content[0];
1029
+ $file .= PHP_EOL;
1030
+ $file .= '$LFI=0;'.PHP_EOL;
1031
+ $file .='?>';
1032
+ file_put_contents($fileName,$file);
1033
+ }
1034
+ echo("LFIdisable");
1035
+ exit;
1036
+ }
1037
+
1038
+ }
1039
+ private function saverfi()
1040
+ {
1041
+ if(isset($_POST['RFI']))
1042
+ {
1043
+ if($_POST['RFI']=='on')
1044
+ {
1045
+ update_option('RFIAttack',1);
1046
+ $dir_name = dirname(__FILE__);
1047
+ $dir_name1 = explode('wp-content', $dir_name);
1048
+ $dir_name = $dir_name1[0];
1049
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1050
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1051
+
1052
+ $file = file_get_contents($fileName);
1053
+ if(strpos($file, 'RFI')!=false)
1054
+ {
1055
+ $file = str_replace('$RFI=0;', '$RFI=1;', $file);
1056
+ file_put_contents($fileName,$file);
1057
+ }
1058
+ else
1059
+ {
1060
+ $content = explode('?>', $file);
1061
+ $file = $content[0];
1062
+ $file .= PHP_EOL;
1063
+ $file .= '$RFI=1;'.PHP_EOL;
1064
+ $file .='?>';
1065
+ file_put_contents($fileName,$file);
1066
+ }
1067
+ echo("RFIenable");
1068
+ exit;
1069
+ }
1070
+ }
1071
+ else
1072
+ {
1073
+ update_option('RFIAttack',0);
1074
+ $dir_name = dirname(__FILE__);
1075
+ $dir_name1 = explode('wp-content', $dir_name);
1076
+ $dir_name = $dir_name1[0];
1077
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1078
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1079
+
1080
+ $file = file_get_contents($fileName);
1081
+ if(strpos($file, '$RFI')!=false)
1082
+ {
1083
+ $file = str_replace('$RFI=1;', '$RFI=0;', $file);
1084
+ file_put_contents($fileName,$file);
1085
+ }
1086
+ else
1087
+ {
1088
+ $content = explode('?>', $file);
1089
+ $file = $content[0];
1090
+ $file .= PHP_EOL;
1091
+ $file .= '$RFI=0;'.PHP_EOL;
1092
+ $file .='?>';
1093
+ file_put_contents($fileName,$file);
1094
+ }
1095
+ echo("RFIdisable");
1096
+ exit;
1097
+ }
1098
+
1099
+ }
1100
+ private function saveRateL()
1101
+ {
1102
+
1103
+ if($_POST['time']!='' && $_POST['req']!='')
1104
+ {
1105
+ if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1106
+ {
1107
+ $dir_name = dirname(__FILE__);
1108
+ $dir_name1 = explode('wp-content', $dir_name);
1109
+ $dir_name = $dir_name1[0];
1110
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1111
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1112
+
1113
+ $file = file_get_contents($fileName);
1114
+ $data = $file;
1115
+ $time = sanitize_text_field($_POST['time']);
1116
+ $req = sanitize_text_field($_POST['req']);
1117
+ if($time>0 && $req >0)
1118
+ {
1119
+ update_option('Rate_time',$time);
1120
+ update_option('Rate_request',$req);
1121
+ update_option('Rate_limiting','1');
1122
+
1123
+ if(strpos($file, 'RateLimiting')!=false)
1124
+ {
1125
+ $file = str_replace('$RateLimiting=0;', '$RateLimiting=1;', $file);
1126
+ $data = $file;
1127
+ file_put_contents($fileName,$file);
1128
+ }
1129
+ else
1130
+ {
1131
+ $content = explode('?>', $file);
1132
+ $file = $content[0];
1133
+ $file .= PHP_EOL;
1134
+ $file .= '$RateLimiting=1;'.PHP_EOL;
1135
+ $file .='?>';
1136
+ file_put_contents($fileName,$file);
1137
+ $data = $file;
1138
+ }
1139
+
1140
+ $file = $data;
1141
+ if(strpos($file, 'RequestsPMin')!=false)
1142
+ {
1143
+ $content = explode(PHP_EOL, $file);
1144
+ $con = '';
1145
+ $len = sizeof($content);
1146
+
1147
+ for($i=0;$i<$len;$i++)
1148
+ {
1149
+ if(strpos($content[$i], 'RequestsPMin')!=false)
1150
+ {
1151
+ $con.='$RequestsPMin='.$req.';'.PHP_EOL;
1152
+ }
1153
+ else
1154
+ {
1155
+ $con .= $content[$i].PHP_EOL;
1156
+ }
1157
+ }
1158
+
1159
+ file_put_contents($fileName,$con);
1160
+ $data = $con;
1161
+
1162
+ }
1163
+
1164
+ else
1165
+ {
1166
+ $content = explode('?>', $file);
1167
+ $file = $content[0];
1168
+ $file .= PHP_EOL;
1169
+ $file .= '$RequestsPMin='.$req.';'.PHP_EOL;
1170
+ $file .='?>';
1171
+ file_put_contents($fileName,$file);
1172
+ $data = $file;
1173
+ }
1174
+
1175
+
1176
+
1177
+ if($_POST['action']=='BlockIP')
1178
+ {
1179
+ update_option('actionRateL',1);
1180
+
1181
+ $file = $data;
1182
+ if(strpos($file, 'actionRateL')!=false)
1183
+ {
1184
+ $content = explode(PHP_EOL, $file);
1185
+ $con = '';
1186
+ foreach ($content as $line => $lineV) {
1187
+ if(strpos($lineV, 'actionRateL')!=false)
1188
+ {
1189
+ $con.='$actionRateL="BlockIP";'.PHP_EOL;
1190
+ }
1191
+ else
1192
+ {
1193
+ $con .= $lineV.PHP_EOL;
1194
+ }
1195
+ }
1196
+ file_put_contents($fileName,$con);
1197
+ }
1198
+ else
1199
+ {
1200
+ $content = explode('?>', $file);
1201
+ $file = $content[0];
1202
+ $file .= PHP_EOL;
1203
+ $file .= '$actionRateL="BlockIP";'.PHP_EOL;
1204
+ $file .='?>';
1205
+ file_put_contents($fileName,$file);
1206
+ $file = $data;
1207
+ }
1208
+ }
1209
+ elseif($_POST['action']=='ThrottleIP')
1210
+ {
1211
+ $file = $data;
1212
+ update_option('actionRateL',0);
1213
+ if(strpos($file, 'actionRateL')!=false)
1214
+ {
1215
+ $content = explode(PHP_EOL, $file);
1216
+ $con = '';
1217
+ foreach ($content as $line => $lineV) {
1218
+ if(strpos($lineV, 'actionRateL')!=false)
1219
+ {
1220
+ $con.='$actionRateL="ThrottleIP";'.PHP_EOL;
1221
+ }
1222
+ else
1223
+ {
1224
+ $con .= $lineV.PHP_EOL;
1225
+ }
1226
+ }
1227
+ file_put_contents($fileName,$con);
1228
+ }
1229
+ else
1230
+ {
1231
+ $content = explode('?>', $file);
1232
+ $file = $content[0];
1233
+ $file .= PHP_EOL;
1234
+ $file .= '$actionRateL="ThrottleIP";'.PHP_EOL;
1235
+ $file .='?>';
1236
+ file_put_contents($fileName,$file);
1237
+ }
1238
+ }
1239
+
1240
+ }
1241
+
1242
+ }
1243
+
1244
+ }
1245
+
1246
+ }
1247
+ private function disableRL()
1248
+ {
1249
+ update_option('Rate_limiting',0);
1250
+
1251
+ $dir_name = dirname(__FILE__);
1252
+ $dir_name1 = explode('wp-content', $dir_name);
1253
+ $dir_name = $dir_name1[0];
1254
+ $filepath = str_replace('\\', '/', $dir_name1[0]);
1255
+ $fileName = $filepath.'/wp-includes/mo-waf-config.php';
1256
+ $file = file_get_contents($fileName);
1257
+
1258
+ if(strpos($file, 'RateLimiting')!=false)
1259
+ {
1260
+ $file = str_replace('$RateLimiting=1;', '$RateLimiting=0;', $file);
1261
+ file_put_contents($fileName,$file);
1262
+ }
1263
+ else
1264
+ {
1265
+ $content = explode('?>', $file);
1266
+ $file = $content[0];
1267
+ $file .= PHP_EOL;
1268
+ $file .= '$RateLimiting=0;'.PHP_EOL;
1269
+ $file .='?>';
1270
+ file_put_contents($fileName,$file);
1271
+ }
1272
+
1273
+ }
1274
+ private function backupHtaccess()
1275
+ {
1276
+ if(isset($_POST['htaccessWAF']))
1277
+ {
1278
+ if($_POST['htaccessWAF']=='on')
1279
+ {
1280
+ $dir_name = dirname(__FILE__);
1281
+ $dirN = $dir_name;
1282
+ $dirN = str_replace('\\', '/', $dirN);
1283
+ $dir_name1 = explode('wp-content', $dir_name);
1284
+ $dir_name = $dir_name1[0];
1285
+ $dir_name1 = str_replace('\\', '/', $dir_name1[0]);
1286
+ $dir_name =$dir_name1.'.htaccess';
1287
+ $file = file_get_contents($dir_name);
1288
+ $dir_backup = $dir_name1.'htaccess';
1289
+ $handle = fopen($dir_backup, 'c+');
1290
+ fwrite($handle,$file);
1291
+ }
1292
+ }
1293
+ }
1294
+ private function limitAttack()
1295
+ {
1296
+ if(isset($_POST['limitAttack']))
1297
+ {
1298
+ $value = sanitize_text_field($_POST['limitAttack']);
1299
+ if($value>1)
1300
+ {
1301
+ update_option('limitAttack',$value);
1302
+ echo "limitSaved";
1303
+ exit;
1304
+ }
1305
+ else
1306
+ {
1307
+ echo "limitIsLT1";
1308
+ exit;
1309
+ }
1310
+
1311
+ }
1312
+ }
1313
+
1314
+
1315
+
1316
+ function wpns_captcha_settings(){
1317
+
1318
+ $nonce=sanitize_text_field($_POST['nonce']);
1319
+ if ( ! wp_verify_nonce( $nonce, 'wpns-captcha' ) ){
1320
+ wp_send_json('ERROR');
1321
+ return;
1322
+ }
1323
+
1324
+ $site_key = sanitize_text_field($_POST['site_key']);
1325
+ $secret_key = sanitize_text_field($_POST['secret_key']);
1326
+ $enable_captcha = sanitize_text_field($_POST['enable_captcha']);
1327
+ $login_form_captcha = sanitize_text_field($_POST['login_form']);
1328
+ $reg_form_captcha = sanitize_text_field($_POST['registeration_form']);
1329
+
1330
+ if((isset($_POST['version'])))
1331
+ {
1332
+ $mo2f_g_version = sanitize_text_field($_POST['version']);
1333
+ }
1334
+ else $mo2f_g_version='reCAPTCHA_v3';
1335
+
1336
+ if($enable_captcha == 'true') $enable_captcha = "on";
1337
+ else if($enable_captcha == 'false') $enable_captcha = "";
1338
+
1339
+ if($login_form_captcha == 'true') $login_form_captcha = "on";
1340
+ else if($login_form_captcha == 'false') $login_form_captcha = "";
1341
+
1342
+ if($reg_form_captcha == 'true') $reg_form_captcha = "on";
1343
+ else if($reg_form_captcha == 'false') $reg_form_captcha = "";
1344
+
1345
+ if(($site_key == "" || $secret_key == "") and $enable_captcha == 'on'){
1346
+ wp_send_json('empty');
1347
+ return;
1348
+ }
1349
+
1350
+
1351
+ if((($login_form_captcha == "on") || ($enable_captcha=="on")) && $mo2f_g_version==""){
1352
+ wp_send_json('version_select');
1353
+ return;
1354
+ }
1355
+ if($mo2f_g_version=='reCAPTCHA_v2')
1356
+ {
1357
+
1358
+ update_option( 'mo_wpns_recaptcha_site_key' , $site_key );
1359
+ update_option( 'mo_wpns_recaptcha_secret_key' , $secret_key );
1360
+ }
1361
+ if($mo2f_g_version=='reCAPTCHA_v3')
1362
+ {
1363
+
1364
+ update_option( 'mo_wpns_recaptcha_site_key_v3' , $site_key );
1365
+ update_option( 'mo_wpns_recaptcha_secret_key_v3' , $secret_key );
1366
+ }
1367
+
1368
+ update_option( 'mo_wpns_activate_recaptcha' , $enable_captcha );
1369
+ update_option( 'mo_wpns_recaptcha_version' , $mo2f_g_version );
1370
+
1371
+
1372
+ if($enable_captcha == "on"){
1373
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , $login_form_captcha );
1374
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', $login_form_captcha );
1375
+ update_option('mo_wpns_activate_recaptcha_for_registration', $reg_form_captcha );
1376
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration',$reg_form_captcha );
1377
+ update_site_option('recaptcha_notification_option',1);
1378
+ wp_send_json('true');
1379
+ }
1380
+ else if($enable_captcha == ""){
1381
+ update_option( 'mo_wpns_activate_recaptcha_for_login' , '' );
1382
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_login', '' );
1383
+ update_option('mo_wpns_activate_recaptcha_for_registration', '' );
1384
+ update_option( 'mo_wpns_activate_recaptcha_for_woocommerce_registration','' );
1385
+ wp_send_json('false');
1386
+ }
1387
+
1388
+ }
1389
+
1390
+ function wpns_strong_password_settings(){
1391
+ $nonce = $_POST['nonce'];
1392
+ if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1393
+ wp_send_json('ERROR');
1394
+ return;
1395
+ }
1396
+ $enable_strong_pass = $_POST['enable_strong_pass'];
1397
+ if($enable_strong_pass == 'true'){$enable_strong_pass = 1;}else if($enable_strong_pass == 'false') {$enable_strong_pass = 0;}
1398
+ $strong_pass_accounts = $_POST['accounts_strong_pass'];
1399
+ update_option('mo2f_enforce_strong_passswords_for_accounts',$strong_pass_accounts);
1400
+ update_option('mo2f_enforce_strong_passswords' , $enable_strong_pass);
1401
+ if($enable_strong_pass){
1402
+ update_option('mo_wpns_enable_rename_login_url',"");
1403
+ wp_send_json('true');
1404
+ }
1405
+ else{
1406
+ wp_send_json('false');
1407
+ }
1408
+ }
1409
+
1410
+ }
1411
+ new wpns_ajax;
1412
+
1413
+ ?>
database/database_functions.php CHANGED
@@ -1,874 +1,874 @@
1
- <?php
2
-
3
- require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
-
5
- class MoWpnsDB
6
- {
7
- private $transactionTable;
8
- private $blockedIPsTable;
9
- private $whitelistIPsTable;
10
- private $emailAuditTable;
11
- private $malwarereportTable;
12
- private $scanreportdetails;
13
- private $skipfiles;
14
- private $hashfile;
15
-
16
- function __construct()
17
- {
18
- global $wpdb;
19
- $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
- $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
- $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
- $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
- $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
- $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
- $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
- $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
- $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
- $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
- $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
- $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
- $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
- }
33
-
34
- function mo_plugin_activate()
35
- {
36
- global $wpdb;
37
- if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
- $this->generate_tables();
40
- } else {
41
- $current_db_version = get_option('mo_wpns_dbversion');
42
- if($current_db_version < MoWpnsConstants::DB_VERSION){
43
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
-
45
- }
46
- }
47
- }
48
-
49
- function generate_tables(){
50
- global $wpdb;
51
-
52
- $tableName = $this->transactionTable;
53
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
- {
55
- $sql = "CREATE TABLE " . $tableName . " (
56
- `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
- `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
- dbDelta($sql);
59
- }
60
-
61
- $tableName = $this->blockedIPsTable;
62
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
- {
64
- $sql = "CREATE TABLE " . $tableName . " (
65
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
- `created_timestamp` int, UNIQUE KEY id (id) );";
67
- dbDelta($sql);
68
- }
69
-
70
-
71
- $tableName = $this->whitelistIPsTable;
72
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
- {
74
- $sql = "CREATE TABLE " . $tableName . " (
75
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
- dbDelta($sql);
77
- }
78
-
79
- $tableName = $this->backupdetails;
80
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
- {
82
- $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
- `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
- dbDelta($sql);
85
- }
86
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
- if(is_null($result)){
88
- $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
- $results1 = $wpdb->query($sql);
90
- }
91
-
92
- $tableName = $this->emailAuditTable;
93
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
- {
95
- $sql = "CREATE TABLE " . $tableName . " (
96
- `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
- dbDelta($sql);
98
- }
99
- $tableName = $this->IPrateDetails;
100
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
- {
102
- $sql = "CREATE TABLE " . $tableName . " (
103
- ip varchar(20) , time bigint );";
104
- dbDelta($sql);
105
- }
106
-
107
- $tableName = $this->attackLogs;
108
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
- {
110
- $sql = "create table ". $tableName ." (
111
- ip varchar(20),
112
- type varchar(20),
113
- time bigint,
114
- input mediumtext );";
115
- //dbDelta($sql);
116
- $results = $wpdb->get_results($sql);
117
-
118
- }
119
- $tableName = $this->malwarereportTable;
120
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
- {
122
- $sql = "CREATE TABLE " . $tableName . " (
123
- `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
- dbDelta($sql);
125
- }
126
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
- if(is_null($result)){
128
- $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
- $results1 = $wpdb->query($sql);
130
- $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
- $resluts = $wpdb->query($sql1);
132
- }
133
-
134
-
135
- $tableName = $this->scanreportdetails;
136
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
- {
138
- $sql = "CREATE TABLE " . $tableName . " (
139
- `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
- dbDelta($sql);
141
- }
142
-
143
- $tableName = $this->skipfiles;
144
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
- {
146
- $sql = "CREATE TABLE " . $tableName . " (
147
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
- dbDelta($sql);
149
- }
150
-
151
- $tableName = $this->filescan;
152
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
- {
154
- $sql = "CREATE TABLE " . $tableName . " (
155
- `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
- dbDelta($sql);
157
- }
158
- $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
- if(is_null($result)){
160
- $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
- $results1 = $wpdb->query($sql);
162
- }
163
-
164
- $tableName = $this->hashfile;
165
- if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
- {
167
- $sql = "CREATE TABLE " . $tableName . " (
168
- `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
- dbDelta($sql);
170
- }
171
-
172
- $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
- $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
- $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
- if(empty($row1) && empty($row1) && empty($row1)){
176
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
- if($result){
178
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
- foreach ($report_ids as $key => $value) {
180
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
- $result = $this->mo_wpns_get_scan_count($scan_detail);
182
- $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
- }
184
- }
185
- }
186
- $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
- if(empty($rowhash)){
188
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
- }
190
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
- if(empty($result)){
192
- $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
- $results1 = $wpdb->query($sql);
194
- $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
- $resluts = $wpdb->query($sql1);
196
- }
197
- $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
- if(empty($result)){
199
- $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
- $results1 = $wpdb->query($sql);
201
- $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
- $resluts = $wpdb->query($sql1);
203
- }
204
- }
205
-
206
- function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
- global $wpdb;
208
- $wpdb->insert(
209
- $this->backupdetails,
210
- array(
211
- 'backup_id' =>$backup_id,
212
- 'file_name' =>$file_name,
213
- 'created_timestamp'=> $backup_created_timestamp,
214
- 'plugin_path' => $plugin_path
215
- ));
216
- }
217
-
218
- function get_table_content(){
219
- global $wpdb;
220
- return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
- }
222
-
223
- function get_number_of_plugin_backup(){
224
- global $wpdb;
225
-
226
- $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
- $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
- $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
- $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
- $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
- $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
-
233
- return $array;
234
- }
235
-
236
- function delete_file($id){
237
- global $wpdb;
238
- $wpdb->query(
239
- "DELETE FROM ".$this->backupdetails."
240
- WHERE id = ".$id
241
- );
242
- return;
243
- }
244
-
245
- function row_exist($id){
246
- global $wpdb;
247
- $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
- return $is_exist;
249
- }
250
-
251
- function get_ip_blocked_count($ipAddress)
252
- {
253
- global $wpdb;
254
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
- }
256
- function get_total_blocked_ips()
257
- {
258
- global $wpdb;
259
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
- }
261
- function get_total_manual_blocked_ips()
262
- {
263
- global $wpdb;
264
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
- }
266
- function get_total_blocked_ips_waf()
267
- {
268
- global $wpdb;
269
- $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
- return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
- }
272
- function get_blocked_attack_count($attack)
273
- {
274
- global $wpdb;
275
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
- }
277
-
278
- function get_count_of_blocked_ips(){
279
- global $wpdb;
280
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
- }
282
-
283
-
284
- function get_blocked_ip($entryid)
285
- {
286
- global $wpdb;
287
- return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
- }
289
-
290
- function get_blocked_ip_list()
291
- {
292
- global $wpdb;
293
- return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
- }
295
-
296
- function get_blocked_ips_realtime()
297
- {
298
- global $wpdb;
299
- return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
- }
301
- function get_blocked_attack_list($tableName)
302
- {
303
- global $wpdb;
304
- $tableName = $wpdb->base_prefix.$tableName;
305
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
- }
307
-
308
- function get_blocked_sqli_list()
309
- {
310
- global $wpdb;
311
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
- }
313
- function get_blocked_rfi_list()
314
- {
315
- global $wpdb;
316
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
- }
318
- function get_blocked_lfi_list()
319
- {
320
- global $wpdb;
321
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
- }
323
- function get_blocked_rce_list()
324
- {
325
- global $wpdb;
326
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
- }
328
- function get_blocked_xss_list()
329
- {
330
- global $wpdb;
331
- return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
- }
333
-
334
- function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
- {
336
- global $wpdb;
337
- $wpdb->insert(
338
- $this->blockedIPsTable,
339
- array(
340
- 'ip_address' => $ipAddress,
341
- 'reason' => $reason,
342
- 'blocked_for_time' => $blocked_for_time,
343
- 'created_timestamp' => current_time( 'timestamp' )
344
- )
345
- );
346
- return;
347
- }
348
-
349
- function delete_blocked_ip($entryid)
350
- {
351
- global $wpdb;
352
- $wpdb->query(
353
- "DELETE FROM ".$this->blockedIPsTable."
354
- WHERE id = ".$entryid
355
- );
356
- return;
357
- }
358
-
359
- function get_whitelisted_ip_count($ipAddress)
360
- {
361
- global $wpdb;
362
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
- }
364
-
365
- function insert_whitelisted_ip($ipAddress)
366
- {
367
- global $wpdb;
368
- $wpdb->insert(
369
- $this->whitelistIPsTable,
370
- array(
371
- 'ip_address' => $ipAddress,
372
- 'created_timestamp' => current_time( 'timestamp' )
373
- )
374
- );
375
- }
376
-
377
- function get_number_of_whitelisted_ips(){
378
- global $wpdb;
379
- return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
- }
381
-
382
- function delete_whitelisted_ip($entryid)
383
- {
384
- global $wpdb;
385
- $wpdb->query(
386
- "DELETE FROM ".$this->whitelistIPsTable."
387
- WHERE id = ".$entryid
388
- );
389
- return;
390
- }
391
-
392
- function get_whitelisted_ips_list()
393
- {
394
- global $wpdb;
395
- return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
- }
397
-
398
- function get_email_audit_count($ipAddress,$username)
399
- {
400
- global $wpdb;
401
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
- username='".$username."'" );
403
- }
404
-
405
- function insert_email_audit($ipAddress,$username,$reason)
406
- {
407
- global $wpdb;
408
- $wpdb->insert(
409
- $this->emailAuditTable,
410
- array(
411
- 'ip_address' => $ipAddress,
412
- 'username' => $username,
413
- 'reason' => $reason,
414
- 'created_timestamp' => current_time( 'timestamp' )
415
- )
416
- );
417
- return;
418
- }
419
-
420
- function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
- {
422
- global $wpdb;
423
- $data = array(
424
- 'ip_address' => $ipAddress,
425
- 'username' => $username,
426
- 'type' => $type,
427
- 'status' => $status,
428
- 'created_timestamp' => current_time( 'timestamp' )
429
- );
430
- $data['url'] = is_null($url) ? '' : $url;
431
- $url = sanitize_url($url);
432
- $wpdb->insert( $this->transactionTable, $data);
433
- return;
434
- }
435
-
436
- function get_transasction_list()
437
- {
438
- global $wpdb;
439
- return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
440
- }
441
-
442
- function get_login_transaction_report()
443
- {
444
- global $wpdb;
445
- return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
446
- }
447
-
448
- function get_error_transaction_report()
449
- {
450
- global $wpdb;
451
- return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
452
- }
453
-
454
- function update_transaction_table($where,$update)
455
- {
456
- global $wpdb;
457
-
458
- $sql = "UPDATE ".$this->transactionTable." SET ";
459
- $i = 0;
460
- foreach($update as $key=>$value)
461
- {
462
- if($i%2!=0)
463
- $sql .= ' , ';
464
- $sql .= $key."='".$value."'";
465
- $i++;
466
- }
467
- $sql .= " WHERE ";
468
- $i = 0;
469
- foreach($where as $key=>$value)
470
- {
471
- if($i%2!=0)
472
- $sql .= ' AND ';
473
- $sql .= $key."='".$value."'";
474
- $i++;
475
- }
476
-
477
- $wpdb->query($sql);
478
- return;
479
- }
480
-
481
- function get_count_of_attacks_blocked(){
482
- global $wpdb;
483
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
484
- }
485
-
486
- function get_failed_transaction_count($ipAddress)
487
- {
488
- global $wpdb;
489
- return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
490
- AND status = '".MoWpnsConstants::FAILED."'" );
491
- }
492
-
493
- function delete_transaction($ipAddress)
494
- {
495
- global $wpdb;
496
- $wpdb->query(
497
- "DELETE FROM ".$this->transactionTable."
498
- WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
499
- );
500
- return;
501
- }
502
-
503
- function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
504
- global $wpdb;
505
- $wpdb->insert(
506
- $this->malwarereportTable,
507
- array(
508
- 'scan_mode' => $scan_type,
509
- 'scanned_folders' => $folderNames,
510
- 'scanned_files' => 0,
511
- 'start_timestamp' => $start_timestamp,
512
- 'malware_count' => 0,
513
- 'repo_issues' => $repo_check_status_code,
514
- 'malicious_links' => 0
515
- )
516
- );
517
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
518
- if($result){
519
- $record = $result[0];
520
- return $record->id;
521
- }
522
- }
523
-
524
- function mo2f_update_net_issue($reportid){
525
- global $wpdb;
526
- $wpdb->update(
527
- $this->malwarereportTable,
528
- array(
529
- 'net_connection' => 1
530
- ),
531
- array(
532
- 'id' => $reportid
533
- )
534
- );
535
- }
536
-
537
- function mo2f_update_repo_issue($reportid, $issue){
538
- global $wpdb;
539
- $wpdb->update(
540
- $this->malwarereportTable,
541
- array(
542
- 'repo_key' => $issue
543
- ),
544
- array(
545
- 'id' => $reportid
546
- )
547
- );
548
- }
549
-
550
- function add_report_details($reportid, $filename, $report){
551
- global $wpdb;
552
- $wpdb->insert(
553
- $this->scanreportdetails,
554
- array(
555
- 'report_id' => $reportid,
556
- 'filename' => $filename,
557
- 'report' => serialize($report),
558
- 'created_timestamp' => current_time('timestamp')
559
- )
560
- );
561
- }
562
-
563
- function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
564
- global $wpdb;
565
- $wpdb->query(
566
- "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
567
- );
568
- }
569
-
570
- function count_files(){
571
- global $wpdb;
572
- $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
573
- return $sql[0]->scan_count;
574
- }
575
-
576
- function count_malicious_files(){
577
- global $wpdb;
578
- $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
579
- return $sql[0]->total_mal;
580
- }
581
-
582
- function count_files_last_scan($reportid){
583
- global $wpdb;
584
- $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
585
- return $sql[0]->scanned_files;
586
- }
587
-
588
- function count_malicious_last_scan($reportid){
589
- global $wpdb;
590
- $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
591
- return $sql[0]->mal_file;
592
- }
593
-
594
- function check_hash($hash_of_file){
595
- global $wpdb;
596
- $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
597
- $result=$wpdb->get_results( $sql );
598
- return $result;
599
- }
600
-
601
- function insert_hash($source_file_path,$hash_of_file, $scan_data){
602
- global $wpdb;
603
- $source_file_path = addslashes($source_file_path);
604
- $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
605
- $res=$wpdb->query( $query );
606
- }
607
-
608
- function update_hash($source_file_path, $hash_of_file, $scan_data){
609
- global $wpdb;
610
- $source_file_path = addslashes($source_file_path);
611
- $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
612
- $res=$wpdb->query( $query );
613
- }
614
-
615
- function delete_hash($source_file_path){
616
- global $wpdb;
617
- $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
618
- $res=$wpdb->query( $query );
619
- }
620
-
621
- function get_infected_file($filename){
622
- global $wpdb;
623
- $filename = addslashes($filename);
624
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
625
- return $result;
626
- }
627
-
628
- function insert_files_in_parts($file_path_array){
629
- global $wpdb;
630
- if(!empty($file_path_array)){
631
- $size=sizeof($file_path_array);
632
- $default=0;
633
- $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
634
- for ($i=1; $i <= $size ; $i++) {
635
- $value= $file_path_array[$i];
636
- $file_path = $value['file'];
637
- $file_path = addslashes($file_path);
638
- $hash_value= md5($file_path);
639
- $repo_key = $value['key'];
640
- $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
641
- if($i < $size){
642
- $query.= ",";
643
- }
644
- }
645
- $query.=";";
646
- $res=$wpdb->query( $query );
647
- }
648
- }
649
-
650
- function update_files_scan($file_path_array, $file_count){
651
- global $wpdb;
652
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
653
- for ($i=0; $i < $file_count ; $i++) {
654
- $value= $file_path_array[$i]->path;
655
- $value = addslashes($value);
656
- $value = md5($value);
657
- $query.= "('".$value."', 1)";
658
- if($i < $file_count-1){
659
- $query.= ",";
660
- }
661
- }
662
- $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
663
- $res=$wpdb->query( $query );
664
- }
665
-
666
- function update_files_scan_ext_link($file_path_array, $file_count){
667
- global $wpdb;
668
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
669
- for ($i=0; $i < $file_count ; $i++) {
670
- $value= $file_path_array[$i]->path;
671
- $value = addslashes($value);
672
- $value = md5($value);
673
- $query.= "('".$value."', 1)";
674
- if($i < $file_count-1){
675
- $query.= ",";
676
- }
677
- }
678
- $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
679
- $res=$wpdb->query( $query );
680
- }
681
-
682
- function update_files_scan_repo($file_path_array, $file_count){
683
- global $wpdb;
684
- $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
685
- for ($i=0; $i < $file_count ; $i++) {
686
- $value= $file_path_array[$i]->path;
687
- $value = addslashes($value);
688
- $value = md5($value);
689
- $query.= "('".$value."', 1)";
690
- if($i < $file_count-1){
691
- $query.= ",";
692
- }
693
- }
694
- $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
695
- $res=$wpdb->query( $query );
696
- }
697
-
698
- function get_files_in_parts(){
699
- global $wpdb;
700
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
701
- $result=$wpdb->get_results($sql);
702
- return $result;
703
- }
704
-
705
- function get_files_for_link(){
706
- global $wpdb;
707
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
708
- $result=$wpdb->get_results($sql);
709
- return $result;
710
- }
711
-
712
- function get_files_for_repo($repo_key){
713
- global $wpdb;
714
- $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
715
- $result=$wpdb->get_results($sql);
716
- return $result;
717
- }
718
-
719
- function delete_files_parts(){
720
- global $wpdb;
721
- $sql= "TRUNCATE TABLE ".$this->filescan.";";
722
- $res=$wpdb->query($sql);
723
- }
724
-
725
- function get_last_id(){
726
- global $wpdb;
727
- $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
728
- return $result;
729
- }
730
-
731
- function get_report_with_id($reportid){
732
- global $wpdb;
733
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
734
- return $result;
735
- }
736
-
737
- function delete_report($reportid){
738
- global $wpdb;
739
- $wpdb->query(
740
- "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
741
- );
742
- $warning_count=0;
743
- $malware_count=0;
744
- $last_id=$this->get_last_id();
745
- $send_id=$last_id[0]->max;
746
- if(!is_null($send_id)){
747
- $res = $this->get_report_with_id($send_id);
748
- $record = $res[0];
749
- if($record->malware_count >= 0){
750
- $malware_count = $record->malware_count;
751
- }
752
- if($record->repo_issues < 0){
753
- $warning_count = $record->malicious_links;
754
- }else{
755
- $warning_count = $record->repo_issues + $record->malicious_links;
756
- }
757
- }
758
-
759
- update_option('mo_wpns_infected_files', $malware_count);
760
- update_option('mo_wpns_warning_files', $warning_count);
761
-
762
- }
763
-
764
- function get_report(){
765
- global $wpdb;
766
- $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
767
- return $result;
768
- }
769
-
770
- function get_vulnerable_files_count_for_reportid($reportid){
771
- global $wpdb;
772
- $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
773
- return $result;
774
- }
775
-
776
- function ignorefile($filename){
777
- $signature = md5_file($filename);
778
- global $wpdb;
779
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
780
- if($result){
781
- $wpdb->query(
782
- "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
783
- );
784
- } else {
785
- $wpdb->insert(
786
- $this->skipfiles,
787
- array(
788
- 'path' => $filename,
789
- 'signature' => $signature,
790
- 'created_timestamp' => current_time('timestamp')
791
- )
792
- );
793
- }
794
- }
795
-
796
- function ignorechangedfile($recordId){
797
- global $wpdb;
798
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
799
- if($result){
800
- $record = $result[0];
801
- $signature = md5_file($record->path);
802
- $wpdb->query(
803
- "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
804
- );
805
- }
806
- }
807
-
808
- function getlistofignorefiles(){
809
- global $wpdb;
810
- $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
811
- return $result;
812
- }
813
-
814
- function get_detail_report_with_id($reportid){
815
- global $wpdb;
816
- $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
817
- return $result;
818
- }
819
-
820
- function mo_wpns_upgrade_process_complete(){
821
- $current_db_version = get_option('mo_wpns_dbversion');
822
- if($current_db_version < MoWpnsConstants::DB_VERSION){
823
- update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
824
- $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
825
- if(empty($row)){
826
- $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
827
- if($result){
828
- $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
829
- foreach ($report_ids as $key => $value) {
830
- $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
831
- $result = $this->mo_wpns_get_scan_count($scan_detail);
832
- $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
833
- }
834
- }
835
- }
836
- $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
837
- if(empty($rowhash)){
838
- $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
839
- }
840
- }
841
- }
842
-
843
- function mo_wpns_get_scan_count($result){
844
- $scan_count = 0;
845
- $repo_count = 0;
846
- $link_count = 0;
847
- $total = 0;
848
- foreach ($result as $key => $value) {
849
- $total+=1;
850
- $temp = unserialize($result[$key]->report);
851
- if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
852
- $scan_count++;
853
- $repo_count++;
854
- $link_count++;
855
- }else if(isset($temp['scan'])&&isset($temp['repo'])){
856
- $scan_count++;
857
- $repo_count++;
858
- }else if(isset($temp['scan'])&&isset($temp['extl'])){
859
- $scan_count++;
860
- $link_count++;
861
- }else if(isset($temp['repo'])&&isset($temp['extl'])){
862
- $repo_count++;
863
- $link_count++;
864
- }else if(isset($temp['scan'])){
865
- $scan_count++;
866
- }else if(isset($temp['repo'])){
867
- $repo_count++;
868
- }else if(isset($temp['extl'])){
869
- $link_count++;
870
- }
871
- }
872
- return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
873
- }
874
  }
1
+ <?php
2
+
3
+ require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
4
+
5
+ class MoWpnsDB
6
+ {
7
+ private $transactionTable;
8
+ private $blockedIPsTable;
9
+ private $whitelistIPsTable;
10
+ private $emailAuditTable;
11
+ private $malwarereportTable;
12
+ private $scanreportdetails;
13
+ private $skipfiles;
14
+ private $hashfile;
15
+
16
+ function __construct()
17
+ {
18
+ global $wpdb;
19
+ $this->transactionTable = $wpdb->base_prefix.'mo2f_network_transactions';
20
+ $this->blockedIPsTable = $wpdb->base_prefix.'mo2f_network_blocked_ips';
21
+ $this->attackList = $wpdb->base_prefix.'wpns_attack_logs';
22
+ $this->whitelistIPsTable = $wpdb->base_prefix.'mo2f_network_whitelisted_ips';
23
+ $this->emailAuditTable = $wpdb->base_prefix.'mo2f_network_email_sent_audit';
24
+ $this->IPrateDetails = $wpdb->base_prefix.'wpns_ip_rate_details';
25
+ $this->attackLogs = $wpdb->base_prefix.'wpns_attack_logs';
26
+ $this->malwarereportTable = $wpdb->base_prefix.'wpns_malware_scan_report';
27
+ $this->scanreportdetails = $wpdb->base_prefix.'wpns_malware_scan_report_details';
28
+ $this->skipfiles = $wpdb->base_prefix.'wpns_malware_skip_files';
29
+ $this->hashfile = $wpdb->base_prefix.'wpns_malware_hash_file';
30
+ $this->backupdetails = $wpdb->base_prefix.'wpns_backup_report';
31
+ $this->filescan = $wpdb->base_prefix.'wpns_files_scan';
32
+ }
33
+
34
+ function mo_plugin_activate()
35
+ {
36
+ global $wpdb;
37
+ if(!get_option('mo_wpns_dbversion')||get_option('mo_wpns_dbversion')<MoWpnsConstants::DB_VERSION){
38
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
39
+ $this->generate_tables();
40
+ } else {
41
+ $current_db_version = get_option('mo_wpns_dbversion');
42
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
43
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
44
+
45
+ }
46
+ }
47
+ }
48
+
49
+ function generate_tables(){
50
+ global $wpdb;
51
+
52
+ $tableName = $this->transactionTable;
53
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
54
+ {
55
+ $sql = "CREATE TABLE " . $tableName . " (
56
+ `id` bigint NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL ,
57
+ `type` mediumtext NOT NULL , `url` mediumtext NOT NULL , `status` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
58
+ dbDelta($sql);
59
+ }
60
+
61
+ $tableName = $this->blockedIPsTable;
62
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
63
+ {
64
+ $sql = "CREATE TABLE " . $tableName . " (
65
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `reason` mediumtext, `blocked_for_time` int,
66
+ `created_timestamp` int, UNIQUE KEY id (id) );";
67
+ dbDelta($sql);
68
+ }
69
+
70
+
71
+ $tableName = $this->whitelistIPsTable;
72
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
73
+ {
74
+ $sql = "CREATE TABLE " . $tableName . " (
75
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
76
+ dbDelta($sql);
77
+ }
78
+
79
+ $tableName = $this->backupdetails;
80
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
81
+ {
82
+ $sql = "CREATE TABLE " . $tableName . " (`id` int NOT NULL AUTO_INCREMENT,
83
+ `backup_id` mediumtext NOT NULL, `file_name` mediumtext NOT NULL , `created_timestamp` bigint, `plugin_path` mediumtext, UNIQUE KEY id (id) );";
84
+ dbDelta($sql);
85
+ }
86
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'plugin_path'");
87
+ if(is_null($result)){
88
+ $sql = "ALTER TABLE `$tableName` ADD `plugin_path` mediumtext AFTER `created_timestamp` ;";
89
+ $results1 = $wpdb->query($sql);
90
+ }
91
+
92
+ $tableName = $this->emailAuditTable;
93
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
94
+ {
95
+ $sql = "CREATE TABLE " . $tableName . " (
96
+ `id` int NOT NULL AUTO_INCREMENT, `ip_address` mediumtext NOT NULL , `username` mediumtext NOT NULL, `reason` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
97
+ dbDelta($sql);
98
+ }
99
+ $tableName = $this->IPrateDetails;
100
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
101
+ {
102
+ $sql = "CREATE TABLE " . $tableName . " (
103
+ ip varchar(20) , time bigint );";
104
+ dbDelta($sql);
105
+ }
106
+
107
+ $tableName = $this->attackLogs;
108
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
109
+ {
110
+ $sql = "create table ". $tableName ." (
111
+ ip varchar(20),
112
+ type varchar(20),
113
+ time bigint,
114
+ input mediumtext );";
115
+ //dbDelta($sql);
116
+ $results = $wpdb->get_results($sql);
117
+
118
+ }
119
+ $tableName = $this->malwarereportTable;
120
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
121
+ {
122
+ $sql = "CREATE TABLE " . $tableName . " (
123
+ `id` bigint NOT NULL AUTO_INCREMENT, `scan_mode` mediumtext NOT NULL, `scanned_folders` mediumtext NOT NULL, `scanned_files` int NOT NULL, `malware_count` int NOT NULL DEFAULT 0, `repo_issues` int NOT NULL DEFAULT 0, `malicious_links` int NOT NULL DEFAULT 0, `repo_key` mediumtext, `net_connection` int, `start_timestamp` int, `completed_timestamp` int, UNIQUE KEY id (id) );";
124
+ dbDelta($sql);
125
+ }
126
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'scan_mode'");
127
+ if(is_null($result)){
128
+ $sql = "ALTER TABLE `$tableName` ADD `scan_mode` mediumtext AFTER `id` ;";
129
+ $results1 = $wpdb->query($sql);
130
+ $sql1= "UPDATE $this->malwarereportTable SET `scan_mode`='Custom Scan';";
131
+ $resluts = $wpdb->query($sql1);
132
+ }
133
+
134
+
135
+ $tableName = $this->scanreportdetails;
136
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
137
+ {
138
+ $sql = "CREATE TABLE " . $tableName . " (
139
+ `id` bigint NOT NULL AUTO_INCREMENT, `report_id` bigint, `filename` mediumtext NOT NULL, `report` mediumtext NOT NULL , `created_timestamp` int, UNIQUE KEY id (id) );";
140
+ dbDelta($sql);
141
+ }
142
+
143
+ $tableName = $this->skipfiles;
144
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
145
+ {
146
+ $sql = "CREATE TABLE " . $tableName . " (
147
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL , `signature` mediumtext, `created_timestamp` int, UNIQUE KEY id (id) );";
148
+ dbDelta($sql);
149
+ }
150
+
151
+ $tableName = $this->filescan;
152
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
153
+ {
154
+ $sql = "CREATE TABLE " . $tableName . " (
155
+ `id` bigint NOT NULL AUTO_INCREMENT, `path` mediumtext NOT NULL, `name_hash` varchar(45) NOT NULL, `malware_service` int NOT NULL, `repo_check` int NOT NULL, `link_check` int NOT NULL, `repo_key` mediumtext NOT NULL, PRIMARY KEY id (id), UNIQUE KEY name_hash (name_hash) );";
156
+ dbDelta($sql);
157
+ }
158
+ $result= $wpdb->get_var("SHOW COLUMNS FROM `$tableName` LIKE 'repo_key'");
159
+ if(is_null($result)){
160
+ $sql = "ALTER TABLE `$tableName` ADD `repo_key` mediumtext AFTER `link_check` ;";
161
+ $results1 = $wpdb->query($sql);
162
+ }
163
+
164
+ $tableName = $this->hashfile;
165
+ if($wpdb->get_var("show tables like '$tableName'") != $tableName)
166
+ {
167
+ $sql = "CREATE TABLE " . $tableName . " (
168
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,`file name` varchar(500) NOT NULL,`file hash` mediumtext NOT NULL, `scan_data` mediumtext NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `file name` (`file name`), UNIQUE KEY `id_2`(`id`));";
169
+ dbDelta($sql);
170
+ }
171
+
172
+ $row1 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malware_count'" );
173
+ $row2 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_issues'" );
174
+ $row3 = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'malicious_links'" );
175
+ if(empty($row1) && empty($row1) && empty($row1)){
176
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
177
+ if($result){
178
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
179
+ foreach ($report_ids as $key => $value) {
180
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
181
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
182
+ $wpdb->query("UPDATE $this->malwarereportTable SET `malware_count`= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
183
+ }
184
+ }
185
+ }
186
+ $rowhash = $wpdb->get_results( "SHOW COLUMNS FROM ".$this->hashfile." LIKE 'scan_data'" );
187
+ if(empty($rowhash)){
188
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
189
+ }
190
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'repo_key'");
191
+ if(empty($result)){
192
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `repo_key` mediumtext AFTER `malicious_links` ;";
193
+ $results1 = $wpdb->query($sql);
194
+ $sql1= "UPDATE $this->malwarereportTable SET `repo_key`= NULL;";
195
+ $resluts = $wpdb->query($sql1);
196
+ }
197
+ $result= $wpdb->get_results("SHOW COLUMNS FROM ".$this->malwarereportTable." LIKE 'net_connection'");
198
+ if(empty($result)){
199
+ $sql = "ALTER TABLE $this->malwarereportTable ADD `net_connection` mediumtext AFTER `repo_key` ;";
200
+ $results1 = $wpdb->query($sql);
201
+ $sql1= "UPDATE $this->malwarereportTable SET `net_connection`= 0;";
202
+ $resluts = $wpdb->query($sql1);
203
+ }
204
+ }
205
+
206
+ function insert_backup_detail($backup_id,$file_name,$backup_created_timestamp,$plugin_path){
207
+ global $wpdb;
208
+ $wpdb->insert(
209
+ $this->backupdetails,
210
+ array(
211
+ 'backup_id' =>$backup_id,
212
+ 'file_name' =>$file_name,
213
+ 'created_timestamp'=> $backup_created_timestamp,
214
+ 'plugin_path' => $plugin_path
215
+ ));
216
+ }
217
+
218
+ function get_table_content(){
219
+ global $wpdb;
220
+ return $wpdb->get_results("SELECT plugin_path,file_name,created_timestamp,id FROM ".$this->backupdetails);
221
+ }
222
+
223
+ function get_number_of_plugin_backup(){
224
+ global $wpdb;
225
+
226
+ $plugin_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'plugin'");
227
+ $themes_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'themes'");
228
+ $wp_files_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'wpfiles'");
229
+ $db_count = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE backup_id = 'db'");
230
+ $total_backup = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails);
231
+ $array = array('plugin_count'=>$plugin_count,'themes_count'=>$themes_count,'wp_files_count'=>$wp_files_count,'db_count'=>$db_count,'total_backup'=>$total_backup);
232
+
233
+ return $array;
234
+ }
235
+
236
+ function delete_file($id){
237
+ global $wpdb;
238
+ $wpdb->query(
239
+ "DELETE FROM ".$this->backupdetails."
240
+ WHERE id = ".$id
241
+ );
242
+ return;
243
+ }
244
+
245
+ function row_exist($id){
246
+ global $wpdb;
247
+ $is_exist = $wpdb->get_var("SELECT COUNT(*) FROM ".$this->backupdetails." WHERE id =".$id );
248
+ return $is_exist;
249
+ }
250
+
251
+ function get_ip_blocked_count($ipAddress)
252
+ {
253
+ global $wpdb;
254
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE ip_address = '".$ipAddress."'" );
255
+ }
256
+ function get_total_blocked_ips()
257
+ {
258
+ global $wpdb;
259
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
260
+ }
261
+ function get_total_manual_blocked_ips()
262
+ {
263
+ global $wpdb;
264
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
265
+ }
266
+ function get_total_blocked_ips_waf()
267
+ {
268
+ global $wpdb;
269
+ $totalIPBlocked = $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable);
270
+ return $totalIPBlocked - $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->blockedIPsTable." WHERE reason = 'Blocked by Admin';");
271
+ }
272
+ function get_blocked_attack_count($attack)
273
+ {
274
+ global $wpdb;
275
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->attackList." WHERE type = '".$attack."'" );
276
+ }
277
+
278
+ function get_count_of_blocked_ips(){
279
+ global $wpdb;
280
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->blockedIPsTable."");
281
+ }
282
+
283
+
284
+ function get_blocked_ip($entryid)
285
+ {
286
+ global $wpdb;
287
+ return $wpdb->get_results( "SELECT ip_address FROM ".$this->blockedIPsTable." WHERE id=".$entryid );
288
+ }
289
+
290
+ function get_blocked_ip_list()
291
+ {
292
+ global $wpdb;
293
+ return $wpdb->get_results("SELECT id, reason, ip_address, created_timestamp FROM ".$this->blockedIPsTable);
294
+ }
295
+
296
+ function get_blocked_ips_realtime()
297
+ {
298
+ global $wpdb;
299
+ return $wpdb->get_results("SELECT ip_address FROM ".$this->blockedIPsTable);
300
+ }
301
+ function get_blocked_attack_list($tableName)
302
+ {
303
+ global $wpdb;
304
+ $tableName = $wpdb->base_prefix.$tableName;
305
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$tableName);
306
+ }
307
+
308
+ function get_blocked_sqli_list()
309
+ {
310
+ global $wpdb;
311
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='SQL attack'");
312
+ }
313
+ function get_blocked_rfi_list()
314
+ {
315
+ global $wpdb;
316
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RFI attack'");
317
+ }
318
+ function get_blocked_lfi_list()
319
+ {
320
+ global $wpdb;
321
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='LFI attack'");
322
+ }
323
+ function get_blocked_rce_list()
324
+ {
325
+ global $wpdb;
326
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='RCE attack'");
327
+ }
328
+ function get_blocked_xss_list()
329
+ {
330
+ global $wpdb;
331
+ return $wpdb->get_results("SELECT ip, type, time, input FROM ".$this->attackList."WHERE type='XSS attack'");
332
+ }
333
+
334
+ function insert_blocked_ip($ipAddress,$reason,$blocked_for_time)
335
+ {
336
+ global $wpdb;
337
+ $wpdb->insert(
338
+ $this->blockedIPsTable,
339
+ array(
340
+ 'ip_address' => $ipAddress,
341
+ 'reason' => $reason,
342
+ 'blocked_for_time' => $blocked_for_time,
343
+ 'created_timestamp' => current_time( 'timestamp' )
344
+ )
345
+ );
346
+ return;
347
+ }
348
+
349
+ function delete_blocked_ip($entryid)
350
+ {
351
+ global $wpdb;
352
+ $wpdb->query(
353
+ "DELETE FROM ".$this->blockedIPsTable."
354
+ WHERE id = ".$entryid
355
+ );
356
+ return;
357
+ }
358
+
359
+ function get_whitelisted_ip_count($ipAddress)
360
+ {
361
+ global $wpdb;
362
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->whitelistIPsTable." WHERE ip_address = '".$ipAddress."'" );
363
+ }
364
+
365
+ function insert_whitelisted_ip($ipAddress)
366
+ {
367
+ global $wpdb;
368
+ $wpdb->insert(
369
+ $this->whitelistIPsTable,
370
+ array(
371
+ 'ip_address' => $ipAddress,
372
+ 'created_timestamp' => current_time( 'timestamp' )
373
+ )
374
+ );
375
+ }
376
+
377
+ function get_number_of_whitelisted_ips(){
378
+ global $wpdb;
379
+ return $wpdb->get_var("SELECT COUNT(*) FROM ".$this->whitelistIPsTable."");
380
+ }
381
+
382
+ function delete_whitelisted_ip($entryid)
383
+ {
384
+ global $wpdb;
385
+ $wpdb->query(
386
+ "DELETE FROM ".$this->whitelistIPsTable."
387
+ WHERE id = ".$entryid
388
+ );
389
+ return;
390
+ }
391
+
392
+ function get_whitelisted_ips_list()
393
+ {
394
+ global $wpdb;
395
+ return $wpdb->get_results( "SELECT id, ip_address, created_timestamp FROM ".$this->whitelistIPsTable );
396
+ }
397
+
398
+ function get_email_audit_count($ipAddress,$username)
399
+ {
400
+ global $wpdb;
401
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->emailAuditTable." WHERE ip_address = '".$ipAddress."' AND
402
+ username='".$username."'" );
403
+ }
404
+
405
+ function insert_email_audit($ipAddress,$username,$reason)
406
+ {
407
+ global $wpdb;
408
+ $wpdb->insert(
409
+ $this->emailAuditTable,
410
+ array(
411
+ 'ip_address' => $ipAddress,
412
+ 'username' => $username,
413
+ 'reason' => $reason,
414
+ 'created_timestamp' => current_time( 'timestamp' )
415
+ )
416
+ );
417
+ return;
418
+ }
419
+
420
+ function insert_transaction_audit($ipAddress,$username,$type,$status,$url=null)
421
+ {
422
+ global $wpdb;
423
+ $data = array(
424
+ 'ip_address' => $ipAddress,
425
+ 'username' => $username,
426
+ 'type' => $type,
427
+ 'status' => $status,
428
+ 'created_timestamp' => current_time( 'timestamp' )
429
+ );
430
+ $data['url'] = is_null($url) ? '' : $url;
431
+ $url = sanitize_url($url);
432
+ $wpdb->insert( $this->transactionTable, $data);
433
+ return;
434
+ }
435
+
436
+ function get_transasction_list()
437
+ {
438
+ global $wpdb;
439
+ return $wpdb->get_results( "SELECT ip_address, username, type, status, created_timestamp FROM ".$this->transactionTable." order by id desc limit 5000" );
440
+ }
441
+
442
+ function get_login_transaction_report()
443
+ {
444
+ global $wpdb;
445
+ return $wpdb->get_results( "SELECT ip_address, username, status, created_timestamp FROM ".$this->transactionTable." WHERE type='User Login' order by id desc limit 5000" );
446
+ }
447
+
448
+ function get_error_transaction_report()
449
+ {
450
+ global $wpdb;
451
+ return $wpdb->get_results( "SELECT ip_address, username, url, type, created_timestamp FROM ".$this->transactionTable." WHERE type <> 'User Login' order by id desc limit 5000" );
452
+ }
453
+
454
+ function update_transaction_table($where,$update)
455
+ {
456
+ global $wpdb;
457
+
458
+ $sql = "UPDATE ".$this->transactionTable." SET ";
459
+ $i = 0;
460
+ foreach($update as $key=>$value)
461
+ {
462
+ if($i%2!=0)
463
+ $sql .= ' , ';
464
+ $sql .= $key."='".$value."'";
465
+ $i++;
466
+ }
467
+ $sql .= " WHERE ";
468
+ $i = 0;
469
+ foreach($where as $key=>$value)
470
+ {
471
+ if($i%2!=0)
472
+ $sql .= ' AND ';
473
+ $sql .= $key."='".$value."'";
474
+ $i++;
475
+ }
476
+
477
+ $wpdb->query($sql);
478
+ return;
479
+ }
480
+
481
+ function get_count_of_attacks_blocked(){
482
+ global $wpdb;
483
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE status = '".MoWpnsConstants::FAILED."' OR status = '".MoWpnsConstants::PAST_FAILED."'" );
484
+ }
485
+
486
+ function get_failed_transaction_count($ipAddress)
487
+ {
488
+ global $wpdb;
489
+ return $wpdb->get_var( "SELECT COUNT(*) FROM ".$this->transactionTable." WHERE ip_address = '".$ipAddress."'
490
+ AND status = '".MoWpnsConstants::FAILED."'" );
491
+ }
492
+
493
+ function delete_transaction($ipAddress)
494
+ {
495
+ global $wpdb;
496
+ $wpdb->query(
497
+ "DELETE FROM ".$this->transactionTable."
498
+ WHERE ip_address = '".$ipAddress."' AND status='".MoWpnsConstants::FAILED."'"
499
+ );
500
+ return;
501
+ }
502
+
503
+ function create_scan_report($folderNames, $scan_type, $start_timestamp, $repo_check_status_code){
504
+ global $wpdb;
505
+ $wpdb->insert(
506
+ $this->malwarereportTable,
507
+ array(
508
+ 'scan_mode' => $scan_type,
509
+ 'scanned_folders' => $folderNames,
510
+ 'scanned_files' => 0,
511
+ 'start_timestamp' => $start_timestamp,
512
+ 'malware_count' => 0,
513
+ 'repo_issues' => $repo_check_status_code,
514
+ 'malicious_links' => 0
515
+ )
516
+ );
517
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id DESC LIMIT 1");
518
+ if($result){
519
+ $record = $result[0];
520
+ return $record->id;
521
+ }
522
+ }
523
+
524
+ function mo2f_update_net_issue($reportid){
525
+ global $wpdb;
526
+ $wpdb->update(
527
+ $this->malwarereportTable,
528
+ array(
529
+ 'net_connection' => 1
530
+ ),
531
+ array(
532
+ 'id' => $reportid
533
+ )
534
+ );
535
+ }
536
+
537
+ function mo2f_update_repo_issue($reportid, $issue){
538
+ global $wpdb;
539
+ $wpdb->update(
540
+ $this->malwarereportTable,
541
+ array(
542
+ 'repo_key' => $issue
543
+ ),
544
+ array(
545
+ 'id' => $reportid
546
+ )
547
+ );
548
+ }
549
+
550
+ function add_report_details($reportid, $filename, $report){
551
+ global $wpdb;
552
+ $wpdb->insert(
553
+ $this->scanreportdetails,
554
+ array(
555
+ 'report_id' => $reportid,
556
+ 'filename' => $filename,
557
+ 'report' => serialize($report),
558
+ 'created_timestamp' => current_time('timestamp')
559
+ )
560
+ );
561
+ }
562
+
563
+ function scan_report_complete($recordId, $no_of_scanned_files, $malware_count, $repo_issues, $malicious_links){
564
+ global $wpdb;
565
+ $wpdb->query(
566
+ "UPDATE ".$this->malwarereportTable." set completed_timestamp = ".current_time('timestamp').", scanned_files=".$no_of_scanned_files.", malware_count= '".$malware_count."', repo_issues='".$repo_issues."', malicious_links='".$malicious_links."' WHERE id = ".$recordId
567
+ );
568
+ }
569
+
570
+ function count_files(){
571
+ global $wpdb;
572
+ $sql= $wpdb->get_results("SELECT SUM(`scanned_files`) AS scan_count FROM ".$this->malwarereportTable);
573
+ return $sql[0]->scan_count;
574
+ }
575
+
576
+ function count_malicious_files(){
577
+ global $wpdb;
578
+ $sql= $wpdb->get_results("SELECT COUNT(*) AS total_mal FROM ".$this->scanreportdetails);
579
+ return $sql[0]->total_mal;
580
+ }
581
+
582
+ function count_files_last_scan($reportid){
583
+ global $wpdb;
584
+ $sql= $wpdb->get_results('SELECT * FROM '.$this->malwarereportTable.' WHERE `id`="'.$reportid.'"');
585
+ return $sql[0]->scanned_files;
586
+ }
587
+
588
+ function count_malicious_last_scan($reportid){
589
+ global $wpdb;
590
+ $sql= $wpdb->get_results('SELECT COUNT(*) AS mal_file FROM '.$this->scanreportdetails.' WHERE `report_id`="'.$reportid.'"');
591
+ return $sql[0]->mal_file;
592
+ }
593
+
594
+ function check_hash($hash_of_file){
595
+ global $wpdb;
596
+ $sql= 'SELECT * FROM '.$this->hashfile.' WHERE `file hash`="'.$hash_of_file.'"';
597
+ $result=$wpdb->get_results( $sql );
598
+ return $result;
599
+ }
600
+
601
+ function insert_hash($source_file_path,$hash_of_file, $scan_data){
602
+ global $wpdb;
603
+ $source_file_path = addslashes($source_file_path);
604
+ $query= "INSERT INTO ".$this->hashfile."(`file name`,`file hash`,`scan_data`) VALUES('".$source_file_path."', '".$hash_of_file."', '".serialize($scan_data)."') ON DUPLICATE KEY UPDATE `file hash`='".$hash_of_file."' AND `scan_data`='".serialize($scan_data)."'";
605
+ $res=$wpdb->query( $query );
606
+ }
607
+
608
+ function update_hash($source_file_path, $hash_of_file, $scan_data){
609
+ global $wpdb;
610
+ $source_file_path = addslashes($source_file_path);
611
+ $query= "UPDATE ".$this->hashfile." SET `file hash`='".$hash_of_file."',`scan_data`='".serialize($scan_data)."' WHERE `file name`='".$source_file_path."'";
612
+ $res=$wpdb->query( $query );
613
+ }
614
+
615
+ function delete_hash($source_file_path){
616
+ global $wpdb;
617
+ $query= "DELETE FROM ".$this->hashfile." WHERE `file name` = '".$source_file_path."'";
618
+ $res=$wpdb->query( $query );
619
+ }
620
+
621
+ function get_infected_file($filename){
622
+ global $wpdb;
623
+ $filename = addslashes($filename);
624
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where filename=".$filename );
625
+ return $result;
626
+ }
627
+
628
+ function insert_files_in_parts($file_path_array){
629
+ global $wpdb;
630
+ if(!empty($file_path_array)){
631
+ $size=sizeof($file_path_array);
632
+ $default=0;
633
+ $query="INSERT INTO ".$this->filescan."(`path`, `name_hash`, `malware_service`, `repo_check`, `link_check`, `repo_key`) VALUES";
634
+ for ($i=1; $i <= $size ; $i++) {
635
+ $value= $file_path_array[$i];
636
+ $file_path = $value['file'];
637
+ $file_path = addslashes($file_path);
638
+ $hash_value= md5($file_path);
639
+ $repo_key = $value['key'];
640
+ $query.= "('".$file_path."', '".$hash_value."', '".$default."', '".$default."', '".$default."', '".$repo_key."')";
641
+ if($i < $size){
642
+ $query.= ",";
643
+ }
644
+ }
645
+ $query.=";";
646
+ $res=$wpdb->query( $query );
647
+ }
648
+ }
649
+
650
+ function update_files_scan($file_path_array, $file_count){
651
+ global $wpdb;
652
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `malware_service`) VALUES";
653
+ for ($i=0; $i < $file_count ; $i++) {
654
+ $value= $file_path_array[$i]->path;
655
+ $value = addslashes($value);
656
+ $value = md5($value);
657
+ $query.= "('".$value."', 1)";
658
+ if($i < $file_count-1){
659
+ $query.= ",";
660
+ }
661
+ }
662
+ $query.=" ON DUPLICATE KEY UPDATE `malware_service`= VALUES(malware_service);";
663
+ $res=$wpdb->query( $query );
664
+ }
665
+
666
+ function update_files_scan_ext_link($file_path_array, $file_count){
667
+ global $wpdb;
668
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `link_check`) VALUES";
669
+ for ($i=0; $i < $file_count ; $i++) {
670
+ $value= $file_path_array[$i]->path;
671
+ $value = addslashes($value);
672
+ $value = md5($value);
673
+ $query.= "('".$value."', 1)";
674
+ if($i < $file_count-1){
675
+ $query.= ",";
676
+ }
677
+ }
678
+ $query.=" ON DUPLICATE KEY UPDATE `link_check`= VALUES(link_check);";
679
+ $res=$wpdb->query( $query );
680
+ }
681
+
682
+ function update_files_scan_repo($file_path_array, $file_count){
683
+ global $wpdb;
684
+ $query="INSERT INTO ".$this->filescan."(`name_hash`, `repo_check`) VALUES";
685
+ for ($i=0; $i < $file_count ; $i++) {
686
+ $value= $file_path_array[$i]->path;
687
+ $value = addslashes($value);
688
+ $value = md5($value);
689
+ $query.= "('".$value."', 1)";
690
+ if($i < $file_count-1){
691
+ $query.= ",";
692
+ }
693
+ }
694
+ $query.=" ON DUPLICATE KEY UPDATE `repo_check`= VALUES(repo_check);";
695
+ $res=$wpdb->query( $query );
696
+ }
697
+
698
+ function get_files_in_parts(){
699
+ global $wpdb;
700
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `malware_service`= 0 LIMIT 100';
701
+ $result=$wpdb->get_results($sql);
702
+ return $result;
703
+ }
704
+
705
+ function get_files_for_link(){
706
+ global $wpdb;
707
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `link_check`= 0 LIMIT 100';
708
+ $result=$wpdb->get_results($sql);
709
+ return $result;
710
+ }
711
+
712
+ function get_files_for_repo($repo_key){
713
+ global $wpdb;
714
+ $sql= 'SELECT * FROM '.$this->filescan.' WHERE `repo_check`= 0 AND `repo_key`= "'.$repo_key.'" LIMIT 100';
715
+ $result=$wpdb->get_results($sql);
716
+ return $result;
717
+ }
718
+
719
+ function delete_files_parts(){
720
+ global $wpdb;
721
+ $sql= "TRUNCATE TABLE ".$this->filescan.";";
722
+ $res=$wpdb->query($sql);
723
+ }
724
+
725
+ function get_last_id(){
726
+ global $wpdb;
727
+ $result= $wpdb->get_results("SELECT MAX(Id) AS max FROM ".$this->malwarereportTable);
728
+ return $result;
729
+ }
730
+
731
+ function get_report_with_id($reportid){
732
+ global $wpdb;
733
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." where id=".$reportid );
734
+ return $result;
735
+ }
736
+
737
+ function delete_report($reportid){
738
+ global $wpdb;
739
+ $wpdb->query(
740
+ "DELETE FROM ".$this->malwarereportTable." WHERE id = ".$reportid
741
+ );
742
+ $warning_count=0;
743
+ $malware_count=0;
744
+ $last_id=$this->get_last_id();
745
+ $send_id=$last_id[0]->max;
746
+ if(!is_null($send_id)){
747
+ $res = $this->get_report_with_id($send_id);
748
+ $record = $res[0];
749
+ if($record->malware_count >= 0){
750
+ $malware_count = $record->malware_count;
751
+ }
752
+ if($record->repo_issues < 0){
753
+ $warning_count = $record->malicious_links;
754
+ }else{
755
+ $warning_count = $record->repo_issues + $record->malicious_links;
756
+ }
757
+ }
758
+
759
+ update_option('mo_wpns_infected_files', $malware_count);
760
+ update_option('mo_wpns_warning_files', $warning_count);
761
+
762
+ }
763
+
764
+ function get_report(){
765
+ global $wpdb;
766
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->malwarereportTable." order by id desc" );
767
+ return $result;
768
+ }
769
+
770
+ function get_vulnerable_files_count_for_reportid($reportid){
771
+ global $wpdb;
772
+ $result = $wpdb->get_results( "SELECT count(*) as count FROM ".$this->scanreportdetails." where report_id=".$reportid );
773
+ return $result;
774
+ }
775
+
776
+ function ignorefile($filename){
777
+ $signature = md5_file($filename);
778
+ global $wpdb;
779
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where path = '".$filename."'" );
780
+ if($result){
781
+ $wpdb->query(
782
+ "UPDATE ".$this->skipfiles." SET signature = '".$signature."' WHERE path = '".$filename."'"
783
+ );
784
+ } else {
785
+ $wpdb->insert(
786
+ $this->skipfiles,
787
+ array(
788
+ 'path' => $filename,
789
+ 'signature' => $signature,
790
+ 'created_timestamp' => current_time('timestamp')
791
+ )
792
+ );
793
+ }
794
+ }
795
+
796
+ function ignorechangedfile($recordId){
797
+ global $wpdb;
798
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles." where id = ".$recordId );
799
+ if($result){
800
+ $record = $result[0];
801
+ $signature = md5_file($record->path);
802
+ $wpdb->query(
803
+ "UPDATE ".$this->skipfiles." set signature = '".$signature."' WHERE id = ".$recordId
804
+ );
805
+ }
806
+ }
807
+
808
+ function getlistofignorefiles(){
809
+ global $wpdb;
810
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->skipfiles."" );
811
+ return $result;
812
+ }
813
+
814
+ function get_detail_report_with_id($reportid){
815
+ global $wpdb;
816
+ $result = $wpdb->get_results( "SELECT * FROM ".$this->scanreportdetails." where report_id=".$reportid );
817
+ return $result;
818
+ }
819
+
820
+ function mo_wpns_upgrade_process_complete(){
821
+ $current_db_version = get_option('mo_wpns_dbversion');
822
+ if($current_db_version < MoWpnsConstants::DB_VERSION){
823
+ update_option('mo_wpns_dbversion', MoWpnsConstants::DB_VERSION );
824
+ $row = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->malwarereportTable."' AND column_name = 'malware_count' AND column_name='repo_issues' AND column_name='malicious_links'" );
825
+ if(empty($row)){
826
+ $result = $wpdb->query("ALTER TABLE $this->malwarereportTable ADD COLUMN `malware_count` INT NOT NULL DEFAULT 0 AFTER `scanned_files`, ADD COLUMN `repo_issues` INT NOT NULL DEFAULT 0 AFTER `malware_count`, ADD COLUMN `malicious_links` INT NOT NULL DEFAULT 0 AFTER `repo_issues`");
827
+ if($result){
828
+ $report_ids = $wpdb->get_results("SELECT id FROM $this->malwarereportTable");
829
+ foreach ($report_ids as $key => $value) {
830
+ $scan_detail = $wpdb->get_results("SELECT report FROM $this->scanreportdetails WHERE report_id='".$report_ids[$key]->id."'");
831
+ $result = $this->mo_wpns_get_scan_count($scan_detail);
832
+ $wpdb->query("UPDATE $this->malwarereportTable SET 'malware_count'= '".$result['scan']."', `repo_issues`='".$result['repo']."', `malicious_links`='".$result['extl']."' WHERE id='".$report_ids[$key]->id."'");
833
+ }
834
+ }
835
+ }
836
+ $rowhash = $wpdb->get_results( "SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '".$this->hashfile."' AND column_name = 'scan_data'" );
837
+ if(empty($rowhash)){
838
+ $result = $wpdb->query("ALTER TABLE $this->hashfile ADD COLUMN `scan_data` mediumtext NOT NULL");
839
+ }
840
+ }
841
+ }
842
+
843
+ function mo_wpns_get_scan_count($result){
844
+ $scan_count = 0;
845
+ $repo_count = 0;
846
+ $link_count = 0;
847
+ $total = 0;
848
+ foreach ($result as $key => $value) {
849
+ $total+=1;
850
+ $temp = unserialize($result[$key]->report);
851
+ if(isset($temp['scan'])&&isset($temp['repo'])&&isset($temp['extl'])){
852
+ $scan_count++;
853
+ $repo_count++;
854
+ $link_count++;
855
+ }else if(isset($temp['scan'])&&isset($temp['repo'])){
856
+ $scan_count++;
857
+ $repo_count++;
858
+ }else if(isset($temp['scan'])&&isset($temp['extl'])){
859
+ $scan_count++;
860
+ $link_count++;
861
+ }else if(isset($temp['repo'])&&isset($temp['extl'])){
862
+ $repo_count++;
863
+ $link_count++;
864
+ }else if(isset($temp['scan'])){
865
+ $scan_count++;
866
+ }else if(isset($temp['repo'])){
867
+ $repo_count++;
868
+ }else if(isset($temp['extl'])){
869
+ $link_count++;
870
+ }
871
+ }
872
+ return array('scan'=>$scan_count, 'repo'=>$repo_count, 'extl'=>$link_count);
873
+ }
874
  }
handler/WAF/mo-waf-real-time.php CHANGED
@@ -1,42 +1,42 @@
1
- <?php
2
-
3
- function add_to_blacklist($ipaddress,$domain)
4
- {
5
- if(get_site_option('mo2f_realtime_ip_block_free'))
6
- {
7
- $customer_key = base64_encode(get_option("mo2f_customerKey"));
8
- $api_key = base64_encode(get_option("mo2f_api_key"));
9
- $url = MoWpnsConstants::REAL_TIME_IP_HOST.'/realtimeIPBlocking/add_to_blacklist_free.php';
10
-
11
-
12
- $postData = array(
13
- 'ipaddress' => json_encode($ipaddress),
14
- 'domain' => $domain,
15
- 'mo2f_customerKey' => $customer_key,
16
- 'mo2f_api_key' =>$api_key
17
- );
18
-
19
- $args = array(
20
- 'method' => 'POST',
21
- 'timeout' => 10,
22
- 'sslverify' => false,
23
- 'headers' => array(),
24
- 'body' => $postdata,
25
- );
26
-
27
- $mo2f_api=new Mo2f_Api();
28
- $output=$mo2f_api->mo2f_wp_remote_post($url,$args);
29
-
30
- if($output == 'SUCCESS')
31
- {
32
- $added_ipaddress = get_site_option('mo2f_added_ips_realtime');
33
-
34
- for($i=0;$i<sizeof($ipaddress);$i++)
35
- {
36
- $added_ipaddress .= $ipaddress[$i].',';
37
- }
38
- update_site_option('mo2f_added_ips_realtime',$added_ipaddress);
39
-
40
- }
41
- }
42
  }
1
+ <?php
2
+
3
+ function add_to_blacklist($ipaddress,$domain)
4
+ {
5
+ if(get_site_option('mo2f_realtime_ip_block_free'))
6
+ {
7
+ $customer_key = base64_encode(get_option("mo2f_customerKey"));
8
+ $api_key = base64_encode(get_option("mo2f_api_key"));
9
+ $url = MoWpnsConstants::REAL_TIME_IP_HOST.'/realtimeIPBlocking/add_to_blacklist_free.php';
10
+
11
+
12
+ $postData = array(
13
+ 'ipaddress' => json_encode($ipaddress),
14
+ 'domain' => $domain,
15
+ 'mo2f_customerKey' => $customer_key,
16
+ 'mo2f_api_key' =>$api_key
17
+ );
18
+
19
+ $args = array(
20
+ 'method' => 'POST',
21
+ 'timeout' => 10,
22
+ 'sslverify' => false,
23
+ 'headers' => array(),
24
+ 'body' => $postdata,
25
+ );
26
+
27
+ $mo2f_api=new Mo2f_Api();
28
+ $output=$mo2f_api->mo2f_wp_remote_post($url,$args);
29
+
30
+ if($output == 'SUCCESS')
31
+ {
32
+ $added_ipaddress = get_site_option('mo2f_added_ips_realtime');
33
+
34
+ for($i=0;$i<sizeof($ipaddress);$i++)
35
+ {
36
+ $added_ipaddress .= $ipaddress[$i].',';
37
+ }
38
+ update_site_option('mo2f_added_ips_realtime',$added_ipaddress);
39
+
40
+ }
41
+ }
42
  }
handler/WAF/waf-include.php CHANGED
@@ -1,100 +1,100 @@
1
- <?php
2
- $dir = dirname(__FILE__);
3
- $dir = str_replace('\\', "/", $dir);
4
- $dir = explode('WAF', $dir);
5
- $dir = $dir[0];
6
- $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
- $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
- $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
- $configfilepath = explode('wp-content', $dir);
10
- $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
- $missingFile = 0;
12
-
13
- if(file_exists($configfile))
14
- {
15
- include_once($configfile);
16
- }
17
- else
18
- {
19
- $missingFile = 1;
20
- }
21
- include_once($sqlInjectionFile);
22
- include_once($xssFile);
23
- include_once($lfiFile);
24
-
25
- function mo2f_isValidIP($IP)
26
- {
27
- return filter_var($IP, FILTER_VALIDATE_IP) !== false;
28
- }
29
-
30
- function get_ipaddress()
31
- {
32
- $ipaddress = '';
33
- if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
34
- $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
35
- elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
36
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
37
- elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
38
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
39
- elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
40
- {
41
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
42
- $ipaddress = explode(",", $ipaddress)[0];
43
- }
44
- elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
45
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
46
- elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
47
- $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
48
- else
49
- $ipaddress = 'UNKNOWN';
50
-
51
- return $ipaddress;
52
- }
53
- function is_crawler()
54
- {
55
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])? sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
56
- $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
57
- foreach ($Botsign as $key => $value)
58
- {
59
- if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
60
- {
61
- return true;
62
- }
63
- }
64
- return false;
65
- }
66
- function is_fake_googlebot($ipaddress)
67
- {
68
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])? sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
69
- if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
70
- {
71
- if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
72
- {
73
- header('HTTP/1.1 403 Forbidden');
74
- include_once("mo-error.html");
75
- exit;
76
- }
77
- }
78
- }
79
- function is_fake($crawler,$USER_AGENT,$ipaddress)
80
- {
81
- // $hostName = gethostbyaddr($ipaddress);
82
- // $hostIP = gethostbyname($hostName);
83
- // if(is_numeric(get_option('mo_wpns_iprange_count')))
84
- // $range_count = intval(get_option('mo_wpns_iprange_count'));
85
- // for($i = 1 ; $i <= $range_count ; $i++){
86
- // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
87
- // $rangearray = explode("-",$blockedrange);
88
- // if(sizeof($rangearray)==2){
89
- // $lowip = ip2long(trim($rangearray[0]));
90
- // $highip = ip2long(trim($rangearray[1]));
91
- // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
92
- // $mo_wpns_config = new MoWpnsHandler();
93
- // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
94
- // return true;
95
- // }
96
- // }
97
- // }
98
- // return false;
99
- }
100
  ?>
1
+ <?php
2
+ $dir = dirname(__FILE__);
3
+ $dir = str_replace('\\', "/", $dir);
4
+ $dir = explode('WAF', $dir);
5
+ $dir = $dir[0];
6
+ $sqlInjectionFile = $dir.DIRECTORY_SEPARATOR.'signature/APSQLI.php';
7
+ $xssFile = $dir.DIRECTORY_SEPARATOR.'signature/APXSS.php';
8
+ $lfiFile = $dir.DIRECTORY_SEPARATOR.'signature/APLFI.php';
9
+ $configfilepath = explode('wp-content', $dir);
10
+ $configfile = $configfilepath[0].DIRECTORY_SEPARATOR.'wp-includes/mo-waf-config.php';
11
+ $missingFile = 0;
12
+
13
+ if(file_exists($configfile))
14
+ {
15
+ include_once($configfile);
16
+ }
17
+ else
18
+ {
19
+ $missingFile = 1;
20
+ }
21
+ include_once($sqlInjectionFile);
22
+ include_once($xssFile);
23
+ include_once($lfiFile);
24
+
25
+ function mo2f_isValidIP($IP)
26
+ {
27
+ return filter_var($IP, FILTER_VALIDATE_IP) !== false;
28
+ }
29
+
30
+ function get_ipaddress()
31
+ {
32
+ $ipaddress = '';
33
+ if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
34
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
35
+ elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
36
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
37
+ elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
38
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
39
+ elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
40
+ {
41
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
42
+ $ipaddress = explode(",", $ipaddress)[0];
43
+ }
44
+ elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
45
+ $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
46
+ elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
47
+ $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
48
+ else
49
+ $ipaddress = 'UNKNOWN';
50
+
51
+ return $ipaddress;
52
+ }
53
+ function is_crawler()
54
+ {
55
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])? sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
56
+ $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
57
+ foreach ($Botsign as $key => $value)
58
+ {
59
+ if(isset($USER_AGENT) || preg_match('/'.$value.'/', $USER_AGENT))
60
+ {
61
+ return true;
62
+ }
63
+ }
64
+ return false;
65
+ }
66
+ function is_fake_googlebot($ipaddress)
67
+ {
68
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])? sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
69
+ if(isset($USER_AGENT) || preg_match('/Googlebot/', $USER_AGENT))
70
+ {
71
+ if(is_fake('Googlebot',$USER_AGENT,$ipaddress))
72
+ {
73
+ header('HTTP/1.1 403 Forbidden');
74
+ include_once("mo-error.html");
75
+ exit;
76
+ }
77
+ }
78
+ }
79
+ function is_fake($crawler,$USER_AGENT,$ipaddress)
80
+ {
81
+ // $hostName = gethostbyaddr($ipaddress);
82
+ // $hostIP = gethostbyname($hostName);
83
+ // if(is_numeric(get_option('mo_wpns_iprange_count')))
84
+ // $range_count = intval(get_option('mo_wpns_iprange_count'));
85
+ // for($i = 1 ; $i <= $range_count ; $i++){
86
+ // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
87
+ // $rangearray = explode("-",$blockedrange);
88
+ // if(sizeof($rangearray)==2){
89
+ // $lowip = ip2long(trim($rangearray[0]));
90
+ // $highip = ip2long(trim($rangearray[1]));
91
+ // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
92
+ // $mo_wpns_config = new MoWpnsHandler();
93
+ // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
94
+ // return true;
95
+ // }
96
+ // }
97
+ // }
98
+ // return false;
99
+ }
100
  ?>
handler/ajax.php CHANGED
@@ -1,192 +1,192 @@
1
- <?php
2
-
3
- class AjaxHandler
4
- {
5
- function __construct()
6
- {
7
- add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
- }
9
-
10
- function mo_wpns_2fa_actions()
11
- {
12
- global $moWpnsUtility,$mo2f_dirName;
13
-
14
- if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
- {
16
- switch($_REQUEST['option'])
17
- {
18
- case "iplookup":
19
- $this->lookupIP($_GET['ip']); break;
20
-
21
- case "dissmissSMTP":
22
- $this->handle_smtp(); break;
23
- case "whitelistself":
24
- $this->whitelist_self(); break;
25
-
26
- case "dismissplugin":
27
- $this->wpns_plugin_notice(); break;
28
-
29
- case "dismissbackup":
30
- $this->wpns_dismiss_backup_notice(); break;
31
-
32
- case "dismissbruteforce":
33
- $this->wpns_dismiss_bruteforce_notice(); break;
34
-
35
- case "dismissrecaptcha":
36
- $this-> wpns_dismiss_recaptcha_notice(); break;
37
-
38
- case "dismissfirewall":
39
- $this->wpns_dismiss_firewall_notice(); break;
40
-
41
- case "plugin_warning_never_show_again":
42
- $this->wpns_plugin_warning_never_show_again();
43
- break;
44
-
45
- case "mo2f_banner_never_show_again":
46
- $this->wpns_mo2f_banner_never_show_again();
47
- break;
48
-
49
- case "dismissSms":
50
- $this->wpns_sms_notice(); break;
51
-
52
- case "dismissEmail":
53
- $this->wpns_email_notice(); break;
54
-
55
- case "dismissSms_always":
56
- $this->wpns_sms_notice_always(); break;
57
-
58
- case "dismissEmail_always":
59
- $this->wpns_email_notice_always(); break;
60
-
61
- case "dismisscodeswarning":
62
- $this->mo2f_backup_codes_dismiss(); break;
63
-
64
-
65
- }
66
- }
67
- }
68
-
69
- private function lookupIP($ip)
70
- {
71
- $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$ip);
72
-
73
- if( !is_wp_error( $result ) ) {
74
- $result=wp_remote_retrieve_body( $result);
75
- }
76
-
77
- $hostname = gethostbyaddr($result["geoplugin_request"]);
78
- try{
79
- $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
80
- $timeoffset = $timeoffset/3600;
81
-
82
- }catch(Exception $e){
83
- $result["geoplugin_timezone"]="";
84
- $timeoffset="";
85
- }
86
-
87
- $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
88
- if($result['geoplugin_request']==$ip) {
89
-
90
- $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
91
- $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
92
- $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
93
- $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
94
- $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
95
- $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
96
- $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
97
- $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
98
- $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
99
- $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
100
- $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
101
- $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
102
- $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
103
- $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
104
-
105
- $result['ipDetails'] = $ipLookUpTemplate;
106
- }else{
107
- $result["ipDetails"]["status"]="ERROR";
108
- }
109
-
110
- wp_send_json( $result );
111
-
112
- }
113
- private function whitelist_self()
114
- {
115
- global $moWpnsUtility;
116
- $moPluginsUtility = new MoWpnsHandler();
117
- $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
118
- wp_send_json('success');
119
- }
120
-
121
- private function wpns_plugin_notice()
122
- {
123
-
124
- update_site_option('malware_notification_option', 1);
125
- update_site_option('notice_dismiss_time',time());
126
- wp_send_json('success');
127
- }
128
-
129
- function wpns_dismiss_backup_notice(){
130
- update_site_option('backup_notification_option', 1);
131
- update_site_option('notice_dismiss_time',time());
132
- wp_send_json('success');
133
- }
134
-
135
- function wpns_dismiss_bruteforce_notice(){
136
- update_site_option('bruteforce_notification_option', 1);
137
- update_site_option('notice_dismiss_time',time());
138
- wp_send_json('success');
139
- }
140
-
141
- function wpns_dismiss_recaptcha_notice(){
142
- update_site_option('recaptcha_notification_option', 1);
143
- update_site_option('notice_dismiss_time',time());
144
- wp_send_json('success');
145
- }
146
-
147
- function wpns_plugin_warning_never_show_again(){
148
- update_site_option('plugin_warning_never_show_again', 1);
149
- wp_send_json('success');
150
- }
151
-
152
- function wpns_mo2f_banner_never_show_again(){
153
- update_site_option('mo2f_banner_never_show_again', 1);
154
- wp_send_json('success');
155
- }
156
-
157
-
158
- function wpns_dismiss_firewall_notice(){
159
- update_site_option('waf_notification_option', 1);
160
- update_site_option('notice_dismiss_time',time());
161
- wp_send_json('success');
162
- }
163
- private function wpns_sms_notice()
164
- {
165
- update_site_option('mo2f_wpns_sms_dismiss', time());
166
- wp_send_json('success');
167
- }
168
- private function wpns_email_notice()
169
- {
170
- update_site_option('mo2f_wpns_email_dismiss', time());
171
- wp_send_json('success');
172
- }
173
- private function wpns_sms_notice_always()
174
- {
175
- update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
176
- wp_send_json('success');
177
- }
178
- private function wpns_email_notice_always()
179
- {
180
- update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
181
- wp_send_json('success');
182
- }
183
- private function mo2f_backup_codes_dismiss()
184
- {
185
- $user_id = get_current_user_id();
186
- update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
187
- wp_send_json('success');
188
- }
189
-
190
-
191
-
192
- }new AjaxHandler;
1
+ <?php
2
+
3
+ class AjaxHandler
4
+ {
5
+ function __construct()
6
+ {
7
+ add_action( 'admin_init' , array( $this, 'mo_wpns_2fa_actions' ) );
8
+ }
9
+
10
+ function mo_wpns_2fa_actions()
11
+ {
12
+ global $moWpnsUtility,$mo2f_dirName;
13
+
14
+ if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
+ {
16
+ switch($_REQUEST['option'])
17
+ {
18
+ case "iplookup":
19
+ $this->lookupIP($_GET['ip']); break;
20
+
21
+ case "dissmissSMTP":
22
+ $this->handle_smtp(); break;
23
+ case "whitelistself":
24
+ $this->whitelist_self(); break;
25
+
26
+ case "dismissplugin":
27
+ $this->wpns_plugin_notice(); break;
28
+
29
+ case "dismissbackup":
30
+ $this->wpns_dismiss_backup_notice(); break;
31
+
32
+ case "dismissbruteforce":
33
+ $this->wpns_dismiss_bruteforce_notice(); break;
34
+
35
+ case "dismissrecaptcha":
36
+ $this-> wpns_dismiss_recaptcha_notice(); break;
37
+
38
+ case "dismissfirewall":
39
+ $this->wpns_dismiss_firewall_notice(); break;
40
+
41
+ case "plugin_warning_never_show_again":
42
+ $this->wpns_plugin_warning_never_show_again();
43
+ break;
44
+
45
+ case "mo2f_banner_never_show_again":
46
+ $this->wpns_mo2f_banner_never_show_again();
47
+ break;
48
+
49
+ case "dismissSms":
50
+ $this->wpns_sms_notice(); break;
51
+
52
+ case "dismissEmail":
53
+ $this->wpns_email_notice(); break;
54
+
55
+ case "dismissSms_always":
56
+ $this->wpns_sms_notice_always(); break;
57
+
58
+ case "dismissEmail_always":
59
+ $this->wpns_email_notice_always(); break;
60
+
61
+ case "dismisscodeswarning":
62
+ $this->mo2f_backup_codes_dismiss(); break;
63
+
64
+
65
+ }
66
+ }
67
+ }
68
+
69
+ private function lookupIP($ip)
70
+ {
71
+ $result=wp_remote_get("http://www.geoplugin.net/json.gp?ip=".$ip);
72
+
73
+ if( !is_wp_error( $result ) ) {
74
+ $result=wp_remote_retrieve_body( $result);
75
+ }
76
+
77
+ $hostname = gethostbyaddr($result["geoplugin_request"]);
78
+ try{
79
+ $timeoffset = timezone_offset_get(new DateTimeZone($result["geoplugin_timezone"]),new DateTime('now'));
80
+ $timeoffset = $timeoffset/3600;
81
+
82
+ }catch(Exception $e){
83
+ $result["geoplugin_timezone"]="";
84
+ $timeoffset="";
85
+ }
86
+
87
+ $ipLookUpTemplate = MoWpnsConstants::IP_LOOKUP_TEMPLATE;
88
+ if($result['geoplugin_request']==$ip) {
89
+
90
+ $ipLookUpTemplate = str_replace("{{status}}", $result["geoplugin_status"], $ipLookUpTemplate);
91
+ $ipLookUpTemplate = str_replace("{{ip}}", $result["geoplugin_request"], $ipLookUpTemplate);
92
+ $ipLookUpTemplate = str_replace("{{region}}", $result["geoplugin_region"], $ipLookUpTemplate);
93
+ $ipLookUpTemplate = str_replace("{{country}}", $result["geoplugin_countryName"], $ipLookUpTemplate);
94
+ $ipLookUpTemplate = str_replace("{{city}}", $result["geoplugin_city"], $ipLookUpTemplate);
95
+ $ipLookUpTemplate = str_replace("{{continent}}", $result["geoplugin_continentName"], $ipLookUpTemplate);
96
+ $ipLookUpTemplate = str_replace("{{latitude}}", $result["geoplugin_latitude"], $ipLookUpTemplate);
97
+ $ipLookUpTemplate = str_replace("{{longitude}}", $result["geoplugin_longitude"], $ipLookUpTemplate);
98
+ $ipLookUpTemplate = str_replace("{{timezone}}", $result["geoplugin_timezone"], $ipLookUpTemplate);
99
+ $ipLookUpTemplate = str_replace("{{curreny_code}}", $result["geoplugin_currencyCode"], $ipLookUpTemplate);
100
+ $ipLookUpTemplate = str_replace("{{curreny_symbol}}", $result["geoplugin_currencySymbol"], $ipLookUpTemplate);
101
+ $ipLookUpTemplate = str_replace("{{per_dollar_value}}", $result["geoplugin_currencyConverter"], $ipLookUpTemplate);
102
+ $ipLookUpTemplate = str_replace("{{hostname}}", $hostname, $ipLookUpTemplate);
103
+ $ipLookUpTemplate = str_replace("{{offset}}", $timeoffset, $ipLookUpTemplate);
104
+
105
+ $result['ipDetails'] = $ipLookUpTemplate;
106
+ }else{
107
+ $result["ipDetails"]["status"]="ERROR";
108
+ }
109
+
110
+ wp_send_json( $result );
111
+
112
+ }
113
+ private function whitelist_self()
114
+ {
115
+ global $moWpnsUtility;
116
+ $moPluginsUtility = new MoWpnsHandler();
117
+ $moPluginsUtility->whitelist_ip($moWpnsUtility->get_client_ip());
118
+ wp_send_json('success');
119
+ }
120
+
121
+ private function wpns_plugin_notice()
122
+ {
123
+
124
+ update_site_option('malware_notification_option', 1);
125
+ update_site_option('notice_dismiss_time',time());
126
+ wp_send_json('success');
127
+ }
128
+
129
+ function wpns_dismiss_backup_notice(){
130
+ update_site_option('backup_notification_option', 1);
131
+ update_site_option('notice_dismiss_time',time());
132
+ wp_send_json('success');
133
+ }
134
+
135
+ function wpns_dismiss_bruteforce_notice(){
136
+ update_site_option('bruteforce_notification_option', 1);
137
+ update_site_option('notice_dismiss_time',time());
138
+ wp_send_json('success');
139
+ }
140
+
141
+ function wpns_dismiss_recaptcha_notice(){
142
+ update_site_option('recaptcha_notification_option', 1);
143
+ update_site_option('notice_dismiss_time',time());
144
+ wp_send_json('success');
145
+ }
146
+
147
+ function wpns_plugin_warning_never_show_again(){
148
+ update_site_option('plugin_warning_never_show_again', 1);
149
+ wp_send_json('success');
150
+ }
151
+
152
+ function wpns_mo2f_banner_never_show_again(){
153
+ update_site_option('mo2f_banner_never_show_again', 1);
154
+ wp_send_json('success');
155
+ }
156
+
157
+
158
+ function wpns_dismiss_firewall_notice(){
159
+ update_site_option('waf_notification_option', 1);
160
+ update_site_option('notice_dismiss_time',time());
161
+ wp_send_json('success');
162
+ }
163
+ private function wpns_sms_notice()
164
+ {
165
+ update_site_option('mo2f_wpns_sms_dismiss', time());
166
+ wp_send_json('success');
167
+ }
168
+ private function wpns_email_notice()
169
+ {
170
+ update_site_option('mo2f_wpns_email_dismiss', time());
171
+ wp_send_json('success');
172
+ }
173
+ private function wpns_sms_notice_always()
174
+ {
175
+ update_site_option('mo2f_wpns_donot_show_low_sms_notice', 1);
176
+ wp_send_json('success');
177
+ }
178
+ private function wpns_email_notice_always()
179
+ {
180
+ update_site_option('mo2f_wpns_donot_show_low_email_notice', 1);
181
+ wp_send_json('success');
182
+ }
183
+ private function mo2f_backup_codes_dismiss()
184
+ {
185
+ $user_id = get_current_user_id();
186
+ update_user_meta($user_id, 'donot_show_backup_code_notice' , 1);
187
+ wp_send_json('success');
188
+ }
189
+
190
+
191
+
192
+ }new AjaxHandler;
handler/feedback_form.php CHANGED
@@ -1,212 +1,212 @@
1
- <?php
2
- class FeedbackHandler
3
- {
4
- function __construct()
5
- {
6
- add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
- }
8
-
9
- function mo_wpns_feedback_actions()
10
- {
11
-
12
- global $moWpnsUtility, $mo2f_dirName;
13
-
14
- if (current_user_can('manage_options') && isset($_POST['option'])) {
15
- switch (sanitize_text_field(wp_unslash($_REQUEST['option']))) {
16
- case "mo_wpns_skip_feedback":
17
- case "mo_wpns_rating":
18
- case "mo_wpns_feedback":
19
- $this->wpns_handle_feedback($_POST); break;
20
- case "mo_wpns_backup_download":
21
- $this->mo2f_backup_download($_POST);
22
- break;
23
- case "log_file_download":
24
- $this->mo2f_download_log_file();
25
- break;
26
-
27
-
28
- }
29
- }
30
- }
31
-
32
-
33
- function wpns_handle_feedback($postdata)
34
- {
35
-
36
- if(MO2F_TEST_MODE){
37
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
- return;
39
- }
40
-
41
- $user = wp_get_current_user();
42
- $feedback_option = sanitize_text_field($_POST['option']);
43
- if ($feedback_option != "mo_wpns_rating")
44
- {
45
- $message = 'Plugin Deactivated';
46
- }
47
-
48
-
49
- $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
- $activation_date = get_site_option('mo2f_activated_time');
51
- $current_date = time();
52
- $diff = $activation_date - $current_date;
53
- if($activation_date == false){
54
- $days = 'NA';
55
- }
56
- else{
57
- $days = abs(round($diff / 86400));
58
- }
59
- update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
-
61
- if ($feedback_option != "mo_wpns_rating")
62
- {
63
- $reply_required = '';
64
- if (isset($_POST['get_reply']))
65
- $reply_required = htmlspecialchars($_POST['get_reply']);
66
-
67
- if (empty($reply_required)) {
68
- $reply_required = "don't reply";
69
- $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
- } else {
71
- $reply_required = "yes";
72
- $message .= '[Reply:' . $reply_required . ',';
73
- }
74
- }
75
- else
76
- {
77
- $message ='[' ;
78
- }
79
- $message .= 'D:' . $days . ',';
80
- if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
- $message .= '2FA+NS]';
82
- }
83
- else{
84
- $message .= '2FA]';
85
- }
86
-
87
- $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
-
89
- if (isset($_POST['rate']))
90
- $rate_value = htmlspecialchars($_POST['rate']);
91
- else
92
- $rate_value = "--";
93
- $message .= ', [Rating :' . $rate_value . ']';
94
- if (empty($reply_required))
95
- $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
- else
97
- $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
- $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
- if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
- $email = get_option('mo2f_email');
101
- if (empty($email))
102
- $email = $user->user_email;
103
- }
104
- $phone = get_option('mo_wpns_admin_phone');
105
- $feedback_reasons = new MocURL();
106
- global $moWpnsUtility;
107
- if (!is_null($feedback_reasons)) {
108
- if (!$moWpnsUtility->is_curl_installed()) {
109
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
- wp_safe_redirect('plugins.php');
111
- exit();
112
- } else {
113
- $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
114
-
115
- if (json_last_error() == JSON_ERROR_NONE) {
116
- if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
117
- do_action('wpns_show_message',$submited['message'],'ERROR');
118
-
119
- } else {
120
- if ($submited == false) {
121
- do_action('wpns_show_message','Error while submitting the query.','ERROR');
122
- }
123
- }
124
- }
125
-
126
- if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
127
- {
128
- deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
129
- }
130
- do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
131
-
132
- }
133
- }
134
- }
135
-
136
- function mo2f_download_log_file(){
137
- ob_start();
138
- $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
139
-
140
- if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
141
- $error = new WP_Error();
142
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
143
-
144
- }else{
145
-
146
-
147
- $debug_log_path = wp_upload_dir();
148
- $debug_log_path = $debug_log_path['basedir'];
149
- $file_name = 'miniorange_debug_log.txt';
150
- $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
151
- if($status){
152
- header("Pragma: public");
153
- header("Expires: 0");
154
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
155
- header("Content-Type: application/octet-stream");
156
- header("Content-Disposition: attachment; filename=".$file_name);
157
- header("Content-Transfer-Encoding: binary");
158
- header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
159
- while (ob_get_level()) {
160
- ob_end_clean();
161
- @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
162
- exit;
163
- }
164
- }else{
165
- do_action('wpns_show_message','File does not exist.','ERROR');
166
- }
167
- }
168
- }
169
-
170
- function mo2f_backup_download($postdata){
171
- global $wpnsDbQueries;
172
-
173
- $nonce = $postdata['download_nonce'];
174
- if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
175
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
176
- return;
177
- }
178
-
179
- ob_start();
180
- if(current_user_can('administrator')){
181
- $file_name=$postdata['file_name'];
182
- $file_path=$postdata['file_path'];
183
- $file = explode('/', $file_name);
184
- $file_name = $file[0];
185
- $id = $file[1];
186
- $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
187
- if($status){
188
- header("Pragma: public");
189
- header("Expires: 0");
190
- header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
191
- header("Content-Type: application/octet-stream");
192
- header("Content-Disposition: attachment; filename=".$file_name);
193
- header("Content-Transfer-Encoding: binary");
194
- header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
195
- while (ob_get_level()) {
196
- ob_end_clean();
197
- @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
198
- exit;
199
- }
200
- }else{
201
- $wpnsDbQueries->delete_file($id);
202
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
203
- return;
204
- }
205
- }else{
206
- do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
207
- return;
208
- }
209
-
210
- }
211
-
212
- }new FeedbackHandler();
1
+ <?php
2
+ class FeedbackHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action('admin_init', array($this, 'mo_wpns_feedback_actions'));
7
+ }
8
+
9
+ function mo_wpns_feedback_actions()
10
+ {
11
+
12
+ global $moWpnsUtility, $mo2f_dirName;
13
+
14
+ if (current_user_can('manage_options') && isset($_POST['option'])) {
15
+ switch (sanitize_text_field(wp_unslash($_REQUEST['option']))) {
16
+ case "mo_wpns_skip_feedback":
17
+ case "mo_wpns_rating":
18
+ case "mo_wpns_feedback":
19
+ $this->wpns_handle_feedback($_POST); break;
20
+ case "mo_wpns_backup_download":
21
+ $this->mo2f_backup_download($_POST);
22
+ break;
23
+ case "log_file_download":
24
+ $this->mo2f_download_log_file();
25
+ break;
26
+
27
+
28
+ }
29
+ }
30
+ }
31
+
32
+
33
+ function wpns_handle_feedback($postdata)
34
+ {
35
+
36
+ if(MO2F_TEST_MODE){
37
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
38
+ return;
39
+ }
40
+
41
+ $user = wp_get_current_user();
42
+ $feedback_option = sanitize_text_field($_POST['option']);
43
+ if ($feedback_option != "mo_wpns_rating")
44
+ {
45
+ $message = 'Plugin Deactivated';
46
+ }
47
+
48
+
49
+ $deactivate_reason_message = array_key_exists('wpns_query_feedback', $_POST) ? htmlspecialchars($_POST['wpns_query_feedback']) : false;
50
+ $activation_date = get_site_option('mo2f_activated_time');
51
+ $current_date = time();
52
+ $diff = $activation_date - $current_date;
53
+ if($activation_date == false){
54
+ $days = 'NA';
55
+ }
56
+ else{
57
+ $days = abs(round($diff / 86400));
58
+ }
59
+ update_site_option( 'No_of_days_active_work', $days , 'yes' );
60
+
61
+ if ($feedback_option != "mo_wpns_rating")
62
+ {
63
+ $reply_required = '';
64
+ if (isset($_POST['get_reply']))
65
+ $reply_required = htmlspecialchars($_POST['get_reply']);
66
+
67
+ if (empty($reply_required)) {
68
+ $reply_required = "don't reply";
69
+ $message .= ' &nbsp; [Reply:<b style="color:red";>' . $reply_required . '</b>,';
70
+ } else {
71
+ $reply_required = "yes";
72
+ $message .= '[Reply:' . $reply_required . ',';
73
+ }
74
+ }
75
+ else
76
+ {
77
+ $message ='[' ;
78
+ }
79
+ $message .= 'D:' . $days . ',';
80
+ if(MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option')){
81
+ $message .= '2FA+NS]';
82
+ }
83
+ else{
84
+ $message .= '2FA]';
85
+ }
86
+
87
+ $message .= ', Feedback : ' . $deactivate_reason_message . '';
88
+
89
+ if (isset($_POST['rate']))
90
+ $rate_value = htmlspecialchars($_POST['rate']);
91
+ else
92
+ $rate_value = "--";
93
+ $message .= ', [Rating :' . $rate_value . ']';
94
+ if (empty($reply_required))
95
+ $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
+ else
97
+ $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
+ $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
+ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
+ $email = get_option('mo2f_email');
101
+ if (empty($email))
102
+ $email = $user->user_email;
103
+ }
104
+ $phone = get_option('mo_wpns_admin_phone');
105
+ $feedback_reasons = new MocURL();
106
+ global $moWpnsUtility;
107
+ if (!is_null($feedback_reasons)) {
108
+ if (!$moWpnsUtility->is_curl_installed()) {
109
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
110
+ wp_safe_redirect('plugins.php');
111
+ exit();
112
+ } else {
113
+ $submited = json_decode($feedback_reasons->send_email_alert($email, $phone, $message, $feedback_option), true);
114
+
115
+ if (json_last_error() == JSON_ERROR_NONE) {
116
+ if (is_array($submited) && array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
117
+ do_action('wpns_show_message',$submited['message'],'ERROR');
118
+
119
+ } else {
120
+ if ($submited == false) {
121
+ do_action('wpns_show_message','Error while submitting the query.','ERROR');
122
+ }
123
+ }
124
+ }
125
+
126
+ if($feedback_option =='mo_wpns_feedback' || $feedback_option =='mo_wpns_skip_feedback')
127
+ {
128
+ deactivate_plugins(dirname(dirname(__FILE__ ))."\\miniorange_2_factor_settings.php");
129
+ }
130
+ do_action('wpns_show_message','Thank you for the feedback.','SUCCESS');
131
+
132
+ }
133
+ }
134
+ }
135
+
136
+ function mo2f_download_log_file(){
137
+ ob_start();
138
+ $nonce = sanitize_text_field($_POST['mo2f_nonce_download_log']);
139
+
140
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-nonce-download-log' ) ) {
141
+ $error = new WP_Error();
142
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
143
+
144
+ }else{
145
+
146
+
147
+ $debug_log_path = wp_upload_dir();
148
+ $debug_log_path = $debug_log_path['basedir'];
149
+ $file_name = 'miniorange_debug_log.txt';
150
+ $status = file_exists($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
151
+ if($status){
152
+ header("Pragma: public");
153
+ header("Expires: 0");
154
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
155
+ header("Content-Type: application/octet-stream");
156
+ header("Content-Disposition: attachment; filename=".$file_name);
157
+ header("Content-Transfer-Encoding: binary");
158
+ header("Content-Length: ".filesize($debug_log_path.DIRECTORY_SEPARATOR.$file_name));
159
+ while (ob_get_level()) {
160
+ ob_end_clean();
161
+ @readfile($debug_log_path.DIRECTORY_SEPARATOR.$file_name);
162
+ exit;
163
+ }
164
+ }else{
165
+ do_action('wpns_show_message','File does not exist.','ERROR');
166
+ }
167
+ }
168
+ }
169
+
170
+ function mo2f_backup_download($postdata){
171
+ global $wpnsDbQueries;
172
+
173
+ $nonce = $postdata['download_nonce'];
174
+ if ( ! wp_verify_nonce( $nonce, 'mo-wpns-download-nonce' ) ){
175
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NONCE_ERROR'),'ERROR');
176
+ return;
177
+ }
178
+
179
+ ob_start();
180
+ if(current_user_can('administrator')){
181
+ $file_name=$postdata['file_name'];
182
+ $file_path=$postdata['file_path'];
183
+ $file = explode('/', $file_name);
184
+ $file_name = $file[0];
185
+ $id = $file[1];
186
+ $status = file_exists($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
187
+ if($status){
188
+ header("Pragma: public");
189
+ header("Expires: 0");
190
+ header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
191
+ header("Content-Type: application/octet-stream");
192
+ header("Content-Disposition: attachment; filename=".$file_name);
193
+ header("Content-Transfer-Encoding: binary");
194
+ header("Content-Length: ".filesize($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name));
195
+ while (ob_get_level()) {
196
+ ob_end_clean();
197
+ @readfile($file_path.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.$file_name);
198
+ exit;
199
+ }
200
+ }else{
201
+ $wpnsDbQueries->delete_file($id);
202
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DELETE_FILE'),'ERROR');
203
+ return;
204
+ }
205
+ }else{
206
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('NOT_ADMIN'),'ERROR');
207
+ return;
208
+ }
209
+
210
+ }
211
+
212
+ }new FeedbackHandler();
handler/login.php CHANGED
@@ -1,412 +1,412 @@
1
- <?php
2
- class LoginHandler
3
- {
4
- function __construct()
5
- {
6
- add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
- if(get_site_option('mo2f_restrict_restAPI')){
8
- add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
- }
10
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
- || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
- {
13
-
14
- remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
- add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
- }
17
-
18
- add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
- add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
- //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
- //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
-
23
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
- add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
- }
26
- }
27
-
28
- function mo_block_restAPI(){
29
- global $moWpnsUtility,$mo2f_dirName;
30
- if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
- include_once("mo-block.html");
32
- exit;
33
- }
34
- }
35
-
36
- function mo_wpns_init()
37
- {
38
- add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
- add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
- add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
- add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
- global $moWpnsUtility,$mo2f_dirName;
43
- $WAFEnabled = get_option('WAFEnabled');
44
- $WAFLevel = get_option('WAF');
45
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
- if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
- add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
- $mo2f_scanner_parts = new mo2f_scanner_parts();
49
- $mo2f_scanner_parts->file_cron_scan();
50
-
51
- if($WAFEnabled == 1)
52
- {
53
- if($WAFLevel == 'PluginLevel')
54
- {
55
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
- }
58
- }
59
-
60
-
61
- $userIp = $moWpnsUtility->get_client_ip();
62
- $userIp = sanitize_text_field( $userIp );
63
- $mo_wpns_config = new MoWpnsHandler();
64
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
65
- $isIpBlocked = false;
66
- if(!$isWhitelisted){
67
- $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
68
- }
69
- if($isIpBlocked){
70
- include_once("mo-block.html");
71
- exit;
72
- }
73
-
74
- $requested_uri = $_SERVER["REQUEST_URI"];
75
- $option = false;
76
- if (is_user_logged_in()) { //chr?
77
- if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
- wp_safe_redirect(site_url());
79
- exit;
80
- }
81
- } else {
82
- $option = get_option('mo_wpns_enable_rename_login_url');
83
- }
84
- if ($option) {
85
- if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
- wp_safe_redirect($requested_uri);
88
- exit;
89
- } elseif (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
- wp_safe_redirect($requested_uri);
92
- exit;
93
- }
94
-
95
- if (strpos($requested_uri, '/wp-login.php') !== false) {
96
- wp_safe_redirect(site_url());
97
- exit;
98
- }
99
- elseif (strpos($requested_uri, get_option('login_page_url')) !== false ) {
100
- @require_once ABSPATH . 'wp-login.php';
101
- die;
102
- }
103
- }
104
-
105
- if(isset($_POST['option']))
106
- {
107
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
108
- {
109
- case "mo_wpns_change_password":
110
- $this->handle_change_password(sanitize_user($_POST['username'])
111
- ,sanitize_text_field($_POST['new_password']), sanitize_text_field($_POST['confirm_password']));
112
- break;
113
- }
114
- }
115
-
116
- }
117
- function twofa_on_user_profile( $user ) {
118
- global $mo2f_dirName;
119
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
120
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
121
- }
122
- }
123
- function user_two_factor_options_update( $user ) {
124
- global $mo2f_dirName;
125
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
126
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
127
- }
128
- }
129
-
130
- function mo2f_IP_email_send()
131
- {
132
- global $moWpnsUtility, $Mo2fdbQueries;
133
- $userIp = $moWpnsUtility->get_client_ip();
134
- $userIp = sanitize_text_field( $userIp );
135
- $user = wp_get_current_user();
136
- $user_id = $user->ID;
137
- $meta_key = 'mo2f_user_IP';
138
- add_user_meta($user->ID, $meta_key,$userIp);
139
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID);
140
- if (empty($email)) {
141
- $email = $user->user_email;
142
- }
143
- if(get_user_meta($user->ID,$meta_key))
144
- {
145
- $check_Ip = get_user_meta($user->ID,$meta_key)[0];
146
-
147
- if ($check_Ip != $userIp)
148
- {
149
- $subject ="Alert: New IP Detected";
150
- $message = mo_IP_template();
151
- $headers=array('Content-Type: text/html; charset=UTF-8');
152
- if(is_email($email))
153
- {
154
- wp_mail( $email,$subject,$message,$headers);
155
- }
156
- }
157
- }
158
- }
159
-
160
- function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
161
-
162
- if (empty($_POST['g-recaptcha-response'])) {
163
- $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
164
- }
165
- }
166
-
167
- //Function to Handle Change Password Form
168
- function handle_change_password($username,$newpassword,$confirmpassword)
169
- {
170
- global $mo2f_dirName;
171
- $user = get_user_by("login",$username);
172
- $error = wp_authenticate_username_password($user,$username,$newpassword);
173
-
174
- if(is_wp_error($error))
175
- {
176
- $this->mo_wpns_login_failed($username);
177
- return $error;
178
- }
179
-
180
- if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
181
- {
182
- wp_set_auth_cookie($user->ID,false,false);
183
- $this->mo_wpns_login_success($username);
184
- wp_redirect(get_site_option('siteurl'),301);
185
- }
186
- }
187
-
188
-
189
- //Function to Update User password
190
- function update_strong_password($username,$newpassword,$confirmpassword)
191
- {
192
- global $mo2f_dirName;
193
-
194
- if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
195
- && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
196
- {
197
- $user = get_user_by("login",$username);
198
- wp_set_password($newpassword,$user->ID);
199
- return "success";
200
- }
201
- else
202
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
203
- }
204
-
205
-
206
- //Our custom logic for user authentication
207
- function custom_authenticate($user, $username, $password)
208
- {
209
- global $moWpnsUtility;
210
- $error = new WP_Error();
211
-
212
- if(empty($username) && empty ($password))
213
- return $error;
214
-
215
- if(empty($username)) {
216
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
217
- }
218
- if(empty($password)) {
219
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
220
- }
221
-
222
- $user = wp_authenticate_username_password( $user, $username, $password );
223
-
224
- if ( is_wp_error( $user ) ) {
225
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
226
- return $user;
227
- }
228
- if(empty($error->errors))
229
- {
230
- $user = get_user_by("login",$username);
231
-
232
- if($user)
233
- {
234
- $moCURL=new MocURL;
235
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
236
- {
237
- $captcha_version=get_option('mo_wpns_recaptcha_version');
238
- if($captcha_version=='reCAPTCHA_v3')
239
- $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
240
- else if($captcha_version=='reCAPTCHA_v2')
241
- $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
242
-
243
- }
244
- }
245
-
246
- if(!empty($recaptchaError->errors))
247
- $error = $recaptchaError;
248
- if(empty($error->errors)){
249
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
250
- {
251
- $this->mo_wpns_login_success($username);
252
- }
253
- return $user;
254
- }
255
- }
256
- else
257
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
258
- return $error;
259
-
260
- }
261
-
262
-
263
-
264
-
265
- //Function to check user password
266
- function check_password($user,$error,$password)
267
- {
268
- global $moWpnsUtility, $mo2f_dirName;
269
- if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
270
- {
271
- if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
272
- {
273
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
274
- $this->mo_wpns_login_success($user->data->user_login);
275
- return $user;
276
- }
277
- else
278
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
279
- }
280
- else
281
- $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
282
-
283
- return $error;
284
- }
285
-
286
-
287
- //Function to handle successful user login
288
- function mo_wpns_login_success($username)
289
- {
290
- global $moWpnsUtility;
291
- if(get_site_option('mo2f_mail_notify') == 'on')
292
- {
293
- $this->mo2f_IP_email_send();
294
- }
295
-
296
- $mo_wpns_config = new MoWpnsHandler();
297
- $userIp = $moWpnsUtility->get_client_ip();
298
- $userIp = sanitize_text_field( $userIp );
299
- $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
300
-
301
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
302
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
303
-
304
-
305
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
306
-
307
- if(isset($_POST['log']) && isset($_POST['pwd'])){
308
- $username = sanitize_text_field($_POST['log']);
309
- $pass = $_POST['pwd'];
310
- $user = get_user_by('login',$username);
311
-
312
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
313
- if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
314
- if(!get_user_meta($user->ID,'password_strong?')){
315
- update_user_meta($user->ID,'password_strong?', true);
316
- $count = get_site_option('users_with_weak_pass');
317
- $count = $count + 1;
318
- update_site_option('users_with_weak_pass', $count);
319
- }
320
- }
321
- else{
322
- if(get_user_meta($user->ID,'password_strong?')){
323
- $count = get_site_option('users_with_weak_pass');
324
- $count = $count - 1;
325
- update_site_option('users_with_weak_pass', $count);
326
- }
327
- delete_user_meta($user->ID,'password_strong?');
328
- }
329
-
330
-
331
- }
332
-
333
- }
334
- }
335
-
336
-
337
- //Function to handle failed user login attempt
338
- function mo_wpns_login_failed($username)
339
- {
340
- global $moWpnsUtility;
341
- $userIp = $moWpnsUtility->get_client_ip();
342
- $userIp = sanitize_text_field( $userIp );
343
- if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
344
- return;
345
-
346
- $mo_wpns_config = new MoWpnsHandler();
347
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
348
-
349
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
350
-
351
- if(!$isWhitelisted)
352
- {
353
-
354
-
355
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
356
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
357
-
358
- $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
359
- $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
360
-
361
- if($allowedLoginAttepts - $failedAttempts<=0)
362
- $this->handle_login_attempt_exceeded($userIp);
363
- else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
364
- $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
365
- }
366
-
367
- }
368
-
369
-
370
-
371
-
372
-
373
- //Function to show number of attempts remaining
374
- function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
375
- {
376
- global $error;
377
- $diff = $allowedLoginAttepts - $failedAttempts;
378
- $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
379
- }
380
-
381
-
382
- //Function to handle login limit exceeded
383
- function handle_login_attempt_exceeded($userIp)
384
- {
385
- global $moWpnsUtility, $mo2f_dirName;
386
- $mo_wpns_config = new MoWpnsHandler();
387
- $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
388
- include_once("mo-block.html");
389
- exit;
390
-
391
- }
392
-
393
- function setup_registration_closed($user){
394
- global $Mo2fdbQueries;
395
- if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
396
- $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
397
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
398
- $error = new WP_Error();
399
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
400
- return $error;
401
- } else {
402
- if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
403
- //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
404
- delete_user_meta( $user->ID, 'register_account_popup' );
405
-
406
- }
407
- }
408
- }
409
- }
410
-
411
- }
412
- new LoginHandler;
1
+ <?php
2
+ class LoginHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
+ if(get_site_option('mo2f_restrict_restAPI')){
8
+ add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
+ }
10
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
+ || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
+ {
13
+
14
+ remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
+ add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
+ }
17
+
18
+ add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
+ add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
+ //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
+ //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
+
23
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
+ add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
+ }
26
+ }
27
+
28
+ function mo_block_restAPI(){
29
+ global $moWpnsUtility,$mo2f_dirName;
30
+ if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
+ include_once("mo-block.html");
32
+ exit;
33
+ }
34
+ }
35
+
36
+ function mo_wpns_init()
37
+ {
38
+ add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
+ add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
+ add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
+ add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
+ global $moWpnsUtility,$mo2f_dirName;
43
+ $WAFEnabled = get_option('WAFEnabled');
44
+ $WAFLevel = get_option('WAF');
45
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
+ if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
+ add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
+ $mo2f_scanner_parts = new mo2f_scanner_parts();
49
+ $mo2f_scanner_parts->file_cron_scan();
50
+
51
+ if($WAFEnabled == 1)
52
+ {
53
+ if($WAFLevel == 'PluginLevel')
54
+ {
55
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
+ }
58
+ }
59
+
60
+
61
+ $userIp = $moWpnsUtility->get_client_ip();
62
+ $userIp = sanitize_text_field( $userIp );
63
+ $mo_wpns_config = new MoWpnsHandler();
64
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
65
+ $isIpBlocked = false;
66
+ if(!$isWhitelisted){
67
+ $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
68
+ }
69
+ if($isIpBlocked){
70
+ include_once("mo-block.html");
71
+ exit;
72
+ }
73
+
74
+ $requested_uri = sanitize_text_field($_SERVER["REQUEST_URI"]);
75
+ $option = false;
76
+ if (is_user_logged_in()) { //chr?
77
+ if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
+ wp_safe_redirect(site_url());
79
+ exit;
80
+ }
81
+ } else {
82
+ $option = get_option('mo_wpns_enable_rename_login_url');
83
+ }
84
+ if ($option) {
85
+ if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
+ wp_safe_redirect($requested_uri);
88
+ exit;
89
+ } elseif (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
+ wp_safe_redirect($requested_uri);
92
+ exit;
93
+ }
94
+
95
+ if (strpos($requested_uri, '/wp-login.php') !== false) {
96
+ wp_safe_redirect(site_url());
97
+ exit;
98
+ }
99
+ elseif (strpos($requested_uri, get_option('login_page_url')) !== false ) {
100
+ @require_once ABSPATH . 'wp-login.php';
101
+ die;
102
+ }
103
+ }
104
+
105
+ if(isset($_POST['option']))
106
+ {
107
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
108
+ {
109
+ case "mo_wpns_change_password":
110
+ $this->handle_change_password(sanitize_user($_POST['username'])
111
+ ,sanitize_text_field($_POST['new_password']), sanitize_text_field($_POST['confirm_password']));
112
+ break;
113
+ }
114
+ }
115
+
116
+ }
117
+ function twofa_on_user_profile( $user ) {
118
+ global $mo2f_dirName;
119
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
120
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
121
+ }
122
+ }
123
+ function user_two_factor_options_update( $user ) {
124
+ global $mo2f_dirName;
125
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
126
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
127
+ }
128
+ }
129
+
130
+ function mo2f_IP_email_send()
131
+ {
132
+ global $moWpnsUtility, $Mo2fdbQueries;
133
+ $userIp = $moWpnsUtility->get_client_ip();
134
+ $userIp = sanitize_text_field( $userIp );
135
+ $user = wp_get_current_user();
136
+ $user_id = $user->ID;
137
+ $meta_key = 'mo2f_user_IP';
138
+ add_user_meta($user->ID, $meta_key,$userIp);
139
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID);
140
+ if (empty($email)) {
141
+ $email = $user->user_email;
142
+ }
143
+ if(get_user_meta($user->ID,$meta_key))
144
+ {
145
+ $check_Ip = get_user_meta($user->ID,$meta_key)[0];
146
+
147
+ if ($check_Ip != $userIp)
148
+ {
149
+ $subject ="Alert: New IP Detected";
150
+ $message = mo_IP_template();
151
+ $headers=array('Content-Type: text/html; charset=UTF-8');
152
+ if(is_email($email))
153
+ {
154
+ wp_mail( $email,$subject,$message,$headers);
155
+ }
156
+ }
157
+ }
158
+ }
159
+
160
+ function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
161
+
162
+ if (empty($_POST['g-recaptcha-response'])) {
163
+ $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
164
+ }
165
+ }
166
+
167
+ //Function to Handle Change Password Form
168
+ function handle_change_password($username,$newpassword,$confirmpassword)
169
+ {
170
+ global $mo2f_dirName;
171
+ $user = get_user_by("login",$username);
172
+ $error = wp_authenticate_username_password($user,$username,$newpassword);
173
+
174
+ if(is_wp_error($error))
175
+ {
176
+ $this->mo_wpns_login_failed($username);
177
+ return $error;
178
+ }
179
+
180
+ if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
181
+ {
182
+ wp_set_auth_cookie($user->ID,false,false);
183
+ $this->mo_wpns_login_success($username);
184
+ wp_redirect(get_site_option('siteurl'),301);
185
+ }
186
+ }
187
+
188
+
189
+ //Function to Update User password
190
+ function update_strong_password($username,$newpassword,$confirmpassword)
191
+ {
192
+ global $mo2f_dirName;
193
+
194
+ if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
195
+ && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
196
+ {
197
+ $user = get_user_by("login",$username);
198
+ wp_set_password($newpassword,$user->ID);
199
+ return "success";
200
+ }
201
+ else
202
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
203
+ }
204
+
205
+
206
+ //Our custom logic for user authentication
207
+ function custom_authenticate($user, $username, $password)
208
+ {
209
+ global $moWpnsUtility;
210
+ $error = new WP_Error();
211
+
212
+ if(empty($username) && empty ($password))
213
+ return $error;
214
+
215
+ if(empty($username)) {
216
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
217
+ }
218
+ if(empty($password)) {
219
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
220
+ }
221
+
222
+ $user = wp_authenticate_username_password( $user, $username, $password );
223
+
224
+ if ( is_wp_error( $user ) ) {
225
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
226
+ return $user;
227
+ }
228
+ if(empty($error->errors))
229
+ {
230
+ $user = get_user_by("login",$username);
231
+
232
+ if($user)
233
+ {
234
+ $moCURL=new MocURL;
235
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
236
+ {
237
+ $captcha_version=get_option('mo_wpns_recaptcha_version');
238
+ if($captcha_version=='reCAPTCHA_v3')
239
+ $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
240
+ else if($captcha_version=='reCAPTCHA_v2')
241
+ $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
242
+
243
+ }
244
+ }
245
+
246
+ if(!empty($recaptchaError->errors))
247
+ $error = $recaptchaError;
248
+ if(empty($error->errors)){
249
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
250
+ {
251
+ $this->mo_wpns_login_success($username);
252
+ }
253
+ return $user;
254
+ }
255
+ }
256
+ else
257
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
258
+ return $error;
259
+
260
+ }
261
+
262
+
263
+
264
+
265
+ //Function to check user password
266
+ function check_password($user,$error,$password)
267
+ {
268
+ global $moWpnsUtility, $mo2f_dirName;
269
+ if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
270
+ {
271
+ if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
272
+ {
273
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
274
+ $this->mo_wpns_login_success($user->data->user_login);
275
+ return $user;
276
+ }
277
+ else
278
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
279
+ }
280
+ else
281
+ $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
282
+
283
+ return $error;
284
+ }
285
+
286
+
287
+ //Function to handle successful user login
288
+ function mo_wpns_login_success($username)
289
+ {
290
+ global $moWpnsUtility;
291
+ if(get_site_option('mo2f_mail_notify') == 'on')
292
+ {
293
+ $this->mo2f_IP_email_send();
294
+ }
295
+
296
+ $mo_wpns_config = new MoWpnsHandler();
297
+ $userIp = $moWpnsUtility->get_client_ip();
298
+ $userIp = sanitize_text_field( $userIp );
299
+ $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
300
+
301
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
302
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
303
+
304
+
305
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
306
+
307
+ if(isset($_POST['log']) && isset($_POST['pwd'])){
308
+ $username = sanitize_text_field($_POST['log']);
309
+ $pass = $_POST['pwd'];
310
+ $user = get_user_by('login',$username);
311
+
312
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
313
+ if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
314
+ if(!get_user_meta($user->ID,'password_strong?')){
315
+ update_user_meta($user->ID,'password_strong?', true);
316
+ $count = get_site_option('users_with_weak_pass');
317
+ $count = $count + 1;
318
+ update_site_option('users_with_weak_pass', $count);
319
+ }
320
+ }
321
+ else{
322
+ if(get_user_meta($user->ID,'password_strong?')){
323
+ $count = get_site_option('users_with_weak_pass');
324
+ $count = $count - 1;
325
+ update_site_option('users_with_weak_pass', $count);
326
+ }
327
+ delete_user_meta($user->ID,'password_strong?');
328
+ }
329
+
330
+
331
+ }
332
+
333
+ }
334
+ }
335
+
336
+
337
+ //Function to handle failed user login attempt
338
+ function mo_wpns_login_failed($username)
339
+ {
340
+ global $moWpnsUtility;
341
+ $userIp = $moWpnsUtility->get_client_ip();
342
+ $userIp = sanitize_text_field( $userIp );
343
+ if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
344
+ return;
345
+
346
+ $mo_wpns_config = new MoWpnsHandler();
347
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
348
+
349
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
350
+
351
+ if(!$isWhitelisted)
352
+ {
353
+
354
+
355
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
356
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
357
+
358
+ $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
359
+ $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
360
+
361
+ if($allowedLoginAttepts - $failedAttempts<=0)
362
+ $this->handle_login_attempt_exceeded($userIp);
363
+ else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
364
+ $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
365
+ }
366
+
367
+ }
368
+
369
+
370
+
371
+
372
+
373
+ //Function to show number of attempts remaining
374
+ function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
375
+ {
376
+ global $error;
377
+ $diff = $allowedLoginAttepts - $failedAttempts;
378
+ $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
379
+ }
380
+
381
+
382
+ //Function to handle login limit exceeded
383
+ function handle_login_attempt_exceeded($userIp)
384
+ {
385
+ global $moWpnsUtility, $mo2f_dirName;
386
+ $mo_wpns_config = new MoWpnsHandler();
387
+ $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
388
+ include_once("mo-block.html");
389
+ exit;
390
+
391
+ }
392
+
393
+ function setup_registration_closed($user){
394
+ global $Mo2fdbQueries;
395
+ if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
396
+ $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
397
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
398
+ $error = new WP_Error();
399
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
400
+ return $error;
401
+ } else {
402
+ if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
403
+ //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
404
+ delete_user_meta( $user->ID, 'register_account_popup' );
405
+
406
+ }
407
+ }
408
+ }
409
+ }
410
+
411
+ }
412
+ new LoginHandler;
handler/malware_scanner.php CHANGED
@@ -1,672 +1,672 @@
1
- <?php
2
-
3
- class Mo_wpns_Scan_Handler{
4
- private $total_files_to_scan;
5
- public $scanned_files = array();
6
- function __construct(){
7
-
8
- }
9
- function mo2f_scan_all_files($scan_config){
10
- update_option('mo_wpns_scan_initialize', 0);
11
- update_option('mo_wpns_malware_scan_in_progress','IN PROGRESS');
12
- update_option('mo_wpns_files_scanned',0);
13
- update_option(