Google Authenticator – WordPress Two Factor Authentication (2FA) - Version 5.5.79

Version Description

  • Google Authenticator - Two factor Authentication (2FA, OTP) :
  • Code Improvements
Download this release

Release Info

Developer jayeshprajapat
Plugin Icon 128x128 Google Authenticator – WordPress Two Factor Authentication (2FA)
Version 5.5.79
Comparing to
See all releases

Code changes from version 5.5.78 to 5.5.79

Files changed (43) hide show
  1. api/class-customer-common-setup.php +4 -4
  2. changelog.txt +0 -24
  3. controllers/advanced-blocking.php +8 -8
  4. controllers/backup/backup_ajax.php +3 -3
  5. controllers/content-protection.php +1 -1
  6. controllers/feedback_footer.php +1 -4
  7. controllers/ip-blocking.php +5 -5
  8. controllers/licensing.php +1 -1
  9. controllers/login-security.php +6 -6
  10. controllers/login-spam.php +1 -1
  11. controllers/main_controller.php +2 -2
  12. controllers/malware_scanner/malware_scan_ajax.php +11 -11
  13. controllers/malware_scanner/malware_scan_result.php +4 -4
  14. controllers/navbar.php +95 -95
  15. controllers/notification-settings.php +2 -2
  16. controllers/pointers.php +1 -1
  17. controllers/registration-security.php +125 -125
  18. controllers/request_christmas_offer.php +4 -5
  19. controllers/request_demo.php +4 -7
  20. controllers/support.php +2 -4
  21. controllers/tour/tour_ajax.php +1 -1
  22. controllers/trial.php +4 -4
  23. controllers/twofa/mo2fa_common_login.php +7 -7
  24. controllers/twofa/mo2fa_inline_registration.php +1551 -1551
  25. controllers/twofa/setup_twofa.php +1 -1
  26. controllers/twofa/two_fa_unlimittedUser_ajax.php +1 -1
  27. controllers/twofa/two_factor_ajax.php +10 -10
  28. controllers/wpns-loginsecurity-ajax.php +29 -21
  29. handler/WAF/mo-waf-plugin.php +4 -4
  30. handler/WAF/mo-waf-real-time.php +1 -1
  31. handler/WAF/mo-waf.php +1 -1
  32. handler/WAF/waf-include.php +8 -25
  33. handler/ajax.php +2 -2
  34. handler/feedback_form.php +1 -1
  35. handler/login.php +412 -412
  36. handler/malware_scanner/malware_scanner_cron.php +4 -4
  37. handler/malware_scanner/scanner_set_cron.php +5 -5
  38. handler/mo-waf-plugin.php +6 -6
  39. handler/mo-waf.php +6 -6
  40. handler/recaptcha.php +161 -161
  41. handler/twofa/class-twofacustomregformshortcode.php +2 -2
  42. handler/twofa/two_fa_pass2login.php +3629 -3629
  43. handler/twofa/two_fa_settings.php +2130 -5071
api/class-customer-common-setup.php CHANGED
@@ -65,7 +65,7 @@ class Customer_Cloud_Setup {
65
 
66
  $mo2fApi= new Mo2f_Api();
67
  $MoWpnsUtility = new MoWpnsUtility();
68
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
69
  $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
  $fields = array (
71
  'emailAddress' => $email,
@@ -118,7 +118,7 @@ class Customer_Cloud_Setup {
118
 
119
  $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
 
121
- $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . sanitize_url($_SERVER['SERVER_NAME']) . '" target="_blank" >' . sanitize_text_field($_SERVER['SERVER_NAME']) . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
 
123
  $fields = array(
124
  'customerKey' => $customerKey,
@@ -158,7 +158,7 @@ class Customer_Cloud_Setup {
158
  $this->email = get_option( 'mo2f_email' );
159
  $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
  $password = get_option( 'mo2f_password' );
161
- $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : $_SERVER['SERVER_NAME'];
162
 
163
  $fields = array(
164
  'companyName' => $company,
@@ -451,7 +451,7 @@ class Customer_Cloud_Setup {
451
  $fields = array(
452
  'firstName' => $user->user_firstname,
453
  'lastName' => $user->user_lastname,
454
- 'company' => $_SERVER['SERVER_NAME'],
455
  'email' => $q_email,
456
  'ccEmail' => '2fasupport@xecurify.com',
457
  'phone' => $q_phone,
65
 
66
  $mo2fApi= new Mo2f_Api();
67
  $MoWpnsUtility = new MoWpnsUtility();
68
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : sanitize_text_field($_SERVER['SERVER_NAME']);
69
  $applicationName='Wordpress Two Factor; Multisite: '.is_multisite().' '.$MoWpnsUtility->checkPlugins();
70
  $fields = array (
71
  'emailAddress' => $email,
118
 
119
  $query = '[WordPress 2 Factor Authentication Plugin: ' . $customer_feature . ' - V '.MO2F_VERSION.']: ' . $message;
120
 
121
+ $content = '<div >First Name :' . $user->user_firstname . '<br><br>Last Name :' . $user->user_lastname . ' <br><br>Company :<a href="' . sanitize_text_field($_SERVER['SERVER_NAME']) . '" target="_blank" >' . sanitize_text_field($_SERVER['SERVER_NAME']) . '</a><br><br>Phone Number :' . $phone . '<br><br>Email :<a href="mailto:' . $fromEmail . '" target="_blank">' . $fromEmail . '</a><br><br>Query :' . $query . '</div>';
122
 
123
  $fields = array(
124
  'customerKey' => $customerKey,
158
  $this->email = get_option( 'mo2f_email' );
159
  $this->phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
160
  $password = get_option( 'mo2f_password' );
161
+ $company = get_option( 'mo2f_admin_company' ) != '' ? get_option( 'mo2f_admin_company' ) : sanitize_text_field($_SERVER['SERVER_NAME']);
162
 
163
  $fields = array(
164
  'companyName' => $company,
451
  $fields = array(
452
  'firstName' => $user->user_firstname,
453
  'lastName' => $user->user_lastname,
454
+ 'company' => sanitize_text_field($_SERVER['SERVER_NAME']),
455
  'email' => $q_email,
456
  'ccEmail' => '2fasupport@xecurify.com',
457
  'phone' => $q_phone,
changelog.txt CHANGED
@@ -5,30 +5,6 @@
5
  This file contains older changelog entries, so we can keep the size of the standard WordPress readme.txt file reasonable.
6
  For the latest changes, please refer to the "Changelog" section in the [readme.txt file](https://plugins.svn.wordpress.org/miniorange-2-factor-authentication/trunk/readme.txt).
7
 
8
- = 5.5.78 =
9
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
10
- * Bug Fixes and Code Improvements
11
-
12
- = 5.5.77 =
13
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
14
- * Bug Fixes and Code Improvements
15
-
16
- = 5.5.76 =
17
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
18
- * Bug Fixes and Code Improvements
19
-
20
- = 5.5.75 =
21
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
22
- * Bug Fixes and Code Improvements
23
-
24
- = 5.5.7 =
25
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
26
- * Bug Fixes and Code Improvements
27
-
28
- = 5.5.6 =
29
- * Google Authenticator - Two factor Authentication (2FA, OTP) :
30
- * Bug Fixes
31
-
32
  = 5.5.5 =
33
  * Google Authenticator - Two factor Authentication (2FA, OTP) :
34
  * Compatibility with WordPress v6.0
5
  This file contains older changelog entries, so we can keep the size of the standard WordPress readme.txt file reasonable.
6
  For the latest changes, please refer to the "Changelog" section in the [readme.txt file](https://plugins.svn.wordpress.org/miniorange-2-factor-authentication/trunk/readme.txt).
7
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
8
  = 5.5.5 =
9
  * Google Authenticator - Two factor Authentication (2FA, OTP) :
10
  * Compatibility with WordPress v6.0
controllers/advanced-blocking.php CHANGED
@@ -93,9 +93,9 @@
93
 
94
  if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
95
  $range = '';
96
- $range = $postedValue['start_'.$i];
97
  $range .= '-';
98
- $range .= $postedValue['end_'.$i];
99
  $added_mappings_ranges++;
100
  update_option( 'mo_wpns_iprange_range_'.$added_mappings_ranges, $range );
101
 
@@ -120,12 +120,12 @@
120
  //Function to handle browser blocking
121
  function wpns_handle_browser_blocking($postedValue)
122
  {
123
- isset($postedValue['mo_wpns_block_chrome']) ? update_option( 'mo_wpns_block_chrome' , $postedValue['mo_wpns_block_chrome'] ) : update_option( 'mo_wpns_block_chrome' , false );
124
- isset($postedValue['mo_wpns_block_firefox']) ? update_option( 'mo_wpns_block_firefox' , $postedValue['mo_wpns_block_firefox'] ) : update_option( 'mo_wpns_block_firefox' , false );
125
- isset($postedValue['mo_wpns_block_ie']) ? update_option( 'mo_wpns_block_ie' , $postedValue['mo_wpns_block_ie'] ) : update_option( 'mo_wpns_block_ie' , false );
126
- isset($postedValue['mo_wpns_block_safari']) ? update_option( 'mo_wpns_block_safari' , $postedValue['mo_wpns_block_safari'] ) : update_option( 'mo_wpns_block_safari' , false );
127
- isset($postedValue['mo_wpns_block_opera']) ? update_option( 'mo_wpns_block_opera' , $postedValue['mo_wpns_block_opera'] ) : update_option( 'mo_wpns_block_opera' , false );
128
- isset($postedValue['mo_wpns_block_edge']) ? update_option( 'mo_wpns_block_edge' , $postedValue['mo_wpns_block_edge'] ) : update_option( 'mo_wpns_block_edge' , false );
129
  do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
130
  }
131
 
93
 
94
  if(filter_var($postedValue['start_'.$i] , FILTER_VALIDATE_IP ) && filter_var($postedValue['end_'.$i] , FILTER_VALIDATE_IP ) && (ip2long($postedValue['end_'.$i]) > ip2long($postedValue['start_'.$i])) ){
95
  $range = '';
96
+ $range = sanitize_text_field($postedValue['start_'.$i]);
97
  $range .= '-';
98
+ $range .= sanitize_text_field($postedValue['end_'.$i]);
99
  $added_mappings_ranges++;
100
  update_option( 'mo_wpns_iprange_range_'.$added_mappings_ranges, $range );
101
 
120
  //Function to handle browser blocking
121
  function wpns_handle_browser_blocking($postedValue)
122
  {
123
+ isset($postedValue['mo_wpns_block_chrome']) ? update_option( 'mo_wpns_block_chrome' , sanitize_text_field($postedValue['mo_wpns_block_chrome'] )) : update_option( 'mo_wpns_block_chrome' , false );
124
+ isset($postedValue['mo_wpns_block_firefox']) ? update_option( 'mo_wpns_block_firefox' , sanitize_text_field($postedValue['mo_wpns_block_firefox'] )) : update_option( 'mo_wpns_block_firefox' , false );
125
+ isset($postedValue['mo_wpns_block_ie']) ? update_option( 'mo_wpns_block_ie' , sanitize_text_field($postedValue['mo_wpns_block_ie'] )) : update_option( 'mo_wpns_block_ie' , false );
126
+ isset($postedValue['mo_wpns_block_safari']) ? update_option( 'mo_wpns_block_safari' , sanitize_text_field($postedValue['mo_wpns_block_safari'] )) : update_option( 'mo_wpns_block_safari' , false );
127
+ isset($postedValue['mo_wpns_block_opera']) ? update_option( 'mo_wpns_block_opera' , sanitize_text_field($postedValue['mo_wpns_block_opera'] )) : update_option( 'mo_wpns_block_opera' , false );
128
+ isset($postedValue['mo_wpns_block_edge']) ? update_option( 'mo_wpns_block_edge' , sanitize_text_field($postedValue['mo_wpns_block_edge'] ) ) : update_option( 'mo_wpns_block_edge' , false );
129
  do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
130
  }
131
 
controllers/backup/backup_ajax.php CHANGED
@@ -26,7 +26,7 @@ public function mo_wpns_backup_redirect(){
26
  }
27
 
28
  public function mo_wpns_save_backup_config_form($postData){
29
- $nonce = $postData['nonce'];
30
  if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
  wp_send_json('ERROR');
32
  }
@@ -57,7 +57,7 @@ public function mo_wpns_save_backup_config_form($postData){
57
  }
58
 
59
  function mo_wpns_save_schedule_backup_config_form($postData){
60
- $nonce = $postData['nonce'];
61
  if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
  wp_send_json('ERROR');
63
 
@@ -130,7 +130,7 @@ function mo_wpns_save_schedule_backup_config_form($postData){
130
 
131
  function delete_backup($postData){
132
 
133
- $nonce = $postData['nonce'];
134
  if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
  wp_send_json('ERROR');
136
 
26
  }
27
 
28
  public function mo_wpns_save_backup_config_form($postData){
29
+ $nonce = sanitize_text_field($postData['nonce']);
30
  if ( ! wp_verify_nonce( $nonce, 'wpns-backup-settings' ) ){
31
  wp_send_json('ERROR');
32
  }
57
  }
58
 
59
  function mo_wpns_save_schedule_backup_config_form($postData){
60
+ $nonce = sanitize_text_field($postData['nonce']);
61
  if ( ! wp_verify_nonce( $nonce, 'wpns-schedule-backup' ) ){
62
  wp_send_json('ERROR');
63
 
130
 
131
  function delete_backup($postData){
132
 
133
+ $nonce = sanitize_text_field($postData['nonce']);
134
  if ( ! wp_verify_nonce( $nonce, 'delete_entry' ) ){
135
  wp_send_json('ERROR');
136
 
controllers/content-protection.php CHANGED
@@ -33,7 +33,7 @@ $restAPI_link = rest_url().'wp'.DIRECTORY_SEPARATOR.'v2'.DIRECTORY_SEPARATOR.
33
  $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
  if($enable_recaptcha)
35
  {
36
- $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), $_SERVER['REQUEST_URI'] );
37
  $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
  $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
  }
33
  $restApiPlugin = 'https:'.DIRECTORY_SEPARATOR.DIRECTORY_SEPARATOR.'www.wordpress.org'.DIRECTORY_SEPARATOR.'plugins'.DIRECTORY_SEPARATOR.'wp-rest-api-authentication';
34
  if($enable_recaptcha)
35
  {
36
+ $test_recaptcha_url = add_query_arg( array('option'=>'testrecaptchaconfig'), sanitize_url($_SERVER['REQUEST_URI'] ));
37
  $captcha_site_key = get_option('mo_wpns_recaptcha_site_key' );
38
  $captcha_secret_key = get_option('mo_wpns_recaptcha_secret_key');
39
  }
controllers/feedback_footer.php CHANGED
@@ -7,7 +7,7 @@
7
  switch(sanitize_text_field($_POST['option']))
8
  {
9
  case "mo_wpns_send_query":
10
- wpns_handle_support_form_new($_POST['query_email'],$_POST['query'],$_POST['query_phone']);
11
  break;
12
  }
13
  }
@@ -33,9 +33,6 @@
33
  return;
34
  }
35
 
36
- $query = sanitize_text_field( $query );
37
- $email = sanitize_email( $email );
38
- $phone = sanitize_text_field( $phone );
39
  $contact_us = new MocURL();
40
 
41
  if($send_configuration)
7
  switch(sanitize_text_field($_POST['option']))
8
  {
9
  case "mo_wpns_send_query":
10
+ wpns_handle_support_form_new(sanitize_email($_POST['query_email']),sanitize_text_field($_POST['query']),sanitize_text_field($_POST['query_phone']));
11
  break;
12
  }
13
  }
33
  return;
34
  }
35
 
 
 
 
36
  $contact_us = new MocURL();
37
 
38
  if($send_configuration)
controllers/ip-blocking.php CHANGED
@@ -9,13 +9,13 @@
9
  switch(sanitize_text_field($_POST['option']))
10
  {
11
  case "mo_wpns_manual_block_ip":
12
- wpns_handle_manual_block_ip($_POST['IP']); break;
13
  case "mo_wpns_unblock_ip":
14
- wpns_handle_unblock_ip($_POST['id']); break;
15
  case "mo_wpns_whitelist_ip":
16
- wpns_handle_whitelist_ip($_POST['IP']); break;
17
  case "mo_wpns_remove_whitelist":
18
- wpns_handle_remove_whitelist($_POST['id'] ); break;
19
  }
20
  }
21
 
@@ -26,7 +26,7 @@
26
  $img_loader_url = plugins_url().$path[1];
27
 
28
  $page_url = "";
29
- $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), $_SERVER['REQUEST_URI'] );
30
 
31
 
32
  function wpns_handle_manual_block_ip($ip)
9
  switch(sanitize_text_field($_POST['option']))
10
  {
11
  case "mo_wpns_manual_block_ip":
12
+ wpns_handle_manual_block_ip(sanitize_text_field($_POST['IP'])); break;
13
  case "mo_wpns_unblock_ip":
14
+ wpns_handle_unblock_ip(sanitize_text_field($_POST['id'])); break;
15
  case "mo_wpns_whitelist_ip":
16
+ wpns_handle_whitelist_ip(sanitize_text_field($_POST['IP'])); break;
17
  case "mo_wpns_remove_whitelist":
18
+ wpns_handle_remove_whitelist(sanitize_text_field($_POST['id'] )); break;
19
  }
20
  }
21
 
26
  $img_loader_url = plugins_url().$path[1];
27
 
28
  $page_url = "";
29
+ $license_url = add_query_arg( array('page' => 'mo_2fa_upgrade'), sanitize_url($_SERVER['REQUEST_URI'] ));
30
 
31
 
32
  function wpns_handle_manual_block_ip($ip)
controllers/licensing.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  global $moWpnsUtility,$mo2f_dirName;
4
 
5
- $default_url = add_query_arg( array('page' => 'default' ), $_SERVER['REQUEST_URI'] );
6
  $form_action = MoWpnsConstants::HOST_NAME.'/moas/login';
7
  $admin_email = get_option('mo2f_email');
8
  $redirect_url = MoWpnsConstants::HOST_NAME .'/moas/initializepayment';
2
 
3
  global $moWpnsUtility,$mo2f_dirName;
4
 
5
+ $default_url = add_query_arg( array('page' => 'default' ), sanitize_url($_SERVER['REQUEST_URI'] ));
6
  $form_action = MoWpnsConstants::HOST_NAME.'/moas/login';
7
  $admin_email = get_option('mo2f_email');
8
  $redirect_url = MoWpnsConstants::HOST_NAME .'/moas/initializepayment';
controllers/login-security.php CHANGED
@@ -4,14 +4,14 @@
4
 
5
  $twofactor_url = add_query_arg(
6
  array('page' => 'mo_2fa_two_fa')
7
- , $_SERVER['REQUEST_URI']
8
  );
9
 
10
 
11
 
12
  if(current_user_can( 'manage_options' ) && isset($_REQUEST['option']))
13
  {
14
- switch($_REQUEST['option'])
15
  {
16
  case "mo_wpns_enable_brute_force":
17
  wpns_handle_bf_enable_form($_POST); break;
@@ -123,10 +123,10 @@
123
  $blocking_value = isset($postData['time_of_blocking_val']) ? sanitize_text_field($postData['time_of_blocking_val']) : false;
124
  $remaining_attempts = isset($postData['show_remaining_attempts'])? sanitize_text_field($postData['show_remaining_attempts']) : false;
125
 
126
- update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
- update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
128
- update_option( 'mo2f_time_of_blocking_val' , $blocking_value );
129
- update_option( 'mo2f_show_remaining_attempts', $remaining_attempts );
130
 
131
  do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
132
  }
4
 
5
  $twofactor_url = add_query_arg(
6
  array('page' => 'mo_2fa_two_fa')
7
+ , sanitize_url($_SERVER['REQUEST_URI'])
8
  );
9
 
10
 
11
 
12
  if(current_user_can( 'manage_options' ) && isset($_REQUEST['option']))
13
  {
14
+ switch(sanitize_text_field($_REQUEST['option']))
15
  {
16
  case "mo_wpns_enable_brute_force":
17
  wpns_handle_bf_enable_form($_POST); break;
123
  $blocking_value = isset($postData['time_of_blocking_val']) ? sanitize_text_field($postData['time_of_blocking_val']) : false;
124
  $remaining_attempts = isset($postData['show_remaining_attempts'])? sanitize_text_field($postData['show_remaining_attempts']) : false;
125
 
126
+ update_option( 'mo2f_allwed_login_attempts' , $login_attempts );
127
+ update_option( 'mo2f_time_of_blocking_type' , $blocking_type );
128
+ update_option( 'mo2f_time_of_blocking_val' , $blocking_value );
129
+ update_option( 'mo2f_show_remaining_attempts', $remaining_attempts );
130
 
131
  do_action('wpns_show_message',MoWpnsMessages::showMessage('CONFIG_SAVED'),'SUCCESS');
132
  }
controllers/login-spam.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
  global $moWpnsUtility,$mo2f_dirName;
3
  if( isset( $_GET[ 'tab' ] ) ) {
4
- $active_tab = $_GET[ 'tab' ];
5
  } else {
6
  $active_tab = 'default';
7
  }
1
  <?php
2
  global $moWpnsUtility,$mo2f_dirName;
3
  if( isset( $_GET[ 'tab' ] ) ) {
4
+ $active_tab = sanitize_text_field($_GET[ 'tab' ]);
5
  } else {
6
  $active_tab = 'default';
7
  }
controllers/main_controller.php CHANGED
@@ -12,7 +12,7 @@ if(current_user_can('administrator'))
12
 
13
  if( isset( $_GET[ 'page' ]))
14
  {
15
- switch($_GET['page'])
16
  {
17
  case 'mo_2fa_dashboard':
18
  include_once $controller . 'dashboard.php'; break;
@@ -60,7 +60,7 @@ if(current_user_can('administrator'))
60
  {
61
  if( isset( $_GET[ 'page' ]))
62
  {
63
- switch($_GET['page'])
64
  {
65
  case 'mo_2fa_two_fa':
66
  include_once $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
12
 
13
  if( isset( $_GET[ 'page' ]))
14
  {
15
+ switch(sanitize_text_field($_GET['page']))
16
  {
17
  case 'mo_2fa_dashboard':
18
  include_once $controller . 'dashboard.php'; break;
60
  {
61
  if( isset( $_GET[ 'page' ]))
62
  {
63
+ switch(sanitize_text_field($_GET['page']))
64
  {
65
  case 'mo_2fa_two_fa':
66
  include_once $controller .'twofa'.DIRECTORY_SEPARATOR. 'two_fa.php'; break;
controllers/malware_scanner/malware_scan_ajax.php CHANGED
@@ -41,7 +41,7 @@ class Mo_wpns_scan_malware
41
  }
42
 
43
  public function mo_wpns_save_malware_config_form($POSTED){
44
- $nonce = $POSTED['nonce'];
45
  if ( ! wp_verify_nonce( $nonce, 'mo-wpns-scan-settings' ) ){
46
  wp_send_json('ERROR');
47
  return;
@@ -165,12 +165,12 @@ class Mo_wpns_scan_malware
165
 
166
  $mo2f_malware_db_handler->delete_files_parts();
167
 
168
- if(isset($POSTED['scan']) && $POSTED['scan']=='scan_start'){
169
  $scan_configuration = array();
170
- switch($POSTED['scantype'])
171
  {
172
  case "quick_scan":
173
- $nonce = $POSTED['nonce'];
174
  if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
175
  wp_send_json('ERROR');
176
  return;
@@ -196,7 +196,7 @@ class Mo_wpns_scan_malware
196
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
197
  break;
198
  case "standard_scan":
199
- $nonce = $POSTED['nonce'];
200
  if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
201
  wp_send_json('ERROR');
202
  return;
@@ -222,7 +222,7 @@ class Mo_wpns_scan_malware
222
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
223
  break;
224
  case "custom_scan":
225
- $nonce = $POSTED['nonce'];
226
  if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
227
  wp_send_json('ERROR');
228
  return;
@@ -376,7 +376,7 @@ class Mo_wpns_scan_malware
376
  $status=$decoded_scan_configuration->scan_progress;
377
  $mo_wpns_db_handler = new MoWpnsDB();
378
  $result = $mo_wpns_db_handler->get_report();
379
- $str1= $_SERVER['REQUEST_URI'];
380
  $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
381
  $currenturl = remove_query_arg('delete',$str1);
382
  $currenturl = remove_query_arg('view',$currenturl);
@@ -399,13 +399,13 @@ class Mo_wpns_scan_malware
399
  }
400
  }
401
  $htmldata .= "</td><td style=text-align:center>";
402
- $htmldata .= "<span style=color:green id=scan_files>".$report->scanned_files." files scanned<br></span>";
403
- $htmldata .= "<span style=color:red id=malicious_files>".$report->malware_count." malware found<br></span>";
404
  if($report->repo_issues < 0){
405
  $htmldata .= "<span style=color:orange id=malicious_files>Issues with repository check<br></span>";
406
  }
407
- $htmldata .= "<span style=color:orange id=warning_files>".($repo_count+$report->malicious_links)." warnings found</span>";
408
- $htmldata .= "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",$report->start_timestamp)."</td>";
409
  $htmldata .= "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
410
  $htmldata .= "</tr>";
411
 
41
  }
42
 
43
  public function mo_wpns_save_malware_config_form($POSTED){
44
+ $nonce = sanitize_text_field($POSTED['nonce']);
45
  if ( ! wp_verify_nonce( $nonce, 'mo-wpns-scan-settings' ) ){
46
  wp_send_json('ERROR');
47
  return;
165
 
166
  $mo2f_malware_db_handler->delete_files_parts();
167
 
168
+ if(isset($POSTED['scan']) && sanitize_text_field($POSTED['scan'])=='scan_start'){
169
  $scan_configuration = array();
170
+ switch(sanitize_text_field($POSTED['scantype']))
171
  {
172
  case "quick_scan":
173
+ $nonce = sanitize_text_field($POSTED['nonce']);
174
  if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
175
  wp_send_json('ERROR');
176
  return;
196
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
197
  break;
198
  case "standard_scan":
199
+ $nonce = sanitize_text_field($POSTED['nonce']);
200
  if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
201
  wp_send_json('ERROR');
202
  return;
222
  $mo_wpns_scan_handler->mo2f_scan_all_files($scan_configuration, $current_time); //recheck
223
  break;
224
  case "custom_scan":
225
+ $nonce = sanitize_text_field($POSTED['nonce']);
226
  if ( ! wp_verify_nonce( $nonce, 'wpns-scan-nonce' ) ){
227
  wp_send_json('ERROR');
228
  return;
376
  $status=$decoded_scan_configuration->scan_progress;
377
  $mo_wpns_db_handler = new MoWpnsDB();
378
  $result = $mo_wpns_db_handler->get_report();
379
+ $str1= sanitize_url($_SERVER['REQUEST_URI']);
380
  $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
381
  $currenturl = remove_query_arg('delete',$str1);
382
  $currenturl = remove_query_arg('view',$currenturl);
399
  }
400
  }
401
  $htmldata .= "</td><td style=text-align:center>";
402
+ $htmldata .= "<span style=color:green id=scan_files>".esc_html($report->scanned_files)." files scanned<br></span>";
403
+ $htmldata .= "<span style=color:red id=malicious_files>".esc_html($report->malware_count)." malware found<br></span>";
404
  if($report->repo_issues < 0){
405
  $htmldata .= "<span style=color:orange id=malicious_files>Issues with repository check<br></span>";
406
  }
407
+ $htmldata .= "<span style=color:orange id=warning_files>".esc_html(($repo_count+$report->malicious_links))." warnings found</span>";
408
+ $htmldata .= "</td><td style=text-align:center id=start_time>".date("M j, Y, g:i:s a",esc_html($report->start_timestamp))."</td>";
409
  $htmldata .= "<td><a href='".add_query_arg( array('tab' => 'default', 'view' => $report->id), $currenturl )."'>View Details</a> <a href='".add_query_arg( array('tab' => 'default', 'delete' => $report->id), $currenturl )."'>Delete</a></td>";
410
  $htmldata .= "</tr>";
411
 
controllers/malware_scanner/malware_scan_result.php CHANGED
@@ -7,7 +7,7 @@
7
  $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
  }
9
  elseif(isset($_GET['trustchanged'])){
10
- $mo_wpns_db_handler->ignorechangedfile($_GET['trustchanged']);
11
  }
12
  $last_id=$mo_wpns_db_handler->get_last_id();
13
  $send_id=$last_id[0]->max;
@@ -17,21 +17,21 @@
17
  foreach($listofignorefiles as $row)
18
  $ignorefiles[$row->path] = array('signature'=>$row->signature,"id"=>$row->id);
19
 
20
- $result = $mo_wpns_db_handler->get_report_with_id($_GET['view']);
21
  if(sizeof($result)>0){
22
  $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
23
  show_scan_details($detailreport, $result, $ignorefiles, $last_scan);
24
  }
25
  }
26
  else{
27
- $str1= $_SERVER['REQUEST_URI'];
28
  $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
29
  $currenturl = remove_query_arg('delete',$str1);
30
  $currenturl = remove_query_arg('view',$currenturl);
31
  $currenturl = remove_query_arg('trust',$currenturl);
32
  $currenturl = remove_query_arg('trustchanged',$currenturl);
33
  if(isset($_GET['delete'])){
34
- $mo_wpns_db_handler->delete_report($_GET['delete']);
35
  }
36
  $result = $mo_wpns_db_handler->get_report();
37
  show_scan_report($currenturl, $result);
7
  $mo_wpns_db_handler->ignorefile(base64_decode($_GET['trust']));
8
  }
9
  elseif(isset($_GET['trustchanged'])){
10
+ $mo_wpns_db_handler->ignorechangedfile(sanitize_text_field($_GET['trustchanged']));
11
  }
12
  $last_id=$mo_wpns_db_handler->get_last_id();
13
  $send_id=$last_id[0]->max;
17
  foreach($listofignorefiles as $row)
18
  $ignorefiles[$row->path] = array('signature'=>$row->signature,"id"=>$row->id);
19
 
20
+ $result = $mo_wpns_db_handler->get_report_with_id(sanitize_text_field($_GET['view']));
21
  if(sizeof($result)>0){
22
  $detailreport = $mo_wpns_db_handler->get_detail_report_with_id($_GET['view']);
23
  show_scan_details($detailreport, $result, $ignorefiles, $last_scan);
24
  }
25
  }
26
  else{
27
+ $str1= sanitize_url($_SERVER['REQUEST_URI']);
28
  $str1= str_replace("admin-ajax.php", "admin.php?page=mo_2fa_malwarescan", $str1);
29
  $currenturl = remove_query_arg('delete',$str1);
30
  $currenturl = remove_query_arg('view',$currenturl);
31
  $currenturl = remove_query_arg('trust',$currenturl);
32
  $currenturl = remove_query_arg('trustchanged',$currenturl);
33
  if(isset($_GET['delete'])){
34
+ $mo_wpns_db_handler->delete_report(sanitize_text_field($_GET['delete']));
35
  }
36
  $result = $mo_wpns_db_handler->get_report();
37
  show_scan_report($currenturl, $result);
controllers/navbar.php CHANGED
@@ -1,95 +1,95 @@
1
- <?php
2
-
3
- global $moWpnsUtility,$mo2f_dirName;
4
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
- {
6
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
- {
8
- case "mo_wpns_2fa_with_network_security":
9
- $security_features = new Mo_2fa_security_features();
10
- $security_features->wpns_2fa_with_network_security($_POST); break;
11
- }
12
- }
13
- $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
-
15
- if( isset( $_GET[ 'page' ])){
16
- $tab_count= get_site_option('mo2f_tab_count', 0);
17
- if($tab_count == 5)
18
- update_site_option('mo_2f_switch_all', 1);
19
- else
20
- update_site_option('mo_2f_switch_all', 0);
21
- switch($_GET['page'])
22
- {
23
- case 'mo_2fa_login_and_spam':
24
- update_option('mo_2f_switch_loginspam', 1);
25
- if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
- break;
28
- case 'mo_2fa_backup':
29
- update_option('mo_2f_switch_backup', 1);
30
- if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
- break;
33
- case 'mo_2fa_waf':
34
- update_option('mo_2f_switch_waf', 1);
35
- if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
- break;
38
- case 'mo_2fa_advancedblocking':
39
- update_option('mo_2f_switch_adv_block', 1);
40
- if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
- break;
43
-
44
- case 'mo_2fa_malwarescan':
45
- update_option('mo_2f_switch_malware', 1);
46
- if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
- update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
- break;
49
- }
50
- }
51
- $profile_url = esc_url(add_query_arg( array('page' => 'mo_2fa_account' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
52
- $login_security = esc_url(add_query_arg( array('page' => 'default' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
53
- $waf = esc_url(add_query_arg( array('page' => 'mo_2fa_waf' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
54
- $login_and_spam = esc_url(add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
55
- $register_url = esc_url(add_query_arg( array('page' => 'registration' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
56
- $blocked_ips = esc_url(add_query_arg( array('page' => 'mo_2fa_blockedips' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
57
- $advance_block = esc_url(add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
58
- $notif_url = esc_url(add_query_arg( array('page' => 'mo_2fa_notifications' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
59
- $reports_url = esc_url(add_query_arg( array('page' => 'mo_2fa_reports' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
60
- $license_url = esc_url(add_query_arg( array('page' => 'mo_2fa_upgrade' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
61
- $help_url = esc_url(add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
62
- $addons_url = esc_url(add_query_arg( array('page' => 'mo_2fa_addons' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
63
- $content_protect= esc_url(add_query_arg( array('page' => 'content_protect' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
64
- $backup = esc_url(add_query_arg( array('page' => 'mo_2fa_backup' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
65
- $scan_url = esc_url(add_query_arg( array('page' => 'mo_2fa_malwarescan' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
66
- $two_fa = esc_url(add_query_arg( array('page' => 'mo_2fa_two_fa' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
67
- //Added for new design
68
- $dashboard_url = esc_url(add_query_arg(array('page' => 'mo_2fa_dashboard' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
69
- $upgrade_url = esc_url(add_query_arg(array('page' => 'mo_2fa_upgrade' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
70
- $request_demo_url = esc_url(add_query_arg(array('page' => 'mo_2fa_request_demo' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
71
- $request_offer_url = esc_url(add_query_arg(array('page' => 'mo_2fa_request_offer' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
72
- $trial_url = esc_url(add_query_arg( array('page' => 'mo_2fa_trial' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
73
-
74
- //dynamic
75
- $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
76
- $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-2fa-and-password.png';
77
- $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_default_login_form.png';
78
- $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
79
- $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
80
-
81
- $moPluginHandler= new MoWpnsHandler();
82
- $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
83
-
84
- $active_tab = $_GET['page'];
85
-
86
- $user_id = get_current_user_id();
87
- $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
88
- $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
89
- if(is_array($backup_codes_remaining)){
90
- $backup_codes_remaining = sizeof($backup_codes_remaining);
91
- }else{
92
- $backup_codes_remaining = 0;
93
- }
94
-
95
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
1
+ <?php
2
+
3
+ global $moWpnsUtility,$mo2f_dirName;
4
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
5
+ {
6
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
7
+ {
8
+ case "mo_wpns_2fa_with_network_security":
9
+ $security_features = new Mo_2fa_security_features();
10
+ $security_features->wpns_2fa_with_network_security($_POST); break;
11
+ }
12
+ }
13
+ $network_security_features= MoWpnsUtility::get_mo2f_db_option('mo_wpns_2fa_with_network_security', 'get_option') ? "checked" : "";
14
+
15
+ if( isset( $_GET[ 'page' ])){
16
+ $tab_count= get_site_option('mo2f_tab_count', 0);
17
+ if($tab_count == 5)
18
+ update_site_option('mo_2f_switch_all', 1);
19
+ else
20
+ update_site_option('mo_2f_switch_all', 0);
21
+ switch(sanitize_text_field($_GET['page']))
22
+ {
23
+ case 'mo_2fa_login_and_spam':
24
+ update_option('mo_2f_switch_loginspam', 1);
25
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_loginspam'))
26
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
27
+ break;
28
+ case 'mo_2fa_backup':
29
+ update_option('mo_2f_switch_backup', 1);
30
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_backup'))
31
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
32
+ break;
33
+ case 'mo_2fa_waf':
34
+ update_option('mo_2f_switch_waf', 1);
35
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_waf'))
36
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
37
+ break;
38
+ case 'mo_2fa_advancedblocking':
39
+ update_option('mo_2f_switch_adv_block', 1);
40
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_adv_block'))
41
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
42
+ break;
43
+
44
+ case 'mo_2fa_malwarescan':
45
+ update_option('mo_2f_switch_malware', 1);
46
+ if($tab_count < 5 && !get_site_option('mo_2f_switch_malware'))
47
+ update_site_option('mo2f_tab_count', get_site_option('mo2f_tab_count')+1);
48
+ break;
49
+ }
50
+ }
51
+ $profile_url = esc_url(add_query_arg( array('page' => 'mo_2fa_account' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
52
+ $login_security = esc_url(add_query_arg( array('page' => 'default' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
53
+ $waf = esc_url(add_query_arg( array('page' => 'mo_2fa_waf' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
54
+ $login_and_spam = esc_url(add_query_arg( array('page' => 'mo_2fa_login_and_spam' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
55
+ $register_url = esc_url(add_query_arg( array('page' => 'registration' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
56
+ $blocked_ips = esc_url(add_query_arg( array('page' => 'mo_2fa_blockedips' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
57
+ $advance_block = esc_url(add_query_arg( array('page' => 'mo_2fa_advancedblocking' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
58
+ $notif_url = esc_url(add_query_arg( array('page' => 'mo_2fa_notifications' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
59
+ $reports_url = esc_url(add_query_arg( array('page' => 'mo_2fa_reports' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
60
+ $license_url = esc_url(add_query_arg( array('page' => 'mo_2fa_upgrade' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
61
+ $help_url = esc_url(add_query_arg( array('page' => 'mo_2fa_troubleshooting' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
62
+ $addons_url = esc_url(add_query_arg( array('page' => 'mo_2fa_addons' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
63
+ $content_protect= esc_url(add_query_arg( array('page' => 'content_protect' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
64
+ $backup = esc_url(add_query_arg( array('page' => 'mo_2fa_backup' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
65
+ $scan_url = esc_url(add_query_arg( array('page' => 'mo_2fa_malwarescan' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
66
+ $two_fa = esc_url(add_query_arg( array('page' => 'mo_2fa_two_fa' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
67
+ //Added for new design
68
+ $dashboard_url = esc_url(add_query_arg(array('page' => 'mo_2fa_dashboard' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
69
+ $upgrade_url = esc_url(add_query_arg(array('page' => 'mo_2fa_upgrade' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
70
+ $request_demo_url = esc_url(add_query_arg(array('page' => 'mo_2fa_request_demo' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
71
+ $request_offer_url = esc_url(add_query_arg(array('page' => 'mo_2fa_request_offer' ), sanitize_text_field($_SERVER['REQUEST_URI'])));
72
+ $trial_url = esc_url(add_query_arg( array('page' => 'mo_2fa_trial' ), sanitize_text_field($_SERVER['REQUEST_URI'] )));
73
+
74
+ //dynamic
75
+ $logo_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/miniorange_logo.png';
76
+ $login_with_usename_only_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/login-with-2fa-and-password.png';
77
+ $hide_login_form_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/hide_default_login_form.png';
78
+ $new_url = plugin_dir_url(dirname(__FILE__)) . 'includes/images/new.png';
79
+ $shw_feedback = get_option('donot_show_feedback_message') ? false: true;
80
+
81
+ $moPluginHandler= new MoWpnsHandler();
82
+ $safe = $moPluginHandler->is_whitelisted($moWpnsUtility->get_client_ip());
83
+
84
+ $active_tab = sanitize_text_field($_GET['page']);
85
+
86
+ $user_id = get_current_user_id();
87
+ $mo2f_two_fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
88
+ $backup_codes_remaining = get_user_meta($user_id, 'mo2f_backup_codes', true);
89
+ if(is_array($backup_codes_remaining)){
90
+ $backup_codes_remaining = sizeof($backup_codes_remaining);
91
+ }else{
92
+ $backup_codes_remaining = 0;
93
+ }
94
+
95
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'navbar.php';
controllers/notification-settings.php CHANGED
@@ -14,11 +14,11 @@
14
  case "mo_wpns_enable_unusual_activity_email_to_user":
15
  wpns_handle_notify_unusual_activity($_POST); break;
16
  case "custom_user_template":
17
- wpns_handle_custom_template($_POST['custom_user_template']); break;
18
  case "mo_wpns_get_manual_email" :
19
  wpns_handle_admin_email($_POST); break;
20
  case "custom_admin_template":
21
- wpns_handle_custom_template(null,$_POST['custom_admin_template']); break;
22
  }
23
  }
24
  if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
14
  case "mo_wpns_enable_unusual_activity_email_to_user":
15
  wpns_handle_notify_unusual_activity($_POST); break;
16
  case "custom_user_template":
17
+ wpns_handle_custom_template(sanitize_text_field($_POST['custom_user_template'])); break;
18
  case "mo_wpns_get_manual_email" :
19
  wpns_handle_admin_email($_POST); break;
20
  case "custom_admin_template":
21
+ wpns_handle_custom_template(null,sanitize_text_field($_POST['custom_admin_template'])); break;
22
  }
23
  }
24
  if(!get_option("admin_email_address_status")|| get_option("admin_email_address") ==''){
controllers/pointers.php CHANGED
@@ -3,7 +3,7 @@
3
  $pointers = array();
4
  $tab= 'default';
5
  if(array_key_exists('tab',$_GET))
6
- $tab = $_GET['tab'];
7
 
8
  if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
 
3
  $pointers = array();
4
  $tab= 'default';
5
  if(array_key_exists('tab',$_GET))
6
+ $tab = sanitize_text_field($_GET['tab']);
7
 
8
  if(MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option') ==1)
9
 
controllers/registration-security.php CHANGED
@@ -1,126 +1,126 @@
1
- <?php
2
-
3
- global $moWpnsUtility, $mo2f_dirName;
4
-
5
-
6
- if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
- {
8
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
9
- {
10
- case "mo_wpns_enable_fake_domain_blocking":
11
- wpns_handle_domain_blocking($_POST); break;
12
- case "mo_wpns_advanced_user_verification":
13
- wpns_handle_advanced_user_verification($_POST); break;
14
- case "mo_wpns_social_integration":
15
- wpns_handle_enable_social_login($_POST); break;
16
-
17
- }
18
- }
19
-
20
- $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), $_SERVER['REQUEST_URI'] );
21
- $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), $_SERVER['REQUEST_URI'] );
22
- $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
- $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
- $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
-
26
- function mo2f_user_verify() {
27
- if ( $user_verify ) {
28
- $moOTPPlugin = new OTPPlugin();
29
- $status = $moOTPPlugin->getstatus();
30
- switch ( $status ) {
31
- case "ACTIVE":
32
- echo "<br><a href='" . esc_url($otpVerify_url) . "'>Click here to configure.</a>";
33
- $moOTPPlugin->updatePluginConfiguration();
34
- break;
35
- case "INSTALLED":
36
- $path = "miniorange-otp-verification/miniorange_validation_settings.php";
37
- $activateUrl = wp_nonce_url( admin_url( 'plugins.php?action=activate&plugin=' . $path ), 'activate-plugin_' . $path );
38
- echo '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="' . esc_url($activateUrl) . '">Click here to activate OTP Verification Plugin</a>';
39
- break;
40
- default:
41
- $action = 'install-plugin';
42
- $slug = 'miniorange-otp-verification';
43
- $install_link = wp_nonce_url(
44
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
45
- $action . '_' . $slug
46
- );
47
- echo '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="' . esc_url($install_link) . '">Install OTP Verification plugin</a>';
48
- break;
49
- }
50
- }
51
- }
52
-
53
- function mo2f_social_login() {
54
- $moSocialLogin = new SocialPlugin();
55
- $status = $moSocialLogin->getstatus();
56
- switch ( $status ) {
57
- case "ACTIVE":
58
- echo "<br><a href='" . esc_url( $openid_url ) . "'>Click here to configure.</a>";
59
- break;
60
- case "INSTALLED":
61
- $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
62
- $activateUrl = wp_nonce_url( admin_url( 'plugins.php?action=activate&plugin=' . $path ), 'activate-plugin_' . $path );
63
- echo '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="' . esc_url( $activateUrl ) . '">Click here to activate Social Login, Sharing Plugin</a>';
64
- break;
65
- default:
66
- $action = 'install-plugin';
67
- $slug = 'miniorange-login-openid';
68
- $install_link = wp_nonce_url(
69
- add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
70
- $action . '_' . $slug
71
- );
72
- echo '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="' . esc_url( $install_link ) . '">Install Social Login, Sharing plugin</a>';
73
- break;
74
- }
75
- }
76
-
77
- include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
78
-
79
-
80
-
81
-
82
- /* REGISTRATION SECURITY RELATED FUNCTIONS*/
83
-
84
- //Function to handle enabling and disabling domain blocking
85
- function wpns_handle_domain_blocking($postvalue)
86
- {
87
- $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
88
- update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
89
-
90
- if($enable_fake_emails)
91
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
92
- else
93
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
94
- }
95
-
96
-
97
- //Function to enable and disable User Verification for the Default Registration Page
98
- function wpns_handle_advanced_user_verification($postvalue)
99
- {
100
- $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
101
- update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
102
-
103
- if($enable_advanced_user_verification)
104
- {
105
- update_option('mo_customer_validation_wp_default_enable',1);
106
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
107
- }
108
- else
109
- {
110
- update_option('mo_customer_validation_wp_default_enable',0);
111
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
112
- }
113
- }
114
-
115
-
116
- //Function to enable and disable Social Login
117
- function wpns_handle_enable_social_login($postvalue)
118
- {
119
- $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
120
- update_option( 'mo_wpns_enable_social_integration', $social_login);
121
-
122
- if($social_login)
123
- do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
124
- else
125
- do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
126
  }
1
+ <?php
2
+
3
+ global $moWpnsUtility, $mo2f_dirName;
4
+
5
+
6
+ if(current_user_can( 'manage_options' ) && isset($_POST['option']))
7
+ {
8
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
9
+ {
10
+ case "mo_wpns_enable_fake_domain_blocking":
11
+ wpns_handle_domain_blocking($_POST); break;
12
+ case "mo_wpns_advanced_user_verification":
13
+ wpns_handle_advanced_user_verification($_POST); break;
14
+ case "mo_wpns_social_integration":
15
+ wpns_handle_enable_social_login($_POST); break;
16
+
17
+ }
18
+ }
19
+
20
+ $otpVerify_url = add_query_arg( array('page' => 'mosettings', 'tab'=>'settings'), sanitize_url($_SERVER['REQUEST_URI'] ));
21
+ $openid_url = add_query_arg( array('page' => 'mo_openid_settings' ), sanitize_url($_SERVER['REQUEST_URI'] ));
22
+ $domain_blocking= get_option('mo_wpns_enable_fake_domain_blocking') ? "checked" : "";
23
+ $user_verify = get_option('mo_wpns_enable_advanced_user_verification') ? "checked" : "";
24
+ $social_login = get_option('mo_wpns_enable_social_integration') ? "checked" : "";
25
+
26
+ function mo2f_user_verify() {
27
+ if ( $user_verify ) {
28
+ $moOTPPlugin = new OTPPlugin();
29
+ $status = $moOTPPlugin->getstatus();
30
+ switch ( $status ) {
31
+ case "ACTIVE":
32
+ echo "<br><a href='" . esc_url($otpVerify_url) . "'>Click here to configure.</a>";
33
+ $moOTPPlugin->updatePluginConfiguration();
34
+ break;
35
+ case "INSTALLED":
36
+ $path = "miniorange-otp-verification/miniorange_validation_settings.php";
37
+ $activateUrl = wp_nonce_url( admin_url( 'plugins.php?action=activate&plugin=' . $path ), 'activate-plugin_' . $path );
38
+ echo '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin activated.</span><br><a href="' . esc_url($activateUrl) . '">Click here to activate OTP Verification Plugin</a>';
39
+ break;
40
+ default:
41
+ $action = 'install-plugin';
42
+ $slug = 'miniorange-otp-verification';
43
+ $install_link = wp_nonce_url(
44
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
45
+ $action . '_' . $slug
46
+ );
47
+ echo '<br><span style="color:red">For Advanced User Verification you need to have miniOrange OTP Verification plugin installed.</span><br><a href="' . esc_url($install_link) . '">Install OTP Verification plugin</a>';
48
+ break;
49
+ }
50
+ }
51
+ }
52
+
53
+ function mo2f_social_login() {
54
+ $moSocialLogin = new SocialPlugin();
55
+ $status = $moSocialLogin->getstatus();
56
+ switch ( $status ) {
57
+ case "ACTIVE":
58
+ echo "<br><a href='" . esc_url( $openid_url ) . "'>Click here to configure.</a>";
59
+ break;
60
+ case "INSTALLED":
61
+ $path = "miniorange-login-openid/miniorange_openid_sso_settings.php";
62
+ $activateUrl = wp_nonce_url( admin_url( 'plugins.php?action=activate&plugin=' . $path ), 'activate-plugin_' . $path );
63
+ echo '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin activated.</span><br><a href="' . esc_url( $activateUrl ) . '">Click here to activate Social Login, Sharing Plugin</a>';
64
+ break;
65
+ default:
66
+ $action = 'install-plugin';
67
+ $slug = 'miniorange-login-openid';
68
+ $install_link = wp_nonce_url(
69
+ add_query_arg( array( 'action' => $action, 'plugin' => $slug ), admin_url( 'update.php' ) ),
70
+ $action . '_' . $slug
71
+ );
72
+ echo '<br><span style="color:red">For Social Login Integration you need to have miniOrange Social Login, Sharing plugin installed.</span><br><a href="' . esc_url( $install_link ) . '">Install Social Login, Sharing plugin</a>';
73
+ break;
74
+ }
75
+ }
76
+
77
+ include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'registration-security.php';
78
+
79
+
80
+
81
+
82
+ /* REGISTRATION SECURITY RELATED FUNCTIONS*/
83
+
84
+ //Function to handle enabling and disabling domain blocking
85
+ function wpns_handle_domain_blocking($postvalue)
86
+ {
87
+ $enable_fake_emails = isset($postvalue['mo_wpns_enable_fake_domain_blocking']) ? true : false;
88
+ update_option( 'mo_wpns_enable_fake_domain_blocking', $enable_fake_emails);
89
+
90
+ if($enable_fake_emails)
91
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_ENABLED'),'SUCCESS');
92
+ else
93
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DOMAIN_BLOCKING_DISABLED'),'ERROR');
94
+ }
95
+
96
+
97
+ //Function to enable and disable User Verification for the Default Registration Page
98
+ function wpns_handle_advanced_user_verification($postvalue)
99
+ {
100
+ $enable_advanced_user_verification = isset($postvalue['mo_wpns_enable_advanced_user_verification']) ? true : false;
101
+ update_option( 'mo_wpns_enable_advanced_user_verification', $enable_advanced_user_verification);
102
+
103
+ if($enable_advanced_user_verification)
104
+ {
105
+ update_option('mo_customer_validation_wp_default_enable',1);
106
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_ADVANCED_USER_VERIFY'),'SUCCESS');
107
+ }
108
+ else
109
+ {
110
+ update_option('mo_customer_validation_wp_default_enable',0);
111
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_ADVANCED_USER_VERIFY'),'ERROR');
112
+ }
113
+ }
114
+
115
+
116
+ //Function to enable and disable Social Login
117
+ function wpns_handle_enable_social_login($postvalue)
118
+ {
119
+ $social_login = isset($postvalue['mo_wpns_enable_social_integration']) ? true : false;
120
+ update_option( 'mo_wpns_enable_social_integration', $social_login);
121
+
122
+ if($social_login)
123
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('ENABLE_SOCIAL_LOGIN'),'SUCCESS');
124
+ else
125
+ do_action('wpns_show_message',MoWpnsMessages::showMessage('DISABLE_SOCIAL_LOGIN'),'ERROR');
126
  }
controllers/request_christmas_offer.php CHANGED
@@ -13,9 +13,9 @@
13
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
 
15
  function wpns_handle_christmas_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_christmas_usecase'])? $post['mo_2FA_christmas_usecase']: NULL;
18
- $email = isset($post['mo_2FA_christmas_email'])? $post['mo_2FA_christmas_email'] : NULL;
19
  if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
  return;
21
  }
@@ -26,8 +26,7 @@
26
  }
27
  else{
28
 
29
- $usecase = sanitize_text_field( $usecase );
30
- $email = sanitize_text_field( $email );
31
  $query = 'REQUEST FOR CHRISTMAS OFFERS';
32
  $query .= ' =>';
33
  $query .= ' : ';
13
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_christmas_offer.php';
14
 
15
  function wpns_handle_christmas_request_form($post){
16
+ $nonce = isset($post['nonce'])?sanitize_text_field($post['nonce']):NULL;
17
+ $usecase = isset($post['mo_2FA_christmas_usecase'])? sanitize_text_field($post['mo_2FA_christmas_usecase']): NULL;
18
+ $email = isset($post['mo_2FA_christmas_email'])? sanitize_email($post['mo_2FA_christmas_email']) : NULL;
19
  if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-christmas' ) ){
20
  return;
21
  }
26
  }
27
  else{
28
 
29
+
 
30
  $query = 'REQUEST FOR CHRISTMAS OFFERS';
31
  $query .= ' =>';
32
  $query .= ' : ';
controllers/request_demo.php CHANGED
@@ -13,10 +13,10 @@
13
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
 
15
  function wpns_handle_demo_request_form($post){
16
- $nonce = isset($post['nonce'])?$post['nonce']:NULL;
17
- $usecase = isset($post['mo_2FA_demo_usecase'])? $post['mo_2FA_demo_usecase']: NULL;
18
- $email = isset($post['mo_2FA_demo_email'])? $post['mo_2FA_demo_email'] : NULL;
19
- $demo_plan = isset($post['mo_2FA_demo_plan'])? $post['mo_2FA_demo_plan']: NULL;
20
  if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
  return;
22
  }
@@ -27,9 +27,6 @@
27
  }
28
  else{
29
 
30
- $usecase = sanitize_text_field( $usecase );
31
- $email = sanitize_text_field( $email );
32
- $demo_plan = sanitize_text_field($demo_plan);
33
  $query = 'REQUEST FOR DEMO';
34
  $query .= ' =>';
35
  $query .= $demo_plan;
13
  include $mo2f_dirName . 'views'.DIRECTORY_SEPARATOR.'request_demo.php';
14
 
15
  function wpns_handle_demo_request_form($post){
16
+ $nonce = isset($post['nonce'])?sanitize_text_field($post['nonce']):NULL;
17
+ $usecase = isset($post['mo_2FA_demo_usecase'])? sanitize_text_field($post['mo_2FA_demo_usecase']): NULL;
18
+ $email = isset($post['mo_2FA_demo_email'])? sanitize_email($post['mo_2FA_demo_email']) : NULL;
19
+ $demo_plan = isset($post['mo_2FA_demo_plan'])? sanitize_text_field($post['mo_2FA_demo_plan']): NULL;
20
  if ( ! wp_verify_nonce( $nonce, 'mo2f-Request-demo' ) ){
21
  return;
22
  }
27
  }
28
  else{
29
 
 
 
 
30
  $query = 'REQUEST FOR DEMO';
31
  $query .= ' =>';
32
  $query .= $demo_plan;
controllers/support.php CHANGED
@@ -10,7 +10,7 @@
10
  {
11
  case "mo_wpns_send_query":
12
  wpns_handle_support_form(sanitize_email($_POST['query_email']),sanitize_text_field($_POST['query'])
13
- ,$_POST['query_phone']); break;
14
  }
15
  }
16
 
@@ -36,9 +36,7 @@
36
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
37
  return;
38
  }
39
- $query = sanitize_text_field( $query );
40
- $email = sanitize_email( $email );
41
- $phone = sanitize_text_field( $phone );
42
  $contact_us = new MocURL();
43
 
44
  if($send_configuration)
10
  {
11
  case "mo_wpns_send_query":
12
  wpns_handle_support_form(sanitize_email($_POST['query_email']),sanitize_text_field($_POST['query'])
13
+ ,sanitize_text_field($_POST['query_phone'])); break;
14
  }
15
  }
16
 
36
  do_action('wpns_show_message',MoWpnsMessages::showMessage('SUPPORT_FORM_VALUES'),'ERROR');
37
  return;
38
  }
39
+
 
 
40
  $contact_us = new MocURL();
41
 
42
  if($send_configuration)
controllers/tour/tour_ajax.php CHANGED
@@ -9,7 +9,7 @@ class Mo_wpns_Tour
9
  public function mo_wpns_save_tour_details(){
10
  if(isset($_REQUEST['page']))
11
  {
12
- switch ($_REQUEST['page']) {
13
  case 'mo_2fa_two_fa':
14
  if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
  update_option('mo2f_two_factor_tour',1);
9
  public function mo_wpns_save_tour_details(){
10
  if(isset($_REQUEST['page']))
11
  {
12
+ switch (sanitize_text_field($_REQUEST['page'])) {
13
  case 'mo_2fa_two_fa':
14
  if(!MoWpnsUtility::get_mo2f_db_option('mo2f_two_factor_tour', 'get_option'))
15
  update_option('mo2f_two_factor_tour',1);
controllers/trial.php CHANGED
@@ -23,9 +23,9 @@
23
  return;
24
  }
25
 
26
- $email = isset($post['mo2f_trial_email'])? $post['mo2f_trial_email'] : NULL;
27
- $phone = isset($post['mo2f_trial_phone'])? $post['mo2f_trial_phone'] : ( $user_phone ? $user_phone : NULL );
28
- $trial_plan = isset($post['mo2f_trial_plan'])? $post['mo2f_trial_plan']: NULL;
29
 
30
  if(get_site_option('mo2f_trial_query_sent')){
31
  do_action('wpns_show_message',MoWpnsMessages::showMessage('TRIAL_REQUEST_ALREADY_SENT'),'ERROR');
@@ -60,7 +60,7 @@
60
  $fields = array(
61
  'firstName' => $current_user->user_firstname,
62
  'lastName' => $current_user->user_lastname,
63
- 'company' => $_SERVER['SERVER_NAME'],
64
  'email' => $email,
65
  'ccEmail' => '2fasupport@xecurify.com',
66
  'phone' => $phone,
23
  return;
24
  }
25
 
26
+ $email = isset($post['mo2f_trial_email'])? sanitize_email($post['mo2f_trial_email']) : NULL;
27
+ $phone = isset($post['mo2f_trial_phone'])? sanitize_text_field($post['mo2f_trial_phone']) : ( $user_phone ? $user_phone : NULL );
28
+ $trial_plan = isset($post['mo2f_trial_plan'])? sanitize_text_field($post['mo2f_trial_plan']): NULL;
29
 
30
  if(get_site_option('mo2f_trial_query_sent')){
31
  do_action('wpns_show_message',MoWpnsMessages::showMessage('TRIAL_REQUEST_ALREADY_SENT'),'ERROR');
60
  $fields = array(
61
  'firstName' => $current_user->user_firstname,
62
  'lastName' => $current_user->user_lastname,
63
+ 'company' => sanitize_text_field($_SERVER['SERVER_NAME']),
64
  'email' => $email,
65
  'ccEmail' => '2fasupport@xecurify.com',
66
  'phone' => $phone,
controllers/twofa/mo2fa_common_login.php CHANGED
@@ -78,9 +78,9 @@ function mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encr
78
  {
79
  echo'<span >
80
  <label>
81
- <input type="radio" name="mo2f_selected_mfactor_method" class ="mo2f-styled-radio_conf" value="'.$value.'"/>';
82
  echo'<span class="mo2f-styled-radio-text_conf">';
83
- echo __($value, 'miniorange-2-factor-authentication');
84
  echo ' </span> </label>
85
  <br>
86
  <br>
@@ -371,7 +371,7 @@ function mo2f_get_kba_authentication_prompt($login_status, $login_message, $redi
371
  <div id="kbaSection" class="kbaSectiondiv">
372
  <div id="otpMessage">
373
  <p style="font-size:13px;"
374
- class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? $login_message : __( 'Please answer the following questions:' ); ?></p>
375
  </div>
376
  <form name="f" id="mo2f_submitkba_loginform" method="post">
377
  <div id="mo2f_kba_content">
@@ -531,7 +531,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
531
  <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
532
  <div id="otpMessage" >
533
 
534
- <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? $login_message : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
535
  </div>
536
  <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
537
  <div id="mo2f_kba_content">
@@ -690,7 +690,7 @@ function mo2f_backup_form($login_status, $login_message, $redirect_to, $session_
690
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
691
  <input type="hidden" name="tx_type"/>
692
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
693
- <input type="hidden" name="TxidEmail" value="<?php echo $mo2f_EV_txid; ?>"/>
694
 
695
  </form>
696
 
@@ -928,9 +928,9 @@ function mo2f_get_push_notification_oobemail_prompt( $id, $login_status, $login_
928
  pollPushValidation();
929
  function pollPushValidation()
930
  { calls = calls + 1;
931
- var data = {'txid':'<?php echo $mo2f_EV_txid;?>'};
932
  jQuery.ajax({
933
- url: '<?php echo get_site_option("siteurl"); ?>'+"/wp-login.php",
934
  type: "POST",
935
  data: data,
936
  success: function (result) {
78
  {
79
  echo'<span >
80
  <label>
81
+ <input type="radio" name="mo2f_selected_mfactor_method" class ="mo2f-styled-radio_conf" value="'.esc_html($value).'"/>';
82
  echo'<span class="mo2f-styled-radio-text_conf">';
83
+ echo __(esc_html($value), 'miniorange-2-factor-authentication');
84
  echo ' </span> </label>
85
  <br>
86
  <br>
371
  <div id="kbaSection" class="kbaSectiondiv">
372
  <div id="otpMessage">
373
  <p style="font-size:13px;"
374
+ class="mo2fa_display_message_frontend"><?php echo ( isset( $login_message ) && ! empty( $login_message ) ) ? esc_html($login_message) : __( 'Please answer the following questions:' ); ?></p>
375
  </div>
376
  <form name="f" id="mo2f_submitkba_loginform" method="post">
377
  <div id="mo2f_kba_content">
531
  <div id="kbaSection" style="padding-left:10px;padding-right:10px;">
532
  <div id="otpMessage" >
533
 
534
+ <p style="font-size:15px;"><?php echo (isset($login_message) && !empty($login_message)) ? esc_html($login_message) : __('Please answer the following questions:', 'miniorange-2-factor-authentication'); ?></p>
535
  </div>
536
  <form name="f" id="mo2f_submitbackup_loginform" method="post" action="">
537
  <div id="mo2f_kba_content">
690
  <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
691
  <input type="hidden" name="tx_type"/>
692
  <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
693
+ <input type="hidden" name="TxidEmail" value="<?php echo esc_html($mo2f_EV_txid); ?>"/>
694
 
695
  </form>
696
 
928
  pollPushValidation();
929
  function pollPushValidation()
930
  { calls = calls + 1;
931
+ var data = {'txid':'<?php echo esc_html($mo2f_EV_txid);?>'};
932
  jQuery.ajax({
933
+ url: '<?php echo esc_html(get_site_option("siteurl")); ?>'+"/wp-login.php",
934
  type: "POST",
935
  data: data,
936
  success: function (result) {
controllers/twofa/mo2fa_inline_registration.php CHANGED
@@ -1,1552 +1,1552 @@
1
- <?php
2
- function fetch_methods($current_user = null){
3
- $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
4
- if(!is_null($current_user) && ($current_user->roles[0] != 'administrator') && !mo2f_is_customer_registered()){
5
- $methods = array("GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
6
- }
7
- if(get_site_option('duo_credentials_save_successfully'))
8
- array_push($methods,"DUO");
9
- return $methods;
10
- }
11
-
12
- function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
13
-
14
- global $Mo2fdbQueries;
15
- $current_user = get_userdata($current_user_id);
16
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
17
-
18
- if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
19
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
20
- prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
21
- else
22
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
23
- }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
24
- if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
25
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
26
- else
27
- prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
28
- }else if($current_selected_method == 'OTP Over Telegram' or $current_selected_method == 'OTP OVER TELEGRAM')
29
- {
30
- $current_selected_method = 'OTP Over Telegram';
31
- prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
32
- }
33
- else if($current_selected_method == 'Duo Authenticator'){
34
- prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
35
- }
36
- else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
37
- prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
38
- }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
39
- prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
40
- }else if($current_selected_method == 'KBA' ){
41
- prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
42
- }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
43
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
44
- if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
45
- if(!MO2F_IS_ONPREM)
46
- {
47
- $current_user = get_userdata($current_user_id);
48
- $email = $current_user->user_email;
49
- $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
50
- if(isset($tempEmail) and $tempEmail != '')
51
- $email = $tempEmail;
52
- create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
53
- }
54
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
55
- $pass2fa= new Miniorange_Password_2Factor_Login();
56
- $pass2fa->mo2fa_pass2login($redirect_to, $session_id);
57
- }
58
- prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
59
- }else{
60
- $current_user = get_userdata($current_user_id);
61
- if(isset($current_user->roles[0]))
62
- $current_user_role=$current_user->roles[0];
63
- $opt=fetch_methods($current_user);
64
- ?>
65
- <html>
66
- <head>
67
- <meta charset="utf-8"/>
68
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
69
- <meta name="viewport" content="width=device-width, initial-scale=1">
70
- <?php
71
- mo2f_inline_css_and_js();
72
- ?>
73
- </head>
74
- <body>
75
- <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
76
- <div class="mo2f-modal-backdrop"></div>
77
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
78
- <div class="login mo_customer_validation-modal-content">
79
- <div class="mo2f_modal-header">
80
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
81
-
82
- <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
83
- </div>
84
- <div class="mo2f_modal-body">
85
- <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
86
- if(isset($login_message) && !empty($login_message)) {
87
- echo '<br><br>';
88
-
89
- ?>
90
-
91
- <div id="otpMessage">
92
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
93
- </div>
94
- <?php }else
95
- echo '<br>';
96
- ?>
97
-
98
- <br>
99
- <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
100
- <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
101
- <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
102
- <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
103
- (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
104
- </label>
105
- <br>
106
- </span>
107
- <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
108
- <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
109
- <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
110
- <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
111
- </label>
112
- <br>
113
- </span>
114
- <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
115
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
116
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
117
- <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
118
- </label>
119
- <br>
120
- </span>
121
- <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
122
- <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
123
- <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
124
- <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
125
- </label>
126
- <br>
127
- </span>
128
- <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
129
- <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
130
- <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
131
- <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
132
- </label>
133
- <br>
134
- </span>
135
- <span class="<?php if( !(in_array("OTP OVER TELEGRAM", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
136
- <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
137
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER TELEGRAM" />
138
- <?php echo __('OTP Over TELEGRAM', 'miniorange-2-factor-authentication'); ?>
139
- </label>
140
- <br>
141
- </span>
142
- <span class="<?php if( !(in_array("OTP OVER WHATSAPP", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
143
- <label title="<?php echo __('You will get an OTP on your WHATSAPP app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
144
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER WHATSAPP" />
145
- <?php echo __('OTP Over WHATSAPP', 'miniorange-2-factor-authentication'); ?>
146
- </label>
147
- <br>
148
- </span>
149
- <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
150
- <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
151
- <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
152
- <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
153
- </label>
154
- <br>
155
- </span>
156
- <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
157
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
158
- <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
159
- <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
160
- </label>
161
- <br>
162
- </span>
163
- <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
164
- <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
165
- <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
166
- <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
167
- </label>
168
- <br>
169
- </span>
170
- <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
171
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
172
- <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
173
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
174
- </label>
175
- <br>
176
- </span>
177
- <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
178
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
179
- <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
180
- <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
181
- </label>
182
- <br>
183
- </span>
184
- <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
185
- <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
186
- <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
187
- <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
188
- </label>
189
- <br>
190
- </span>
191
- <span class="<?php if( !(in_array("DUO", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
192
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
193
- <input type="radio" name="mo2f_selected_2factor_method" value=" DUO PUSH NOTIFICATIONS" />
194
- <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
195
- </label>
196
- <br>
197
- </span>
198
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
199
- <br />
200
- <?php mo2f_customize_logo() ?>
201
- </div>
202
- </div>
203
- </div>
204
- </div>
205
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
206
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
207
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
208
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
209
- </form>
210
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
- <input type="hidden" name="mo2f_selected_2factor_method" />
212
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
213
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
215
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
216
- </form>
217
-
218
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
- <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
- <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
221
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
222
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
223
- </form>
224
-
225
- <script>
226
- function mologinback(){
227
- jQuery('#mo2f_backto_mo_loginform').submit();
228
- }
229
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
230
- var selectedMethod = jQuery(this).val();
231
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
232
- jQuery('#mo2f_select_2fa_methods_form').submit();
233
- });
234
- jQuery('a[href="#skiptwofactor"]').click(function(e) {
235
-
236
- jQuery('#mo2f_skip_loginform').submit();
237
- });
238
- </script>
239
- </body>
240
- </html>
241
- <?php
242
- }
243
- }
244
-
245
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
246
- {
247
-
248
- global $Mo2fdbQueries;
249
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
250
- if(isset($mo2f_user_email) and $mo2f_user_email != '')
251
- $email = $mo2f_user_email;
252
-
253
- $current_user = get_userdata($current_user_id);
254
- if($current_user_id == get_option('mo2f_miniorange_admin'))
255
- $email = get_option('mo2f_email');
256
-
257
- $enduser = new Two_Factor_Setup();
258
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
259
-
260
- if(json_last_error() == JSON_ERROR_NONE){
261
-
262
- if($check_user['status'] == 'ERROR'){
263
- return Mo2fConstants:: langTranslate( $check_user['message']);
264
-
265
- }
266
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
267
-
268
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
269
- 'user_registration_with_miniorange' =>'SUCCESS',
270
- 'mo2f_user_email' =>$email,
271
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
272
- ) );
273
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
274
-
275
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
276
- }
277
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
278
-
279
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
280
- if(json_last_error() == JSON_ERROR_NONE) {
281
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
282
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
283
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
284
- 'user_registration_with_miniorange' =>'SUCCESS',
285
- 'mo2f_user_email' =>$email,
286
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
287
- ) );
288
-
289
- $mo2fa_login_message = '';
290
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
291
- }
292
- }
293
-
294
-
295
- }
296
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
297
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
298
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
299
- mo2f_inline_email_form($email,$current_user_id);
300
- exit;
301
- }
302
-
303
- }
304
-
305
- }
306
-
307
- function mo2f_inline_email_form($email,$current_user_id)
308
- {
309
- ?>
310
- <html>
311
- <head>
312
- <meta charset="utf-8"/>
313
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
314
- <meta name="viewport" content="width=device-width, initial-scale=1">
315
- <?php
316
- mo2f_inline_css_and_js();
317
- ?>
318
- </head>
319
- <body>
320
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
321
- <div class="mo2f-modal-backdrop"></div>
322
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
323
- <div class="login mo_customer_validation-modal-content">
324
- <div class="mo2f_modal-header">
325
- <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
326
- <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
327
- </div>
328
- <div class="mo2f_modal-body">
329
- <form action="" method="post" name="f">
330
- <p>The Email assoicated with your account is already registered in miniOrange. Please use a different email address or contact miniOrange.
331
- </p><br>
332
- <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
333
- <br>
334
- <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
- <br>
336
- <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-email-change-nonce')); ?>" />
337
- <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
- <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
340
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
341
- </form>
342
- <br>
343
- <?php mo2f_customize_logo() ?>
344
- </div>
345
- </div>
346
- </div>
347
- </div>
348
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
350
- </form>
351
- <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
- <input type="hidden" name="mo2f_selected_2factor_method" />
353
- <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
354
- <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
356
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
357
- </form>
358
- <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
- <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
- <input type="hidden" name="miniorange_skip_2fa" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
361
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
362
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
363
- </form>
364
- <?php } ?>
365
-
366
- <script type="text/javascript">
367
- jQuery('#save_entered_email_inlinecloud1').click(function(){
368
- var email = jQuery('#emailInlineCloud').val();
369
- var nonce = '<?php echo esc_html(wp_create_nonce("checkuserinminiOrangeNonce"));?>';
370
- var data = {
371
- 'action' : 'mo_two_factor_ajax',
372
- 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
373
- 'email' : email,
374
- 'nonce' : nonce
375
-
376
- };
377
-
378
- var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
379
-
380
-
381
- jQuery.post(ajaxurl, data, function(response) {
382
-
383
- if(response == 'alreadyExist')
384
- {
385
- jQuery('#emailalredyused').show();
386
- }
387
- else if(response =='USERCANBECREATED')
388
- {
389
- document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
390
- jQuery('#mo2f_select_2fa_methods_form').submit();
391
- }
392
- });
393
-
394
- });
395
-
396
-
397
- </script>
398
- </body>
399
-
400
- <?php
401
- }
402
- function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
403
-
404
- global $Mo2fdbQueries;
405
- if(isset($qrCode)){
406
- $qrCodedata = $qrCode['mo2f-login-qrCode'];
407
- $showqrCode = $qrCode['mo2f_show_qr_code'];
408
- }
409
- $current_user = get_userdata($current_user_id);
410
- $email = $current_user->user_email;
411
-
412
- $opt=fetch_methods($current_user);
413
-
414
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
415
- ?>
416
- <html>
417
- <head> <meta charset="utf-8"/>
418
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
419
- <meta name="viewport" content="width=device-width, initial-scale=1">
420
- <?php
421
- mo2f_inline_css_and_js();
422
- ?>
423
- </head>
424
- <body>
425
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
426
- <div class="mo2f-modal-backdrop"></div>
427
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
428
- <div class="login mo_customer_validation-modal-content">
429
- <div class="mo2f_modal-header">
430
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
431
- <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
432
- </div>
433
- <div class="mo2f_modal-body">
434
- <?php if(isset($login_message) && !empty($login_message)) { ?>
435
-
436
- <div id="otpMessage">
437
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
438
- </div>
439
- <?php } ?>
440
- <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
441
- <div class="mo_margin_left">
442
- <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
443
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
444
- <center>
445
- <?php if (sizeof($opt) > 1) { ?>
446
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
447
- <?php } ?>
448
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
449
- </center>
450
- </div>
451
- <?php
452
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
453
- initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
454
- <?php } ?>
455
-
456
- <?php mo2f_customize_logo() ?>
457
- </div>
458
- <br>
459
- <br>
460
- </div>
461
- </div>
462
- </div>
463
- </div>
464
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
466
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
467
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
468
- </form>
469
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
472
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
473
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
474
- </form>
475
- <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
- <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
478
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
479
- <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce')); ?>" />
480
- </form>
481
- <?php if (sizeof($opt) > 1) { ?>
482
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
- <input type="hidden" name="option" value="miniorange_back_inline"/>
484
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
485
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
486
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
487
- </form>
488
- <?php } ?>
489
- <script>
490
- function mologinback(){
491
- jQuery('#mo2f_backto_mo_loginform').submit();
492
- }
493
- function moconfigureapp(){
494
- jQuery('#mo2f_inline_configureapp_form').submit();
495
- }
496
- jQuery('#mo2f_inline_back_btn').click(function() {
497
- jQuery('#mo2f_goto_two_factor_form').submit();
498
- });
499
- <?php
500
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
501
- ?>
502
- <?php } ?>
503
- </script>
504
- </body>
505
- </html>
506
- <?php
507
- }
508
- function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
509
- global $Mo2fdbQueries;
510
- $current_user = get_userdata($current_user_id);
511
- $email = $current_user->user_email;
512
- $opt=fetch_methods($current_user);
513
- $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
514
-
515
- ?>
516
- <html>
517
- <head> <meta charset="utf-8"/>
518
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
519
- <meta name="viewport" content="width=device-width, initial-scale=1">
520
- <?php
521
- mo2f_inline_css_and_js();
522
- ?>
523
- </head>
524
- <body>
525
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
526
- <div class="mo2f-modal-backdrop"></div>
527
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
528
- <div class="login mo_customer_validation-modal-content">
529
- <div class="mo2f_modal-header">
530
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
531
- <?php echo __('Setup Duo', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
532
- </div>
533
- <div class="mo2f_modal-body">
534
- <?php if(isset($login_message) && !empty($login_message)) { ?>
535
-
536
- <div id="otpMessage">
537
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
538
- </div>
539
- <?php } ?>
540
- <div style="margin-right:7px;"><?php mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registration_status);
541
-
542
- ?></div>
543
- <div class="mo_margin_left">
544
- <h3><?php echo __('Step-2 : Setup Duo Push Notification', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
545
- <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to setup duo push notification.', 'miniorange-2-factor-authentication'); ?></h4>
546
- <center>
547
- <?php if (sizeof($opt) > 1) { ?>
548
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
549
- <?php } ?>
550
- <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
551
- </center>
552
- </div>
553
- <?php
554
-
555
- if(isset($_POST['option']) && $_POST['option'] =='miniorange_inline_duo_auth_mobile_complete'){
556
- go_for_user_enroll_on_duo($current_user,$session_id);
557
- ?>
558
- <?php }else if(isset($_POST['option']) && $_POST['option'] == 'duo_mobile_send_push_notification_for_inline_form') {
559
-
560
- initialize_inline_duo_auth_registration($current_user,$session_id);
561
- ?>
562
-
563
- <?php }?>
564
-
565
- <?php mo2f_customize_logo() ?>
566
- </div>
567
- <br>
568
- <br>
569
- </div>
570
- </div>
571
- </div>
572
- </div>
573
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
574
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
575
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
576
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
577
- </form>
578
- <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
- <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
581
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
582
- <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
583
- </form>
584
- <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
- <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
587
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
588
- <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce')); ?>" />
589
- </form>
590
- <?php if (sizeof($opt) > 1) { ?>
591
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
- <input type="hidden" name="option" value="miniorange_back_inline"/>
593
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
594
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
595
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
596
- </form>
597
- <?php } ?>
598
- <script>
599
- function mologinback(){
600
- jQuery('#mo2f_backto_mo_loginform').submit();
601
- }
602
- function moconfigureapp(){
603
- jQuery('#mo2f_inline_duo_auth_register_form').submit();
604
- }
605
- jQuery('#mo2f_inline_back_btn').click(function() {
606
- jQuery('#mo2f_goto_two_factor_form').submit();
607
- });
608
- <?php
609
- if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
610
- ?>
611
- <?php } ?>
612
- </script>
613
- </body>
614
- </html>
615
- <?php
616
- }
617
-
618
- function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
619
- $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
620
- $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
621
- global $Mo2fdbQueries;
622
- if(empty($data)){
623
- $user = get_user_by('ID',$current_user_id);
624
- if(!MO2F_IS_ONPREM){
625
- if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
626
- Miniorange_Authentication::mo2f_get_GA_parameters($user);
627
- }
628
- $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
629
- $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
630
- $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
631
- MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $mo2f_google_auth['ga_secret']);
632
- MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
633
- }else{
634
- include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR . 'handler'.DIRECTORY_SEPARATOR . 'twofa'. DIRECTORY_SEPARATOR . 'gaonprem.php';
635
- $gauth_obj = new Google_auth_onpremise();
636
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user->ID);
637
- $onpremise_secret = $gauth_obj->createSecret();
638
- $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
639
- $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
640
- $data = $url;
641
- MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $onpremise_secret);
642
- MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $url);
643
-
644
- }
645
- }
646
- wp_register_script('mo2f_qr_code_js',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))) );
647
- wp_register_script('mo2f_qr_code_minjs',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))) );
648
- ?>
649
- <html>
650
- <head> <meta charset="utf-8"/>
651
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
652
- <meta name="viewport" content="width=device-width, initial-scale=1">
653
- <?php
654
- mo2f_inline_css_and_js();
655
- ?>
656
- </head>
657
- <style>
658
- * {
659
- box-sizing: border-box;
660
- }
661
- [class*="mcol-"] {
662
- float: left;
663
- padding: 15px;
664
- }
665
- /* For desktop: */
666
- .mcol-1 {width: 50%;}
667
- .mcol-2 {width: 50%;}
668
- @media only screen and (max-width: 768px) {
669
- /* For mobile phones: */
670
- [class*="mcol-"] {
671
- width: 100%;
672
- }
673
- }
674
- </style>
675
- <body>
676
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
677
- <div class="mo2f-modal-backdrop"></div>
678
- <div class="mo2f_modal-dialog mo2f_modal-lg" >
679
- <div class="login mo_customer_validation-modal-content">
680
- <div class="mo2f_modal-header">
681
- <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
682
- <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
683
- </div>
684
- <div class="mo2f_modal-body">
685
- <?php
686
-
687
- $current_user = get_userdata($current_user_id);
688
- $opt=fetch_methods($current_user);
689
- ?>
690
- <?php if(isset($login_message) && !empty($login_message)) { ?>
691
- <div id="otpMessage"
692
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
693
- >
694
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
695
- </div>
696
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
697
- <?php } ?>
698
- <div class="mcol-1">
699
- <div id="mo2f_choose_app_tour">
700
- <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
701
-
702
- <select id="authenticator_type">
703
- <option value="google_authenticator">Google Authenticator</option>
704
- <option value="msft_authenticator">Microsoft Authenticator</option>
705
- <option value="authy_authenticator">Authy Authenticator</option>
706
- <option value="last_pass_auth">LastPass Authenticator</option>
707
- <option value="free_otp_auth">FreeOTP Authenticator</option>
708
- <option value="duo_auth">Duo Mobile Authenticator</option>
709
- </select>
710
- <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
711
- <span id="links_to_apps">
712
- <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
713
- <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
714
-
715
- </span>
716
- </div>
717
- </div>
718
- <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
719
- <ol>
720
- <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
721
- <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
722
- <br>
723
- <?php if(MO2F_IS_ONPREM){ ?>
724
- <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
725
- <?php
726
-
727
- } else{ ?>
728
- <div style="margin-left: 14%;">
729
- <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
730
- <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
731
- </div>
732
- </div>
733
- <?php }
734
- ?>
735
- <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
736
-
737
- </ol>
738
- <div id="mo2f_scanbarcode_a" hidden>
739
- <ol >
740
- <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
741
- <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
742
- <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
743
- <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
744
- <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
745
- <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
746
- <?php echo esc_html($ga_secret) ?>
747
- </div>
748
- <div style="font-size: 80%;color: #666666;">
749
- <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
750
- </div>
751
- </div>
752
- <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
753
- <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
754
- </ol>
755
- </div>
756
- </div>
757
- <div class="mcol-2">
758
- <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
759
- <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
760
- <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
761
- <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
762
- <br />
763
- <input type="hidden" name="option" value="miniorange_inline_ga_validate">
764
- <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
765
- <div class="center">
766
- <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
767
- </div>
768
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
769
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
770
- <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce')); ?>" />
771
- </form>
772
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
- <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
- <input type="hidden" name="option" value="miniorange_back_inline"/>
775
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
776
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
777
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
778
- </form>
779
- </div>
780
- <br>
781
- <br>
782
- <?php mo2f_customize_logo() ?>
783
- </div>
784
- </div>
785
- </div>
786
- </div>
787
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
789
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
790
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
791
- </form>
792
- <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
793
- <input type="hidden" name="google_phone_type" />
794
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
795
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
796
- <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce')); ?>" />
797
- </form>
798
-
799
- <script>
800
- jQuery('#authenticator_type').change(function(){
801
- var auth_type = jQuery(this).val();
802
- if(auth_type == 'google_authenticator'){
803
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
804
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
805
- '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
806
- jQuery('#mo2f_change_app_name').show();
807
- jQuery('#links_to_apps').show();
808
- }else if(auth_type == 'msft_authenticator'){
809
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
810
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
811
- '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
812
- jQuery('#links_to_apps').show();
813
- }else if(auth_type == 'free_otp_auth'){
814
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
815
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
816
- '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
817
- jQuery('#links_to_apps').show();
818
- }else if(auth_type == 'duo_auth'){
819
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
820
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
821
- '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
822
- jQuery('#links_to_apps').show();
823
- }else if(auth_type == 'authy_authenticator'){
824
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
825
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
826
- '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
827
- jQuery('#links_to_apps').show();
828
- }else{
829
- jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
830
- 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
831
- '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
832
- jQuery('#mo2f_change_app_name').show();
833
- jQuery('#links_to_apps').show();
834
- }
835
- });
836
- function mologinback(){
837
- jQuery('#mo2f_backto_mo_loginform').submit();
838
- }
839
- jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
840
- var selectedPhone = jQuery(this).val();
841
- document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
842
- jQuery('#mo2f_inline_app_type_ga_form').submit();
843
- });
844
- jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
845
- jQuery("#mo2f_scanbarcode_a").toggle();
846
- });
847
- jQuery(document).ready(function() {
848
- jQuery('.mo2f_gauth').qrcode({
849
- 'render': 'image',
850
- size: 175,
851
- 'text': jQuery('.mo2f_gauth').data('qrcode')
852
- });
853
- });
854
- </script>
855
- </body>
856
- <?php
857
- echo '<head>';
858
- wp_print_scripts( 'mo2f_qr_code_js' );
859
- wp_print_scripts( 'mo2f_qr_code_minjs' );
860
- echo '</head>';
861
- }
862
-
863
- function mo2f_inline_css_and_js(){
864
-
865
- wp_register_style( 'mo2f_bootstrap',plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))));
866
- wp_register_style('mo2f_front_end_login',plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))));
867
- wp_register_style('mo2f_style_setting',plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))));
868
- wp_register_style('mo2f_hide-login',plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))));
869
-
870
- wp_print_styles( 'mo2f_bootstrap');
871
- wp_print_styles( 'mo2f_front_end_login');
872
- wp_print_styles( 'mo2f_style_setting');
873
- wp_print_styles( 'mo2f_hide-login');
874
-
875
- wp_register_script('mo2f_bootstrap_js',plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))));
876
- wp_print_scripts( 'jquery');
877
- wp_print_scripts( 'mo2f_bootstrap_js' );
878
- }
879
-
880
-
881
- function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
882
- $data = $qrCode;
883
-
884
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_transactionId' );
885
-
886
- $url = MO_HOST_NAME;
887
- $opt=fetch_methods($current_user);
888
- ?>
889
- <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
890
- <div class="red" style="color:#E74C3C;">
891
- <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
892
- <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
893
- <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
894
- <ol>
895
- <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
896
- <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
897
- <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
898
- </ol>
899
- </div>
900
- <table class="mo2f_settings_table">
901
- <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
902
- <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . esc_html($data) . '" />'; ?>
903
- </div>
904
- </table>
905
- <center>
906
- <?php
907
- if (sizeof($opt) > 1) { ?>
908
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
909
- <?php }
910
- ?>
911
- </center>
912
- <script>
913
- jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
914
- jQuery('#mo2f_inline_configureapp_form').submit();
915
- });
916
- jQuery("#mo2f_configurePhone").empty();
917
- jQuery("#mo2f_app_div").hide();
918
- var timeout;
919
- pollInlineMobileRegistration();
920
- function pollInlineMobileRegistration()
921
- {
922
- var transId = "<?php echo esc_html($mo2f_login_transaction_id); ?>";
923
- var jsonString = "{\"txId\":\""+ transId + "\"}";
924
- var postUrl = "<?php echo esc_html($url); ?>" + "/moas/api/auth/registration-status";
925
- jQuery.ajax({
926
- url: postUrl,
927
- type : "POST",
928
- dataType : "json",
929
- data : jsonString,
930
- contentType : "application/json; charset=utf-8",
931
- success : function(result) {
932
- var status = JSON.parse(JSON.stringify(result)).status;
933
- if (status == 'SUCCESS') {
934
- var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
935
- jQuery("#displayInlineQrCode").empty();
936
- jQuery("#displayInlineQrCode").append(content);
937
- setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
938
- } else if (status == 'ERROR' || status == 'FAILED') {
939
- var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
940
- jQuery("#displayInlineQrCode").empty();
941
- jQuery("#displayInlineQrCode").append(content);
942
- jQuery("#messages").empty();
943
- jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
944
- } else {
945
- timeout = setTimeout(pollInlineMobileRegistration, 3000);
946
- }
947
- }
948
- });
949
- }
950
- </script>
951
- <?php
952
- }
953
-
954
- function initialize_inline_duo_auth_registration($current_user,$session_id_encrypt){
955
-
956
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
957
- update_user_meta($user_id,'current_user_email',$current_user->user_email);
958
-
959
-
960
- $opt=fetch_methods($current_user);
961
- ?>
962
- <h3><?php echo mo2f_lt( 'Test Duo Authenticator' ); ?></h3>
963
- <hr>
964
- <div>
965
- <br>
966
- <br>
967
- <center>
968
- <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
969
- <br>
970
- <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
971
- <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
972
- </center>
973
-
974
- <input type="button" name="back" id="go_back" class="button button-primary button-large"
975
- value="<?php echo mo2f_lt( 'Back' ); ?>"
976
- style="margin-top:100px;margin-left:10px;"/>
977
- </div>
978
-
979
- <form name="f" method="post" action="" id="mo2f_go_back_form">
980
- <input type="hidden" name="option" value="mo2f_go_back"/>
981
- <input type="hidden" name="mo2f_go_back_nonce"
982
- value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
983
- </form>
984
- <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
- <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
987
- <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
- value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-success-nonce" )) ?>"/>
989
- </form>
990
- <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
- <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
993
- <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
- value="<?php echo esc_html(wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" )) ?>"/>
995
- </form>
996
-
997
- <script>
998
- jQuery('#go_back').click(function () {
999
- jQuery('#mo2f_go_back_form').submit();
1000
- });
1001
- jQuery("#mo2f_configurePhone").empty();
1002
- jQuery("#mo2f_app_div").hide();
1003
- var timeout;
1004
-
1005
-
1006
-
1007
- pollMobileValidation();
1008
- function pollMobileValidation() {
1009
- var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1010
- var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
1011
- var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
1012
-
1013
- var data={
1014
- 'action':'mo2f_duo_ajax_request',
1015
- 'call_type':'check_duo_push_auth_status',
1016
- 'session_id_encrypt': session_id_encrypt,
1017
- 'nonce': nonce,
1018
-
1019
- };
1020
-
1021
- jQuery.post(ajax_url, data, function(response){
1022
-
1023
- if (response == 'SUCCESS') {
1024
- jQuery('#mo2f_inline_duo_authenticator_success_form').submit();
1025
- } else if (response == 'ERROR' || response == 'FAILED' || response == 'DENIED') {
1026
-
1027
- jQuery('#mo2f_duo_authenticator_error_form').submit();
1028
- } else {
1029
- timeout = setTimeout(pollMobileValidation, 3000);
1030
- }
1031
-
1032
- });
1033
-
1034
- }
1035
-
1036
- </script>
1037
-
1038
- <?php
1039
- }
1040
- function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1041
- $current_user = get_userdata($current_user_id);
1042
- $opt=fetch_methods($current_user);
1043
-
1044
- ?>
1045
- <html>
1046
- <head> <meta charset="utf-8"/>
1047
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1048
- <meta name="viewport" content="width=device-width, initial-scale=1">
1049
- <?php
1050
- mo2f_inline_css_and_js();
1051
- ?>
1052
- <style>
1053
- .mo2f_kba_ques, .mo2f_table_textbox{
1054
- background: whitesmoke none repeat scroll 0% 0%;
1055
- }
1056
- </style>
1057
- </head>
1058
- <body>
1059
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1060
- <div class="mo2f-modal-backdrop"></div>
1061
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1062
- <div class="login mo_customer_validation-modal-content">
1063
- <div class="mo2f_modal-header">
1064
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1065
- <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
1066
- </div>
1067
- <div class="mo2f_modal-body">
1068
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1069
- <div id="otpMessage">
1070
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo esc_html($login_message); ?></p>
1071
- </div>
1072
- <?php } ?>
1073
- <form name="f" method="post" action="" >
1074
- <?php mo2f_configure_kba_questions(); ?>
1075
- <br />
1076
- <div class ="row">
1077
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1078
- <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1079
- <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
1080
-
1081
- </div>
1082
- </div>
1083
- <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1085
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1086
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1087
- </form>
1088
- <?php if (sizeof($opt) > 1) { ?>
1089
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
1090
- <div class ="row">
1091
- <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1092
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1093
- </div>
1094
- </div>
1095
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1096
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1097
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1098
- </form>
1099
- <?php } ?>
1100
-
1101
- <?php mo2f_customize_logo() ?>
1102
- </div>
1103
- </div>
1104
- </div>
1105
- </div>
1106
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1108
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1109
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1110
- </form>
1111
-
1112
- <script>
1113
- function mologinback(){
1114
- jQuery('#mo2f_backto_mo_loginform').submit();
1115
- }
1116
-
1117
- function mobackinline(){
1118
- jQuery('#mo2f_goto_two_factor_form').submit();
1119
- }
1120
- </script>
1121
- </body>
1122
- </html>
1123
- <?php
1124
- }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1125
- $current_user = get_userdata($current_user_id);
1126
- $opt=fetch_methods($current_user);
1127
- ?>
1128
- <html>
1129
- <head> <meta charset="utf-8"/>
1130
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1131
- <meta name="viewport" content="width=device-width, initial-scale=1">
1132
- <?php
1133
- mo2f_inline_css_and_js();
1134
- ?>
1135
- <style>
1136
- .mo2f_kba_ques, .mo2f_table_textbox{
1137
- background: whitesmoke none repeat scroll 0% 0%;
1138
- }
1139
- </style>
1140
- </head>
1141
- <body>
1142
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1143
- <div class="mo2f-modal-backdrop"></div>
1144
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1145
- <div class="login mo_customer_validation-modal-content">
1146
- <div class="mo2f_modal-header">
1147
- <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1148
- <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
1149
- </div>
1150
- <div class="mo2f_modal-body">
1151
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1152
- <div id="otpMessage">
1153
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1154
- </div>
1155
- <?php } ?>
1156
- <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1157
- <input type="hidden" name="option" value="miniorange_inline_register" />
1158
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1159
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1160
- <p>This method requires you to have an account with miniOrange.</p>
1161
- <table class="mo_wpns_settings_table">
1162
- <tr>
1163
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1164
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
1165
- required placeholder="person@example.com"/></td>
1166
- </tr>
1167
- <tr>
1168
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1169
- <td><input class="mo_wpns_table_textbox" required type="password"
1170
- name="password" placeholder="Choose your password (Min. length 6)" /></td>
1171
- </tr>
1172
- <tr>
1173
- <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1174
- <td><input class="mo_wpns_table_textbox" required type="password"
1175
- name="confirmPassword" placeholder="Confirm your password" /></td>
1176
- </tr>
1177
- <tr>
1178
- <td>&nbsp;</td>
1179
- <td><br><input type="submit" name="submit" value="Create Account"
1180
- class="miniorange_button" />
1181
- <a href="#mo2f_account_exist">Already have an account?</a>
1182
- </tr>
1183
- </table>
1184
- </form>
1185
- <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1186
- <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1187
- <input type="hidden" name="option" value="miniorange_inline_login"/>
1188
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1189
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1190
- <table class="mo_wpns_settings_table">
1191
- <tr>
1192
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1193
- <td><input class="mo_wpns_table_textbox" type="email" name="email"
1194
- required placeholder="person@example.com"
1195
- /></td>
1196
- </tr>
1197
- <tr>
1198
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1199
- <td><input class="mo_wpns_table_textbox" required type="password"
1200
- name="password" placeholder="Enter your miniOrange password" /></td>
1201
- </tr>
1202
- <tr>
1203
- <td>&nbsp;</td>
1204
- <td><input type="submit" class="miniorange_button" />
1205
- <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
1206
- </tr>
1207
- </table>
1208
- </form>
1209
- <br>
1210
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
1211
- <?php mo2f_customize_logo() ?>
1212
- </div>
1213
- </div>
1214
- </div>
1215
- </div>
1216
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1219
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1220
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1221
- </form>
1222
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1223
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1224
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1225
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1226
- </form>
1227
-
1228
- <script>
1229
- jQuery('#mo2f_inline_back_btn').click(function() {
1230
- jQuery('#mo2f_goto_two_factor_form').submit();
1231
- });
1232
- jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1233
- jQuery('#mo2f_inline_login_form').show();
1234
- jQuery('#mo2f_inline_register_form').hide();
1235
- });
1236
- jQuery('#cancel_link').click(function(){
1237
- jQuery('#mo2f_inline_register_form').show();
1238
- jQuery('#mo2f_inline_login_form').hide();
1239
- });
1240
- function mologinback(){
1241
- jQuery('#mo2f_backto_mo_loginform').submit();
1242
- }
1243
- </script>
1244
- </body>
1245
- </html>
1246
- <?php
1247
- }
1248
- function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
1249
- global $Mo2fdbQueries;
1250
- ?>
1251
- <html>
1252
- <head> <meta charset="utf-8"/>
1253
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1254
- <meta name="viewport" content="width=device-width, initial-scale=1">
1255
- <?php
1256
- mo2f_inline_css_and_js();
1257
- ?>
1258
- <style>
1259
- .mo2f_kba_ques, .mo2f_table_textbox{
1260
- background: whitesmoke none repeat scroll 0% 0%;
1261
- }
1262
- </style>
1263
- </head>
1264
- <body>
1265
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1266
- <div class="mo2f-modal-backdrop"></div>
1267
- <div class="mo2f_modal-dialog mo2f_modal-lg">
1268
- <div class="login mo_customer_validation-modal-content">
1269
- <div class="mo2f_modal-header">
1270
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1271
- <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1272
- </div>
1273
- <div class="mo2f_modal-body center">
1274
- <?php
1275
- global $Mo2fdbQueries;
1276
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1277
- if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1278
- $mo2f_second_factor = 'Email Verification';
1279
- }else if($mo2f_second_factor == 'SMS'){
1280
- $mo2f_second_factor = 'OTP over SMS';
1281
- }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1282
- $mo2f_second_factor = 'OTP_OVER_EMAIL';
1283
- }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1284
- $mo2f_second_factor = 'Phone Call Verification';
1285
- }else if($mo2f_second_factor == 'SOFT TOKEN'){
1286
- $mo2f_second_factor = 'Soft Token';
1287
- }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1288
- $mo2f_second_factor = 'QR Code Authentication';
1289
- }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1290
- $mo2f_second_factor = 'Push Notification';
1291
- }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1292
- if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1293
- $mo2f_second_factor = 'Google Authenticator';
1294
- }else{
1295
- $mo2f_second_factor = 'Authy 2-Factor Authentication';
1296
- }
1297
- }else if($mo2f_second_factor == 'KBA'){
1298
- $mo2f_second_factor = 'Security Questions (KBA)';
1299
- }
1300
- $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1301
- $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1302
-
1303
- if(get_site_option( 'mo2f_disable_kba' )!=1){
1304
- if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1305
- ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1306
- <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1307
- <?php if(isset($login_message) && !empty($login_message)){ ?>
1308
- <div id="otpMessage">
1309
- <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1310
- </div>
1311
- <?php } ?>
1312
- <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1313
- <form name="f" method="post" action="" >
1314
- <?php mo2f_configure_kba_questions(); ?>
1315
- <br>
1316
- <center>
1317
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1318
- </center>
1319
- <input type="hidden" name="mo2f_inline_kba_option" />
1320
- <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1321
- <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo esc_html($login_status); ?>" />
1322
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1323
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1324
- </form>
1325
- </div>
1326
- <?php }
1327
- }else{
1328
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1329
- $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1330
- $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1331
- }
1332
- if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1333
- if(get_site_option('mo2f_remember_device')!=1)
1334
- {
1335
- $pass2fa= new Miniorange_Password_2Factor_Login();
1336
- $pass2fa->mo2fa_pass2login(site_url(), $session_id);
1337
- ?>
1338
- <center>
1339
- <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1340
- <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1341
- </p>
1342
- </center>
1343
- <br>
1344
- <center>
1345
- <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1346
- <br>
1347
- </center>
1348
- <?php
1349
- }else{
1350
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? sanitize_url($_POST[ 'redirect_to' ]) : null;
1351
- $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1352
- mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1353
- }
1354
- }
1355
- mo2f_customize_logo() ?>
1356
- </div>
1357
- </div>
1358
- </div>
1359
- </div>
1360
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1361
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1362
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1363
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1364
- </form>
1365
-
1366
- <script>
1367
- function mologinback(){
1368
- jQuery('#mo2f_backto_mo_loginform').submit();
1369
- }
1370
- </script>
1371
- </body>
1372
- </html>
1373
- <?php
1374
- }
1375
-
1376
- function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
1377
- $current_user = get_userdata($current_user_id);
1378
- $opt=fetch_methods($current_user);
1379
- global $Mo2fdbQueries;
1380
- $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1381
- $current_user = get_userdata($current_user_id);
1382
- $email = $current_user->user_email;
1383
- ?>
1384
- <html>
1385
- <head> <meta charset="utf-8"/>
1386
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
1387
- <meta name="viewport" content="width=device-width, initial-scale=1">
1388
- <?php
1389
- mo2f_inline_css_and_js();
1390
-
1391
- wp_register_script('mo2f_bootstrap_js', plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))));
1392
- wp_register_script('mo2f_phone_js', plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))));
1393
- wp_print_scripts( 'mo2f_bootstrap_js' );
1394
- wp_print_scripts( 'mo2f_phone_js');
1395
-
1396
- wp_register_style('mo2f_phone',plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))));
1397
- wp_print_styles( 'mo2f_phone' );
1398
- ?>
1399
- </head>
1400
- <body>
1401
- <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1402
- <div class="mo2f-modal-backdrop"></div>
1403
- <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1404
- <div class="login mo_customer_validation-modal-content">
1405
- <div class="mo2f_modal-header">
1406
- <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1407
- <?php
1408
- if($current_selected_method == 'SMS AND EMAIL'){?>
1409
- <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1410
- <?php }
1411
- else if($current_selected_method == 'OTP Over Telegram')
1412
- {
1413
- echo __('Verify Your Telegram Details', 'miniorange-2-factor-authentication');
1414
- }
1415
- else if($current_selected_method == 'OTP OVER EMAIL'){
1416
- ?>
1417
- <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1418
- <?php }
1419
- else{
1420
- ?>
1421
- <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1422
- <?php } ?>
1423
- </div>
1424
- <div class="mo2f_modal-body">
1425
- <?php if(isset($login_message) && !empty($login_message)) { ?>
1426
- <div id="otpMessage"
1427
- <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1428
- >
1429
- <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1430
- </div>
1431
- <?php if(isset($login_message)) {?> <br/> <?php } ?>
1432
- <?php } ?>
1433
- <div class="mo2f_row">
1434
- <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1435
- <p>
1436
- <?php
1437
- if($current_selected_method == 'SMS AND EMAIL'){?>
1438
- <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1439
- <?php
1440
- }else if($current_selected_method == 'OTP OVER EMAIL'){
1441
- //no message
1442
- }else if($current_selected_method == 'OTP Over Telegram')
1443
- {
1444
- echo __('1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message', 'miniorange-2-factor-authentication');
1445
- echo "<br><br><br>";
1446
- echo __('2. Enter the recieved Chat ID here below::', 'miniorange-2-factor-authentication');
1447
- $chat_id = get_user_meta($current_user_id,'mo2f_chat_id',true);
1448
-
1449
- if($chat_id == '')
1450
- $chat_id = get_user_meta($current_user_id,'mo2f_temp_chatID',true);
1451
-
1452
- ?>
1453
- <input type="text" name="verify_chatID" id="chatID"
1454
- value="<?php echo esc_html($chat_id); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter chat ID without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1455
-
1456
- <?php
1457
- echo "<br>";
1458
-
1459
- }
1460
- else{
1461
- ?>
1462
- <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1463
- <?php }
1464
- if(!($current_selected_method == 'OTP OVER EMAIL') and $current_selected_method !='OTP Over Telegram'and $current_selected_method !='OTP Over Whatsapp'){
1465
- ?>
1466
- <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1467
- value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1468
- <?php } ?>
1469
- <?php
1470
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1471
- if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1472
- <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1473
- value="<?php echo $email ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1474
- <?php } ?>
1475
- <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
- <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
- <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce')); ?>" />
1478
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1479
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1480
- </form>
1481
- </div>
1482
- <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1483
- <p>
1484
- <?php
1485
- if($current_selected_method == 'SMS AND EMAIL'){?>
1486
- <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1487
- <?php }
1488
- else{
1489
- ?>
1490
- <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1491
- <?php } ?>
1492
- <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1493
- <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1494
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1495
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1496
- <?php } else if($current_selected_method != 'OTP Over Telegram'){
1497
- ?>
1498
- <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1499
- <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1500
- <?php } ?>
1501
- <br /><br />
1502
- <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1503
- <?php if (sizeof($opt) > 1) { ?>
1504
-
1505
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1506
- <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1507
- <?php } ?>
1508
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1509
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1510
- <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
- <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce')); ?>" />
1512
- </form>
1513
- <?php mo2f_customize_logo() ?>
1514
- </div>
1515
- </div>
1516
- </div>
1517
- </div>
1518
- <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
- <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1520
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1521
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1522
- </form>
1523
- <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
- <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce')); ?>" />
1525
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1526
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1527
- </form>
1528
- <?php if (sizeof($opt) > 1) { ?>
1529
- <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
- <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
- <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1532
- <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1533
- <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1534
- </form>
1535
- <?php } ?>
1536
- <script>
1537
- jQuery("#phone").intlTelInput();
1538
- function mologinback(){
1539
- jQuery('#mo2f_backto_mo_loginform').submit();
1540
- }
1541
- jQuery('#mo2f_inline_back_btn').click(function() {
1542
- jQuery('#mo2f_goto_two_factor_form').submit();
1543
- });
1544
- jQuery('a[href="#resendsmslink"]').click(function(e) {
1545
- jQuery('#mo2fa_inline_resend_otp_form').submit();
1546
- });
1547
- </script>
1548
- </body>
1549
-
1550
- </html>
1551
- <?php
1552
  }
1
+ <?php
2
+ function fetch_methods($current_user = null){
3
+ $methods = array("SMS","SOFT TOKEN","MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
4
+ if(!is_null($current_user) && ($current_user->roles[0] != 'administrator') && !mo2f_is_customer_registered()){
5
+ $methods = array("GOOGLE AUTHENTICATOR","KBA","OTP_OVER_EMAIL","OTP OVER TELEGRAM");
6
+ }
7
+ if(get_site_option('duo_credentials_save_successfully'))
8
+ array_push($methods,"DUO");
9
+ return $methods;
10
+ }
11
+
12
+ function prompt_user_to_select_2factor_mthod_inline($current_user_id, $login_status, $login_message,$redirect_to,$session_id,$qrCode){
13
+
14
+ global $Mo2fdbQueries;
15
+ $current_user = get_userdata($current_user_id);
16
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
17
+
18
+ if($current_selected_method == 'MOBILE AUTHENTICATION' || $current_selected_method == 'SOFT TOKEN' || $current_selected_method == 'PUSH NOTIFICATIONS'){
19
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
20
+ prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$current_selected_method,$redirect_to,$session_id);
21
+ else
22
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
23
+ }else if($current_selected_method == 'SMS' || $current_selected_method == 'PHONE VERIFICATION' || $current_selected_method == 'SMS AND EMAIL'){
24
+ if(get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS')
25
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
26
+ else
27
+ prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
28
+ }else if($current_selected_method == 'OTP Over Telegram' or $current_selected_method == 'OTP OVER TELEGRAM')
29
+ {
30
+ $current_selected_method = 'OTP Over Telegram';
31
+ prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$current_selected_method,$redirect_to,$session_id);
32
+ }
33
+ else if($current_selected_method == 'Duo Authenticator'){
34
+ prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
35
+ }
36
+ else if($current_selected_method == 'GOOGLE AUTHENTICATOR' ){
37
+ prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
38
+ }else if($current_selected_method == 'AUTHY 2-FACTOR AUTHENTICATION'){
39
+ prompt_user_for_authy_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
40
+ }else if($current_selected_method == 'KBA' ){
41
+ prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
42
+ }else if($current_selected_method == 'OUT OF BAND EMAIL' ){
43
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$current_user_id);
44
+ if(( $status == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_site_option('mo2f_remember_device')!=1)||(get_site_option( 'mo2f_disable_kba' ) &&$login_status == 'MO_2_FACTOR_SETUP_SUCCESS')){
45
+ if(!MO2F_IS_ONPREM)
46
+ {
47
+ $current_user = get_userdata($current_user_id);
48
+ $email = $current_user->user_email;
49
+ $tempEmail = get_user_meta($current_user->ID,'mo2f_email_miniOrange',true);
50
+ if(isset($tempEmail) and $tempEmail != '')
51
+ $email = $tempEmail;
52
+ create_user_in_miniOrange($current_user_id,$email,$current_selected_method);
53
+ }
54
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
55
+ $pass2fa= new Miniorange_Password_2Factor_Login();
56
+ $pass2fa->mo2fa_pass2login($redirect_to, $session_id);
57
+ }
58
+ prompt_user_for_setup_success($current_user_id, $login_status, $login_message,$redirect_to,$session_id);
59
+ }else{
60
+ $current_user = get_userdata($current_user_id);
61
+ if(isset($current_user->roles[0]))
62
+ $current_user_role=$current_user->roles[0];
63
+ $opt=fetch_methods($current_user);
64
+ ?>
65
+ <html>
66
+ <head>
67
+ <meta charset="utf-8"/>
68
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
69
+ <meta name="viewport" content="width=device-width, initial-scale=1">
70
+ <?php
71
+ mo2f_inline_css_and_js();
72
+ ?>
73
+ </head>
74
+ <body>
75
+ <div class="mo2f_modal1" tabindex="-1" role="dialog" id="myModal51">
76
+ <div class="mo2f-modal-backdrop"></div>
77
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
78
+ <div class="login mo_customer_validation-modal-content">
79
+ <div class="mo2f_modal-header">
80
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
81
+
82
+ <?php echo __('New security system has been enabled', 'miniorange-2-factor-authentication'); ?></h3>
83
+ </div>
84
+ <div class="mo2f_modal-body">
85
+ <?php echo __('<b> Configure a Two-Factor method to protect your account</b>', 'miniorange-2-factor-authentication');
86
+ if(isset($login_message) && !empty($login_message)) {
87
+ echo '<br><br>';
88
+
89
+ ?>
90
+
91
+ <div id="otpMessage">
92
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
93
+ </div>
94
+ <?php }else
95
+ echo '<br>';
96
+ ?>
97
+
98
+ <br>
99
+ <span class="<?php if( !(in_array("GOOGLE AUTHENTICATOR", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
100
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
101
+ <input type="radio" name="mo2f_selected_2factor_method" value="GOOGLE AUTHENTICATOR" />
102
+ <?php echo __('Google / Authy / Microsoft Authenticator<br> &nbsp;&nbsp;&nbsp; &nbsp;
103
+ (Any TOTP Based Authenticatior App)', 'miniorange-2-factor-authentication'); ?>
104
+ </label>
105
+ <br>
106
+ </span>
107
+ <span class="<?php if( !(in_array("OUT OF BAND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
108
+ <label title="<?php echo __('You will receive an email with link. You have to click the ACCEPT or DENY link to verify your email. Supported in Desktops, Laptops, Smartphones.', 'miniorange-2-factor-authentication'); ?>">
109
+ <input type="radio" name="mo2f_selected_2factor_method" value="OUT OF BAND EMAIL" />
110
+ <?php echo __('Email Verification', 'miniorange-2-factor-authentication'); ?>
111
+ </label>
112
+ <br>
113
+ </span>
114
+ <span class="<?php if( !(in_array("SMS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
115
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
116
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS" />
117
+ <?php echo __('OTP Over SMS', 'miniorange-2-factor-authentication'); ?>
118
+ </label>
119
+ <br>
120
+ </span>
121
+ <span class="<?php if( !(in_array("PHONE VERIFICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>">
122
+ <label title="<?php echo __('You will receive a phone call telling a one time passcode. You have to enter the one time passcode to login. Supported in Landlines, Smartphones, Feature phones.', 'miniorange-2-factor-authentication'); ?>">
123
+ <input type="radio" name="mo2f_selected_2factor_method" value="PHONE VERIFICATION" />
124
+ <?php echo __('Phone Call Verification', 'miniorange-2-factor-authentication'); ?>
125
+ </label>
126
+ <br>
127
+ </span>
128
+ <span class="<?php if( !(in_array("SOFT TOKEN", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
129
+ <label title="<?php echo __('You have to enter 6 digits code generated by miniOrange Authenticator App like Google Authenticator code to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>" >
130
+ <input type="radio" name="mo2f_selected_2factor_method" value="SOFT TOKEN" />
131
+ <?php echo __('Soft Token', 'miniorange-2-factor-authentication'); ?>
132
+ </label>
133
+ <br>
134
+ </span>
135
+ <span class="<?php if( !(in_array("OTP OVER TELEGRAM", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
136
+ <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
137
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER TELEGRAM" />
138
+ <?php echo __('OTP Over TELEGRAM', 'miniorange-2-factor-authentication'); ?>
139
+ </label>
140
+ <br>
141
+ </span>
142
+ <span class="<?php if( !(in_array("OTP OVER WHATSAPP", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
143
+ <label title="<?php echo __('You will get an OTP on your WHATSAPP app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
144
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER WHATSAPP" />
145
+ <?php echo __('OTP Over WHATSAPP', 'miniorange-2-factor-authentication'); ?>
146
+ </label>
147
+ <br>
148
+ </span>
149
+ <span class="<?php if( !(in_array("MOBILE AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
150
+ <label title="<?php echo __('You have to scan the QR Code from your phone using miniOrange Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
151
+ <input type="radio" name="mo2f_selected_2factor_method" value="MOBILE AUTHENTICATION" />
152
+ <?php echo __('QR Code Authentication', 'miniorange-2-factor-authentication'); ?>
153
+ </label>
154
+ <br>
155
+ </span>
156
+ <span class="<?php if( !(in_array("PUSH NOTIFICATIONS", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
157
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
158
+ <input type="radio" name="mo2f_selected_2factor_method" value="PUSH NOTIFICATIONS" />
159
+ <?php echo __('Push Notification', 'miniorange-2-factor-authentication'); ?>
160
+ </label>
161
+ <br>
162
+ </span>
163
+ <span class="<?php if( !(in_array("AUTHY 2-FACTOR AUTHENTICATION", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
164
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
165
+ <input type="radio" name="mo2f_selected_2factor_method" value="AUTHY 2-FACTOR AUTHENTICATION" />
166
+ <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
167
+ </label>
168
+ <br>
169
+ </span>
170
+ <span class="<?php if( !(in_array("KBA", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
171
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
172
+ <input type="radio" name="mo2f_selected_2factor_method" value="KBA" />
173
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
174
+ </label>
175
+ <br>
176
+ </span>
177
+ <span class="<?php if( !(in_array("SMS AND EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
178
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone and your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
179
+ <input type="radio" name="mo2f_selected_2factor_method" value="SMS AND EMAIL" />
180
+ <?php echo __('OTP Over SMS and Email', 'miniorange-2-factor-authentication'); ?>
181
+ </label>
182
+ <br>
183
+ </span>
184
+ <span class="<?php if( !(in_array("OTP_OVER_EMAIL", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; }?>">
185
+ <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
186
+ <input type="radio" name="mo2f_selected_2factor_method" value="OTP OVER EMAIL" />
187
+ <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
188
+ </label>
189
+ <br>
190
+ </span>
191
+ <span class="<?php if( !(in_array("DUO", $opt)) ){ echo "mo2f_td_hide"; }else { echo "mo2f_td_show"; } ?>" >
192
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
193
+ <input type="radio" name="mo2f_selected_2factor_method" value=" DUO PUSH NOTIFICATIONS" />
194
+ <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
195
+ </label>
196
+ <br>
197
+ </span>
198
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:35%;"><?php echo __('Skip Two Factor', 'miniorange-2-factor-authentication'); ?></a>>>
199
+ <br />
200
+ <?php mo2f_customize_logo() ?>
201
+ </div>
202
+ </div>
203
+ </div>
204
+ </div>
205
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
206
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
207
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
208
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
209
+ </form>
210
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
211
+ <input type="hidden" name="mo2f_selected_2factor_method" />
212
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
213
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
214
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
215
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
216
+ </form>
217
+
218
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
219
+ <input type="hidden" name="option" value="mo2f_skip_2fa_setup" />
220
+ <input type="hidden" name="miniorange_skip_2fa_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
221
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
222
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
223
+ </form>
224
+
225
+ <script>
226
+ function mologinback(){
227
+ jQuery('#mo2f_backto_mo_loginform').submit();
228
+ }
229
+ jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
230
+ var selectedMethod = jQuery(this).val();
231
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
232
+ jQuery('#mo2f_select_2fa_methods_form').submit();
233
+ });
234
+ jQuery('a[href="#skiptwofactor"]').click(function(e) {
235
+
236
+ jQuery('#mo2f_skip_loginform').submit();
237
+ });
238
+ </script>
239
+ </body>
240
+ </html>
241
+ <?php
242
+ }
243
+ }
244
+
245
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
246
+ {
247
+
248
+ global $Mo2fdbQueries;
249
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user_id );
250
+ if(isset($mo2f_user_email) and $mo2f_user_email != '')
251
+ $email = $mo2f_user_email;
252
+
253
+ $current_user = get_userdata($current_user_id);
254
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
255
+ $email = get_option('mo2f_email');
256
+
257
+ $enduser = new Two_Factor_Setup();
258
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
259
+
260
+ if(json_last_error() == JSON_ERROR_NONE){
261
+
262
+ if($check_user['status'] == 'ERROR'){
263
+ return Mo2fConstants:: langTranslate( $check_user['message']);
264
+
265
+ }
266
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
267
+
268
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
269
+ 'user_registration_with_miniorange' =>'SUCCESS',
270
+ 'mo2f_user_email' =>$email,
271
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
272
+ ) );
273
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
274
+
275
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
276
+ }
277
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
278
+
279
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
280
+ if(json_last_error() == JSON_ERROR_NONE) {
281
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
282
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
283
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
284
+ 'user_registration_with_miniorange' =>'SUCCESS',
285
+ 'mo2f_user_email' =>$email,
286
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
287
+ ) );
288
+
289
+ $mo2fa_login_message = '';
290
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
291
+ }
292
+ }
293
+
294
+
295
+ }
296
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
297
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
298
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_FOR_RELOGIN';
299
+ mo2f_inline_email_form($email,$current_user_id);
300
+ exit;
301
+ }
302
+
303
+ }
304
+
305
+ }
306
+
307
+ function mo2f_inline_email_form($email,$current_user_id)
308
+ {
309
+ ?>
310
+ <html>
311
+ <head>
312
+ <meta charset="utf-8"/>
313
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
314
+ <meta name="viewport" content="width=device-width, initial-scale=1">
315
+ <?php
316
+ mo2f_inline_css_and_js();
317
+ ?>
318
+ </head>
319
+ <body>
320
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
321
+ <div class="mo2f-modal-backdrop"></div>
322
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md">
323
+ <div class="login mo_customer_validation-modal-content">
324
+ <div class="mo2f_modal-header">
325
+ <h3 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
326
+ <?php echo __('Email already registered.', 'miniorange-2-factor-authentication'); ?></h3>
327
+ </div>
328
+ <div class="mo2f_modal-body">
329
+ <form action="" method="post" name="f">
330
+ <p>The Email assoicated with your account is already registered in miniOrange. Please use a different email address or contact miniOrange.
331
+ </p><br>
332
+ <i><b>Enter your Email:&nbsp;&nbsp;&nbsp; </b> <input type ='email' id='emailInlineCloud' name='emailInlineCloud' size= '40' required value="<?php echo $email;?>"/></i>
333
+ <br>
334
+ <p id="emailalredyused" style="color: red;" hidden>This email is already associated with miniOrange.</p>
335
+ <br>
336
+ <input type="hidden" name="miniorange_emailChange_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-email-change-nonce')); ?>" />
337
+ <input type="text" name="current_user_id" hidden id="current_user_id" value="<?php echo $current_user_id;?>" />
338
+ <button type="submit" class="button button-primary button-large" style ="margin-left: 165px;" id="save_entered_email_inlinecloud">Save</button>
339
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
340
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
341
+ </form>
342
+ <br>
343
+ <?php mo2f_customize_logo() ?>
344
+ </div>
345
+ </div>
346
+ </div>
347
+ </div>
348
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
349
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
350
+ </form>
351
+ <form name="f" method="post" action="" id="mo2f_select_2fa_methods_form" style="display:none;">
352
+ <input type="hidden" name="mo2f_selected_2factor_method" />
353
+ <input type="hidden" name="miniorange_inline_save_2factor_method_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-2factor-method-nonce')); ?>" />
354
+ <input type="hidden" name="option" value="miniorange_inline_save_2factor_method" />
355
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
356
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
357
+ </form>
358
+ <?php if(get_site_option('mo2f_skip_inline_option')&& !get_site_option('mo2f_enable_emailchange')){ ?>
359
+ <form name="f" id="mo2f_skip_loginform" method="post" action="" style="display:none;">
360
+ <input type="hidden" name="miniorange_skip_2fa" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-skip-nonce')); ?>" />
361
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
362
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
363
+ </form>
364
+ <?php } ?>
365
+
366
+ <script type="text/javascript">
367
+ jQuery('#save_entered_email_inlinecloud1').click(function(){
368
+ var email = jQuery('#emailInlineCloud').val();
369
+ var nonce = '<?php echo esc_html(wp_create_nonce("checkuserinminiOrangeNonce"));?>';
370
+ var data = {
371
+ 'action' : 'mo_two_factor_ajax',
372
+ 'mo_2f_two_factor_ajax' : 'mo2f_check_user_exist_miniOrange',
373
+ 'email' : email,
374
+ 'nonce' : nonce
375
+
376
+ };
377
+
378
+ var ajaxurl = '<?php echo esc_url(admin_url('')); ?>';
379
+
380
+
381
+ jQuery.post(ajaxurl, data, function(response) {
382
+
383
+ if(response == 'alreadyExist')
384
+ {
385
+ jQuery('#emailalredyused').show();
386
+ }
387
+ else if(response =='USERCANBECREATED')
388
+ {
389
+ document.getElementById("mo2f_select_2fa_methods_form").elements[0].value = selectedMethod;
390
+ jQuery('#mo2f_select_2fa_methods_form').submit();
391
+ }
392
+ });
393
+
394
+ });
395
+
396
+
397
+ </script>
398
+ </body>
399
+
400
+ <?php
401
+ }
402
+ function prompt_user_for_miniorange_app_setup($current_user_id, $login_status, $login_message,$qrCode,$currentMethod,$redirect_to,$session_id){
403
+
404
+ global $Mo2fdbQueries;
405
+ if(isset($qrCode)){
406
+ $qrCodedata = $qrCode['mo2f-login-qrCode'];
407
+ $showqrCode = $qrCode['mo2f_show_qr_code'];
408
+ }
409
+ $current_user = get_userdata($current_user_id);
410
+ $email = $current_user->user_email;
411
+
412
+ $opt=fetch_methods($current_user);
413
+
414
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
415
+ ?>
416
+ <html>
417
+ <head> <meta charset="utf-8"/>
418
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
419
+ <meta name="viewport" content="width=device-width, initial-scale=1">
420
+ <?php
421
+ mo2f_inline_css_and_js();
422
+ ?>
423
+ </head>
424
+ <body>
425
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
426
+ <div class="mo2f-modal-backdrop"></div>
427
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
428
+ <div class="login mo_customer_validation-modal-content">
429
+ <div class="mo2f_modal-header">
430
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
431
+ <?php echo __('Setup miniOrange', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
432
+ </div>
433
+ <div class="mo2f_modal-body">
434
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
435
+
436
+ <div id="otpMessage">
437
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __($login_message, 'miniorange-2-factor-authentication'); ?></p>
438
+ </div>
439
+ <?php } ?>
440
+ <div style="margin-right:7px;"><?php download_instruction_for_mobile_app($current_user_id,$mobile_registration_status); ?></div>
441
+ <div class="mo_margin_left">
442
+ <h3><?php echo __('Step-2 : Scan QR code', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
443
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to see QR Code.', 'miniorange-2-factor-authentication'); ?></h4>
444
+ <center>
445
+ <?php if (sizeof($opt) > 1) { ?>
446
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
447
+ <?php } ?>
448
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
449
+ </center>
450
+ </div>
451
+ <?php
452
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( $_POST['miniorange_inline_show_qrcode_nonce'], 'miniorange-2-factor-inline-show-qrcode-nonce' )){
453
+ initialize_inline_mobile_registration($current_user,$session_id,$qrCodedata); ?>
454
+ <?php } ?>
455
+
456
+ <?php mo2f_customize_logo() ?>
457
+ </div>
458
+ <br>
459
+ <br>
460
+ </div>
461
+ </div>
462
+ </div>
463
+ </div>
464
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
465
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
466
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
467
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
468
+ </form>
469
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
470
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
471
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
472
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
473
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
474
+ </form>
475
+ <form name="f" method="post" id="mo2f_inline_mobile_register_form" action="" style="display:none;">
476
+ <input type="hidden" name="option" value="miniorange_inline_complete_mobile"/>
477
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
478
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
479
+ <input type="hidden" name="mo_auth_inline_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-mobile-registration-complete-nonce')); ?>" />
480
+ </form>
481
+ <?php if (sizeof($opt) > 1) { ?>
482
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
483
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
484
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
485
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
486
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
487
+ </form>
488
+ <?php } ?>
489
+ <script>
490
+ function mologinback(){
491
+ jQuery('#mo2f_backto_mo_loginform').submit();
492
+ }
493
+ function moconfigureapp(){
494
+ jQuery('#mo2f_inline_configureapp_form').submit();
495
+ }
496
+ jQuery('#mo2f_inline_back_btn').click(function() {
497
+ jQuery('#mo2f_goto_two_factor_form').submit();
498
+ });
499
+ <?php
500
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']), 'miniorange-2-factor-inline-show-qrcode-nonce' )){
501
+ ?>
502
+ <?php } ?>
503
+ </script>
504
+ </body>
505
+ </html>
506
+ <?php
507
+ }
508
+ function prompt_user_for_duo_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
509
+ global $Mo2fdbQueries;
510
+ $current_user = get_userdata($current_user_id);
511
+ $email = $current_user->user_email;
512
+ $opt=fetch_methods($current_user);
513
+ $mobile_registration_status = $Mo2fdbQueries->get_user_detail( 'mobile_registration_status',$current_user_id);
514
+
515
+ ?>
516
+ <html>
517
+ <head> <meta charset="utf-8"/>
518
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
519
+ <meta name="viewport" content="width=device-width, initial-scale=1">
520
+ <?php
521
+ mo2f_inline_css_and_js();
522
+ ?>
523
+ </head>
524
+ <body>
525
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
526
+ <div class="mo2f-modal-backdrop"></div>
527
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
528
+ <div class="login mo_customer_validation-modal-content">
529
+ <div class="mo2f_modal-header">
530
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
531
+ <?php echo __('Setup Duo', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('App', 'miniorange-2-factor-authentication'); ?></h4>
532
+ </div>
533
+ <div class="mo2f_modal-body">
534
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
535
+
536
+ <div id="otpMessage">
537
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __(esc_html($login_message), 'miniorange-2-factor-authentication'); ?></p>
538
+ </div>
539
+ <?php } ?>
540
+ <div style="margin-right:7px;"><?php mo2f_inline_download_instruction_for_duo_mobile_app($mobile_registration_status);
541
+
542
+ ?></div>
543
+ <div class="mo_margin_left">
544
+ <h3><?php echo __('Step-2 : Setup Duo Push Notification', 'miniorange-2-factor-authentication'); ?></h3><hr class="mo_hr">
545
+ <div id="mo2f_configurePhone"><h4><?php echo __('Please click on \'Configure your phone\' button below to setup duo push notification.', 'miniorange-2-factor-authentication'); ?></h4>
546
+ <center>
547
+ <?php if (sizeof($opt) > 1) { ?>
548
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
549
+ <?php } ?>
550
+ <input type="button" name="submit" onclick="moconfigureapp();" class="miniorange_button" value="<?php echo __('Configure your phone', 'miniorange-2-factor-authentication'); ?>" />
551
+ </center>
552
+ </div>
553
+ <?php
554
+
555
+ if(isset($_POST['option']) && sanitize_text_field($_POST['option']) =='miniorange_inline_duo_auth_mobile_complete'){
556
+ go_for_user_enroll_on_duo($current_user,$session_id);
557
+ ?>
558
+ <?php }else if(isset($_POST['option']) && sanitize_text_field($_POST['option']) == 'duo_mobile_send_push_notification_for_inline_form') {
559
+
560
+ initialize_inline_duo_auth_registration($current_user,$session_id);
561
+ ?>
562
+
563
+ <?php }?>
564
+
565
+ <?php mo2f_customize_logo() ?>
566
+ </div>
567
+ <br>
568
+ <br>
569
+ </div>
570
+ </div>
571
+ </div>
572
+ </div>
573
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
574
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
575
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
576
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
577
+ </form>
578
+ <form name="f" method="post" action="" id="mo2f_inline_configureapp_form" style="display:none;">
579
+ <input type="hidden" name="option" value="miniorange_inline_show_mobile_config"/>
580
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
581
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
582
+ <input type="hidden" name="miniorange_inline_show_qrcode_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-show-qrcode-nonce')); ?>" />
583
+ </form>
584
+ <form name="f" method="post" id="mo2f_inline_duo_auth_register_form" action="" style="display:none;">
585
+ <input type="hidden" name="option" value="miniorange_inline_duo_auth_mobile_complete"/>
586
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
587
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
588
+ <input type="hidden" name="mo_auth_inline_duo_auth_mobile_registration_complete_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-duo_auth-registration-complete-nonce')); ?>" />
589
+ </form>
590
+ <?php if (sizeof($opt) > 1) { ?>
591
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form">
592
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
593
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
594
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
595
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
596
+ </form>
597
+ <?php } ?>
598
+ <script>
599
+ function mologinback(){
600
+ jQuery('#mo2f_backto_mo_loginform').submit();
601
+ }
602
+ function moconfigureapp(){
603
+ jQuery('#mo2f_inline_duo_auth_register_form').submit();
604
+ }
605
+ jQuery('#mo2f_inline_back_btn').click(function() {
606
+ jQuery('#mo2f_goto_two_factor_form').submit();
607
+ });
608
+ <?php
609
+ if(isset($showqrCode) && $showqrCode == 'MO_2_FACTOR_SHOW_QR_CODE' && isset($_POST['miniorange_inline_show_qrcode_nonce']) && wp_verify_nonce( sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']), 'miniorange-2-factor-inline-show-qrcode-nonce' )){
610
+ ?>
611
+ <?php } ?>
612
+ </script>
613
+ </body>
614
+ </html>
615
+ <?php
616
+ }
617
+
618
+ function prompt_user_for_google_authenticator_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
619
+ $ga_secret = MO2f_Utility::mo2f_get_transient($session_id, 'secret_ga');
620
+ $data = MO2f_Utility::mo2f_get_transient($session_id, 'ga_qrCode');
621
+ global $Mo2fdbQueries;
622
+ if(empty($data)){
623
+ $user = get_user_by('ID',$current_user_id);
624
+ if(!MO2F_IS_ONPREM){
625
+ if(!get_user_meta($user->ID, 'mo2f_google_auth', true)){
626
+ Miniorange_Authentication::mo2f_get_GA_parameters($user);
627
+ }
628
+ $mo2f_google_auth = get_user_meta($user->ID, 'mo2f_google_auth', true);
629
+ $data = isset($mo2f_google_auth['ga_qrCode']) ? $mo2f_google_auth['ga_qrCode'] : null;
630
+ $ga_secret = isset($mo2f_google_auth['ga_secret']) ? $mo2f_google_auth['ga_secret'] : null;
631
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $mo2f_google_auth['ga_secret']);
632
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
633
+ }else{
634
+ include_once dirname(dirname(dirname( __FILE__ ))) .DIRECTORY_SEPARATOR . 'handler'.DIRECTORY_SEPARATOR . 'twofa'. DIRECTORY_SEPARATOR . 'gaonprem.php';
635
+ $gauth_obj = new Google_auth_onpremise();
636
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user->ID);
637
+ $onpremise_secret = $gauth_obj->createSecret();
638
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
639
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
640
+ $data = $url;
641
+ MO2f_Utility::mo2f_set_transient($session_id, 'secret_ga', $onpremise_secret);
642
+ MO2f_Utility::mo2f_set_transient($session_id, 'ga_qrCode', $url);
643
+
644
+ }
645
+ }
646
+ wp_register_script('mo2f_qr_code_js',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))) );
647
+ wp_register_script('mo2f_qr_code_minjs',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))) );
648
+ ?>
649
+ <html>
650
+ <head> <meta charset="utf-8"/>
651
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
652
+ <meta name="viewport" content="width=device-width, initial-scale=1">
653
+ <?php
654
+ mo2f_inline_css_and_js();
655
+ ?>
656
+ </head>
657
+ <style>
658
+ * {
659
+ box-sizing: border-box;
660
+ }
661
+ [class*="mcol-"] {
662
+ float: left;
663
+ padding: 15px;
664
+ }
665
+ /* For desktop: */
666
+ .mcol-1 {width: 50%;}
667
+ .mcol-2 {width: 50%;}
668
+ @media only screen and (max-width: 768px) {
669
+ /* For mobile phones: */
670
+ [class*="mcol-"] {
671
+ width: 100%;
672
+ }
673
+ }
674
+ </style>
675
+ <body>
676
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
677
+ <div class="mo2f-modal-backdrop"></div>
678
+ <div class="mo2f_modal-dialog mo2f_modal-lg" >
679
+ <div class="login mo_customer_validation-modal-content">
680
+ <div class="mo2f_modal-header">
681
+ <h4 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
682
+ <?php echo __('Setup Authenticator', 'miniorange-2-factor-authentication'); ?></h4>
683
+ </div>
684
+ <div class="mo2f_modal-body">
685
+ <?php
686
+
687
+ $current_user = get_userdata($current_user_id);
688
+ $opt=fetch_methods($current_user);
689
+ ?>
690
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
691
+ <div id="otpMessage"
692
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
693
+ >
694
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo __(esc_html($login_message), 'miniorange-2-factor-authentication'); ?></p>
695
+ </div>
696
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
697
+ <?php } ?>
698
+ <div class="mcol-1">
699
+ <div id="mo2f_choose_app_tour">
700
+ <label for="authenticator_type"><b>Choose an Authenticator app:</b></label>
701
+
702
+ <select id="authenticator_type">
703
+ <option value="google_authenticator">Google Authenticator</option>
704
+ <option value="msft_authenticator">Microsoft Authenticator</option>
705
+ <option value="authy_authenticator">Authy Authenticator</option>
706
+ <option value="last_pass_auth">LastPass Authenticator</option>
707
+ <option value="free_otp_auth">FreeOTP Authenticator</option>
708
+ <option value="duo_auth">Duo Mobile Authenticator</option>
709
+ </select>
710
+ <div id="links_to_apps_tour" style="background-color:white;padding:5px;">
711
+ <span id="links_to_apps">
712
+ <p style="background-color:#e8e4e4;padding:5px;">Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;
713
+ <a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p></a>
714
+
715
+ </span>
716
+ </div>
717
+ </div>
718
+ <div style="font-size: 18px !important;"><?php echo __('Scan the QR code from the Authenticator App.', 'miniorange-2-factor-authentication'); ?></div>
719
+ <ol>
720
+ <li><?php echo __('In the app, tap on Menu and select "Set up account"', 'miniorange-2-factor-authentication'); ?></li>
721
+ <li><?php echo __('Select "Scan a barcode". Use your phone\'s camera to scan this barcode.', 'miniorange-2-factor-authentication'); ?></li>
722
+ <br>
723
+ <?php if(MO2F_IS_ONPREM){ ?>
724
+ <div class="mo2f_gauth" data-qrcode="<?php echo $data;?>" style="float:left;margin-left:10%;"></div>
725
+ <?php
726
+
727
+ } else{ ?>
728
+ <div style="margin-left: 14%;">
729
+ <div class="mo2f_gauth_column_cloud mo2f_gauth_left" >
730
+ <div id="displayQrCode"><?php echo '<img id="displayGAQrCodeTour" style="line-height: 0;background:white;" src="data:image/jpg;base64,' . $data . '" />'; ?></div>
731
+ </div>
732
+ </div>
733
+ <?php }
734
+ ?>
735
+ <div style="margin-top: 55%"><a href="#mo2f_scanbarcode_a" aria-expanded="false" style="color:#21618C;"><b><?php echo __('Can\'t scan the barcode?', 'miniorange-2-factor-authentication'); ?></b></a></div>
736
+
737
+ </ol>
738
+ <div id="mo2f_scanbarcode_a" hidden>
739
+ <ol >
740
+ <li><?php echo __('Tap Menu and select "Set up account."', 'miniorange-2-factor-authentication'); ?></li>
741
+ <li><?php echo __('Select "Enter provided key"', 'miniorange-2-factor-authentication'); ?></li>
742
+ <li><?php echo __('In "Enter account name" type your full email address.', 'miniorange-2-factor-authentication'); ?></li>
743
+ <li class="mo2f_list"><?php echo __('In "Enter your key" type your secret key:', 'miniorange-2-factor-authentication'); ?></li>
744
+ <div style="padding: 10px; background-color: #f9edbe;width: 20em;text-align: center;" >
745
+ <div style="font-size: 14px; font-weight: bold;line-height: 1.5;" >
746
+ <?php echo esc_html($ga_secret) ?>
747
+ </div>
748
+ <div style="font-size: 80%;color: #666666;">
749
+ <?php echo __('Spaces don\'t matter.', 'miniorange-2-factor-authentication'); ?>
750
+ </div>
751
+ </div>
752
+ <li class="mo2f_list"><?php echo __('Key type: make sure "Time-based" is selected.', 'miniorange-2-factor-authentication'); ?></li>
753
+ <li class="mo2f_list"><?php echo __('Tap Add.', 'miniorange-2-factor-authentication'); ?></li>
754
+ </ol>
755
+ </div>
756
+ </div>
757
+ <div class="mcol-2">
758
+ <div style="font-size: 18px !important;"><b><?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?> </b> </div><br />
759
+ <div style="font-size: 15px !important;"><?php echo __('Once you have scanned the barcode, enter the 6-digit verification code generated by the Authenticator app', 'miniorange-2-factor-authentication'); ?></div><br />
760
+ <form name="" method="post" id="mo2f_inline_verify_ga_code_form">
761
+ <span><b><?php echo __('Code:', 'miniorange-2-factor-authentication'); ?> </b>
762
+ <br />
763
+ <input type="hidden" name="option" value="miniorange_inline_ga_validate">
764
+ <input class="mo2f_IR_GA_token" style="margin-left:36.5%;" autofocus="true" required="true" pattern="[0-9]{4,8}" type="text" id="google_auth_code" name="google_auth_code" placeholder="<?php echo __('Enter OTP', 'miniorange-2-factor-authentication'); ?>" /></span><br/>
765
+ <div class="center">
766
+ <input type="submit" name="validate" id="validate" class="miniorange_button" value="<?php echo __('Verify and Save', 'miniorange-2-factor-authentication'); ?>" />
767
+ </div>
768
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
769
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
770
+ <input type="hidden" name="mo2f_inline_validate_ga_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-google-auth-nonce')); ?>" />
771
+ </form>
772
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="center">
773
+ <input type="submit" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo mo2f_lt('Back');?>" />
774
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
775
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
776
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
777
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
778
+ </form>
779
+ </div>
780
+ <br>
781
+ <br>
782
+ <?php mo2f_customize_logo() ?>
783
+ </div>
784
+ </div>
785
+ </div>
786
+ </div>
787
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
788
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
789
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
790
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
791
+ </form>
792
+ <form name="f" method="post" id="mo2f_inline_app_type_ga_form" action="" style="display:none;">
793
+ <input type="hidden" name="google_phone_type" />
794
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
795
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
796
+ <input type="hidden" name="mo2f_inline_ga_phone_type_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-ga-phone-type-nonce')); ?>" />
797
+ </form>
798
+
799
+ <script>
800
+ jQuery('#authenticator_type').change(function(){
801
+ var auth_type = jQuery(this).val();
802
+ if(auth_type == 'google_authenticator'){
803
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
804
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
805
+ '<a href="http://itunes.apple.com/us/app/google-authenticator/id388497605" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
806
+ jQuery('#mo2f_change_app_name').show();
807
+ jQuery('#links_to_apps').show();
808
+ }else if(auth_type == 'msft_authenticator'){
809
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
810
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.azure.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
811
+ '<a href="https://apps.apple.com/us/app/microsoft-authenticator/id983156458" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
812
+ jQuery('#links_to_apps').show();
813
+ }else if(auth_type == 'free_otp_auth'){
814
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
815
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
816
+ '<a href="https://apps.apple.com/us/app/freeotp-authenticator/id872559395" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
817
+ jQuery('#links_to_apps').show();
818
+ }else if(auth_type == 'duo_auth'){
819
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
820
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.duosecurity.duomobile" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
821
+ '<a href="https://apps.apple.com/in/app/duo-mobile/id422663827" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
822
+ jQuery('#links_to_apps').show();
823
+ }else if(auth_type == 'authy_authenticator'){
824
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
825
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.authy.authy" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
826
+ '<a href="https://itunes.apple.com/in/app/authy/id494168017" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
827
+ jQuery('#links_to_apps').show();
828
+ }else{
829
+ jQuery('#links_to_apps').html('<p style="background-color:#e8e4e4;padding:5px;">' +
830
+ 'Get the App - <a href="https://play.google.com/store/apps/details?id=com.lastpass.authenticator" target="_blank"><b><?php echo mo2f_lt( "Android Play Store" ); ?></b></a>, &nbsp;' +
831
+ '<a href="https://itunes.apple.com/in/app/lastpass-authenticator/id1079110004" target="_blank"><b><?php echo mo2f_lt( "iOS App Store" ); ?>.</b>&nbsp;</p>');
832
+ jQuery('#mo2f_change_app_name').show();
833
+ jQuery('#links_to_apps').show();
834
+ }
835
+ });
836
+ function mologinback(){
837
+ jQuery('#mo2f_backto_mo_loginform').submit();
838
+ }
839
+ jQuery('input:radio[name=mo2f_inline_app_type_radio]').click(function() {
840
+ var selectedPhone = jQuery(this).val();
841
+ document.getElementById("mo2f_inline_app_type_ga_form").elements[0].value = selectedPhone;
842
+ jQuery('#mo2f_inline_app_type_ga_form').submit();
843
+ });
844
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(){
845
+ jQuery("#mo2f_scanbarcode_a").toggle();
846
+ });
847
+ jQuery(document).ready(function() {
848
+ jQuery('.mo2f_gauth').qrcode({
849
+ 'render': 'image',
850
+ size: 175,
851
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
852
+ });
853
+ });
854
+ </script>
855
+ </body>
856
+ <?php
857
+ echo '<head>';
858
+ wp_print_scripts( 'mo2f_qr_code_js' );
859
+ wp_print_scripts( 'mo2f_qr_code_minjs' );
860
+ echo '</head>';
861
+ }
862
+
863
+ function mo2f_inline_css_and_js(){
864
+
865
+ wp_register_style( 'mo2f_bootstrap',plugins_url('includes/css/bootstrap.min.css', dirname(dirname(__FILE__))));
866
+ wp_register_style('mo2f_front_end_login',plugins_url('includes/css/front_end_login.css',dirname(dirname( __FILE__))));
867
+ wp_register_style('mo2f_style_setting',plugins_url('includes/css/style_settings.css', dirname(dirname(__FILE__))));
868
+ wp_register_style('mo2f_hide-login',plugins_url('includes/css/hide-login.css',dirname(dirname( __FILE__))));
869
+
870
+ wp_print_styles( 'mo2f_bootstrap');
871
+ wp_print_styles( 'mo2f_front_end_login');
872
+ wp_print_styles( 'mo2f_style_setting');
873
+ wp_print_styles( 'mo2f_hide-login');
874
+
875
+ wp_register_script('mo2f_bootstrap_js',plugins_url('includes/js/bootstrap.min.js',dirname(dirname( __FILE__))));
876
+ wp_print_scripts( 'jquery');
877
+ wp_print_scripts( 'mo2f_bootstrap_js' );
878
+ }
879
+
880
+
881
+ function initialize_inline_mobile_registration($current_user,$session_id,$qrCode){
882
+ $data = $qrCode;
883
+
884
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_transactionId' );
885
+
886
+ $url = MO_HOST_NAME;
887
+ $opt=fetch_methods($current_user);
888
+ ?>
889
+ <p><?php echo __('Open your miniOrange', 'miniorange-2-factor-authentication'); ?><b> <?php echo __('Authenticator', 'miniorange-2-factor-authentication'); ?></b> <?php echo __('app and click on', 'miniorange-2-factor-authentication'); ?> <b><?php echo __('Configure button', 'miniorange-2-factor-authentication'); ?> </b> <?php echo __('to scan the QR Code. Your phone should have internet connectivity to scan QR code.', 'miniorange-2-factor-authentication'); ?> </p>
890
+ <div class="red" style="color:#E74C3C;">
891
+ <p><?php echo __('I am not able to scan the QR code,', 'miniorange-2-factor-authentication'); ?> <a data-toggle="mo2f_collapse" href="#mo2f_scanqrcode" aria-expanded="false" style="color:#3498DB;"><?php echo __('click here ', 'miniorange-2-factor-authentication'); ?></a></p></div>
892
+ <div class="mo2f_collapse" id="mo2f_scanqrcode" style="margin-left:5px;">
893
+ <?php echo __('Follow these instructions below and try again.', 'miniorange-2-factor-authentication'); ?>
894
+ <ol>
895
+ <li><?php echo __('Make sure your desktop screen has enough brightness.', 'miniorange-2-factor-authentication'); ?></li>
896
+ <li><?php echo __('Open your app and click on Configure button to scan QR Code again.', 'miniorange-2-factor-authentication'); ?></li>
897
+ <li><?php echo __('If you get cross mark on QR Code then click on \'Refresh QR Code\' link.', 'miniorange-2-factor-authentication'); ?></li>
898
+ </ol>
899
+ </div>
900
+ <table class="mo2f_settings_table">
901
+ <a href="#mo2f_refreshQRCode" style="color:#3498DB;"><?php echo __('Click here to Refresh QR Code.', 'miniorange-2-factor-authentication'); ?></a>
902
+ <div id="displayInlineQrCode" style="margin-left:36%;"><?php echo '<img style="width:200px;" src="data:image/jpg;base64,' . esc_html($data) . '" />'; ?>
903
+ </div>
904
+ </table>
905
+ <center>
906
+ <?php
907
+ if (sizeof($opt) > 1) { ?>
908
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
909
+ <?php }
910
+ ?>
911
+ </center>
912
+ <script>
913
+ jQuery('a[href="#mo2f_refreshQRCode"]').click(function(e) {
914
+ jQuery('#mo2f_inline_configureapp_form').submit();
915
+ });
916
+ jQuery("#mo2f_configurePhone").empty();
917
+ jQuery("#mo2f_app_div").hide();
918
+ var timeout;
919
+ pollInlineMobileRegistration();
920
+ function pollInlineMobileRegistration()
921
+ {
922
+ var transId = "<?php echo esc_html($mo2f_login_transaction_id); ?>";
923
+ var jsonString = "{\"txId\":\""+ transId + "\"}";
924
+ var postUrl = "<?php echo esc_html($url); ?>" + "/moas/api/auth/registration-status";
925
+ jQuery.ajax({
926
+ url: postUrl,
927
+ type : "POST",
928
+ dataType : "json",
929
+ data : jsonString,
930
+ contentType : "application/json; charset=utf-8",
931
+ success : function(result) {
932
+ var status = JSON.parse(JSON.stringify(result)).status;
933
+ if (status == 'SUCCESS') {
934
+ var content = "<br/><div id='success'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/right.png' , dirname(dirname(__FILE__ )));?>" + "' /></div>";
935
+ jQuery("#displayInlineQrCode").empty();
936
+ jQuery("#displayInlineQrCode").append(content);
937
+ setTimeout(function(){jQuery("#mo2f_inline_mobile_register_form").submit();}, 1000);
938
+ } else if (status == 'ERROR' || status == 'FAILED') {
939
+ var content = "<br/><div id='error'><img style='width:165px;margin-top:-1%;margin-left:2%;' src='" + "<?php echo plugins_url( 'includes/images/wrong.png' , __FILE__ );?>" + "' /></div>";
940
+ jQuery("#displayInlineQrCode").empty();
941
+ jQuery("#displayInlineQrCode").append(content);
942
+ jQuery("#messages").empty();
943
+ jQuery("#messages").append("<div class='error mo2f_error_container'> <p class='mo2f_msgs'>An Error occured processing your request. Please try again to configure your phone.</p></div>");
944
+ } else {
945
+ timeout = setTimeout(pollInlineMobileRegistration, 3000);
946
+ }
947
+ }
948
+ });
949
+ }
950
+ </script>
951
+ <?php
952
+ }
953
+
954
+ function initialize_inline_duo_auth_registration($current_user,$session_id_encrypt){
955
+
956
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
957
+ update_user_meta($user_id,'current_user_email',$current_user->user_email);
958
+
959
+
960
+ $opt=fetch_methods($current_user);
961
+ ?>
962
+ <h3><?php echo mo2f_lt( 'Test Duo Authenticator' ); ?></h3>
963
+ <hr>
964
+ <div>
965
+ <br>
966
+ <br>
967
+ <center>
968
+ <h3><?php echo mo2f_lt( 'Duo push notification is sent to your mobile phone.' ); ?>
969
+ <br>
970
+ <?php echo mo2f_lt( 'We are waiting for your approval...' ); ?></h3>
971
+ <img src="<?php echo plugins_url( 'includes/images/ajax-loader-login.gif', dirname(dirname(__FILE__)) ); ?>"/>
972
+ </center>
973
+
974
+ <input type="button" name="back" id="go_back" class="button button-primary button-large"
975
+ value="<?php echo mo2f_lt( 'Back' ); ?>"
976
+ style="margin-top:100px;margin-left:10px;"/>
977
+ </div>
978
+
979
+ <form name="f" method="post" action="" id="mo2f_go_back_form">
980
+ <input type="hidden" name="option" value="mo2f_go_back"/>
981
+ <input type="hidden" name="mo2f_go_back_nonce"
982
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-go-back-nonce" )) ?>"/>
983
+ </form>
984
+ <form name="f" method="post" id="mo2f_inline_duo_authenticator_success_form" action="">
985
+ <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_success_form"/>
986
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
987
+ <input type="hidden" name="mo2f_duo_authenticator_success_nonce"
988
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-duo-authenticator-success-nonce" )) ?>"/>
989
+ </form>
990
+ <form name="f" method="post" id="mo2f_duo_authenticator_error_form" action="">
991
+ <input type="hidden" name="option" value="mo2f_inline_duo_authenticator_error"/>
992
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id_encrypt); ?>"/>
993
+ <input type="hidden" name="mo2f_inline_duo_authentcator_error_nonce"
994
+ value="<?php echo esc_html(wp_create_nonce( "mo2f-inline-duo-authenticator-error-nonce" )) ?>"/>
995
+ </form>
996
+
997
+ <script>
998
+ jQuery('#go_back').click(function () {
999
+ jQuery('#mo2f_go_back_form').submit();
1000
+ });
1001
+ jQuery("#mo2f_configurePhone").empty();
1002
+ jQuery("#mo2f_app_div").hide();
1003
+ var timeout;
1004
+
1005
+
1006
+
1007
+ pollMobileValidation();
1008
+ function pollMobileValidation() {
1009
+ var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1010
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-duo-nonce' )); ?>";
1011
+ var session_id_encrypt = "<?php echo esc_html($session_id_encrypt); ?>";
1012
+
1013
+ var data={
1014
+ 'action':'mo2f_duo_ajax_request',
1015
+ 'call_type':'check_duo_push_auth_status',
1016
+ 'session_id_encrypt': session_id_encrypt,
1017
+ 'nonce': nonce,
1018
+
1019
+ };
1020
+
1021
+ jQuery.post(ajax_url, data, function(response){
1022
+
1023
+ if (response == 'SUCCESS') {
1024
+ jQuery('#mo2f_inline_duo_authenticator_success_form').submit();
1025
+ } else if (response == 'ERROR' || response == 'FAILED' || response == 'DENIED') {
1026
+
1027
+ jQuery('#mo2f_duo_authenticator_error_form').submit();
1028
+ } else {
1029
+ timeout = setTimeout(pollMobileValidation, 3000);
1030
+ }
1031
+
1032
+ });
1033
+
1034
+ }
1035
+
1036
+ </script>
1037
+
1038
+ <?php
1039
+ }
1040
+ function prompt_user_for_kba_setup($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1041
+ $current_user = get_userdata($current_user_id);
1042
+ $opt=fetch_methods($current_user);
1043
+
1044
+ ?>
1045
+ <html>
1046
+ <head> <meta charset="utf-8"/>
1047
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1048
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1049
+ <?php
1050
+ mo2f_inline_css_and_js();
1051
+ ?>
1052
+ <style>
1053
+ .mo2f_kba_ques, .mo2f_table_textbox{
1054
+ background: whitesmoke none repeat scroll 0% 0%;
1055
+ }
1056
+ </style>
1057
+ </head>
1058
+ <body>
1059
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1060
+ <div class="mo2f-modal-backdrop"></div>
1061
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1062
+ <div class="login mo_customer_validation-modal-content">
1063
+ <div class="mo2f_modal-header">
1064
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1065
+ <?php echo __('Setup Security Question (KBA)', 'miniorange-2-factor-authentication'); ?></h4>
1066
+ </div>
1067
+ <div class="mo2f_modal-body">
1068
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1069
+ <div id="otpMessage">
1070
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;"><?php echo esc_html($login_message); ?></p>
1071
+ </div>
1072
+ <?php } ?>
1073
+ <form name="f" method="post" action="" >
1074
+ <?php mo2f_configure_kba_questions(); ?>
1075
+ <br />
1076
+ <div class ="row">
1077
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1078
+ <input type="submit" name="validate" class="miniorange_button" style="width: 30%;background-color:#ff4168;" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1079
+ <button type="button" class="miniorange_button" style="width: 30%;background-color:#ff4168;" onclick="mobackinline();">Back</button>
1080
+
1081
+ </div>
1082
+ </div>
1083
+ <input type="hidden" name="option" value="mo2f_inline_kba_option" />
1084
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1085
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1086
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1087
+ </form>
1088
+ <?php if (sizeof($opt) > 1) { ?>
1089
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" class="mo2f_display_none_forms">
1090
+ <div class ="row">
1091
+ <div class="col-md-4" style="margin: 0 auto;width: 100px;">
1092
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1093
+ </div>
1094
+ </div>
1095
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1096
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1097
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1098
+ </form>
1099
+ <?php } ?>
1100
+
1101
+ <?php mo2f_customize_logo() ?>
1102
+ </div>
1103
+ </div>
1104
+ </div>
1105
+ </div>
1106
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1107
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1108
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1109
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1110
+ </form>
1111
+
1112
+ <script>
1113
+ function mologinback(){
1114
+ jQuery('#mo2f_backto_mo_loginform').submit();
1115
+ }
1116
+
1117
+ function mobackinline(){
1118
+ jQuery('#mo2f_goto_two_factor_form').submit();
1119
+ }
1120
+ </script>
1121
+ </body>
1122
+ </html>
1123
+ <?php
1124
+ }function prompt_user_for_miniorange_register($current_user_id, $login_status, $login_message,$redirect_to,$session_id){
1125
+ $current_user = get_userdata($current_user_id);
1126
+ $opt=fetch_methods($current_user);
1127
+ ?>
1128
+ <html>
1129
+ <head> <meta charset="utf-8"/>
1130
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1131
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1132
+ <?php
1133
+ mo2f_inline_css_and_js();
1134
+ ?>
1135
+ <style>
1136
+ .mo2f_kba_ques, .mo2f_table_textbox{
1137
+ background: whitesmoke none repeat scroll 0% 0%;
1138
+ }
1139
+ </style>
1140
+ </head>
1141
+ <body>
1142
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1143
+ <div class="mo2f-modal-backdrop"></div>
1144
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1145
+ <div class="login mo_customer_validation-modal-content">
1146
+ <div class="mo2f_modal-header">
1147
+ <h3 class="mo2f_modal-title" style="color:black;"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1148
+ <b> <?php echo __('Connect with miniOrange', 'miniorange-2-factor-authentication'); ?></b></h3>
1149
+ </div>
1150
+ <div class="mo2f_modal-body">
1151
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1152
+ <div id="otpMessage">
1153
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1154
+ </div>
1155
+ <?php } ?>
1156
+ <form name="mo2f_inline_register_form" id="mo2f_inline_register_form" method="post" action="">
1157
+ <input type="hidden" name="option" value="miniorange_inline_register" />
1158
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1159
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1160
+ <p>This method requires you to have an account with miniOrange.</p>
1161
+ <table class="mo_wpns_settings_table">
1162
+ <tr>
1163
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1164
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
1165
+ required placeholder="person@example.com"/></td>
1166
+ </tr>
1167
+ <tr>
1168
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1169
+ <td><input class="mo_wpns_table_textbox" required type="password"
1170
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
1171
+ </tr>
1172
+ <tr>
1173
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1174
+ <td><input class="mo_wpns_table_textbox" required type="password"
1175
+ name="confirmPassword" placeholder="Confirm your password" /></td>
1176
+ </tr>
1177
+ <tr>
1178
+ <td>&nbsp;</td>
1179
+ <td><br><input type="submit" name="submit" value="Create Account"
1180
+ class="miniorange_button" />
1181
+ <a href="#mo2f_account_exist">Already have an account?</a>
1182
+ </tr>
1183
+ </table>
1184
+ </form>
1185
+ <form name="f" id="mo2f_inline_login_form" method="post" action="" hidden>
1186
+ <p><b>It seems you already have an account with miniOrange. Please enter your miniOrange email and password.<br></b><a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1187
+ <input type="hidden" name="option" value="miniorange_inline_login"/>
1188
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1189
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1190
+ <table class="mo_wpns_settings_table">
1191
+ <tr>
1192
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1193
+ <td><input class="mo_wpns_table_textbox" type="email" name="email"
1194
+ required placeholder="person@example.com"
1195
+ /></td>
1196
+ </tr>
1197
+ <tr>
1198
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1199
+ <td><input class="mo_wpns_table_textbox" required type="password"
1200
+ name="password" placeholder="Enter your miniOrange password" /></td>
1201
+ </tr>
1202
+ <tr>
1203
+ <td>&nbsp;</td>
1204
+ <td><input type="submit" class="miniorange_button" />
1205
+ <input type="button" id="cancel_link" class="miniorange_button" value="<?php echo __('Go Back to Registration', 'miniorange-2-factor-authentication'); ?>" />
1206
+ </tr>
1207
+ </table>
1208
+ </form>
1209
+ <br>
1210
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('<< Back to Menu', 'miniorange-2-factor-authentication'); ?>" />
1211
+ <?php mo2f_customize_logo() ?>
1212
+ </div>
1213
+ </div>
1214
+ </div>
1215
+ </div>
1216
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1217
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1218
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1219
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1220
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1221
+ </form>
1222
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1223
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1224
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1225
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1226
+ </form>
1227
+
1228
+ <script>
1229
+ jQuery('#mo2f_inline_back_btn').click(function() {
1230
+ jQuery('#mo2f_goto_two_factor_form').submit();
1231
+ });
1232
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1233
+ jQuery('#mo2f_inline_login_form').show();
1234
+ jQuery('#mo2f_inline_register_form').hide();
1235
+ });
1236
+ jQuery('#cancel_link').click(function(){
1237
+ jQuery('#mo2f_inline_register_form').show();
1238
+ jQuery('#mo2f_inline_login_form').hide();
1239
+ });
1240
+ function mologinback(){
1241
+ jQuery('#mo2f_backto_mo_loginform').submit();
1242
+ }
1243
+ </script>
1244
+ </body>
1245
+ </html>
1246
+ <?php
1247
+ }
1248
+ function prompt_user_for_setup_success($id, $login_status, $login_message,$redirect_to,$session_id){
1249
+ global $Mo2fdbQueries;
1250
+ ?>
1251
+ <html>
1252
+ <head> <meta charset="utf-8"/>
1253
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1254
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1255
+ <?php
1256
+ mo2f_inline_css_and_js();
1257
+ ?>
1258
+ <style>
1259
+ .mo2f_kba_ques, .mo2f_table_textbox{
1260
+ background: whitesmoke none repeat scroll 0% 0%;
1261
+ }
1262
+ </style>
1263
+ </head>
1264
+ <body>
1265
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1266
+ <div class="mo2f-modal-backdrop"></div>
1267
+ <div class="mo2f_modal-dialog mo2f_modal-lg">
1268
+ <div class="login mo_customer_validation-modal-content">
1269
+ <div class="mo2f_modal-header">
1270
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login', 'miniorange-2-factor-authentication'); ?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1271
+ <?php echo __('Two Factor Setup Complete', 'miniorange-2-factor-authentication'); ?></h4>
1272
+ </div>
1273
+ <div class="mo2f_modal-body center">
1274
+ <?php
1275
+ global $Mo2fdbQueries;
1276
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1277
+ if($mo2f_second_factor == 'OUT OF BAND EMAIL'){
1278
+ $mo2f_second_factor = 'Email Verification';
1279
+ }else if($mo2f_second_factor == 'SMS'){
1280
+ $mo2f_second_factor = 'OTP over SMS';
1281
+ }else if($mo2f_second_factor == 'OTP_OVER_EMAIL'){
1282
+ $mo2f_second_factor = 'OTP_OVER_EMAIL';
1283
+ }else if($mo2f_second_factor == 'PHONE VERIFICATION'){
1284
+ $mo2f_second_factor = 'Phone Call Verification';
1285
+ }else if($mo2f_second_factor == 'SOFT TOKEN'){
1286
+ $mo2f_second_factor = 'Soft Token';
1287
+ }else if($mo2f_second_factor == 'MOBILE AUTHENTICATION'){
1288
+ $mo2f_second_factor = 'QR Code Authentication';
1289
+ }else if($mo2f_second_factor == 'PUSH NOTIFICATIONS'){
1290
+ $mo2f_second_factor = 'Push Notification';
1291
+ }else if($mo2f_second_factor == 'GOOGLE AUTHENTICATOR'){
1292
+ if(get_user_meta($id,'mo2f_external_app_type',true) == 'GOOGLE AUTHENTICATOR'){
1293
+ $mo2f_second_factor = 'Google Authenticator';
1294
+ }else{
1295
+ $mo2f_second_factor = 'Authy 2-Factor Authentication';
1296
+ }
1297
+ }else if($mo2f_second_factor == 'KBA'){
1298
+ $mo2f_second_factor = 'Security Questions (KBA)';
1299
+ }
1300
+ $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$id);
1301
+ $status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status',$id);
1302
+
1303
+ if(get_site_option( 'mo2f_disable_kba' )!=1){
1304
+ if($status != 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1305
+ ?><div id="validation_msg" style="color:red;text-align:left !important;"></div>
1306
+ <div id="mo2f_show_kba_reg" class="mo2f_inline_padding" style="text-align:left !important;" >
1307
+ <?php if(isset($login_message) && !empty($login_message)){ ?>
1308
+ <div id="otpMessage">
1309
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important;" ><?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1310
+ </div>
1311
+ <?php } ?>
1312
+ <h4> <?php echo __('Please set your security questions as an alternate login or backup method.', 'miniorange-2-factor-authentication'); ?></h4>
1313
+ <form name="f" method="post" action="" >
1314
+ <?php mo2f_configure_kba_questions(); ?>
1315
+ <br>
1316
+ <center>
1317
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Save', 'miniorange-2-factor-authentication'); ?>" />
1318
+ </center>
1319
+ <input type="hidden" name="mo2f_inline_kba_option" />
1320
+ <input type="hidden" name="mo2f_inline_save_kba_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-save-kba-nonce')); ?>" />
1321
+ <input type="hidden" name="mo2f_inline_kba_status" value="<?php echo esc_html($login_status); ?>" />
1322
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1323
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1324
+ </form>
1325
+ </div>
1326
+ <?php }
1327
+ }else{
1328
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1329
+ $Mo2fdbQueries->update_user_details( $id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
1330
+ $status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
1331
+ }
1332
+ if($status == 'MO_2_FACTOR_PLUGIN_SETTINGS'){
1333
+ if(get_site_option('mo2f_remember_device')!=1)
1334
+ {
1335
+ $pass2fa= new Miniorange_Password_2Factor_Login();
1336
+ $pass2fa->mo2fa_pass2login(site_url(), $session_id);
1337
+ ?>
1338
+ <center>
1339
+ <p style="font-size:17px;"><?php echo __('You have successfully set up ', 'miniorange-2-factor-authentication'); ?><b style="color:#28B463;"><?php echo $mo2f_second_factor; ?> </b><?php echo __('as your Two Factor method.', 'miniorange-2-factor-authentication'); ?><br><br>
1340
+ <?php echo __('From now, when you login, you will be prompted for', 'miniorange-2-factor-authentication'); ?> <span style="color:#28B463;"><?php echo __($mo2f_second_factor, 'miniorange-2-factor-authentication'); ?></span> <?php echo __('as your 2nd factor method of authentication.', 'miniorange-2-factor-authentication'); ?>
1341
+ </p>
1342
+ </center>
1343
+ <br>
1344
+ <center>
1345
+ <p style="font-size:16px;"><a href="#" onclick="mologinback();"style="color:#CB4335;"><b><?php echo __('Click Here', 'miniorange-2-factor-authentication'); ?></b></a> <?php echo __('to sign-in to your account.', 'miniorange-2-factor-authentication'); ?>
1346
+ <br>
1347
+ </center>
1348
+ <?php
1349
+ }else{
1350
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? sanitize_url($_POST[ 'redirect_to' ]) : null;
1351
+ $mo_enable_rem = new Miniorange_Password_2Factor_Login();
1352
+ mo2f_collect_device_attributes_handler($session_id,$redirect_to);
1353
+ }
1354
+ }
1355
+ mo2f_customize_logo() ?>
1356
+ </div>
1357
+ </div>
1358
+ </div>
1359
+ </div>
1360
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo esc_url(wp_login_url()); ?>" style="display:none;">
1361
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1362
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1363
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1364
+ </form>
1365
+
1366
+ <script>
1367
+ function mologinback(){
1368
+ jQuery('#mo2f_backto_mo_loginform').submit();
1369
+ }
1370
+ </script>
1371
+ </body>
1372
+ </html>
1373
+ <?php
1374
+ }
1375
+
1376
+ function prompt_user_for_phone_setup($current_user_id, $login_status, $login_message,$currentMethod,$redirect_to,$session_id){
1377
+ $current_user = get_userdata($current_user_id);
1378
+ $opt=fetch_methods($current_user);
1379
+ global $Mo2fdbQueries;
1380
+ $current_selected_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method',$current_user_id);
1381
+ $current_user = get_userdata($current_user_id);
1382
+ $email = $current_user->user_email;
1383
+ ?>
1384
+ <html>
1385
+ <head> <meta charset="utf-8"/>
1386
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
1387
+ <meta name="viewport" content="width=device-width, initial-scale=1">
1388
+ <?php
1389
+ mo2f_inline_css_and_js();
1390
+
1391
+ wp_register_script('mo2f_bootstrap_js', plugins_url('includes/js/bootstrap.min.js',dirname(dirname(__FILE__))));
1392
+ wp_register_script('mo2f_phone_js', plugins_url('includes/js/phone.js',dirname(dirname( __FILE__))));
1393
+ wp_print_scripts( 'mo2f_bootstrap_js' );
1394
+ wp_print_scripts( 'mo2f_phone_js');
1395
+
1396
+ wp_register_style('mo2f_phone',plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))));
1397
+ wp_print_styles( 'mo2f_phone' );
1398
+ ?>
1399
+ </head>
1400
+ <body>
1401
+ <div class="mo2f_modal" tabindex="-1" role="dialog" id="myModal5">
1402
+ <div class="mo2f-modal-backdrop"></div>
1403
+ <div class="mo_customer_validation-modal-dialog mo_customer_validation-modal-md" >
1404
+ <div class="login mo_customer_validation-modal-content">
1405
+ <div class="mo2f_modal-header">
1406
+ <h4 class="mo2f_modal-title"><button type="button" class="mo2f_close" data-dismiss="modal" aria-label="Close" title="<?php echo __('Back to login','miniorange-2-factor-authentication');?>" onclick="mologinback();"><span aria-hidden="true">&times;</span></button>
1407
+ <?php
1408
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1409
+ <?php echo __('Verify Your Phone and Email', 'miniorange-2-factor-authentication'); ?></h4>
1410
+ <?php }
1411
+ else if($current_selected_method == 'OTP Over Telegram')
1412
+ {
1413
+ echo __('Verify Your Telegram Details', 'miniorange-2-factor-authentication');
1414
+ }
1415
+ else if($current_selected_method == 'OTP OVER EMAIL'){
1416
+ ?>
1417
+ <?php echo __('Verify Your EMAIL', 'miniorange-2-factor-authentication'); ?></h4>
1418
+ <?php }
1419
+ else{
1420
+ ?>
1421
+ <?php echo __('Verify Your Phone', 'miniorange-2-factor-authentication'); ?></h3>
1422
+ <?php } ?>
1423
+ </div>
1424
+ <div class="mo2f_modal-body">
1425
+ <?php if(isset($login_message) && !empty($login_message)) { ?>
1426
+ <div id="otpMessage"
1427
+ <?php if(get_user_meta($current_user_id, 'mo2f_is_error', true)) { ?>style="background-color:#FADBD8; color:#E74C3C;?>"<?php update_user_meta($current_user_id, 'mo2f_is_error', false);} ?>
1428
+ >
1429
+ <p class="mo2fa_display_message_frontend" style="text-align: left !important; "> <?php echo wp_kses($login_message, array('b'=>array())); ?></p>
1430
+ </div>
1431
+ <?php if(isset($login_message)) {?> <br/> <?php } ?>
1432
+ <?php } ?>
1433
+ <div class="mo2f_row">
1434
+ <form name="f" method="post" action="" id="mo2f_inline_verifyphone_form">
1435
+ <p>
1436
+ <?php
1437
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1438
+ <?php echo __('Enter your phone number. An One Time Passcode(OTP) wll be sent to this number and your email address.', 'miniorange-2-factor-authentication'); ?></p>
1439
+ <?php
1440
+ }else if($current_selected_method == 'OTP OVER EMAIL'){
1441
+ //no message
1442
+ }else if($current_selected_method == 'OTP Over Telegram')
1443
+ {
1444
+ echo __('1. Open the telegram app and search for miniorange2fa_bot. Click on start button or send <b>/start</b> message', 'miniorange-2-factor-authentication');
1445
+ echo "<br><br><br>";
1446
+ echo __('2. Enter the recieved Chat ID here below::', 'miniorange-2-factor-authentication');
1447
+ $chat_id = get_user_meta($current_user_id,'mo2f_chat_id',true);
1448
+
1449
+ if($chat_id == '')
1450
+ $chat_id = get_user_meta($current_user_id,'mo2f_temp_chatID',true);
1451
+
1452
+ ?>
1453
+ <input type="text" name="verify_chatID" id="chatID"
1454
+ value="<?php echo esc_html($chat_id); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter chat ID without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1455
+
1456
+ <?php
1457
+ echo "<br>";
1458
+
1459
+ }
1460
+ else{
1461
+ ?>
1462
+ <?php echo __('Enter your phone number', 'miniorange-2-factor-authentication'); ?></h4>
1463
+ <?php }
1464
+ if(!($current_selected_method == 'OTP OVER EMAIL') and $current_selected_method !='OTP Over Telegram'and $current_selected_method !='OTP Over Whatsapp'){
1465
+ ?>
1466
+ <input class="mo2f_table_textbox" type="text" name="verify_phone" id="phone"
1467
+ value="<?php echo get_user_meta($current_user_id,'mo2f_user_phone',true); ?>" pattern="[\+]?[0-9]{1,4}\s?[0-9]{7,12}" required="true" title="<?php echo __('Enter phone number without any space or dashes', 'miniorange-2-factor-authentication'); ?>" /><br />
1468
+ <?php } ?>
1469
+ <?php
1470
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email',$current_user_id);
1471
+ if($current_selected_method == 'SMS AND EMAIL' ||$current_selected_method == 'OTP OVER EMAIL' ){?>
1472
+ <input class="mo2f_IR_phone" type="text" name="verify_email" id="email"
1473
+ value="<?php echo esc_html($email) ; ?>" title="<?php echo __('Enter your email', 'miniorange-2-factor-authentication'); ?>" style="width: 250px;" disabled /><br />
1474
+ <?php } ?>
1475
+ <input type="submit" name="verify" class="miniorange_button" value="<?php echo __('Send OTP', 'miniorange-2-factor-authentication'); ?>" />
1476
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp_over_sms"/>
1477
+ <input type="hidden" name="miniorange_inline_verify_phone_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-verify-phone-nonce')); ?>" />
1478
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1479
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1480
+ </form>
1481
+ </div>
1482
+ <form name="f" method="post" action="" id="mo2f_inline_validateotp_form" >
1483
+ <p>
1484
+ <?php
1485
+ if($current_selected_method == 'SMS AND EMAIL'){?>
1486
+ <h4><?php echo __('Enter One Time Passcode', 'miniorange-2-factor-authentication'); ?></h4>
1487
+ <?php }
1488
+ else{
1489
+ ?>
1490
+ <?php echo mo2f_lt('Please enter the One Time Passcode sent to your phone.');?></p>
1491
+ <?php } ?>
1492
+ <input class="mo2f_IR_phone_OTP" required="true" pattern="[0-9]{4,8}" autofocus="true" type="text" name="otp_token" placeholder="<?php echo __('Enter the code', 'miniorange-2-factor-authentication'); ?>" id="otp_token"/><br>
1493
+ <?php if ($current_selected_method == 'PHONE VERIFICATION'){ ?>
1494
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1495
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('CALL AGAIN', 'miniorange-2-factor-authentication'); ?></a>
1496
+ <?php } else if($current_selected_method != 'OTP Over Telegram'){
1497
+ ?>
1498
+ <span style="color:#1F618D;"><?php echo mo2f_lt('Didn\'t get code?');?></span> &nbsp;
1499
+ <a href="#resendsmslink" style="color:#F4D03F ;font-weight:bold;"><?php echo __('RESEND IT', 'miniorange-2-factor-authentication'); ?></a>
1500
+ <?php } ?>
1501
+ <br /><br />
1502
+ <input type="submit" name="validate" class="miniorange_button" value="<?php echo __('Verify Code', 'miniorange-2-factor-authentication'); ?>" />
1503
+ <?php if (sizeof($opt) > 1) { ?>
1504
+
1505
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1506
+ <input type="button" name="back" id="mo2f_inline_back_btn" class="miniorange_button" value="<?php echo __('Back', 'miniorange-2-factor-authentication'); ?>" />
1507
+ <?php } ?>
1508
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1509
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1510
+ <input type="hidden" name="option" value="miniorange_inline_complete_otp"/>
1511
+ <input type="hidden" name="miniorange_inline_validate_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-validate-otp-nonce')); ?>" />
1512
+ </form>
1513
+ <?php mo2f_customize_logo() ?>
1514
+ </div>
1515
+ </div>
1516
+ </div>
1517
+ </div>
1518
+ <form name="f" id="mo2f_backto_mo_loginform" method="post" action="<?php echo wp_login_url(); ?>" style="display:none;">
1519
+ <input type="hidden" name="miniorange_mobile_validation_failed_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-mobile-validation-failed-nonce')); ?>" />
1520
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1521
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1522
+ </form>
1523
+ <form name="f" method="post" action="" id="mo2fa_inline_resend_otp_form" style="display:none;">
1524
+ <input type="hidden" name="miniorange_inline_resend_otp_nonce" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-resend-otp-nonce')); ?>" />
1525
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1526
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1527
+ </form>
1528
+ <?php if (sizeof($opt) > 1) { ?>
1529
+ <form name="f" method="post" action="" id="mo2f_goto_two_factor_form" >
1530
+ <input type="hidden" name="option" value="miniorange_back_inline"/>
1531
+ <input type="hidden" name="miniorange_inline_two_factor_setup" value="<?php echo esc_html(wp_create_nonce('miniorange-2-factor-inline-setup-nonce')); ?>" />
1532
+ <input type="hidden" name="redirect_to" value="<?php echo esc_url($redirect_to); ?>"/>
1533
+ <input type="hidden" name="session_id" value="<?php echo esc_html($session_id); ?>"/>
1534
+ </form>
1535
+ <?php } ?>
1536
+ <script>
1537
+ jQuery("#phone").intlTelInput();
1538
+ function mologinback(){
1539
+ jQuery('#mo2f_backto_mo_loginform').submit();
1540
+ }
1541
+ jQuery('#mo2f_inline_back_btn').click(function() {
1542
+ jQuery('#mo2f_goto_two_factor_form').submit();
1543
+ });
1544
+ jQuery('a[href="#resendsmslink"]').click(function(e) {
1545
+ jQuery('#mo2fa_inline_resend_otp_form').submit();
1546
+ });
1547
+ </script>
1548
+ </body>
1549
+
1550
+ </html>
1551
+ <?php
1552
  }
controllers/twofa/setup_twofa.php CHANGED
@@ -11,7 +11,7 @@
11
  else
12
  $email_registered = 0;
13
 
14
- $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), $_SERVER['REQUEST_URI']);
15
 
16
  if(current_user_can( 'manage_options' ) && isset($_POST['option']))
17
  {
11
  else
12
  $email_registered = 0;
13
 
14
+ $upgrade_url = add_query_arg(array('page' => 'mo_2fa_upgrade' ), sanitize_url($_SERVER['REQUEST_URI']));
15
 
16
  if(current_user_can( 'manage_options' ) && isset($_POST['option']))
17
  {
controllers/twofa/two_fa_unlimittedUser_ajax.php CHANGED
@@ -31,7 +31,7 @@ function wpns_handle_save()
31
  foreach($wp_roles->role_names as $id => $name) {
32
  update_option('mo2fa_'.$id, 0);
33
  }
34
- $enabledrole = $_POST['enabledrole'];
35
  foreach($enabledrole as $role){
36
  update_option($role, 1);
37
  }
31
  foreach($wp_roles->role_names as $id => $name) {
32
  update_option('mo2fa_'.$id, 0);
33
  }
34
+ $enabledrole = sanitize_text_field($_POST['enabledrole']);
35
  foreach($enabledrole as $role){
36
  update_option($role, 1);
37
  }
controllers/twofa/two_factor_ajax.php CHANGED
@@ -275,7 +275,7 @@ class mo_2f_ajax
275
  $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
276
  include_once $path;
277
  $obj_google_auth = new Google_auth_onpremise();
278
- update_option('mo2f_google_appname',$_SERVER['SERVER_NAME']);
279
  $res = $obj_google_auth->mo_GAuth_get_details(true);
280
  return $res;
281
  }
@@ -510,7 +510,7 @@ class mo_2f_ajax
510
  global $moWpnsUtility, $Mo2fdbQueries;
511
  $user = wp_get_current_user();
512
  $email = sanitize_email($post['email']);
513
- $company = $_SERVER["SERVER_NAME"];
514
 
515
  $password = $post['password'];
516
  $confirmPassword = $post['confirmPassword'];
@@ -812,10 +812,10 @@ class mo_2f_ajax
812
  isset($_POST['customForm']) and
813
  isset($_POST['form_selector']) and
814
 
815
- $_POST['submit_selector']!="" and
816
- $_POST['email_selector']!="" and
817
- $_POST['customForm']!="" and
818
- $_POST['form_selector']!="")
819
  {
820
  $submit_selector = sanitize_text_field($_POST['submit_selector']);
821
  $form_selector = sanitize_text_field($_POST['form_selector']);
@@ -1082,13 +1082,13 @@ function mo2f_shift_to_onprem(){
1082
  foreach($wp_roles->role_names as $id => $name) {
1083
  update_option('mo2fa_'.$id, 0);
1084
  }
1085
-
1086
  if(isset($_POST['enabledrole'])){
1087
- $enabledrole = $_POST['enabledrole'];
1088
  }
1089
  else{
1090
  $enabledrole = array();
1091
  }
 
1092
  foreach($enabledrole as $role){
1093
  update_option($role, 1);
1094
  }
@@ -1136,7 +1136,7 @@ function mo2f_shift_to_onprem(){
1136
  }
1137
  else
1138
  {
1139
- if($_POST['enableOnPremise'] == 'on')
1140
  {
1141
  global $wp_roles;
1142
  if (!isset($wp_roles))
@@ -1269,7 +1269,7 @@ function mo2f_save_email_verification()
1269
  $txid = sanitize_text_field($_POST['txid']);
1270
  $status = get_site_option($txid);
1271
  if($status ==1 || $status ==0)
1272
- delete_site_option($_POST['txid']);
1273
  echo esc_html($status);
1274
  exit();
1275
  }
275
  $path = dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'gaonprem.php';
276
  include_once $path;
277
  $obj_google_auth = new Google_auth_onpremise();
278
+ update_option('mo2f_google_appname',sanitize_text_field($_SERVER['SERVER_NAME']));
279
  $res = $obj_google_auth->mo_GAuth_get_details(true);
280
  return $res;
281
  }
510
  global $moWpnsUtility, $Mo2fdbQueries;
511
  $user = wp_get_current_user();
512
  $email = sanitize_email($post['email']);
513
+ $company = sanitize_text_field($_SERVER["SERVER_NAME"]);
514
 
515
  $password = $post['password'];
516
  $confirmPassword = $post['confirmPassword'];
812
  isset($_POST['customForm']) and
813
  isset($_POST['form_selector']) and
814
 
815
+ sanitize_text_field($_POST['submit_selector'])!="" and
816
+ sanitize_text_field($_POST['email_selector'])!="" and
817
+ sanitize_text_field($_POST['customForm'])!="" and
818
+ sanitize_text_field($_POST['form_selector'])!="")
819
  {
820
  $submit_selector = sanitize_text_field($_POST['submit_selector']);
821
  $form_selector = sanitize_text_field($_POST['form_selector']);
1082
  foreach($wp_roles->role_names as $id => $name) {
1083
  update_option('mo2fa_'.$id, 0);
1084
  }
 
1085
  if(isset($_POST['enabledrole'])){
1086
+ $enabledrole = wp_unslash($_POST['enabledrole']);
1087
  }
1088
  else{
1089
  $enabledrole = array();
1090
  }
1091
+
1092
  foreach($enabledrole as $role){
1093
  update_option($role, 1);
1094
  }
1136
  }
1137
  else
1138
  {
1139
+ if(sanitize_text_field($_POST['enableOnPremise']) == 'on')
1140
  {
1141
  global $wp_roles;
1142
  if (!isset($wp_roles))
1269
  $txid = sanitize_text_field($_POST['txid']);
1270
  $status = get_site_option($txid);
1271
  if($status ==1 || $status ==0)
1272
+ delete_site_option($txid);
1273
  echo esc_html($status);
1274
  exit();
1275
  }
controllers/wpns-loginsecurity-ajax.php CHANGED
@@ -180,11 +180,13 @@ class wpns_ajax
180
 
181
  function waf_settings_mail_form_notify()
182
  {
 
183
  $nonce = sanitize_text_field($_POST['nonce']);
184
  if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
185
  wp_send_json('ERROR');
186
  return;
187
  }
 
188
  if(isset($_POST['S_mail']))
189
  {
190
  $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
@@ -192,6 +194,7 @@ class wpns_ajax
192
  wp_send_json('true');
193
  }
194
  else{
 
195
  wp_send_json('false');
196
 
197
  }
@@ -203,13 +206,18 @@ class wpns_ajax
203
  wp_send_json('ERROR');
204
  return;
205
  }
206
- $mo2f_mail_noyifying_IP = sanitize_email($_POST['Smail']);
 
 
 
 
207
  update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
208
- if($mo2f_mail_noyifying_IP == "on"){
209
  wp_send_json('true');
210
- }
211
- else if($mo2f_mail_noyifying_IP == ""){
 
212
  wp_send_json('false');
 
213
  }
214
  }
215
  function wpns_all_plans()
@@ -305,7 +313,7 @@ class wpns_ajax
305
  {
306
 
307
 
308
- $ip = $_POST['IP'];
309
  if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
310
  {
311
  echo("INVALID_IP_FORMAT");
@@ -472,7 +480,7 @@ class wpns_ajax
472
  exit;
473
  }
474
 
475
- if($_POST['Requests']!='')
476
  {
477
  if(is_numeric($_POST['Requests']))
478
  {
@@ -575,7 +583,7 @@ class wpns_ajax
575
  $data = $file;
576
  }
577
 
578
- if($_POST['actionOnLimitE']=='BlockIP' || $_POST['actionOnLimitE'] == 1)
579
  {
580
  update_option('actionRateL',1);
581
 
@@ -607,7 +615,7 @@ class wpns_ajax
607
  $file = $data;
608
  }
609
  }
610
- else if($_POST['actionOnLimitE']=='ThrottleIP' || $_POST['actionOnLimitE'] == 0)
611
  {
612
 
613
  $file = $data;
@@ -657,7 +665,7 @@ class wpns_ajax
657
  {
658
  if(isset($_POST['pluginWAF']))
659
  {
660
- if($_POST['pluginWAF']=='on')
661
  {
662
  update_option('WAF','PluginLevel');
663
  update_option('WAFEnabled','1');
@@ -680,7 +688,7 @@ class wpns_ajax
680
  }
681
  if(isset($_POST['htaccessWAF']))
682
  {
683
- if($_POST['htaccessWAF']=='on')
684
  {
685
  update_option('WAF','HtaccessLevel');
686
  update_option('WAFEnabled','1');
@@ -743,7 +751,7 @@ class wpns_ajax
743
  update_option('WAF','wafDisable');
744
  if(isset($_POST['pluginWAF']))
745
  {
746
- if($_POST['pluginWAF'] == 'on')
747
  {
748
  update_option('WAFEnabled',1);
749
  update_option('WAF','PluginLevel');
@@ -787,7 +795,7 @@ class wpns_ajax
787
  {
788
  if(isset($_POST['SQL']))
789
  {
790
- if($_POST['SQL']=='on')
791
  {
792
  update_option('SQLInjection',1);
793
  $dir_name = dirname(__FILE__);
@@ -852,7 +860,7 @@ class wpns_ajax
852
  {
853
  if(isset($_POST['RCE']))
854
  {
855
- if($_POST['RCE']=='on')
856
  {
857
  update_option('RCEAttack',1);
858
 
@@ -916,7 +924,7 @@ class wpns_ajax
916
  {
917
  if(isset($_POST['XSS']))
918
  {
919
- if($_POST['XSS']=='on')
920
  {
921
  update_option('XSSAttack',1);
922
  $dir_name = dirname(__FILE__);
@@ -977,7 +985,7 @@ class wpns_ajax
977
  {
978
  if(isset($_POST['LFI']))
979
  {
980
- if($_POST['LFI']=='on')
981
  {
982
  update_option('LFIAttack',1);
983
  $dir_name = dirname(__FILE__);
@@ -1040,7 +1048,7 @@ class wpns_ajax
1040
  {
1041
  if(isset($_POST['RFI']))
1042
  {
1043
- if($_POST['RFI']=='on')
1044
  {
1045
  update_option('RFIAttack',1);
1046
  $dir_name = dirname(__FILE__);
@@ -1100,7 +1108,7 @@ class wpns_ajax
1100
  private function saveRateL()
1101
  {
1102
 
1103
- if($_POST['time']!='' && $_POST['req']!='')
1104
  {
1105
  if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1106
  {
@@ -1174,7 +1182,7 @@ class wpns_ajax
1174
 
1175
 
1176
 
1177
- if($_POST['action']=='BlockIP')
1178
  {
1179
  update_option('actionRateL',1);
1180
 
@@ -1206,7 +1214,7 @@ class wpns_ajax
1206
  $file = $data;
1207
  }
1208
  }
1209
- elseif($_POST['action']=='ThrottleIP')
1210
  {
1211
  $file = $data;
1212
  update_option('actionRateL',0);
@@ -1275,7 +1283,7 @@ class wpns_ajax
1275
  {
1276
  if(isset($_POST['htaccessWAF']))
1277
  {
1278
- if($_POST['htaccessWAF']=='on')
1279
  {
1280
  $dir_name = dirname(__FILE__);
1281
  $dirN = $dir_name;
@@ -1388,7 +1396,7 @@ class wpns_ajax
1388
  }
1389
 
1390
  function wpns_strong_password_settings(){
1391
- $nonce = $_POST['nonce'];
1392
  if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1393
  wp_send_json('ERROR');
1394
  return;
180
 
181
  function waf_settings_mail_form_notify()
182
  {
183
+
184
  $nonce = sanitize_text_field($_POST['nonce']);
185
  if ( ! wp_verify_nonce( $nonce, 'WAFsettingNonce' ) ){
186
  wp_send_json('ERROR');
187
  return;
188
  }
189
+ $mo2f_all_mail_noyifying = '';
190
  if(isset($_POST['S_mail']))
191
  {
192
  $mo2f_all_mail_noyifying = sanitize_text_field(($_POST['S_mail']));
194
  wp_send_json('true');
195
  }
196
  else{
197
+ update_site_option('mo2f_mail_notify_new_release', $mo2f_all_mail_noyifying);
198
  wp_send_json('false');
199
 
200
  }
206
  wp_send_json('ERROR');
207
  return;
208
  }
209
+
210
+ $mo2f_mail_noyifying_IP = '';
211
+ if(isset($_POST['Smail']))
212
+ {
213
+ $mo2f_mail_noyifying_IP = sanitize_text_field(($_POST['Smail']));
214
  update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
 
215
  wp_send_json('true');
216
+ }
217
+ else{
218
+ update_site_option('mo2f_mail_notify', $mo2f_mail_noyifying_IP);
219
  wp_send_json('false');
220
+
221
  }
222
  }
223
  function wpns_all_plans()
313
  {
314
 
315
 
316
+ $ip = sanitize_text_field($_POST['IP']);
317
  if(!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/',$ip))
318
  {
319
  echo("INVALID_IP_FORMAT");
480
  exit;
481
  }
482
 
483
+ if(sanitize_text_field($_POST['Requests'])!='')
484
  {
485
  if(is_numeric($_POST['Requests']))
486
  {
583
  $data = $file;
584
  }
585
 
586
+ if(sanitize_text_field($_POST['actionOnLimitE'])=='BlockIP' || sanitize_text_field($_POST['actionOnLimitE']) == 1)
587
  {
588
  update_option('actionRateL',1);
589
 
615
  $file = $data;
616
  }
617
  }
618
+ else if(sanitize_text_field($_POST['actionOnLimitE'])=='ThrottleIP' || sanitize_text_field($_POST['actionOnLimitE']) == 0)
619
  {
620
 
621
  $file = $data;
665
  {
666
  if(isset($_POST['pluginWAF']))
667
  {
668
+ if(sanitize_text_field($_POST['pluginWAF'])=='on')
669
  {
670
  update_option('WAF','PluginLevel');
671
  update_option('WAFEnabled','1');
688
  }
689
  if(isset($_POST['htaccessWAF']))
690
  {
691
+ if(sanitize_text_field($_POST['htaccessWAF'])=='on')
692
  {
693
  update_option('WAF','HtaccessLevel');
694
  update_option('WAFEnabled','1');
751
  update_option('WAF','wafDisable');
752
  if(isset($_POST['pluginWAF']))
753
  {
754
+ if(sanitize_text_field($_POST['pluginWAF']) == 'on')
755
  {
756
  update_option('WAFEnabled',1);
757
  update_option('WAF','PluginLevel');
795
  {
796
  if(isset($_POST['SQL']))
797
  {
798
+ if(sanitize_text_field($_POST['SQL'])=='on')
799
  {
800
  update_option('SQLInjection',1);
801
  $dir_name = dirname(__FILE__);
860
  {
861
  if(isset($_POST['RCE']))
862
  {
863
+ if(sanitize_text_field($_POST['RCE'])=='on')
864
  {
865
  update_option('RCEAttack',1);
866
 
924
  {
925
  if(isset($_POST['XSS']))
926
  {
927
+ if(sanitize_text_field($_POST['XSS'])=='on')
928
  {
929
  update_option('XSSAttack',1);
930
  $dir_name = dirname(__FILE__);
985
  {
986
  if(isset($_POST['LFI']))
987
  {
988
+ if(sanitize_text_field($_POST['LFI'])=='on')
989
  {
990
  update_option('LFIAttack',1);
991
  $dir_name = dirname(__FILE__);
1048
  {
1049
  if(isset($_POST['RFI']))
1050
  {
1051
+ if(sanitize_text_field($_POST['RFI'])=='on')
1052
  {
1053
  update_option('RFIAttack',1);
1054
  $dir_name = dirname(__FILE__);
1108
  private function saveRateL()
1109
  {
1110
 
1111
+ if(sanitize_text_field($_POST['time'])!='' && sanitize_text_field($_POST['req'])!='')
1112
  {
1113
  if(is_numeric($_POST['time']) && is_numeric($_POST['req']))
1114
  {
1182
 
1183
 
1184
 
1185
+ if(sanitize_text_field($_POST['action'])=='BlockIP')
1186
  {
1187
  update_option('actionRateL',1);
1188
 
1214
  $file = $data;
1215
  }
1216
  }
1217
+ elseif(sanitize_text_field($_POST['action'])=='ThrottleIP')
1218
  {
1219
  $file = $data;
1220
  update_option('actionRateL',0);
1283
  {
1284
  if(isset($_POST['htaccessWAF']))
1285
  {
1286
+ if(sanitize_text_field($_POST['htaccessWAF'])=='on')
1287
  {
1288
  $dir_name = dirname(__FILE__);
1289
  $dirN = $dir_name;
1396
  }
1397
 
1398
  function wpns_strong_password_settings(){
1399
+ $nonce = sanitize_text_field($_POST['nonce']);
1400
  if ( ! wp_verify_nonce( $nonce, 'wpns-strn-pass' ) ){
1401
  wp_send_json('ERROR');
1402
  return;
handler/WAF/mo-waf-plugin.php CHANGED
@@ -36,7 +36,7 @@
36
  {
37
  if(!is_crawler())
38
  {
39
- mo_wpns_applyRateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
  }
41
  }
42
  if(isset($RateLimitingCrawler))
@@ -139,7 +139,7 @@
139
  }
140
  }
141
 
142
- function mo_wpns_applyRateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
  {
144
  global $wpdb,$mowpnshandle;
145
  $rate = mo_wpns_CheckRate($ipaddress);
@@ -170,7 +170,7 @@
170
  include($filename);
171
  }
172
  global $wpdb,$mowpnshandle;
173
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?$_SERVER['HTTP_USER_AGENT']:'';
174
  if(isset($RateLimitingCrawler))
175
  {
176
  if($RateLimitingCrawler=='1')
@@ -184,7 +184,7 @@
184
  $action = $actionRateLCrawler;
185
  $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
  $current_time = time();
187
- if($current_time>$lastAttack && $_SERVER['HTTP_USER_AGENT']!='')
188
  {
189
  mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
  }
36
  {
37
  if(!is_crawler())
38
  {
39
+ mo_wpns_apply_RateLimiting($RequestsPMin,$actionRateL,$ipaddress,$errorPage);
40
  }
41
  }
42
  if(isset($RateLimitingCrawler))
139
  }
140
  }
141
 
142
+ function mo_wpns_apply_RateLimiting($reqLimit,$action,$ipaddress,$errorPage)
143
  {
144
  global $wpdb,$mowpnshandle;
145
  $rate = mo_wpns_CheckRate($ipaddress);
170
  include($filename);
171
  }
172
  global $wpdb,$mowpnshandle;
173
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
174
  if(isset($RateLimitingCrawler))
175
  {
176
  if($RateLimitingCrawler=='1')
184
  $action = $actionRateLCrawler;
185
  $lastAttack = mo_wpns_getRLEattack($ipaddress)+60;
186
  $current_time = time();
187
+ if($current_time>$lastAttack && sanitize_text_field($_SERVER['HTTP_USER_AGENT'])!='')
188
  {
189
  mo_wpns_log_attack($ipaddress,'RLECrawler',$USER_AGENT);
190
  }
handler/WAF/mo-waf-real-time.php CHANGED
@@ -21,7 +21,7 @@ function add_to_blacklist($ipaddress,$domain)
21
  'timeout' => 10,
22
  'sslverify' => false,
23
  'headers' => array(),
24
- 'body' => $postdata,
25
  );
26
 
27
  $mo2f_api=new Mo2f_Api();
21
  'timeout' => 10,
22
  'sslverify' => false,
23
  'headers' => array(),
24
+ 'body' => $postData,
25
  );
26
 
27
  $mo2f_api=new Mo2f_Api();
handler/WAF/mo-waf.php CHANGED
@@ -168,7 +168,7 @@
168
  include($filename);
169
  }
170
  global $dbcon,$prefix;
171
- $USER_AGENT = $_SERVER['HTTP_USER_AGENT'];
172
  if(isset($RateLimitingCrawler))
173
  {
174
  if(isset($RateLimitingCrawler) && $RateLimitingCrawler=='1')
168
  include($filename);
169
  }
170
  global $dbcon,$prefix;
171
+ $USER_AGENT = sanitize_text_field($_SERVER['HTTP_USER_AGENT']);
172
  if(isset($RateLimitingCrawler))
173
  {
174
  if(isset($RateLimitingCrawler) && $RateLimitingCrawler=='1')
handler/WAF/waf-include.php CHANGED
@@ -31,20 +31,20 @@
31
  {
32
  $ipaddress = '';
33
  if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
34
- $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
35
  elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
36
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
37
  elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
38
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
39
  elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
40
  {
41
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
42
  $ipaddress = explode(",", $ipaddress)[0];
43
  }
44
  elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
45
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
46
  elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
47
- $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
48
  else
49
  $ipaddress = 'UNKNOWN';
50
 
@@ -52,7 +52,7 @@
52
  }
53
  function is_crawler()
54
  {
55
- $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])? sanitize_text_field($_SERVER['HTTP_USER_AGENT']):'';
56
  $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
57
  foreach ($Botsign as $key => $value)
58
  {
@@ -78,23 +78,6 @@
78
  }
79
  function is_fake($crawler,$USER_AGENT,$ipaddress)
80
  {
81
- // $hostName = gethostbyaddr($ipaddress);
82
- // $hostIP = gethostbyname($hostName);
83
- // if(is_numeric(get_option('mo_wpns_iprange_count')))
84
- // $range_count = intval(get_option('mo_wpns_iprange_count'));
85
- // for($i = 1 ; $i <= $range_count ; $i++){
86
- // $blockedrange = get_option('mo_wpns_iprange_range_'.$i);
87
- // $rangearray = explode("-",$blockedrange);
88
- // if(sizeof($rangearray)==2){
89
- // $lowip = ip2long(trim($rangearray[0]));
90
- // $highip = ip2long(trim($rangearray[1]));
91
- // if(ip2long($userIp)>=$lowip && ip2long($userIp)<=$highip){
92
- // $mo_wpns_config = new MoWpnsHandler();
93
- // $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::IP_RANGE_BLOCKING, true);
94
- // return true;
95
- // }
96
- // }
97
- // }
98
- // return false;
99
  }
100
  ?>
31
  {
32
  $ipaddress = '';
33
  if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
34
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_CLIENT_IP']);
35
  elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
36
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_X_FORWARDED_FOR']);
37
  elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
38
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_X_FORWARDED']);
39
  elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
40
  {
41
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_FORWARDED_FOR']);
42
  $ipaddress = explode(",", $ipaddress)[0];
43
  }
44
  elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
45
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_FORWARDED']);
46
  elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
47
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['REMOTE_ADDR']);
48
  else
49
  $ipaddress = 'UNKNOWN';
50
 
52
  }
53
  function is_crawler()
54
  {
55
+ $USER_AGENT = isset($_SERVER['HTTP_USER_AGENT'])?filter_input(INPUT_SERVER,$_SERVER['HTTP_USER_AGENT']):'';
56
  $Botsign = array('bot','apache','crawler','elinks','http', 'java', 'spider','link','fetcher','scanner','grabber','collector','capture','seo','.com');
57
  foreach ($Botsign as $key => $value)
58
  {
78
  }
79
  function is_fake($crawler,$USER_AGENT,$ipaddress)
80
  {
81
+
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
82
  }
83
  ?>
handler/ajax.php CHANGED
@@ -13,10 +13,10 @@ class AjaxHandler
13
 
14
  if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
  {
16
- switch($_REQUEST['option'])
17
  {
18
  case "iplookup":
19
- $this->lookupIP($_GET['ip']); break;
20
 
21
  case "dissmissSMTP":
22
  $this->handle_smtp(); break;
13
 
14
  if (current_user_can( 'manage_options' ) && isset( $_REQUEST['option'] ))
15
  {
16
+ switch(sanitize_text_field($_REQUEST['option']))
17
  {
18
  case "iplookup":
19
+ $this->lookupIP(sanitize_text_field($_GET['ip'])); break;
20
 
21
  case "dissmissSMTP":
22
  $this->handle_smtp(); break;
handler/feedback_form.php CHANGED
@@ -95,7 +95,7 @@ class FeedbackHandler
95
  $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
  else
97
  $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
- $email = isset($_POST['query_mail'])? $_POST['query_mail']: '';
99
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
  $email = get_option('mo2f_email');
101
  if (empty($email))
95
  $message .= MoWpnsUtility::mo_2fa_send_configuration();
96
  else
97
  $message .= MoWpnsUtility::mo_2fa_send_configuration(true);
98
+ $email = isset($_POST['query_mail'])? sanitize_email($_POST['query_mail']): '';
99
  if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
100
  $email = get_option('mo2f_email');
101
  if (empty($email))
handler/login.php CHANGED
@@ -1,412 +1,412 @@
1
- <?php
2
- class LoginHandler
3
- {
4
- function __construct()
5
- {
6
- add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
- if(get_site_option('mo2f_restrict_restAPI')){
8
- add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
- }
10
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
- || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
- {
13
-
14
- remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
- add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
- }
17
-
18
- add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
- add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
- //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
- //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
-
23
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
- add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
- }
26
- }
27
-
28
- function mo_block_restAPI(){
29
- global $moWpnsUtility,$mo2f_dirName;
30
- if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
- include_once("mo-block.html");
32
- exit;
33
- }
34
- }
35
-
36
- function mo_wpns_init()
37
- {
38
- add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
- add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
- add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
- add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
- global $moWpnsUtility,$mo2f_dirName;
43
- $WAFEnabled = get_option('WAFEnabled');
44
- $WAFLevel = get_option('WAF');
45
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
- if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
- add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
- $mo2f_scanner_parts = new mo2f_scanner_parts();
49
- $mo2f_scanner_parts->file_cron_scan();
50
-
51
- if($WAFEnabled == 1)
52
- {
53
- if($WAFLevel == 'PluginLevel')
54
- {
55
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
- }
58
- }
59
-
60
-
61
- $userIp = $moWpnsUtility->get_client_ip();
62
- $userIp = sanitize_text_field( $userIp );
63
- $mo_wpns_config = new MoWpnsHandler();
64
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
65
- $isIpBlocked = false;
66
- if(!$isWhitelisted){
67
- $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
68
- }
69
- if($isIpBlocked){
70
- include_once("mo-block.html");
71
- exit;
72
- }
73
-
74
- $requested_uri = sanitize_text_field($_SERVER["REQUEST_URI"]);
75
- $option = false;
76
- if (is_user_logged_in()) { //chr?
77
- if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
- wp_safe_redirect(site_url());
79
- exit;
80
- }
81
- } else {
82
- $option = get_option('mo_wpns_enable_rename_login_url');
83
- }
84
- if ($option) {
85
- if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
- wp_safe_redirect($requested_uri);
88
- exit;
89
- } elseif (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
- $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
- wp_safe_redirect($requested_uri);
92
- exit;
93
- }
94
-
95
- if (strpos($requested_uri, '/wp-login.php') !== false) {
96
- wp_safe_redirect(site_url());
97
- exit;
98
- }
99
- elseif (strpos($requested_uri, get_option('login_page_url')) !== false ) {
100
- @require_once ABSPATH . 'wp-login.php';
101
- die;
102
- }
103
- }
104
-
105
- if(isset($_POST['option']))
106
- {
107
- switch(sanitize_text_field(wp_unslash($_POST['option'])))
108
- {
109
- case "mo_wpns_change_password":
110
- $this->handle_change_password(sanitize_user($_POST['username'])
111
- ,sanitize_text_field($_POST['new_password']), sanitize_text_field($_POST['confirm_password']));
112
- break;
113
- }
114
- }
115
-
116
- }
117
- function twofa_on_user_profile( $user ) {
118
- global $mo2f_dirName;
119
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
120
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
121
- }
122
- }
123
- function user_two_factor_options_update( $user ) {
124
- global $mo2f_dirName;
125
- if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
126
- include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
127
- }
128
- }
129
-
130
- function mo2f_IP_email_send()
131
- {
132
- global $moWpnsUtility, $Mo2fdbQueries;
133
- $userIp = $moWpnsUtility->get_client_ip();
134
- $userIp = sanitize_text_field( $userIp );
135
- $user = wp_get_current_user();
136
- $user_id = $user->ID;
137
- $meta_key = 'mo2f_user_IP';
138
- add_user_meta($user->ID, $meta_key,$userIp);
139
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID);
140
- if (empty($email)) {
141
- $email = $user->user_email;
142
- }
143
- if(get_user_meta($user->ID,$meta_key))
144
- {
145
- $check_Ip = get_user_meta($user->ID,$meta_key)[0];
146
-
147
- if ($check_Ip != $userIp)
148
- {
149
- $subject ="Alert: New IP Detected";
150
- $message = mo_IP_template();
151
- $headers=array('Content-Type: text/html; charset=UTF-8');
152
- if(is_email($email))
153
- {
154
- wp_mail( $email,$subject,$message,$headers);
155
- }
156
- }
157
- }
158
- }
159
-
160
- function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
161
-
162
- if (empty($_POST['g-recaptcha-response'])) {
163
- $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
164
- }
165
- }
166
-
167
- //Function to Handle Change Password Form
168
- function handle_change_password($username,$newpassword,$confirmpassword)
169
- {
170
- global $mo2f_dirName;
171
- $user = get_user_by("login",$username);
172
- $error = wp_authenticate_username_password($user,$username,$newpassword);
173
-
174
- if(is_wp_error($error))
175
- {
176
- $this->mo_wpns_login_failed($username);
177
- return $error;
178
- }
179
-
180
- if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
181
- {
182
- wp_set_auth_cookie($user->ID,false,false);
183
- $this->mo_wpns_login_success($username);
184
- wp_redirect(get_site_option('siteurl'),301);
185
- }
186
- }
187
-
188
-
189
- //Function to Update User password
190
- function update_strong_password($username,$newpassword,$confirmpassword)
191
- {
192
- global $mo2f_dirName;
193
-
194
- if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
195
- && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
196
- {
197
- $user = get_user_by("login",$username);
198
- wp_set_password($newpassword,$user->ID);
199
- return "success";
200
- }
201
- else
202
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
203
- }
204
-
205
-
206
- //Our custom logic for user authentication
207
- function custom_authenticate($user, $username, $password)
208
- {
209
- global $moWpnsUtility;
210
- $error = new WP_Error();
211
-
212
- if(empty($username) && empty ($password))
213
- return $error;
214
-
215
- if(empty($username)) {
216
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
217
- }
218
- if(empty($password)) {
219
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
220
- }
221
-
222
- $user = wp_authenticate_username_password( $user, $username, $password );
223
-
224
- if ( is_wp_error( $user ) ) {
225
- $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
226
- return $user;
227
- }
228
- if(empty($error->errors))
229
- {
230
- $user = get_user_by("login",$username);
231
-
232
- if($user)
233
- {
234
- $moCURL=new MocURL;
235
- if(get_option('mo_wpns_activate_recaptcha_for_login'))
236
- {
237
- $captcha_version=get_option('mo_wpns_recaptcha_version');
238
- if($captcha_version=='reCAPTCHA_v3')
239
- $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
240
- else if($captcha_version=='reCAPTCHA_v2')
241
- $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
242
-
243
- }
244
- }
245
-
246
- if(!empty($recaptchaError->errors))
247
- $error = $recaptchaError;
248
- if(empty($error->errors)){
249
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
250
- {
251
- $this->mo_wpns_login_success($username);
252
- }
253
- return $user;
254
- }
255
- }
256
- else
257
- $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
258
- return $error;
259
-
260
- }
261
-
262
-
263
-
264
-
265
- //Function to check user password
266
- function check_password($user,$error,$password)
267
- {
268
- global $moWpnsUtility, $mo2f_dirName;
269
- if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
270
- {
271
- if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
272
- {
273
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
274
- $this->mo_wpns_login_success($user->data->user_login);
275
- return $user;
276
- }
277
- else
278
- include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
279
- }
280
- else
281
- $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
282
-
283
- return $error;
284
- }
285
-
286
-
287
- //Function to handle successful user login
288
- function mo_wpns_login_success($username)
289
- {
290
- global $moWpnsUtility;
291
- if(get_site_option('mo2f_mail_notify') == 'on')
292
- {
293
- $this->mo2f_IP_email_send();
294
- }
295
-
296
- $mo_wpns_config = new MoWpnsHandler();
297
- $userIp = $moWpnsUtility->get_client_ip();
298
- $userIp = sanitize_text_field( $userIp );
299
- $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
300
-
301
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
302
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
303
-
304
-
305
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
306
-
307
- if(isset($_POST['log']) && isset($_POST['pwd'])){
308
- $username = sanitize_text_field($_POST['log']);
309
- $pass = $_POST['pwd'];
310
- $user = get_user_by('login',$username);
311
-
312
- if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
313
- if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
314
- if(!get_user_meta($user->ID,'password_strong?')){
315
- update_user_meta($user->ID,'password_strong?', true);
316
- $count = get_site_option('users_with_weak_pass');
317
- $count = $count + 1;
318
- update_site_option('users_with_weak_pass', $count);
319
- }
320
- }
321
- else{
322
- if(get_user_meta($user->ID,'password_strong?')){
323
- $count = get_site_option('users_with_weak_pass');
324
- $count = $count - 1;
325
- update_site_option('users_with_weak_pass', $count);
326
- }
327
- delete_user_meta($user->ID,'password_strong?');
328
- }
329
-
330
-
331
- }
332
-
333
- }
334
- }
335
-
336
-
337
- //Function to handle failed user login attempt
338
- function mo_wpns_login_failed($username)
339
- {
340
- global $moWpnsUtility;
341
- $userIp = $moWpnsUtility->get_client_ip();
342
- $userIp = sanitize_text_field( $userIp );
343
- if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
344
- return;
345
-
346
- $mo_wpns_config = new MoWpnsHandler();
347
- $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
348
-
349
- $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
350
-
351
- if(!$isWhitelisted)
352
- {
353
-
354
-
355
- if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
356
- $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
357
-
358
- $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
359
- $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
360
-
361
- if($allowedLoginAttepts - $failedAttempts<=0)
362
- $this->handle_login_attempt_exceeded($userIp);
363
- else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
364
- $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
365
- }
366
-
367
- }
368
-
369
-
370
-
371
-
372
-
373
- //Function to show number of attempts remaining
374
- function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
375
- {
376
- global $error;
377
- $diff = $allowedLoginAttepts - $failedAttempts;
378
- $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
379
- }
380
-
381
-
382
- //Function to handle login limit exceeded
383
- function handle_login_attempt_exceeded($userIp)
384
- {
385
- global $moWpnsUtility, $mo2f_dirName;
386
- $mo_wpns_config = new MoWpnsHandler();
387
- $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
388
- include_once("mo-block.html");
389
- exit;
390
-
391
- }
392
-
393
- function setup_registration_closed($user){
394
- global $Mo2fdbQueries;
395
- if ( isset( $_POST['option'] ) and $_POST['option'] == 'mo2f_registration_closed' ) {
396
- $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
397
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
398
- $error = new WP_Error();
399
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
400
- return $error;
401
- } else {
402
- if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
403
- //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
404
- delete_user_meta( $user->ID, 'register_account_popup' );
405
-
406
- }
407
- }
408
- }
409
- }
410
-
411
- }
412
- new LoginHandler;
1
+ <?php
2
+ class LoginHandler
3
+ {
4
+ function __construct()
5
+ {
6
+ add_action( 'init' , array( $this, 'mo_wpns_init' ) );
7
+ if(get_site_option('mo2f_restrict_restAPI')){
8
+ add_action('rest_api_init' , array($this , 'mo_block_restAPI' ) );
9
+ }
10
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option') || get_option('mo_wpns_activate_recaptcha_for_login')
11
+ || get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
12
+ {
13
+
14
+ remove_filter('authenticate' , 'wp_authenticate_username_password' ,20 );
15
+ add_filter ('authenticate' , array( $this, 'custom_authenticate' ) ,1, 3 );
16
+ }
17
+
18
+ add_action('wp_login' , array( $this, 'mo_wpns_login_success' ) );
19
+ add_action('wp_login_failed' , array( $this, 'mo_wpns_login_failed' ) );
20
+ //add_action('auth_cookie_bad_username', array( $this, 'mo_wpns_login_failed' ) );
21
+ //add_action('auth_cookie_bad_hash' , array( $this, 'mo_wpns_login_failed' ) );
22
+
23
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration') ){
24
+ add_action( 'woocommerce_register_post', array( $this,'wooc_validate_user_captcha_register'), 1, 3);
25
+ }
26
+ }
27
+
28
+ function mo_block_restAPI(){
29
+ global $moWpnsUtility,$mo2f_dirName;
30
+ if(strpos($_SERVER['REQUEST_URI'], '/wp-json/wp/v2/users')){
31
+ include_once("mo-block.html");
32
+ exit;
33
+ }
34
+ }
35
+
36
+ function mo_wpns_init()
37
+ {
38
+ add_action( 'show_user_profile', array($this,'twofa_on_user_profile') ,10,3);
39
+ add_action( 'edit_user_profile', array($this,'twofa_on_user_profile') ,10,3);
40
+ add_action( 'personal_options_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
41
+ add_action( 'edit_user_profile_update', array( $this, 'user_two_factor_options_update' ) ,10,3);
42
+ global $moWpnsUtility,$mo2f_dirName;
43
+ $WAFEnabled = get_option('WAFEnabled');
44
+ $WAFLevel = get_option('WAF');
45
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
46
+ if(class_exists('UM_Functions') && get_site_option('mo2f_enable_2fa_prompt_on_login_page'))
47
+ add_action('um_after_login_fields',array($pass2fa_login,'mo2f_ultimate_member_custom_login'));
48
+ $mo2f_scanner_parts = new mo2f_scanner_parts();
49
+ $mo2f_scanner_parts->file_cron_scan();
50
+
51
+ if($WAFEnabled == 1)
52
+ {
53
+ if($WAFLevel == 'PluginLevel')
54
+ {
55
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php'))
56
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'WAF'.DIRECTORY_SEPARATOR.'mo-waf-plugin.php');
57
+ }
58
+ }
59
+
60
+
61
+ $userIp = $moWpnsUtility->get_client_ip();
62
+ $userIp = sanitize_text_field( $userIp );
63
+ $mo_wpns_config = new MoWpnsHandler();
64
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
65
+ $isIpBlocked = false;
66
+ if(!$isWhitelisted){
67
+ $isIpBlocked = $mo_wpns_config->is_ip_blocked_in_anyway($userIp);
68
+ }
69
+ if($isIpBlocked){
70
+ include_once("mo-block.html");
71
+ exit;
72
+ }
73
+
74
+ $requested_uri = sanitize_text_field($_SERVER["REQUEST_URI"]);
75
+ $option = false;
76
+ if (is_user_logged_in()) { //chr?
77
+ if (strpos($requested_uri, chr(get_option('login_page_url'))) != false) {
78
+ wp_safe_redirect(site_url());
79
+ exit;
80
+ }
81
+ } else {
82
+ $option = get_option('mo_wpns_enable_rename_login_url');
83
+ }
84
+ if ($option) {
85
+ if (strpos($requested_uri, '/wp-login.php?checkemail=confirm') !== false) {
86
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
87
+ wp_safe_redirect($requested_uri);
88
+ exit;
89
+ } elseif (strpos($requested_uri, '/wp-login.php?checkemail=registered') !== false) {
90
+ $requested_uri = str_replace("wp-login.php","",$requested_uri);
91
+ wp_safe_redirect($requested_uri);
92
+ exit;
93
+ }
94
+
95
+ if (strpos($requested_uri, '/wp-login.php') !== false) {
96
+ wp_safe_redirect(site_url());
97
+ exit;
98
+ }
99
+ elseif (strpos($requested_uri, get_option('login_page_url')) !== false ) {
100
+ @require_once ABSPATH . 'wp-login.php';
101
+ die;
102
+ }
103
+ }
104
+
105
+ if(isset($_POST['option']))
106
+ {
107
+ switch(sanitize_text_field(wp_unslash($_POST['option'])))
108
+ {
109
+ case "mo_wpns_change_password":
110
+ $this->handle_change_password(sanitize_user($_POST['username'])
111
+ ,sanitize_text_field($_POST['new_password']), sanitize_text_field($_POST['confirm_password']));
112
+ break;
113
+ }
114
+ }
115
+
116
+ }
117
+ function twofa_on_user_profile( $user ) {
118
+ global $mo2f_dirName;
119
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php')){
120
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa.php');
121
+ }
122
+ }
123
+ function user_two_factor_options_update( $user ) {
124
+ global $mo2f_dirName;
125
+ if(file_exists($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php')){
126
+ include_once($mo2f_dirName .'handler'.DIRECTORY_SEPARATOR.'user-profile-2fa-update.php');
127
+ }
128
+ }
129
+
130
+ function mo2f_IP_email_send()
131
+ {
132
+ global $moWpnsUtility, $Mo2fdbQueries;
133
+ $userIp = $moWpnsUtility->get_client_ip();
134
+ $userIp = sanitize_text_field( $userIp );
135
+ $user = wp_get_current_user();
136
+ $user_id = $user->ID;
137
+ $meta_key = 'mo2f_user_IP';
138
+ add_user_meta($user->ID, $meta_key,$userIp);
139
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID);
140
+ if (empty($email)) {
141
+ $email = $user->user_email;
142
+ }
143
+ if(get_user_meta($user->ID,$meta_key))
144
+ {
145
+ $check_Ip = get_user_meta($user->ID,$meta_key)[0];
146
+
147
+ if ($check_Ip != $userIp)
148
+ {
149
+ $subject ="Alert: New IP Detected";
150
+ $message = mo_IP_template();
151
+ $headers=array('Content-Type: text/html; charset=UTF-8');
152
+ if(is_email($email))
153
+ {
154
+ wp_mail( $email,$subject,$message,$headers);
155
+ }
156
+ }
157
+ }
158
+ }
159
+
160
+ function wooc_validate_user_captcha_register($username, $email, $validation_errors) {
161
+
162
+ if (empty($_POST['g-recaptcha-response'])) {
163
+ $validation_errors->add( 'woocommerce_recaptcha_error', __('Please verify the captcha', 'woocommerce' ) );
164
+ }
165
+ }
166
+
167
+ //Function to Handle Change Password Form
168
+ function handle_change_password($username,$newpassword,$confirmpassword)
169
+ {
170
+ global $mo2f_dirName;
171
+ $user = get_user_by("login",$username);
172
+ $error = wp_authenticate_username_password($user,$username,$newpassword);
173
+
174
+ if(is_wp_error($error))
175
+ {
176
+ $this->mo_wpns_login_failed($username);
177
+ return $error;
178
+ }
179
+
180
+ if($this->update_strong_password($username,$newpassword,$confirmpassword)=="success")
181
+ {
182
+ wp_set_auth_cookie($user->ID,false,false);
183
+ $this->mo_wpns_login_success($username);
184
+ wp_redirect(get_site_option('siteurl'),301);
185
+ }
186
+ }
187
+
188
+
189
+ //Function to Update User password
190
+ function update_strong_password($username,$newpassword,$confirmpassword)
191
+ {
192
+ global $mo2f_dirName;
193
+
194
+ if(strlen($newpassword) > 5 && preg_match("#[0-9]+#", $newpassword) && preg_match("#[a-zA-Z]+#", $newpassword)
195
+ && preg_match('/[^a-zA-Z\d]/', $newpassword) && $newpassword==$confirmpassword)
196
+ {
197
+ $user = get_user_by("login",$username);
198
+ wp_set_password($newpassword,$user->ID);
199
+ return "success";
200
+ }
201
+ else
202
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
203
+ }
204
+
205
+
206
+ //Our custom logic for user authentication
207
+ function custom_authenticate($user, $username, $password)
208
+ {
209
+ global $moWpnsUtility;
210
+ $error = new WP_Error();
211
+
212
+ if(empty($username) && empty ($password))
213
+ return $error;
214
+
215
+ if(empty($username)) {
216
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
217
+ }
218
+ if(empty($password)) {
219
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid username or Password.'));
220
+ }
221
+
222
+ $user = wp_authenticate_username_password( $user, $username, $password );
223
+
224
+ if ( is_wp_error( $user ) ) {
225
+ $error->add('empty_username', __('<strong>ERROR</strong>: Invalid username or Password.'));
226
+ return $user;
227
+ }
228
+ if(empty($error->errors))
229
+ {
230
+ $user = get_user_by("login",$username);
231
+
232
+ if($user)
233
+ {
234
+ $moCURL=new MocURL;
235
+ if(get_option('mo_wpns_activate_recaptcha_for_login'))
236
+ {
237
+ $captcha_version=get_option('mo_wpns_recaptcha_version');
238
+ if($captcha_version=='reCAPTCHA_v3')
239
+ $recaptchaError = $moWpnsUtility->verify_recaptcha_3(sanitize_text_field($_POST['g-recaptcha-response']));
240
+ else if($captcha_version=='reCAPTCHA_v2')
241
+ $recaptchaError = $moWpnsUtility->verify_recaptcha(sanitize_text_field($_POST['g-recaptcha-response']));
242
+
243
+ }
244
+ }
245
+
246
+ if(!empty($recaptchaError->errors))
247
+ $error = $recaptchaError;
248
+ if(empty($error->errors)){
249
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
250
+ {
251
+ $this->mo_wpns_login_success($username);
252
+ }
253
+ return $user;
254
+ }
255
+ }
256
+ else
257
+ $error->add('empty_password', __('<strong>ERROR</strong>: Invalid Username or password.'));
258
+ return $error;
259
+
260
+ }
261
+
262
+
263
+
264
+
265
+ //Function to check user password
266
+ function check_password($user,$error,$password)
267
+ {
268
+ global $moWpnsUtility, $mo2f_dirName;
269
+ if ( wp_check_password( $password, $user->data->user_pass, $user->ID) )
270
+ {
271
+ if($moWpnsUtility->check_user_password_strength($user,$password,"")=="success")
272
+ {
273
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
274
+ $this->mo_wpns_login_success($user->data->user_login);
275
+ return $user;
276
+ }
277
+ else
278
+ include $mo2f_dirName . 'controllers'.DIRECTORY_SEPARATOR.'change-password.php';
279
+ }
280
+ else
281
+ $error->add('empty_password', __('<strong>ERROR</strong>: Wrong password.'));
282
+
283
+ return $error;
284
+ }
285
+
286
+
287
+ //Function to handle successful user login
288
+ function mo_wpns_login_success($username)
289
+ {
290
+ global $moWpnsUtility;
291
+ if(get_site_option('mo2f_mail_notify') == 'on')
292
+ {
293
+ $this->mo2f_IP_email_send();
294
+ }
295
+
296
+ $mo_wpns_config = new MoWpnsHandler();
297
+ $userIp = $moWpnsUtility->get_client_ip();
298
+ $userIp = sanitize_text_field( $userIp );
299
+ $mo_wpns_config->move_failed_transactions_to_past_failed($userIp);
300
+
301
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
302
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::LOGGED_IN_FROM_NEW_IP);
303
+
304
+
305
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::SUCCESS);
306
+
307
+ if(isset($_POST['log']) && isset($_POST['pwd'])){
308
+ $username = sanitize_text_field($_POST['log']);
309
+ $pass = $_POST['pwd'];
310
+ $user = get_user_by('login',$username);
311
+
312
+ if(!MoWpnsUtility::get_mo2f_db_option('mo2f_enforce_strong_passswords', 'get_option')){
313
+ if(!class_miniorange_2fa_strong_password::mo2f_isStrongPasswd($pass, $username)){
314
+ if(!get_user_meta($user->ID,'password_strong?')){
315
+ update_user_meta($user->ID,'password_strong?', true);
316
+ $count = get_site_option('users_with_weak_pass');
317
+ $count = $count + 1;
318
+ update_site_option('users_with_weak_pass', $count);
319
+ }
320
+ }
321
+ else{
322
+ if(get_user_meta($user->ID,'password_strong?')){
323
+ $count = get_site_option('users_with_weak_pass');
324
+ $count = $count - 1;
325
+ update_site_option('users_with_weak_pass', $count);
326
+ }
327
+ delete_user_meta($user->ID,'password_strong?');
328
+ }
329
+
330
+
331
+ }
332
+
333
+ }
334
+ }
335
+
336
+
337
+ //Function to handle failed user login attempt
338
+ function mo_wpns_login_failed($username)
339
+ {
340
+ global $moWpnsUtility;
341
+ $userIp = $moWpnsUtility->get_client_ip();
342
+ $userIp = sanitize_text_field( $userIp );
343
+ if(empty($userIp) || empty($username) || !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option'))
344
+ return;
345
+
346
+ $mo_wpns_config = new MoWpnsHandler();
347
+ $isWhitelisted = $mo_wpns_config->is_whitelisted($userIp);
348
+
349
+ $mo_wpns_config->add_transactions($userIp, $username, MoWpnsConstants::LOGIN_TRANSACTION, MoWpnsConstants::FAILED);
350
+
351
+ if(!$isWhitelisted)
352
+ {
353
+
354
+
355
+ if(get_option('mo_wpns_enable_unusual_activity_email_to_user'))
356
+ $moWpnsUtility->sendNotificationToUserForUnusualActivities($username, $userIp, MoWpnsConstants::FAILED_LOGIN_ATTEMPTS_FROM_NEW_IP);
357
+
358
+ $failedAttempts = $mo_wpns_config->get_failed_attempts_count($userIp);
359
+ $allowedLoginAttepts = get_option('mo2f_allwed_login_attempts') ? get_option('mo2f_allwed_login_attempts') : 10;
360
+
361
+ if($allowedLoginAttepts - $failedAttempts<=0)
362
+ $this->handle_login_attempt_exceeded($userIp);
363
+ else if(MoWpnsUtility::get_mo2f_db_option('mo2f_show_remaining_attempts', 'get_option'))
364
+ $this->show_limit_login_left($allowedLoginAttepts,$failedAttempts);
365
+ }
366
+
367
+ }
368
+
369
+
370
+
371
+
372
+
373
+ //Function to show number of attempts remaining
374
+ function show_limit_login_left($allowedLoginAttepts,$failedAttempts)
375
+ {
376
+ global $error;
377
+ $diff = $allowedLoginAttepts - $failedAttempts;
378
+ $error = "<br>You have <b>".$diff."</b> login attempts remaining.";
379
+ }
380
+
381
+
382
+ //Function to handle login limit exceeded
383
+ function handle_login_attempt_exceeded($userIp)
384
+ {
385
+ global $moWpnsUtility, $mo2f_dirName;
386
+ $mo_wpns_config = new MoWpnsHandler();
387
+ $mo_wpns_config->mo_wpns_block_ip($userIp, MoWpnsConstants::LOGIN_ATTEMPTS_EXCEEDED, false);
388
+ include_once("mo-block.html");
389
+ exit;
390
+
391
+ }
392
+
393
+ function setup_registration_closed($user){
394
+ global $Mo2fdbQueries;
395
+ if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_registration_closed' ) {
396
+ $nonce = sanitize_text_field($_POST['mo2f_registration_closed_nonce']);
397
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
398
+ $error = new WP_Error();
399
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
400
+ return $error;
401
+ } else {
402
+ if(!$Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID) =='MO_2_FACTOR_PLUGIN_SETTINGS'){
403
+ //$Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => '' ) );
404
+ delete_user_meta( $user->ID, 'register_account_popup' );
405
+
406
+ }
407
+ }
408
+ }
409
+ }
410
+
411
+ }
412
+ new LoginHandler;
handler/malware_scanner/malware_scanner_cron.php CHANGED
@@ -490,20 +490,20 @@ class Mo_wpns_Scan_Handler_Cron{
490
 
491
  function mo_wpns_malware_scan_request( $host, $content_type,$postdata = array()){
492
  $response = null;
493
-
494
  $args = array(
495
  'method' => 'POST',
496
- 'body' => $json_string,
497
  'timeout' => '5',
498
  'redirection' => '5',
499
  'sslverify' =>true,
500
  'httpversion' => '1.0',
501
  'blocking' => true,
502
- 'headers' => $http_header_array
503
  );
504
 
505
  $mo2f_api=new Mo2f_Api();
506
- $results=$mo2f_api->mo2f_wp_remote_post($url,$args);
507
 
508
  if($results==false){
509
 
490
 
491
  function mo_wpns_malware_scan_request( $host, $content_type,$postdata = array()){
492
  $response = null;
493
+
494
  $args = array(
495
  'method' => 'POST',
496
+ 'body' => $postdata,
497
  'timeout' => '5',
498
  'redirection' => '5',
499
  'sslverify' =>true,
500
  'httpversion' => '1.0',
501
  'blocking' => true,
502
+ 'headers' => $content_type
503
  );
504
 
505
  $mo2f_api=new Mo2f_Api();
506
+ $results=$mo2f_api->mo2f_wp_remote_post($host,$args);
507
 
508
  if($results==false){
509
 
handler/malware_scanner/scanner_set_cron.php CHANGED
@@ -29,7 +29,7 @@ class mo2f_scanner_parts
29
  }
30
  function file_cron_scan(){//main cron function
31
 
32
- $scan_request = isset($_GET['scan_request'])? $_GET['scan_request']:false;
33
  if($scan_request) {
34
  $status=$this->check_scan_status();
35
 
@@ -39,11 +39,11 @@ class mo2f_scanner_parts
39
  }
40
  ini_set('memory_limit', '-1');
41
  ini_set('max_execution_time', 0);
42
- $scan_mode = isset( $_GET['scan_mode'] ) ? $_GET['scan_mode'] : false;
43
- $scan_stage_complete = isset( $_GET['scan_stage_complete'] ) ? $_GET['scan_stage_complete'] : false;
44
- $reportid = isset( $_GET['reportid'] ) ? $_GET['reportid'] : false;
45
 
46
- $scanverification = isset( $_GET['scanverification'] ) ? $_GET['scanverification'] : false;
47
  $scanverification_code = get_site_option( "mo2f_scanverification" );
48
  if ( $scanverification != $scanverification_code ) {
49
  error_log( "Request Does not exists" );
29
  }
30
  function file_cron_scan(){//main cron function
31
 
32
+ $scan_request = isset($_GET['scan_request'])? sanitize_text_field($_GET['scan_request']):false;
33
  if($scan_request) {
34
  $status=$this->check_scan_status();
35
 
39
  }
40
  ini_set('memory_limit', '-1');
41
  ini_set('max_execution_time', 0);
42
+ $scan_mode = isset( $_GET['scan_mode'] ) ? sanitize_text_field($_GET['scan_mode']) : false;
43
+ $scan_stage_complete = isset( $_GET['scan_stage_complete'] ) ? sanitize_text_field($_GET['scan_stage_complete']) : false;
44
+ $reportid = isset( $_GET['reportid'] ) ? sanitize_text_field($_GET['reportid']) : false;
45
 
46
+ $scanverification = isset( $_GET['scanverification'] ) ? sanitize_text_field($_GET['scanverification']) : false;
47
  $scanverification_code = get_site_option( "mo2f_scanverification" );
48
  if ( $scanverification != $scanverification_code ) {
49
  error_log( "Request Does not exists" );
handler/mo-waf-plugin.php CHANGED
@@ -30,20 +30,20 @@
30
  global $wpdb;
31
  $ipaddress = '';
32
  if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
33
- $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
34
  elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
35
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
36
  elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
37
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
38
  elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
39
  {
40
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
41
  $ipaddress = explode(",", $ipaddress)[0];
42
  }
43
  elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
44
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
45
  elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
46
- $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
47
  else
48
  $ipaddress = 'UNKNOWN';
49
 
30
  global $wpdb;
31
  $ipaddress = '';
32
  if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
33
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_CLIENT_IP']);
34
  elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
35
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_X_FORWARDED_FOR']);
36
  elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
37
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_X_FORWARDED']);
38
  elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
39
  {
40
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_FORWARDED_FOR']);
41
  $ipaddress = explode(",", $ipaddress)[0];
42
  }
43
  elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
44
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_FORWARDED']);
45
  elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
46
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['REMOTE_ADDR']);
47
  else
48
  $ipaddress = 'UNKNOWN';
49
 
handler/mo-waf.php CHANGED
@@ -105,20 +105,20 @@
105
  $ipaddress = '';
106
 
107
  if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
108
- $ipaddress = sanitize_text_field($_SERVER['HTTP_CLIENT_IP']);
109
  elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
110
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED_FOR']);
111
  elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
112
- $ipaddress = sanitize_text_field($_SERVER['HTTP_X_FORWARDED']);
113
  elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
114
  {
115
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED_FOR']);
116
  $ipaddress = explode(",", $ipaddress)[0];
117
  }
118
  elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
119
- $ipaddress = sanitize_text_field($_SERVER['HTTP_FORWARDED']);
120
  elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
121
- $ipaddress = sanitize_text_field($_SERVER['REMOTE_ADDR']);
122
  else
123
  $ipaddress = 'UNKNOWN';
124
 
105
  $ipaddress = '';
106
 
107
  if (isset($_SERVER['HTTP_CLIENT_IP']) && mo2f_isValidIP($_SERVER['HTTP_CLIENT_IP']))
108
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_CLIENT_IP']);
109
  elseif(isset($_SERVER['HTTP_X_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED_FOR']))
110
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_X_FORWARDED_FOR']);
111
  elseif(isset($_SERVER['HTTP_X_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_X_FORWARDED']))
112
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_X_FORWARDED']);
113
  elseif(isset($_SERVER['HTTP_FORWARDED_FOR']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED_FOR']))
114
  {
115
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_FORWARDED_FOR']);
116
  $ipaddress = explode(",", $ipaddress)[0];
117
  }
118
  elseif(isset($_SERVER['HTTP_FORWARDED']) && mo2f_isValidIP($_SERVER['HTTP_FORWARDED']))
119
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['HTTP_FORWARDED']);
120
  elseif(isset($_SERVER['REMOTE_ADDR']) && mo2f_isValidIP($_SERVER['REMOTE_ADDR']))
121
+ $ipaddress = filter_input(INPUT_SERVER,$_SERVER['REMOTE_ADDR']);
122
  else
123
  $ipaddress = 'UNKNOWN';
124
 
handler/recaptcha.php CHANGED
@@ -1,161 +1,161 @@
1
- <?php
2
-
3
- class mo2f_ReCaptcha
4
- {
5
- function __construct()
6
- {
7
- add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
- add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
- add_action( 'register_form' , array($this, 'register_with_captcha') );
10
- add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
- add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
- add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
- }
14
-
15
-
16
- //Function to handle Testing reCaptcha
17
- function handle_recaptcha()
18
- {
19
- global $moWpnsUtility,$mo2f_dirName;
20
- if (current_user_can( 'manage_options' ))
21
- {
22
- if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig')
23
- {
24
- if(array_key_exists('g-recaptcha-response',$_POST))
25
- {
26
- $userIp = $moWpnsUtility->get_client_ip();
27
- $userIp = sanitize_text_field( $userIp );
28
- $mocURL = new MocURL;
29
- $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
30
- $content = json_decode($response, true);
31
- if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
32
- echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
33
- else if(isset($content['success']) && $content['success']==1)
34
- echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
35
- else
36
- echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
37
- }
38
- show_google_recaptcha_form_v2();
39
- }
40
-
41
- if(isset($_REQUEST['option']) && $_REQUEST['option']=='testrecaptchaconfig3')
42
- {
43
- if(array_key_exists('g-recaptcha-response',$_REQUEST))
44
- {
45
-
46
- $mocURL = new MocURL;
47
- $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
48
- $content = json_decode($response, true);
49
- if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
50
- echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
51
- else if(isset($content['success']) && $content['success']==1)
52
- {
53
- if($content['success'] == 1)
54
- {
55
- if($content['score']>=0.9)
56
- {
57
- echo "<br><br><h2 style=color:green;text-align:center>Welcome!</h2>";
58
- echo "<h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
59
- }
60
- else echo "<br><br><h2 style=color:red;text-align:center>Captcha verification failed! Permission denied.</h2>";
61
- }
62
- }
63
- else
64
- echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
65
- }
66
- show_google_recaptcha_form_v3();
67
- }
68
- }
69
- }
70
-
71
-
72
- function custom_login_fields()
73
- {
74
- global $moWpnsUtility,$mo2f_dirName;
75
- if(get_option('mo_wpns_activate_recaptcha_for_login') && MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'))
76
- {
77
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
78
- show_google_recaptcha_form_v3_login();
79
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
80
- {
81
- wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
82
- wp_enqueue_script( 'mo2f_catpcha_js' );
83
-
84
- echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
85
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
86
- }
87
- }
88
- }
89
-
90
-
91
- function register_with_captcha(){
92
- global $moWpnsUtility,$mo2f_dirName;
93
- if(get_option('mo_wpns_activate_recaptcha_for_registration'))
94
- {
95
- if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
96
- show_google_recaptcha_form_v3_login();
97
- else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
98
- show_google_recaptcha_form_v2_login();
99
- }
100
- }
101
-
102
- function woocommerce_register_with_captcha(){
103
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
104
- {
105
- wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
106
- wp_enqueue_script( 'mo2f_catpcha_js' );
107
- echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
108
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
109
- }
110
- }
111
-
112
- function woocommerce_login_with_captcha(){
113
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
114
- {
115
-
116
- wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
117
- wp_enqueue_script( 'mo2f_catpcha_js' );
118
- echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
119
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
120
- }
121
- }
122
-
123
- function woocommerce_register_with_captcha_checkout(){
124
-
125
- if (!is_user_logged_in()){
126
- if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
127
- {
128
- wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
129
- wp_enqueue_script( 'mo2f_catpcha_js' );
130
- echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
131
- echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
132
- }
133
- }
134
- }
135
-
136
- public static function recaptcha_verify($response)
137
- {
138
- global $moWpnsUtility;
139
- $userIp = $moWpnsUtility->get_client_ip();
140
- $userIp = sanitize_text_field( $userIp );
141
- $mocURL = new MocURL;
142
- $response = $mocURL->validate_recaptcha($userIp,$response);
143
- $content = json_decode($response, true);
144
- $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
145
- return $isvalid;
146
- }
147
-
148
- public static function recaptcha_verify_3($response)
149
- {
150
- global $moWpnsUtility;
151
- $userIp = $moWpnsUtility->get_client_ip();
152
- $userIp = sanitize_text_field( $userIp );
153
- $mocURL = new MocURL;
154
- $response = $mocURL->get_Captcha_v3($response);
155
- $content = json_decode($response, true);
156
- $isvalid = isset($content['success']) && $content['success']==1 && $content['score']>=0.9? true : false;
157
- return $isvalid;
158
- }
159
-
160
- }
161
- new mo2f_ReCaptcha;
1
+ <?php
2
+
3
+ class mo2f_ReCaptcha
4
+ {
5
+ function __construct()
6
+ {
7
+ add_filter( 'admin_init' , array($this, 'handle_recaptcha' ), 11, 3 );
8
+ add_action( 'login_form' , array($this, 'custom_login_fields' ) );
9
+ add_action( 'register_form' , array($this, 'register_with_captcha') );
10
+ add_action( 'woocommerce_register_form' , array($this, 'woocommerce_register_with_captcha'));
11
+ add_action( 'woocommerce_login_form', array($this, 'woocommerce_login_with_captcha'));
12
+ add_action( 'woocommerce_review_order_before_submit', array($this, 'woocommerce_register_with_captcha_checkout'));
13
+ }
14
+
15
+
16
+ //Function to handle Testing reCaptcha
17
+ function handle_recaptcha()
18
+ {
19
+ global $moWpnsUtility,$mo2f_dirName;
20
+ if (current_user_can( 'manage_options' ))
21
+ {
22
+ if(isset($_REQUEST['option']) && sanitize_text_field($_REQUEST['option'])=='testrecaptchaconfig')
23
+ {
24
+ if(array_key_exists('g-recaptcha-response',$_POST))
25
+ {
26
+ $userIp = $moWpnsUtility->get_client_ip();
27
+ $userIp = sanitize_text_field( $userIp );
28
+ $mocURL = new MocURL;
29
+ $response = $mocURL->validate_recaptcha($userIp,sanitize_text_field($_POST['g-recaptcha-response']));
30
+ $content = json_decode($response, true);
31
+ if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
32
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
33
+ else if(isset($content['success']) && $content['success']==1)
34
+ echo "<br><br><h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
35
+ else
36
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
37
+ }
38
+ show_google_recaptcha_form_v2();
39
+ }
40
+
41
+ if(isset($_REQUEST['option']) && sanitize_text_field($_REQUEST['option'])=='testrecaptchaconfig3')
42
+ {
43
+ if(array_key_exists('g-recaptcha-response',$_REQUEST))
44
+ {
45
+
46
+ $mocURL = new MocURL;
47
+ $response = $mocURL->get_Captcha_v3($_REQUEST['g-recaptcha-response']);
48
+ $content = json_decode($response, true);
49
+ if(isset($content['error-codes']) && in_array("invalid-input-secret", $content['error-codes']))
50
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid Secret Key.</h2>";
51
+ else if(isset($content['success']) && $content['success']==1)
52
+ {
53
+ if($content['success'] == 1)
54
+ {
55
+ if($content['score']>=0.9)
56
+ {
57
+ echo "<br><br><h2 style=color:green;text-align:center>Welcome!</h2>";
58
+ echo "<h2 style=color:green;text-align:center>Test was successful and captcha verified.</h2>";
59
+ }
60
+ else echo "<br><br><h2 style=color:red;text-align:center>Captcha verification failed! Permission denied.</h2>";
61
+ }
62
+ }
63
+ else
64
+ echo "<br><br><h2 style=color:red;text-align:center>Invalid captcha. Please try again.</h2>";
65
+ }
66
+ show_google_recaptcha_form_v3();
67
+ }
68
+ }
69
+ }
70
+
71
+
72
+ function custom_login_fields()
73
+ {
74
+ global $moWpnsUtility,$mo2f_dirName;
75
+ if(get_option('mo_wpns_activate_recaptcha_for_login') && MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option'))
76
+ {
77
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
78
+ show_google_recaptcha_form_v3_login();
79
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
80
+ {
81
+ wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
82
+ wp_enqueue_script( 'mo2f_catpcha_js' );
83
+
84
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
85
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
86
+ }
87
+ }
88
+ }
89
+
90
+
91
+ function register_with_captcha(){
92
+ global $moWpnsUtility,$mo2f_dirName;
93
+ if(get_option('mo_wpns_activate_recaptcha_for_registration'))
94
+ {
95
+ if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v3')
96
+ show_google_recaptcha_form_v3_login();
97
+ else if(get_option('mo_wpns_recaptcha_version')=='reCAPTCHA_v2')
98
+ show_google_recaptcha_form_v2_login();
99
+ }
100
+ }
101
+
102
+ function woocommerce_register_with_captcha(){
103
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
104
+ {
105
+ wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
106
+ wp_enqueue_script( 'mo2f_catpcha_js' );
107
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
108
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
109
+ }
110
+ }
111
+
112
+ function woocommerce_login_with_captcha(){
113
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_login'))
114
+ {
115
+
116
+ wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
117
+ wp_enqueue_script( 'mo2f_catpcha_js' );
118
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
119
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#loginform{padding-bottom:20px;}</style>';
120
+ }
121
+ }
122
+
123
+ function woocommerce_register_with_captcha_checkout(){
124
+
125
+ if (!is_user_logged_in()){
126
+ if(get_option('mo_wpns_activate_recaptcha_for_woocommerce_registration'))
127
+ {
128
+ wp_register_script( 'mo2f_catpcha_js',esc_url(MoWpnsConstants::RECAPTCHA_URL));
129
+ wp_enqueue_script( 'mo2f_catpcha_js' );
130
+ echo '<div class="g-recaptcha" data-sitekey="'.esc_html(get_option("mo_wpns_recaptcha_site_key")).'"></div>';
131
+ echo '<style>#login{ width:349px;padding:2% 0 0; }.g-recaptcha{margin-bottom:5%;}#registerform{padding-bottom:20px;}</style>';
132
+ }
133
+ }
134
+ }
135
+
136
+ public static function recaptcha_verify($response)
137
+ {
138
+ global $moWpnsUtility;
139
+ $userIp = $moWpnsUtility->get_client_ip();
140
+ $userIp = sanitize_text_field( $userIp );
141
+ $mocURL = new MocURL;
142
+ $response = $mocURL->validate_recaptcha($userIp,$response);
143
+ $content = json_decode($response, true);
144
+ $isvalid = isset($content['success']) && $content['success']==1 ? true : false;
145
+ return $isvalid;
146
+ }
147
+
148
+ public static function recaptcha_verify_3($response)
149
+ {
150
+ global $moWpnsUtility;
151
+ $userIp = $moWpnsUtility->get_client_ip();
152
+ $userIp = sanitize_text_field( $userIp );
153
+ $mocURL = new MocURL;
154
+ $response = $mocURL->get_Captcha_v3($response);
155
+ $content = json_decode($response, true);
156
+ $isvalid = isset($content['success']) && $content['success']==1 && $content['score']>=0.9? true : false;
157
+ return $isvalid;
158
+ }
159
+
160
+ }
161
+ new mo2f_ReCaptcha;
handler/twofa/class-twofacustomregformshortcode.php CHANGED
@@ -20,7 +20,7 @@ class TwoFACustomRegFormShortcode
20
 
21
  public function mo_shortcode()
22
  {
23
- switch($_POST['mo_action'])
24
  {
25
  case "challenge":
26
  $email = sanitize_email($_POST['email']);
@@ -38,7 +38,7 @@ class TwoFACustomRegFormShortcode
38
  }
39
 
40
  public function mo_ajax_register(){
41
- switch ($_POST['mo_action']) {
42
  case 'send_otp_over_email':
43
  $email = isset($_POST['email'])? sanitize_email($_POST['email']): "";
44
  $phone = isset($_POST['phone'])? sanitize_text_field($_POST['phone']): "";
20
 
21
  public function mo_shortcode()
22
  {
23
+ switch(sanitize_text_field($_POST['mo_action']))
24
  {
25
  case "challenge":
26
  $email = sanitize_email($_POST['email']);
38
  }
39
 
40
  public function mo_ajax_register(){
41
+ switch (sanitize_text_field($_POST['mo_action'])) {
42
  case 'send_otp_over_email':
43
  $email = isset($_POST['email'])? sanitize_email($_POST['email']): "";
44
  $phone = isset($_POST['phone'])? sanitize_text_field($_POST['phone']): "";
handler/twofa/two_fa_pass2login.php CHANGED
@@ -1,3629 +1,3629 @@
1
- <?php
2
- /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
- * Copyright (C) 2015 miniOrange
4
- *
5
- * This program is free software: you can redistribute it and/or modify
6
- * it under the terms of the GNU General Public License as published by
7
- * the Free Software Foundation, either version 3 of the License, or
8
- * (at your option) any later version.
9
- *
10
- * This program is distributed in the hope that it will be useful,
11
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
- * GNU General Public License for more details.
14
- *
15
- * You should have received a copy of the GNU General Public License
16
- * along with this program. If not, see <http://www.gnu.org/licenses/>
17
- * @package miniOrange OAuth
18
- * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
- */
20
- /**
21
- * This library is miniOrange Authentication Service.
22
- * Contains Request Calls to Customer service.
23
- **/
24
-
25
- include 'two_fa_login.php';
26
- class Miniorange_Password_2Factor_Login {
27
-
28
- private $mo2f_kbaquestions;
29
- private $mo2f_userID;
30
- private $mo2f_rbastatus;
31
- private $mo2f_transactionid;
32
-
33
- function mo2f_inline_login(){
34
- global $moWpnsUtility;
35
- $email = sanitize_email( $_POST['email'] );
36
- $password = sanitize_text_field( $_POST['password'] );
37
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
38
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
39
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
40
- if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
- {
42
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
- return;
46
- }
47
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
- }
49
- function mo2f_inline_register(){
50
- global $moWpnsUtility, $Mo2fdbQueries;
51
- $email = sanitize_email($_POST['email']);
52
- $company = sanitize_text_field($_SERVER["SERVER_NAME"]);
53
- $password = sanitize_text_field($_POST['password']);
54
- $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
56
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
57
-
58
-
59
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
60
- if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
61
- {
62
- $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
63
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
64
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
65
- }
66
- if( $password != $confirmPassword )
67
- {
68
- $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
69
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
70
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
71
- }
72
- if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
73
- || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
74
- {
75
- $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
76
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
77
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
78
- }
79
-
80
- update_option( 'mo2f_email', $email );
81
-
82
- update_option( 'mo_wpns_company' , $company );
83
-
84
- update_option( 'mo_wpns_password' , $password );
85
-
86
- $customer = new MocURL();
87
- $content = json_decode($customer->check_customer($email), true);
88
- $Mo2fdbQueries->insert_user( $user_id );
89
- switch ($content['status'])
90
- {
91
- case 'CUSTOMER_NOT_FOUND':
92
- $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
93
-
94
- if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
95
- {
96
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
97
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
98
- }
99
-
100
- break;
101
- default:
102
- $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
103
- break;
104
- }
105
-
106
- }
107
-
108
- function mo2f_download_backup_codes_inline(){
109
- $nonce = sanitize_text_field($_POST['mo2f_inline_backup_nonce']);
110
- $backups= sanitize_text_field($_POST['mo2f_inline_backup_codes']);
111
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-backup-nonce' ) ) {
112
- $error = new WP_Error();
113
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
114
- return $error;
115
- } else {
116
- $codes=explode(",", $backups);
117
- $session_id = sanitize_text_field($_POST['session_id']);
118
- $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
119
-
120
-
121
- update_user_meta($id, 'mo_backup_code_downloaded', 1);
122
- delete_user_meta($id, 'chqwetcsdvnvd');
123
- MO2f_Utility::mo2f_download_backup_codes($id, $codes);
124
- }
125
- }
126
-
127
- function mo2f_goto_wp_dashboard(){
128
- global $Mo2fdbQueries;
129
- $nonce = sanitize_text_field($_POST['mo2f_inline_wp_dashboard_nonce']);
130
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-wp-dashboard-nonce' ) ) {
131
- $error = new WP_Error();
132
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
133
- return $error;
134
- } else {
135
- $pass2fa= new Miniorange_Password_2Factor_Login();
136
- $pass2fa->mo2fa_pass2login(esc_url_raw($_POST['redirect_to']),sanitize_text_field($_POST['session_id']));
137
- exit;
138
- }
139
- }
140
-
141
- function mo2f_use_backup_codes($POSTED){
142
- $nonce = sanitize_text_field($POSTED['miniorange_backup_nonce']);
143
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-backup-nonce' ) ) {
144
- $error = new WP_Error();
145
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
146
- return $error;
147
- }else {
148
- $this->miniorange_pass2login_start_session();
149
- $session_id_encrypt = isset($POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
150
- $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
151
- $mo2fa_login_message = __('Please provide your backup codes.','miniorange-2-factor-authentication');
152
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
153
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
154
- }
155
- }
156
-
157
- function check_backup_codes_validation($POSTED){
158
- global $Mo2fdbQueries;
159
- $nonce = sanitize_text_field($POSTED['miniorange_validate_backup_nonce']);
160
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
161
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-validate-backup-nonce' ) ) {
162
- $error = new WP_Error();
163
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
164
- return $error;
165
- } else {
166
- $this->miniorange_pass2login_start_session();
167
- $currentuser_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
168
- $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
169
- if(isset($currentuser_id)){
170
- if(MO2f_Utility::mo2f_check_empty_or_null($POSTED[ 'mo2f_backup_code' ]) ){
171
- $mo2fa_login_message = __('Please provide backup code.','miniorange-2-factor-authentication');
172
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
173
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
174
- }
175
- $backup_codes=get_user_meta($currentuser_id,'mo2f_backup_codes',true);
176
- $mo2f_backup_code= sanitize_text_field($POSTED[ 'mo2f_backup_code' ]);
177
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser_id );
178
-
179
- if(!empty($backup_codes)){
180
- $mo2f_backup_code = md5($mo2f_backup_code);
181
- if(in_array($mo2f_backup_code,$backup_codes)){
182
- foreach ($backup_codes as $key => $value) {
183
- if($value==$mo2f_backup_code){
184
- unset($backup_codes[$key]);
185
- update_user_meta($currentuser_id,'mo2f_backup_codes', $backup_codes);
186
- $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
187
- }
188
- }
189
- }else{
190
- $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
191
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
192
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
193
- }
194
- }else{
195
-
196
- if(isset($mo2f_backup_code)){
197
- $generate_backup_code = new Customer_Cloud_Setup();
198
- $data = $generate_backup_code->mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email);
199
-
200
- if( $data == 'success'){
201
- $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
202
- }else if($data == 'error_in_validation'){
203
- $mo2fa_login_message = __('Error occurred while validating the backup codes.','miniorange-2-factor-authentication');
204
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
205
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
206
- }else if($data == 'used_code'){
207
- $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
208
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
209
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
210
- }else if($data == 'total_code_used'){
211
- $mo2fa_login_message = __('You have used all the backup codes. Please contact <a herf="mailto:2fasupport@xecurify.com">2fasupport@xecurify.com</a>','miniorange-2-factor-authentication');
212
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
213
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
214
- }else if($data == 'backup_code_not_generated'){
215
- $mo2fa_login_message = __('Backup code has not generated for you.','miniorange-2-factor-authentication');
216
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
217
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
218
- }else if($data == 'DBConnectionerror'){
219
- $mo2fa_login_message = __('Error occurred while establising connection.','miniorange-2-factor-authentication');
220
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
221
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
222
-
223
- }else if($data == 'missingparameter'){
224
- $mo2fa_login_message = __('Some parameters are missing while validating backup codes.');
225
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
226
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
227
- }
228
-
229
-
230
- }else{
231
- $mo2fa_login_message = __('Please enter backup code.','miniorange-2-factor-authentication');
232
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
233
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
234
- }
235
- }
236
-
237
-
238
- }else{
239
- $this->remove_current_activity($session_id_encrypt);
240
- return new WP_Error('invalid_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') . '</strong>: ' . __('Please try again..', 'miniorange-2-factor-authentication'));
241
- }
242
- }
243
- }
244
-
245
- function mo2f_create_backup_codes(){
246
- $nonce = sanitize_text_field($_POST['miniorange_generate_backup_nonce']);
247
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-generate-backup-nonce' ) ) {
248
- $error = new WP_Error();
249
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
250
- return $error;
251
- }else {
252
- global $Mo2fdbQueries;
253
-
254
- $redirect_to = esc_url_raw($_POST['redirect_to']);
255
- $session_id = sanitize_text_field($_POST['session_id']);
256
- $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
257
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
258
- if(empty($mo2f_user_email)){
259
- $currentuser = get_user_by( 'id', $id );
260
- $mo2f_user_email = $currentuser->user_email;
261
- }
262
- $generate_backup_code = new Customer_Cloud_Setup();
263
- $codes=$generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
264
- if($codes == 'AllUsed'){
265
- $mo2fa_login_message = "You have already used all the backup codes for this user and domain.";
266
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
267
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
268
- }else if($codes == 'UserLimitReached') {
269
- $mo2fa_login_message = "Backup code generation limit has reached for this domain.";
270
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
271
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
272
- }else if($codes == 'LimitReached'){
273
- $mo2fa_login_message = "backup code generation limit has reached for this user.";
274
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
275
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
276
- }else if($codes == 'invalid_request'){
277
- $mo2fa_login_message = "Invalid request.";
278
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
279
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
280
- }
281
- $codes = explode(' ', $codes);
282
- $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
283
- $str1="";
284
- for ($x = 0; $x < sizeof($codes); $x++) {
285
- $str = $codes[$x];
286
- $str1.=$str;
287
- if($x != 4){
288
- $str1.=',';
289
- }
290
- }
291
-
292
- $key = get_option( 'mo2f_encryption_key' );
293
- $codes_encrypt = MO2f_Utility::encrypt_data($str1, $key);
294
- update_user_meta($id,'chqwetcsdvnvd', $codes_encrypt);
295
-
296
- $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
297
- if(empty($mo2f_user_email)){
298
- $currentuser = get_user_by( 'id', $id );
299
- $mo2f_user_email = $currentuser->user_email;
300
- }
301
- $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
302
- update_user_meta($id, 'mo_backup_code_generated', 1);
303
-
304
- $mo2fa_login_message = "An email containing the backup codes has been sent. Please click on Use backup codes to login using the backup codes.";
305
- $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
306
-
307
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
308
- }
309
- }
310
-
311
- function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
312
- {
313
- global $Mo2fdbQueries;
314
- $customer = new MocURL();
315
-
316
- $content = $customer->get_customer_key($email, $password);
317
- $customerKey = json_decode($content, true);
318
- if(json_last_error() == JSON_ERROR_NONE)
319
- {
320
- if(isset($customerKey['phone'])){
321
- update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
322
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
323
- }
324
- update_option('mo2f_email',$email);
325
- $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
326
- $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
327
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
328
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
329
- }
330
- else
331
- {
332
- $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
333
- $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
334
- $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
335
- $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
336
- }
337
- }
338
-
339
- function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
340
- {
341
- global $Mo2fdbQueries;
342
- update_option( 'mo2f_customerKey' , $id );
343
- update_option( 'mo2f_api_key' , $apiKey );
344
- update_option( 'mo2f_customer_token' , $token );
345
- update_option( 'mo2f_app_secret' , $appSecret );
346
- update_option( 'mo_wpns_enable_log_requests' , true );
347
- update_option( 'mo2f_miniorange_admin', $id );
348
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
349
- update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
350
- $Mo2fdbQueries->update_user_details( $user_id, array(
351
- 'mo2f_user_email' =>sanitize_email($email)
352
- ) );
353
- }
354
- function mo2f_inline_validate_otp(){
355
- if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
356
- $nonce = sanitize_text_field($_POST['miniorange_inline_validate_otp_nonce']);
357
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
358
- $error = new WP_Error();
359
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
360
- return $error;
361
- } else {
362
- global $Mo2fdbQueries;
363
- $this->miniorange_pass2login_start_session();
364
- $otp_token = '';
365
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
366
- $mo2fa_login_message = '';
367
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
368
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
369
- if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
370
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
371
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
372
- } else{
373
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
374
- }
375
- $current_user = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
376
-
377
-
378
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
379
-
380
- if($selected_2factor_method == 'OTP Over Telegram')
381
- {
382
-
383
- $userID = $current_user;
384
- $otp = $otp_token;
385
- $otpToken = get_user_meta($userID,'mo2f_otp_token',true);
386
- $time = get_user_meta($userID,'mo2f_telegram_time',true);
387
- $accepted_time = time()-300;
388
- $time = (int)$time;
389
-
390
-
391
- if($otp == $otpToken)
392
- {
393
- if($accepted_time<$time){
394
- update_user_meta($userID,'mo2f_chat_id',get_user_meta($userID,'mo2f_temp_chatID',true));
395
- delete_user_meta($userID,'mo2f_temp_chatID');
396
- delete_user_meta($userID,'mo2f_otp_token');
397
- delete_user_meta($userID,'mo2f_telegram_time');
398
- $Mo2fdbQueries->update_user_details($userID, array(
399
- "mo2f_configured_2FA_method" => 'OTP Over Telegram',
400
- 'mo2f_OTPOverTelegram_config_status' => true,
401
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
402
- ) );
403
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
404
- }
405
- else
406
- {
407
- delete_user_meta($userID,'mo2f_otp_token');
408
- delete_user_meta($userID,'mo2f_telegram_time');
409
- $mo2fa_login_message = __('OTP has been expired please initiate a new transaction by clicking on verify button.','miniorange-2-factor-authentication');
410
- }
411
- }
412
- else
413
- {
414
- $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
415
- }
416
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
417
- }
418
-
419
- $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
420
- $customer = new Customer_Setup();
421
- $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
422
- if($content['status'] == 'ERROR'){
423
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
424
- }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
425
- $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
426
- if($user_phone && strlen($user_phone) >= 4){
427
- if($phone != $user_phone ){
428
-
429
- $Mo2fdbQueries->update_user_details( $current_user, array(
430
- 'mobile_registration_status' =>false
431
- ) );
432
- }
433
- }
434
-
435
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
436
- if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
437
- $Mo2fdbQueries->update_user_details( $current_user, array(
438
- 'mo2f_OTPOverSMS_config_status' =>true,
439
- 'mo2f_user_phone' =>$phone
440
- ) );
441
- }else{
442
- $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
443
-
444
- }
445
- $Mo2fdbQueries->update_user_details($current_user, array(
446
- "mo2f_configured_2FA_method" => 'OTP Over SMS',
447
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
448
- ) );
449
- $TwoF_setup = new Two_Factor_Setup();
450
- $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
451
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
452
-
453
- }else{ // OTP Validation failed.
454
- $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
455
- }
456
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
457
- }
458
- }
459
-
460
- }
461
- function mo2f_inline_send_otp(){
462
- if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
463
- $nonce = sanitize_text_field($_POST['miniorange_inline_verify_phone_nonce']);
464
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
465
- $error = new WP_Error();
466
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
467
- return $error;
468
- } else {
469
- global $Mo2fdbQueries;
470
- $this->miniorange_pass2login_start_session();
471
- if(isset($_POST['verify_phone']))
472
- $phone = sanitize_text_field( $_POST['verify_phone'] );
473
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
474
-
475
- $current_user = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
476
-
477
-
478
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
479
- $customer = new Customer_Setup();
480
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
481
- $parameters = array();
482
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
483
-
484
- $mo2fa_login_message = '';
485
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
486
- if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
487
- $phone = sanitize_text_field( $_POST['verify_phone'] );
488
- if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
489
- $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
490
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
491
- }
492
- $phone = str_replace(' ', '', $phone);
493
- update_user_meta($current_user,'mo2f_user_phone',$phone);
494
- }
495
- if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
496
- $currentMethod = "SMS";
497
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
498
- $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
499
- $parameters = array("phone" => $phone, "email" => $email);
500
- }else if($selected_2factor_method == 'PHONE VERIFICATION'){
501
- $currentMethod = "PHONE_VERIFICATION";
502
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
503
- $currentMethod = "OTP_OVER_EMAIL";
504
- $parameters = $email;
505
- }
506
-
507
- else if($selected_2factor_method == 'OTP Over Telegram')
508
- {
509
- $currentMethod = "OTP Over Telegram";
510
- $user_id = $current_user;
511
- $chatID = sanitize_text_field($_POST['verify_chatID']);
512
- $otpToken = '';
513
- for($i=1;$i<7;$i++)
514
- {
515
- $otpToken .= rand(0,9);
516
- }
517
-
518
- update_user_meta($user_id,'mo2f_otp_token',$otpToken);
519
- update_user_meta($user_id,'mo2f_telegram_time',time());
520
- update_user_meta($user_id,'mo2f_temp_chatID',$chatID);
521
- $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
522
- $postdata = array( 'mo2f_otp_token' => $otpToken,
523
- 'mo2f_chatid' => $chatID
524
- );
525
-
526
- $args = array(
527
- 'method' => 'POST',
528
- 'timeout' => 10,
529
- 'sslverify' => false,
530
- 'headers' => array(),
531
- 'body' => $postdata,
532
- );
533
-
534
- $mo2f_api=new Mo2f_Api();
535
- $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
536
-
537
- if($data == 'SUCCESS')
538
- $mo2fa_login_message = 'An OTP has been sent to your given chat ID. Please enter it below for verification.';
539
- else
540
- $mo2fa_login_message = 'There were an erroe while sending the OTP. Please confirm your chatID and try again.';
541
-
542
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
543
-
544
- }
545
- if($selected_2factor_method == 'SMS AND EMAIL'){
546
- $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
547
- }
548
- else if($selected_2factor_method == 'OTP OVER EMAIL'){
549
- $content = json_decode($customer->send_otp_token($email,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
550
- }
551
- else{
552
- $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
553
-
554
- }
555
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
556
- if($content['status'] == 'ERROR'){
557
- $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
558
- }else if($content['status'] == 'SUCCESS'){
559
- update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
560
- if($selected_2factor_method == 'SMS'){
561
- if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')>0)
562
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
563
- $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
564
- }else if($selected_2factor_method == 'SMS AND EMAIL'){
565
- $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
566
- }else if($selected_2factor_method == 'OTP OVER EMAIL'){
567
- $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
568
- }else if($selected_2factor_method== 'PHONE VERIFICATION'){
569
- $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
570
- }
571
- }else if($content['status'] == 'FAILED'){
572
- $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
573
- }else{
574
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
575
- }
576
- }else{
577
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
578
- }
579
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
580
- }
581
- }
582
-
583
- }
584
- function mo2f_inline_validate_kba(){
585
- if(isset($_POST['mo2f_inline_save_kba_nonce'])){
586
- $nonce = sanitize_text_field($_POST['mo2f_inline_save_kba_nonce']);
587
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
588
- $error = new WP_Error();
589
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
590
- return $error;
591
- } else {
592
- global $Mo2fdbQueries;
593
- $this->miniorange_pass2login_start_session();
594
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
595
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
596
- $mo2fa_login_message = '';
597
- $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
598
- $temp_array = array(sanitize_text_field($_POST['mo2f_kbaquestion_1']),sanitize_text_field($_POST['mo2f_kbaquestion_2']),sanitize_text_field($_POST['mo2f_kbaquestion_3']));
599
- $kba_questions = array();
600
- foreach($temp_array as $question){
601
- if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
602
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
603
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
604
- }else{
605
- $ques = sanitize_text_field($question);
606
- $ques = addcslashes(stripslashes($ques), '"\\');
607
- array_push($kba_questions, $ques);
608
- }
609
- }
610
- if(!(array_unique($kba_questions) == $kba_questions)){
611
- $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
612
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
613
- }
614
- $temp_array_ans = array($_POST['mo2f_kba_ans1'],$_POST['mo2f_kba_ans2'],$_POST['mo2f_kba_ans3']);
615
- $kba_answers = array();
616
- foreach($temp_array_ans as $answer){
617
- if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
618
- $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
619
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
620
- }else{
621
- $ques = sanitize_text_field($answer);
622
- $answer = strtolower($answer);
623
- array_push($kba_answers, $answer);
624
- }
625
- }
626
- $size = sizeof($kba_questions);
627
- $kba_q_a_list = array();
628
- for($c = 0; $c < $size; $c++){
629
- array_push($kba_q_a_list, $kba_questions[$c]);
630
- array_push($kba_q_a_list, $kba_answers[$c]);
631
- }
632
-
633
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
634
-
635
-
636
- $current_user = get_user_by('id',$user_id);
637
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
638
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
639
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
640
- 'mo2f_SecurityQuestions_config_status' =>true,
641
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
642
- ) );
643
- if(!MO2F_IS_ONPREM)
644
- {
645
- $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
646
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
647
- $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
648
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
649
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
650
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
651
-
652
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
653
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
654
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
655
-
656
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
657
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
658
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
659
-
660
- $kba_registration = new Two_Factor_Setup();
661
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
662
-
663
- if ( json_last_error() == JSON_ERROR_NONE ) {
664
-
665
- if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
666
- $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
667
- }
668
-
669
- }
670
- }
671
-
672
- $kba_q1 = $kba_q_a_list[0];
673
- $kba_a1 = md5($kba_q_a_list[1]);
674
- $kba_q2 = $kba_q_a_list[2];
675
- $kba_a2 = md5($kba_q_a_list[3]);
676
- $kba_q3 = $kba_q_a_list[4];
677
- $kba_a3 = md5($kba_q_a_list[5]);
678
- $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
679
- update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
680
- if(!isset($_POST['mo2f_inline_kba_status'])){
681
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
682
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
683
- }
684
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
685
- }
686
- }
687
- }
688
-
689
- function mo2f_inline_validate_mobile_authentication(){
690
- if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
691
- $nonce = sanitize_text_field($_POST['mo_auth_inline_mobile_registration_complete_nonce']);
692
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
693
- $error = new WP_Error();
694
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
695
- return $error;
696
- } else {
697
- global $Mo2fdbQueries;
698
- $this->miniorange_pass2login_start_session();
699
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
700
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
701
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
702
-
703
-
704
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
705
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
706
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
707
- $mo2fa_login_message = '';
708
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
709
- $enduser = new Two_Factor_Setup();
710
- if($selected_2factor_method == 'SOFT TOKEN')
711
- $selected_2factor_method_onprem = 'miniOrange Soft Token';
712
- else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
713
- $selected_2factor_method_onprem = 'miniOrange Push Notification';
714
- else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
715
- $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
716
-
717
- $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
718
- if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
719
- if($response['status'] == 'ERROR'){
720
- $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
721
- }else if($response['status'] == 'SUCCESS'){
722
- $Mo2fdbQueries->update_user_details( $user_id, array(
723
- 'mobile_registration_status' =>true,
724
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
725
- 'mo2f_miniOrangeSoftToken_config_status' => true,
726
- 'mo2f_miniOrangePushNotification_config_status' => true,
727
- 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
728
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
729
- ) );
730
- //
731
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
732
- }else{
733
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
734
- }
735
- }else{
736
- $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
737
- }
738
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
739
- }
740
- }
741
-
742
- }
743
-
744
- function mo2f_duo_mobile_send_push_notification_for_inline_form(){
745
- if(isset($_POST['duo_mobile_send_push_notification_inline_form_nonce'])){
746
- $nonce = sanitize_text_field($_POST['duo_mobile_send_push_notification_inline_form_nonce']);
747
- if ( ! wp_verify_nonce( $nonce, 'mo2f-send-duo-push-notification-inline-nonce' ) ) {
748
- $error = new WP_Error();
749
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
750
- return $error;
751
- } else {
752
-
753
- global $Mo2fdbQueries;
754
- $this->miniorange_pass2login_start_session();
755
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
756
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
757
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
758
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
759
-
760
- $Mo2fdbQueries->update_user_details( $user_id, array(
761
- 'mobile_registration_status' =>true,
762
- ) );
763
- $mo2fa_login_message = '';
764
-
765
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
766
-
767
-
768
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
769
-
770
- }
771
- }
772
- }
773
-
774
- function mo2f_inline_validate_duo_authentication(){
775
- if(isset($_POST['mo_auth_inline_duo_auth_mobile_registration_complete_nonce'])){
776
- $nonce = sanitize_text_field($_POST['mo_auth_inline_duo_auth_mobile_registration_complete_nonce']);
777
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-duo_auth-registration-complete-nonce' ) ) {
778
- $error = new WP_Error();
779
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
780
- return $error;
781
- } else {
782
-
783
- global $Mo2fdbQueries;
784
- $this->miniorange_pass2login_start_session();
785
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
786
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
787
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
788
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
789
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
790
- $email = sanitize_email($Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id));
791
- $Mo2fdbQueries->update_user_details( $user_id, array(
792
- 'mobile_registration_status' =>true,
793
- ) );
794
- $mo2fa_login_message = '';
795
-
796
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
797
- $ikey = get_site_option('mo2f_d_integration_key');
798
- $skey = get_site_option('mo2f_d_secret_key');
799
- $host = get_site_option('mo2f_d_api_hostname');
800
-
801
-
802
-
803
- $duo_preauth = preauth( $email ,true, $skey, $ikey, $host);
804
-
805
-
806
- if(isset($duo_preauth['response']['stat']) && $duo_preauth['response']['stat'] == 'OK'){
807
-
808
- if(isset($duo_preauth['response']['response']['status_msg']) && $duo_preauth['response']['response']['status_msg'] == 'Account is active'){
809
- $mo2fa_login_message = $email.' user is already exists, please go for step B duo will send push notification on your configured mobile.';
810
-
811
- }else if(isset($duo_preauth['response']['response']['enroll_portal_url'])){
812
- $duo_enroll_url = $duo_preauth['response']['response']['enroll_portal_url'];
813
- update_user_meta( $user_id , 'user_not_enroll_on_duo_before', $duo_enroll_url );
814
- update_user_meta( $user_id , 'user_not_enroll', true );
815
-
816
- }else{
817
- $mo2fa_login_message = 'Your account is inactive from duo side, please contact to your administrator.';
818
- }
819
-
820
- }else{
821
- $mo2fa_login_message = 'Error through during preauth.';
822
-
823
- }
824
-
825
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
826
-
827
-
828
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
829
-
830
- }
831
- }
832
- }
833
-
834
- function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
835
- global $Mo2fdbQueries;
836
- $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
837
-
838
- $code_generate = get_user_meta($current_user_id, 'mo_backup_code_generated', true);
839
- if(empty($code_generate)){
840
- $mo2fa_login_message = '';
841
- $mo2fa_login_status = 'MO_2_FACTOR_GENERATE_BACKUP_CODES';
842
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
843
- }else{
844
- $pass2fa= new Miniorange_Password_2Factor_Login();
845
- $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
846
- exit;
847
- }
848
- }
849
-
850
- function mo2f_inline_get_qr_code_for_mobile($email,$id){
851
- $registerMobile = new Two_Factor_Setup();
852
- $content = $registerMobile->register_mobile($email);
853
- $response = json_decode($content, true);
854
- $message = '';
855
- $miniorageqr=array();
856
- if(json_last_error() == JSON_ERROR_NONE) {
857
- if($response['status'] == 'ERROR'){
858
- $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
859
- delete_user_meta( $id, 'miniorageqr' );
860
- }else{
861
- if($response['status'] == 'IN_PROGRESS'){
862
-
863
- $miniorageqr['message']='';
864
- $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
865
- $miniorageqr['mo2f-login-transactionId']=$response['txId'];
866
- $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
867
- update_user_meta($id,'miniorageqr',$miniorageqr);
868
- }else{
869
- $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
870
- delete_user_meta( $id, 'miniorageqr' );
871
- }
872
- }
873
- }
874
- return $miniorageqr;
875
- }
876
-
877
- function inline_mobile_configure(){
878
- if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
879
- $nonce = sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']);
880
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
881
- $error = new WP_Error();
882
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
883
- return $error;
884
- } else {
885
- global $Mo2fdbQueries;
886
- $this->miniorange_pass2login_start_session();
887
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
888
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
889
-
890
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
891
- $current_user = get_user_by('id',$user_id);
892
- $mo2fa_login_message = '';
893
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
894
- $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
895
- if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
896
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
897
- $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
898
- $mo2fa_login_message=$miniorageqr['message'];
899
- MO2f_Utility::mo2f_set_transient( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
900
-
901
- $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
902
- }else{
903
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
904
- }
905
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
906
- }
907
- }
908
- }
909
-
910
- function inline_validate_and_set_ga(){
911
- if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
912
- $nonce = sanitize_text_field($_POST['mo2f_inline_validate_ga_nonce']);
913
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
914
- $error = new WP_Error();
915
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
916
- return $error;
917
- } else {
918
- global $Mo2fdbQueries;
919
- $this->miniorange_pass2login_start_session();
920
- $otpToken = sanitize_text_field($_POST['google_auth_code']);
921
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
922
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
923
-
924
-
925
- $current_user = get_user_by('id',$user_id);
926
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
927
- $ga_secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
928
-
929
- $mo2fa_login_message = '';
930
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
931
- if(MO2f_Utility::mo2f_check_number_length($otpToken)){
932
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
933
- $google_auth = new Miniorange_Rba_Attributes();
934
- $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
935
- if(json_last_error() == JSON_ERROR_NONE) {
936
- if($google_response['status'] == 'SUCCESS'){
937
- $response = $google_response;
938
- if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
939
- if($response['status'] == 'SUCCESS'){
940
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
941
- 'mo2f_GoogleAuthenticator_config_status' => true,
942
- 'mo2f_configured_2FA_method' => 'Google Authenticator',
943
- 'mo2f_AuthyAuthenticator_config_status' => false,
944
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
945
- ) );
946
-
947
- if(MO2F_IS_ONPREM){
948
- update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
949
- $gauth_obj= new Google_auth_onpremise();
950
- $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
951
- }
952
- update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
953
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
954
-
955
- //When user sets method of another admin from USers section.
956
- if(!empty(get_user_meta($current_user->ID,'mo2fa_set_Authy_inline'))){
957
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
958
- 'mo2f_GoogleAuthenticator_config_status' => false,
959
- 'mo2f_AuthyAuthenticator_config_status' => true,
960
- 'mo2f_configured_2FA_method' => "Authy Authenticator",
961
- 'user_registration_with_miniorange' => 'SUCCESS',
962
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
963
- ) );
964
- update_user_meta( $current_user->ID, 'mo2f_external_app_type', "Authy Authenticator" );
965
- delete_user_meta($current_user->ID ,'mo2fa_set_Authy_inline');
966
- }
967
- }else{
968
- $mo2fa_login_message = __('An error occured while setting up Google/Authy Authenticator. Please Try again.','miniorange-2-factor-authentication');
969
- }
970
- }else{
971
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
972
- }
973
- }else{
974
- $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
975
- }
976
- }else{
977
- $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
978
- }
979
- }else{
980
- $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
981
- }
982
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
983
- }
984
- }
985
- }
986
-
987
- function back_to_select_2fa(){
988
- if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
989
- $nonce = sanitize_text_field($_POST['miniorange_inline_two_factor_setup']);
990
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
991
- $error = new WP_Error();
992
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
993
- return $error;
994
- } else {
995
- global $Mo2fdbQueries;
996
- $this->miniorange_pass2login_start_session();
997
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
998
-
999
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1000
-
1001
-
1002
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1003
- $current_user = get_user_by('id',$user_id);
1004
- $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
1005
- $mo2fa_login_message = '';
1006
- $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1007
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
1008
- }
1009
- }
1010
- }
1011
-
1012
- function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
1013
- {
1014
- $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
1015
- if(isset($tempEmail) and $tempEmail != '')
1016
- $email = $tempEmail;
1017
- global $Mo2fdbQueries;
1018
-
1019
- $enduser = new Two_Factor_Setup();
1020
- if($current_user_id == get_option('mo2f_miniorange_admin'))
1021
- $email = get_option('mo2f_email');
1022
-
1023
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
1024
-
1025
- if(json_last_error() == JSON_ERROR_NONE){
1026
-
1027
-
1028
-
1029
- if($check_user['status'] == 'ERROR'){
1030
- return $check_user;
1031
-
1032
- }
1033
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
1034
-
1035
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
1036
- 'user_registration_with_miniorange' =>'SUCCESS',
1037
- 'mo2f_user_email' =>$email,
1038
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
1039
- ) );
1040
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
1041
-
1042
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1043
- return $check_user;
1044
- }
1045
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
1046
- $current_user = get_user_by('id',$current_user_id);
1047
- $content = json_decode($enduser->mo_create_user($current_user,$email), true);
1048
-
1049
- if(json_last_error() == JSON_ERROR_NONE) {
1050
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
1051
- update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
1052
- $Mo2fdbQueries->update_user_details( $current_user_id, array(
1053
- 'user_registration_with_miniorange' =>'SUCCESS',
1054
- 'mo2f_user_email' =>$email,
1055
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
1056
- ) );
1057
-
1058
- $mo2fa_login_message = '';
1059
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1060
- return $check_user;
1061
- }else{
1062
- $check_user['status']='ERROR';
1063
- $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
1064
- return $check_user;
1065
- }
1066
- }
1067
-
1068
-
1069
- }
1070
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
1071
- $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
1072
- $check_user['status']='ERROR';
1073
- $check_user['message']=$mo2fa_login_message;
1074
- return $check_user;
1075
- }
1076
-
1077
- }
1078
-
1079
- }
1080
- function mo2f_skip_2fa_setup()
1081
- {
1082
- if(isset($_POST['miniorange_skip_2fa_nonce'])){
1083
- $nonce = sanitize_text_field($_POST['miniorange_skip_2fa_nonce']);
1084
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
1085
- $error = new WP_Error();
1086
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
1087
- return $error;
1088
- }
1089
- else{
1090
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1091
- global $Mo2fdbQueries;
1092
- $redirect_to = esc_url_raw($_POST['redirect_to']);
1093
- $session_id_encrypt = sanitize_text_field($session_id_encrypt);
1094
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1095
-
1096
-
1097
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
1098
-
1099
- $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1100
- }
1101
- }
1102
- }
1103
-
1104
- function save_inline_2fa_method(){
1105
- if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
1106
- $nonce = sanitize_text_field($_POST['miniorange_inline_save_2factor_method_nonce']);
1107
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
1108
- $error = new WP_Error();
1109
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
1110
- return $error;
1111
- } else {
1112
-
1113
-
1114
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1115
- global $Mo2fdbQueries;
1116
- $this->miniorange_pass2login_start_session();
1117
- $mo2fa_login_message = '';
1118
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1119
-
1120
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1121
-
1122
-
1123
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1124
- $current_user = get_user_by('id',$user_id);
1125
- $currentUserId = $current_user->ID;
1126
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
1127
- $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
1128
- if($user_registration_with_miniorange == 'SUCCESS'){
1129
- $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? sanitize_text_field($_POST['mo2f_selected_2factor_method']) : 'NONE';
1130
-
1131
- if($selected_method == 'OUT OF BAND EMAIL'){
1132
- if(!MO2F_IS_ONPREM)
1133
- {
1134
- $current_user = get_userdata($currentUserId);
1135
- $email = $current_user->user_email;
1136
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1137
-
1138
- if($response['status']=='ERROR') {
1139
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1140
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
1141
- }
1142
- else
1143
- {
1144
- $enduser = new Two_Factor_Setup();
1145
-
1146
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
1147
- 'mo2f_email_verification_status' =>true,
1148
- 'mo2f_configured_2FA_method' =>'Email Verification',
1149
- 'mo2f_user_email' => $email
1150
- ) );
1151
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1152
- }
1153
- }
1154
- else
1155
- {
1156
- $enduser = new Two_Factor_Setup();
1157
-
1158
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
1159
- 'mo2f_email_verification_status' =>true,
1160
- 'mo2f_configured_2FA_method' =>'Email Verification',
1161
- 'mo2f_user_email' => $email
1162
- ) );
1163
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1164
- }
1165
- }
1166
- else if($selected_method == 'OTP OVER EMAIL'){
1167
- $email = $current_user->user_email;
1168
- if(!MO2F_IS_ONPREM)
1169
- {
1170
- $current_user = get_userdata($currentUserId);
1171
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1172
- if($response['status']=='ERROR') {
1173
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1174
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
1175
- }
1176
- else
1177
- {
1178
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
1179
- if($user_email != '' and !is_null($user_email))
1180
- $email = $user_email;
1181
- $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
1182
-
1183
- }
1184
- }
1185
- else
1186
- {
1187
- $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
1188
- }
1189
- }else if($selected_method == "GOOGLE AUTHENTICATOR"){
1190
- $this->miniorange_pass2login_start_session();
1191
- $mo2fa_login_message = '';
1192
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1193
- $google_auth = new Miniorange_Rba_Attributes();
1194
-
1195
- $gauth_name= get_site_option('mo2f_google_appname');
1196
- $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
1197
-
1198
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
1199
-
1200
- if ( MO2F_IS_ONPREM ) { //this should not be here
1201
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1202
- 'mo2f_configured_2FA_method' =>$selected_method,
1203
- ) );
1204
- include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
1205
- $gauth_obj = new Google_auth_onpremise();
1206
-
1207
- $onpremise_secret = $gauth_obj->createSecret();
1208
- $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
1209
- $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
1210
- $mo2f_google_auth = array();
1211
- $mo2f_google_auth['ga_qrCode'] = $url;
1212
- $mo2f_google_auth['ga_secret'] = $onpremise_secret;
1213
-
1214
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $onpremise_secret);
1215
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'ga_qrCode', $url);
1216
-
1217
- }else{
1218
- $current_user = get_userdata($currentUserId);
1219
- $email = $current_user->user_email;
1220
- $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
1221
-
1222
- if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
1223
- {
1224
- $email = $tempemail;
1225
- }
1226
-
1227
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1228
- if($response['status']=='ERROR') {
1229
- $mo2fa_login_message=$response['message'];
1230
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1231
-
1232
- }else{
1233
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1234
- 'mo2f_configured_2FA_method' =>$selected_method,
1235
- ) );
1236
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
1237
- if ( json_last_error() == JSON_ERROR_NONE ) {
1238
- if ( $google_response['status'] == 'SUCCESS' ) {
1239
-
1240
- $mo2f_google_auth = array();
1241
- $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
1242
- $mo2f_google_auth['ga_secret'] = $google_response['secret'];
1243
-
1244
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $mo2f_google_auth['ga_secret']);
1245
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
1246
-
1247
- } else {
1248
- $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
1249
- }
1250
- }
1251
- }
1252
- }
1253
-
1254
-
1255
- }else if($selected_method == "DUO PUSH NOTIFICATIONS"){
1256
- $this->miniorange_pass2login_start_session();
1257
- $mo2fa_login_message = '';
1258
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1259
-
1260
- $selected_method = "Duo Authenticator";
1261
-
1262
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1263
- 'mo2f_configured_2FA_method' =>$selected_method
1264
- ) );
1265
-
1266
-
1267
-
1268
-
1269
- }
1270
- else{
1271
- //inline for others
1272
- if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
1273
- {
1274
- $current_user = get_userdata($currentUserId);
1275
- $email = $current_user->user_email;
1276
- $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1277
- if(!is_null($response) && $response['status']=='ERROR') {
1278
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1279
- $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
1280
- }
1281
- else {
1282
- if($selected_method == 'OTP OVER TELEGRAM')
1283
- {
1284
- $selected_method = 'OTP Over Telegram';
1285
- }
1286
- $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
1287
- }
1288
- }else{
1289
- if($selected_method == 'OTP OVER TELEGRAM')
1290
- {
1291
- $selected_method = 'OTP Over Telegram';
1292
- }
1293
- $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1294
- 'mo2f_configured_2FA_method' =>$selected_method,
1295
- ) );
1296
- }
1297
- }
1298
- }else{
1299
- $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
1300
- }
1301
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
1302
- }
1303
- }
1304
- }
1305
-
1306
- function check_kba_validation($POSTED){
1307
- global $moWpnsUtility;
1308
- if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
1309
- $nonce = $POSTED['miniorange_kba_nonce'];
1310
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
1311
- $error = new WP_Error();
1312
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1313
- return $error;
1314
- }else{
1315
- $this->miniorange_pass2login_start_session();
1316
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1317
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1318
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1319
- if ( isset( $user_id ) ) {
1320
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_2'] ) ) {
1321
- MO2f_Utility::mo2f_debug_file('Please provide both the answers of KBA'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1322
- $mo2fa_login_message = 'Please provide both the answers.';
1323
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1324
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1325
- }
1326
- $otpToken = array();
1327
- $kba_questions = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo_2_factor_kba_questions' );
1328
- $otpToken[0] = $kba_questions[0]['question'];
1329
- $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
1330
- $otpToken[2] = $kba_questions[1]['question'];
1331
- $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
1332
- $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
1333
- //if the php session folder has insufficient permissions, cookies to be used
1334
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1335
- MO2f_Utility::mo2f_debug_file('Transaction Id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1336
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
1337
- $kba_validate = new Customer_Setup();
1338
- $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1339
- global $Mo2fdbQueries;
1340
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1341
- if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
1342
- if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
1343
- try {
1344
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
1345
- } catch ( Exception $e ) {
1346
- echo esc_html($e->getMessage());
1347
- }
1348
- MO2f_Utility::mo2f_debug_file('Remeber device logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1349
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1350
- } else {
1351
- MO2f_Utility::mo2f_debug_file('Logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1352
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1353
- }
1354
- } else {
1355
- MO2f_Utility::mo2f_debug_file('The answers you have provided for KBA are incorrect'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1356
- $mo2fa_login_message = 'The answers you have provided are incorrect.';
1357
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1358
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
1359
- }
1360
- } else {
1361
- MO2f_Utility::mo2f_debug_file('User id not found'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1362
- $this->remove_current_activity($session_id_encrypt);
1363
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1364
- }
1365
- }
1366
- }
1367
- }
1368
- function check_rba_cancalation($POSTED){
1369
- $nonce = sanitize_text_field($POSTED['mo2f_trust_device_cancel_nonce']);
1370
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
1371
- $error = new WP_Error();
1372
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1373
- return $error;
1374
- } else {
1375
- $this->miniorange_pass2login_start_session();
1376
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1377
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1378
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1379
- }
1380
- }
1381
- function check_rba_validation($POSTED){
1382
- $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
1383
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
1384
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id'] ): null;
1385
- $this->remove_current_activity($session_id_encrypt);
1386
- $error = new WP_Error();
1387
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
1388
- return $error;
1389
- } else {
1390
- $this->miniorange_pass2login_start_session();
1391
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1392
- try {
1393
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1394
- Global $Mo2fdbQueries;
1395
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1396
- $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
1397
- mo2f_register_profile( $email, 'true', $mo2f_rba_status );
1398
- } catch ( Exception $e ) {
1399
- echo esc_html($e->getMessage());
1400
- }
1401
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1402
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1403
- }
1404
- }
1405
-
1406
- function miniorange2f_back_to_inline_registration($POSTED)
1407
- {
1408
- $nonce = sanitize_text_field($_POST['miniorange_back_inline_reg_nonce']);
1409
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
1410
- $error = new WP_Error();
1411
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1412
- return $error;
1413
- } else {
1414
-
1415
- $session_id_encrypt = sanitize_text_field($POSTED['session_id']);
1416
- $redirect_to = esc_url_raw($POSTED['redirect_to']);
1417
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1418
- $mo2fa_login_message = '';
1419
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
1420
- }
1421
-
1422
- }
1423
-
1424
- function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
1425
- $nonce = sanitize_text_field($_POST['miniorange_forgotphone']);
1426
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1427
- $error = new WP_Error();
1428
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1429
- return $error;
1430
- } else {
1431
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1432
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1433
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1434
- $mo2fa_login_message = '';
1435
- $this->miniorange_pass2login_start_session();
1436
- $customer = new Customer_Setup();
1437
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1438
- Global $Mo2fdbQueries;
1439
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1440
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1441
- if ( $kba_configuration_status ) {
1442
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1443
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1444
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1445
- } else {
1446
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1447
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1448
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1449
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1450
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1451
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1452
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1453
- //if the php session folder has insufficient permissions, cookies to be used
1454
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1455
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1456
- $this->mo2f_transactionid=$content['txId'];
1457
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1458
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1459
- } else {
1460
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1461
- }
1462
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1463
- }
1464
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1465
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1466
- }
1467
- }
1468
- function check_miniorange_alternate_login_kba($POSTED){
1469
- $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1470
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1471
- $error = new WP_Error();
1472
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1473
- return $error;
1474
- } else {
1475
- $this->miniorange_pass2login_start_session();
1476
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1477
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1478
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1479
- $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1480
- }
1481
- }
1482
-
1483
- function check_miniorange_duo_push_validation($POSTED){
1484
- global $moWpnsUtility;
1485
- $nonce = $POSTED['miniorange_duo_push_validation_nonce'];
1486
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-duo-validation-nonce' ) ) {
1487
- $error = new WP_Error();
1488
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1489
- return $error;
1490
- } else {
1491
- $this->miniorange_pass2login_start_session();
1492
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1493
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1494
-
1495
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1496
- if ( get_option( 'mo2f_remember_device' ) ) {
1497
-
1498
- MO2f_Utility::mo2f_debug_file('Remember device- Duo push notification logged in successfully'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1499
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1500
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1501
- } else {
1502
- MO2f_Utility::mo2f_debug_file('Duo push notification - Logged in successfully'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1503
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1504
- }
1505
-
1506
- }
1507
- }
1508
-
1509
- function check_miniorange_duo_push_validation_failed($POSTED){
1510
- global $moWpnsUtility;
1511
- $nonce = $POSTED['miniorange_duo_push_validation_failed_nonce'];
1512
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-duo-push-validation-failed-nonce' ) ) {
1513
- $error = new WP_Error();
1514
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1515
- return $error;
1516
- } else {
1517
- MO2f_Utility::mo2f_debug_file('Denied duo push notification'.' User_IP-'.$moWpnsUtility->get_client_ip());
1518
- $this->miniorange_pass2login_start_session();
1519
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1520
- $this->remove_current_activity($session_id_encrypt);
1521
-
1522
- }
1523
-
1524
- }
1525
-
1526
- function check_miniorange_mobile_validation($POSTED){
1527
- /*check mobile validation */
1528
- global $moWpnsUtility;
1529
- $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1530
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1531
- $error = new WP_Error();
1532
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1533
- return $error;
1534
- } else {
1535
- if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1536
- {
1537
- $txid = $POSTED['TxidEmail'];
1538
- $status = get_option($txid);
1539
- if($status != '')
1540
- {
1541
- if($status != 1)
1542
- {
1543
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1544
- }
1545
- }
1546
- }
1547
- $this->miniorange_pass2login_start_session();
1548
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1549
- //if the php session folder has insufficient permissions, cookies to be used
1550
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1551
- MO2f_Utility::mo2f_debug_file('Transaction_id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip());
1552
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1553
- $checkMobileStatus = new Two_Factor_Setup();
1554
- $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1555
- $response = json_decode( $content, true );
1556
- if(MO2F_IS_ONPREM)
1557
- {
1558
- MO2f_Utility::mo2f_debug_file('MO QR-code/push notification auth logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip());
1559
- $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1560
- }
1561
- if ( json_last_error() == JSON_ERROR_NONE ) {
1562
- if ( $response['status'] == 'SUCCESS' ) {
1563
- if ( get_option( 'mo2f_remember_device' ) ) {
1564
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1565
- MO2f_Utility::mo2f_debug_file('Remember device flow prompted'.' User_IP-'.$moWpnsUtility->get_client_ip());
1566
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1567
- } else {
1568
- MO2f_Utility::mo2f_debug_file('MO QR-code/push notification auth logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip());
1569
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1570
- }
1571
- } else {
1572
- MO2f_Utility::mo2f_debug_file('Invalid_username'.' User_IP-'.$moWpnsUtility->get_client_ip());
1573
- $this->remove_current_activity($session_id_encrypt);
1574
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1575
- }
1576
- } else {
1577
- MO2f_Utility::mo2f_debug_file('Invalid_username'.' User_IP-'.$moWpnsUtility->get_client_ip());
1578
- $this->remove_current_activity($session_id_encrypt);
1579
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1580
- }
1581
- }
1582
- }
1583
- function check_miniorange_mobile_validation_failed($POSTED){
1584
- /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1585
- $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1586
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1587
- $error = new WP_Error();
1588
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1589
- return $error;
1590
- } else {
1591
- MO2f_Utility::mo2f_debug_file('MO QR-code/push notification auth denied.');
1592
- $this->miniorange_pass2login_start_session();
1593
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1594
- $this->remove_current_activity($session_id_encrypt);
1595
-
1596
- }
1597
- }
1598
-
1599
- function check_mo2f_duo_authenticator_success_form($POSTED){
1600
- if(isset($POSTED['mo2f_duo_authenticator_success_nonce'])){
1601
- $nonce = sanitize_text_field($POSTED['mo2f_duo_authenticator_success_nonce']);
1602
- if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-success-nonce' ) ) {
1603
- $error = new WP_Error();
1604
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
1605
- return $error;
1606
- } else {
1607
-
1608
- global $Mo2fdbQueries;
1609
- $this->miniorange_pass2login_start_session();
1610
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1611
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1612
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1613
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1614
- $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
1615
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
1616
- $mo2fa_login_message = '';
1617
-
1618
-
1619
- delete_user_meta($user_id,'user_not_enroll');
1620
- delete_site_option('current_user_email');
1621
- $Mo2fdbQueries->update_user_details( $user_id, array(
1622
- 'mobile_registration_status' =>true,
1623
- 'mo2f_DuoAuthenticator_config_status' => true,
1624
- 'mo2f_configured_2FA_method' =>$selected_2factor_method ,
1625
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
1626
- ) );
1627
- $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1628
-
1629
-
1630
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
1631
-
1632
- }
1633
- }
1634
- }
1635
- function check_inline_mo2f_duo_authenticator_error($POSTED){
1636
- $nonce = $POSTED['mo2f_inline_duo_authentcator_error_nonce'];
1637
-
1638
- if ( ! wp_verify_nonce( $nonce, 'mo2f-inline-duo-authenticator-error-nonce' ) ) {
1639
- $error = new WP_Error();
1640
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1641
-
1642
- return $error;
1643
- } else {
1644
- global $Mo2fdbQueries;
1645
- $this->miniorange_pass2login_start_session();
1646
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1647
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1648
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1649
-
1650
-
1651
-
1652
- $Mo2fdbQueries->update_user_details( $user_id, array(
1653
- 'mobile_registration_status' =>false,
1654
- ) );
1655
-
1656
- }
1657
- }
1658
- function check_miniorange_forgotphone($POSTED){
1659
- $nonce = $POSTED['miniorange_forgotphone'];
1660
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1661
- $error = new WP_Error();
1662
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1663
- return $error;
1664
- } else {
1665
- global $Mo2fdbQueries;
1666
- $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1667
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1668
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1669
- $mo2fa_login_message = '';
1670
- $this->miniorange_pass2login_start_session();
1671
- $customer = new Customer_Setup();
1672
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1673
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1674
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1675
- if ( $kba_configuration_status ) {
1676
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1677
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1678
- $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1679
- } else {
1680
- $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1681
- $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1682
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1683
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1684
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1685
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1686
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1687
- //if the php session folder has insufficient permissions, cookies to be used
1688
- MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1689
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1690
- $this->mo2f_transactionid=$content['txId'];
1691
- $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1692
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1693
- } else {
1694
- $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1695
- }
1696
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1697
- }
1698
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
1699
- $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1700
- }
1701
- }
1702
- function check_miniorange_softtoken($POSTED){
1703
- /*Click on the link of phone is offline */
1704
- $nonce = $POSTED['miniorange_softtoken'];
1705
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1706
- $error = new WP_Error();
1707
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1708
- return $error;
1709
- } else {
1710
- $this->miniorange_pass2login_start_session();
1711
- $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1712
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1713
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
1714
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1715
- MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1716
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1717
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1718
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1719
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1720
- }
1721
- }
1722
- function check_miniorange_soft_token($POSTED){
1723
- /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1724
- global $moWpnsUtility;
1725
- $nonce = sanitize_text_field($_POST['miniorange_soft_token_nonce']);
1726
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1727
- $error = new WP_Error();
1728
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1729
- return $error;
1730
- }else {
1731
- $this->miniorange_pass2login_start_session();
1732
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1733
- $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1734
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1735
- $softtoken = '';
1736
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1737
- $attempts = get_option('mo2f_attempts_before_redirect', 3);
1738
- if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1739
- if($attempts>1 || $attempts=='disabled')
1740
- {
1741
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1742
- $mo2fa_login_message = 'Please enter OTP to proceed.';
1743
- MO2f_Utility::mo2f_debug_file('Please enter OTP to proceed'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1744
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1745
- }else{
1746
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1747
- $this->remove_current_activity($session_id_encrypt);
1748
- MO2f_Utility::mo2f_debug_file('Number of attempts exceeded'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1749
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1750
- }
1751
- } else {
1752
- $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1753
- if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1754
- if($attempts>1|| $attempts=='disabled')
1755
- {
1756
- update_option('mo2f_attempts_before_redirect', $attempts-1 );
1757
- $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1758
- MO2f_Utility::mo2f_debug_file('Invalid OTP. Only digits within range 4-8 are allowed'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1759
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1760
- }else{
1761
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1762
- $this->remove_current_activity($session_id_encrypt);
1763
- update_option('mo2f_attempts_before_redirect', 3);
1764
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1765
- $data = array('reload' => "reload", );
1766
- wp_send_json_success($data);
1767
- }
1768
- else{
1769
- MO2f_Utility::mo2f_debug_file('Number of attempts exceeded'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1770
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1771
- }
1772
- }
1773
- }
1774
- }
1775
-
1776
- global $Mo2fdbQueries;
1777
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1778
- if ( isset( $user_id ) ) {
1779
- $customer = new Customer_Setup();
1780
- $content = '';
1781
- $current_user = get_userdata($user_id);
1782
- //if the php session folder has insufficient permissions, cookies to be used
1783
- $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1784
- $mo2f_login_transaction_id = isset($_POST['mo2fa_transaction_id'])?sanitize_text_field($_POST['mo2fa_transaction_id']):MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1785
- MO2f_Utility::mo2f_debug_file('Transaction_id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1786
- if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1787
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1788
- }elseif (isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_WHATSAPP' ) {
1789
-
1790
- $otpToken = get_user_meta($current_user->ID,'mo2f_otp_token_wa',true);
1791
- $time = get_user_meta($current_user->ID,'mo2f_whatsapp_time',true);
1792
- $accepted_time = time()-600;
1793
- $time = (int)$time;
1794
- global $Mo2fdbQueries;
1795
-
1796
- if($softtoken == $otpToken)
1797
- {
1798
- if($accepted_time<$time){
1799
- update_option('mo2f_attempts_before_redirect', 3);
1800
- if ( get_option( 'mo2f_remember_device' ) ) {
1801
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1802
- MO2f_Utility::mo2f_debug_file('Remeber device setup'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1803
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1804
- }
1805
- else{
1806
-
1807
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1808
- }
1809
- }
1810
- else
1811
- {
1812
- $this->remove_current_activity($session_id_encrypt);
1813
-
1814
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: OTP has been Expired please reinitiate another transaction.' ) );
1815
-
1816
- }
1817
- }
1818
- else
1819
- {
1820
-
1821
- update_option('mo2f_attempts_before_redirect', $attempts-1);
1822
- $message = 'Invalid OTP please enter again.';
1823
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1824
-
1825
- }
1826
- }
1827
- elseif (isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM' ) {
1828
-
1829
- $otpToken = get_user_meta($current_user->ID,'mo2f_otp_token',true);
1830
- $time = get_user_meta($current_user->ID,'mo2f_telegram_time',true);
1831
- $accepted_time = time()-300;
1832
- $time = (int)$time;
1833
- global $Mo2fdbQueries;
1834
-
1835
- if($softtoken == $otpToken)
1836
- {
1837
- if($accepted_time<$time){
1838
- update_option('mo2f_attempts_before_redirect', 3);
1839
- if ( get_option( 'mo2f_remember_device' ) ) {
1840
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1841
- MO2f_Utility::mo2f_debug_file('Remember device flow'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1842
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1843
- }
1844
- else{
1845
- MO2f_Utility::mo2f_debug_file('OTP over Telegram - Logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1846
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1847
- }
1848
- }
1849
- else
1850
- {
1851
- $this->remove_current_activity($session_id_encrypt);
1852
- MO2f_Utility::mo2f_debug_file('OTP has been Expired please reinitiate another transaction'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1853
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: OTP has been Expired please reinitiate another transaction.' ) );
1854
-
1855
- }
1856
- }
1857
- else
1858
- {
1859
- if($attempts<=1){
1860
- $this->remove_current_activity($session_id_encrypt);
1861
- update_option('mo2f_attempts_before_redirect', 3);
1862
- return new WP_Error( 'attempts failed try again ', __( '<strong>ERROR</strong>: maximum attempts.' ) );
1863
- }
1864
- MO2f_Utility::mo2f_debug_file('OTP over Telegram - Invalid OTP'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1865
- update_option('mo2f_attempts_before_redirect', $attempts-1);
1866
- $message = 'Invalid OTP please enter again.';
1867
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1868
-
1869
- }
1870
- }
1871
- else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1872
- $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1873
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1874
- $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1875
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1876
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1877
- } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1878
- $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1879
- } else {
1880
- $this->remove_current_activity($session_id_encrypt);
1881
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1882
- }
1883
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1884
- update_option('mo2f_attempts_before_redirect', 3);
1885
- if ( get_option( 'mo2f_remember_device' ) ) {
1886
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1887
- MO2f_Utility::mo2f_debug_file('Remember device flow'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1888
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1889
- } else {
1890
- if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1891
- {
1892
- $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS', 'mo2f_OTPOverEmail_config_status' => 1) );
1893
- $enduser = new Two_Factor_Setup();
1894
-
1895
- $enduser->mo2f_update_userinfo( $user_email, 'OTP Over Email', null, null, null );
1896
-
1897
- }
1898
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' Logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1899
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1900
- }
1901
- } else {
1902
- if($attempts>1 || $attempts=='disabled')
1903
- {
1904
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' Enter wrong OTP'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1905
- update_option('mo2f_attempts_before_redirect', $attempts-1);
1906
- $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1907
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1908
- }else{
1909
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1910
- $this->remove_current_activity($session_id_encrypt);
1911
- update_option('mo2f_attempts_before_redirect', 3);
1912
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1913
- $data = array('reload' => "reload", );
1914
- wp_send_json_success($data);
1915
- }
1916
- else{
1917
- MO2f_Utility::mo2f_debug_file('Number of attempts exceeded'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1918
- return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1919
- }
1920
-
1921
- }
1922
- }
1923
- } else {
1924
- $this->remove_current_activity($session_id_encrypt);
1925
- MO2f_Utility::mo2f_debug_file('User id not found'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1926
- return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1927
- }
1928
- }
1929
- }
1930
- function check_miniorange_attribute_collection($POSTED){
1931
- $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1932
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1933
- $error = new WP_Error();
1934
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1935
- return $error;
1936
- } else {
1937
- $this->miniorange_pass2login_start_session();
1938
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1939
- $currentuser = get_user_by( 'id', $user_id );
1940
- $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1941
- $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1942
- $session_id = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1943
- $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1944
- }
1945
- }
1946
- function check_miniorange_inline_skip_registration($POSTED){
1947
- $error = new WP_Error();
1948
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1949
- }
1950
- function miniorange_pass2login_redirect() {
1951
- do_action('mo2f_network_init');
1952
- global $Mo2fdbQueries;
1953
-
1954
- if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
1955
- if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1956
- $nonce = sanitize_text_field($_POST['miniorange_login_nonce']);
1957
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1958
-
1959
- if(is_null($session_id)) {
1960
- $session_id=$this->create_session();
1961
- }
1962
-
1963
-
1964
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1965
- $this->remove_current_activity($session_id);
1966
- $error = new WP_Error();
1967
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1968
- return $error;
1969
- } else {
1970
- $this->miniorange_pass2login_start_session();
1971
- $mobile_login = new Miniorange_Mobile_Login();
1972
- //validation and sanitization
1973
- $username = isset( $_POST['mo2fa_username'] ) ? sanitize_user($_POST['mo2fa_username']) : '';
1974
- if ( MO2f_Utility::mo2f_check_empty_or_null( $username ) ) {
1975
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1976
- $mobile_login->mo_auth_show_error_message();
1977
- return;
1978
- } else {
1979
- $username = sanitize_user( $_POST['mo2fa_username'] );
1980
- }
1981
- if ( username_exists( $username ) ) { /*if username exists in wp site */
1982
- $user = new WP_User( $username );
1983
- $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
1984
-
1985
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_current_user_id', $user->ID, 600);
1986
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 600);
1987
-
1988
-
1989
- $this->mo2f_userId=$user->ID;
1990
- $this->fstfactor='VALIDATE_SUCCESS';
1991
- $current_roles = miniorange_get_user_role( $user );
1992
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1993
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1994
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1995
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1996
-
1997
- if(MO2F_IS_ONPREM )
1998
- {
1999
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
2000
-
2001
- }
2002
- if ( $mo2f_configured_2FA_method ) {
2003
- if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
2004
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2005
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
2006
- } else {
2007
- $mo2f_second_factor = '';
2008
-
2009
- if(MO2F_IS_ONPREM)
2010
- {
2011
- global $Mo2fdbQueries;
2012
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2013
- if($mo2f_second_factor == 'Security Questions')
2014
- {
2015
- $mo2f_second_factor = 'KBA';
2016
- }
2017
- else if($mo2f_second_factor == 'Google Authenticator')
2018
- {
2019
- $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2020
- }
2021
- else if($mo2f_second_factor == 'Email Verification'){
2022
- $mo2f_second_factor = 'Email Verification';
2023
- }
2024
- else if($mo2f_second_factor == 'OTP Over SMS'){
2025
- $mo2f_second_factor = 'SMS';
2026
- }
2027
- else if($mo2f_second_factor == 'OTP Over Email'){
2028
- $mo2f_second_factor = 'EMAIL';
2029
- }
2030
- elseif($mo2f_second_factor == 'miniOrange Soft Token'){
2031
- $mo2f_second_factor = "SOFT TOKEN";
2032
- }
2033
- else if($mo2f_second_factor == "miniOrange Push Notification"){
2034
- $mo2f_second_factor = "PUSH NOTIFICATIONS";
2035
- }
2036
- else if($mo2f_second_factor == "miniOrange QR Code Authentication"){
2037
- $mo2f_second_factor = "MOBILE AUTHENTICATION";
2038
- }
2039
- }else{
2040
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
2041
- }
2042
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2043
- $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
2044
- } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
2045
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
2046
- }
2047
- else if($mo2f_second_factor == 'Email Verification'){
2048
- $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
2049
- }
2050
- else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'OTP Over Telegram'|| $mo2f_second_factor == 'EMAIL' || $mo2f_second_factor == "OTP Over Email") {
2051
- $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
2052
- } else if ( $mo2f_second_factor == 'KBA' ) {
2053
- $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
2054
- } else {
2055
- $this->remove_current_activity($session_id);
2056
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
2057
- $mobile_login->mo_auth_show_success_message();
2058
- }
2059
- }
2060
- } else {
2061
- MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
2062
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
2063
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
2064
- $mobile_login->mo2f_redirectto_wp_login();
2065
- }
2066
- } else {
2067
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
2068
- $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
2069
- update_user_meta($user->ID,'userMessage','Please login into your account using password.');
2070
- $mobile_login->mo2f_redirectto_wp_login();
2071
- }
2072
- } else {
2073
- $mobile_login->remove_current_activity($session_id);
2074
- MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
2075
- $mobile_login->mo_auth_show_error_message('Invalid Username.');
2076
- }
2077
- }
2078
- }
2079
-
2080
- }
2081
- if(isset($_GET['reconfigureMethod']) && is_user_logged_in()){
2082
- $userIDGet = get_current_user_id();
2083
- $txidGet = isset($_GET['transactionId'])?sanitize_text_field($_GET['transactionId']):'';
2084
- $methodGet = isset($_GET['reconfigureMethod'])?sanitize_text_field($_GET['reconfigureMethod']):'';
2085
- if(get_site_option($txidGet) === $userIDGet && ctype_xdigit($txidGet) && ctype_xdigit($methodGet)){
2086
- $method = get_site_option($methodGet);
2087
- $Mo2fdbQueries->update_user_details( $userIDGet, array(
2088
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS',
2089
- 'mo2f_configured_2FA_method' => $method
2090
- ) );
2091
- $is_Authy_configured = $Mo2fdbQueries->get_user_detail('mo2f_AuthyAuthenticator_config_status',$userIDGet);
2092
- if($method == 'Google Authenticator' || $is_Authy_configured){
2093
- update_user_meta($userIDGet,'mo2fa_set_Authy_inline',true);
2094
- }
2095
- delete_site_option($txidGet);
2096
- }else{
2097
- $head = "You are not authorized to perform this action";
2098
- $body = "Please contact to your admin";
2099
- $this->display_email_verification($head,$body,'red');
2100
- exit();
2101
- }
2102
- }
2103
- if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
2104
- {
2105
- $userIDGet = sanitize_text_field($_GET['userID']);
2106
- $txIdGet = sanitize_text_field($_GET['Txid']);
2107
- $otpToken = get_site_option($userIDGet);
2108
- $txidstatus = get_site_option($txIdGet);
2109
- $userIDd = $userIDGet.'D';
2110
- $otpTokenD = get_site_option($userIDd);
2111
- $mo2f_dirName = dirname(__FILE__);
2112
- $mo2f_dirName = explode('wp-content', $mo2f_dirName);
2113
- $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
2114
-
2115
- $head = "You are not authorized to perform this action";
2116
- $body = "Please contact to your admin";
2117
- $color = "red";
2118
- if(3 == $txidstatus)
2119
- {
2120
- $time = "time".$txIdGet;
2121
- $currentTimeInMillis = round(microtime(true) * 1000);
2122
- $generatedTimeINMillis = get_site_option($time);
2123
- $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
2124
- if($difference <= 300)
2125
- {
2126
- $accessTokenGet = sanitize_text_field($_GET['accessToken']);
2127
- if( $accessTokenGet == $otpToken)
2128
- {
2129
- update_site_option($txIdGet,1);
2130
- $body = "Transaction has been successfully validated. Please continue with the transaction.";
2131
- $head = "TRANSACTION SUCCESSFUL";
2132
- $color = "green";
2133
- }
2134
- else if($accessTokenGet==$otpTokenD)
2135
- {
2136
- update_site_option($txIdGet,0);
2137
- $body = "Transaction has been Canceled. Please Try Again.";
2138
- $head = "TRANSACTION DENIED";
2139
- }
2140
- }
2141
- delete_site_option($userIDGet);
2142
- delete_site_option($userIDd);
2143
- delete_site_option($time);
2144
-
2145
- }
2146
-
2147
- $this->display_email_verification($head,$body,$color);
2148
- exit;
2149
-
2150
- }
2151
- elseif (isset($_POST['emailInlineCloud'])) {
2152
- $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
2153
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
2154
- $error = new WP_Error();
2155
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2156
- return $error;
2157
- } else {
2158
- $email = sanitize_text_field($_POST['emailInlineCloud']);
2159
- $current_user_id = sanitize_text_field($_POST['current_user_id']);
2160
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2161
- $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
2162
- if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
2163
- global $Mo2fdbQueries;
2164
- $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
2165
- prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','',$redirect_to,$session_id_encrypt,null);
2166
- }
2167
- }
2168
- }
2169
- else if(isset($_POST['txid']))
2170
- {
2171
- $txidpost = sanitize_text_field($_POST['txid']);
2172
- $status = get_site_option($txidpost);
2173
- update_option('optionVal1',$status); //??
2174
- if($status ==1 || $status ==0)
2175
- delete_site_option($txidpost);
2176
- echo esc_html($status);
2177
- exit();
2178
- }
2179
-
2180
-
2181
-
2182
- else{
2183
-
2184
- $value=isset($_POST['option'])?sanitize_text_field($_POST['option']):false;
2185
-
2186
- switch ($value) {
2187
- case 'miniorange_rba_validate':
2188
- $this->check_rba_validation($_POST);
2189
- break;
2190
- case 'miniorange_mfactor_method':
2191
- $current_userID= MO2f_Utility::mo2f_get_transient($_POST['session_id'], 'mo2f_current_user_id');
2192
- $currentuser = get_user_by('id',$current_userID);
2193
- $this->mo2fa_select_method($currentuser, sanitize_text_field($_POST['mo2f_selected_mfactor_method']), null,sanitize_text_field($_POST['session_id']), esc_url_raw($_POST['redirect_to']),null);
2194
- break;
2195
-
2196
- case 'miniorange_rba_cancle':
2197
-
2198
- $this->check_rba_cancalation($_POST);
2199
- break;
2200
-
2201
- case 'miniorange_forgotphone':
2202
- $this->check_miniorange_challenge_forgotphone($_POST);
2203
- break;
2204
-
2205
- case 'miniorange2f_back_to_inline_registration':
2206
- $this->miniorange2f_back_to_inline_registration($_POST);
2207
- exit;
2208
-
2209
- case 'miniorange_alternate_login_kba':
2210
-
2211
- $this->check_miniorange_alternate_login_kba($_POST);
2212
- break;
2213
-
2214
- case 'miniorange_kba_validate':
2215
- $this->check_kba_validation($_POST);
2216
-
2217
- break;
2218
-
2219
- case 'miniorange_mobile_validation':
2220
- $this->check_miniorange_mobile_validation($_POST);
2221
- break;
2222
-
2223
- case 'miniorange_duo_push_validation':
2224
- $this->check_miniorange_duo_push_validation($_POST);
2225
- break;
2226
-
2227
- case 'mo2f_inline_duo_authenticator_success_form':
2228
- $this->check_mo2f_duo_authenticator_success_form($_POST);
2229
- break;
2230
-
2231
- case 'mo2f_inline_duo_authenticator_error':
2232
- $this->check_inline_mo2f_duo_authenticator_error($_POST);
2233
- break;
2234
-
2235
- case 'miniorange_mobile_validation_failed':
2236
- $this->check_miniorange_mobile_validation_failed($_POST);
2237
- break;
2238
-
2239
- case 'miniorange_duo_push_validation_failed':
2240
- $this->check_miniorange_duo_push_validation_failed($_POST);
2241
- break;
2242
-
2243
- case 'miniorange_softtoken':
2244
- $this->check_miniorange_softtoken($_POST);
2245
-
2246
- break;
2247
-
2248
-
2249
- case 'miniorange_soft_token':
2250
-
2251
- $this->check_miniorange_soft_token($_POST);
2252
- break;
2253
-
2254
- case 'miniorange_inline_skip_registration':
2255
- $this->check_miniorange_inline_skip_registration($_POST);
2256
- break;
2257
-
2258
- case 'miniorange_attribute_collection':
2259
- $this->check_miniorange_attribute_collection($_POST);
2260
- break;
2261
-
2262
- case 'miniorange_inline_save_2factor_method':
2263
- $this->save_inline_2fa_method();
2264
- break;
2265
-
2266
- case 'mo2f_skip_2fa_setup':
2267
- $this->mo2f_skip_2fa_setup();
2268
- break;
2269
-
2270
- case 'miniorange_back_inline':
2271
- $this->back_to_select_2fa();
2272
- break;
2273
-
2274
- case 'miniorange_inline_ga_validate':
2275
- $this->inline_validate_and_set_ga();
2276
- break;
2277
-
2278
- case 'miniorange_inline_show_mobile_config':
2279
- $this->inline_mobile_configure();
2280
- break;
2281
-
2282
- case 'miniorange_inline_complete_mobile':
2283
- $this->mo2f_inline_validate_mobile_authentication();
2284
- break;
2285
- case 'miniorange_inline_duo_auth_mobile_complete':
2286
- $this->mo2f_inline_validate_duo_authentication();
2287
- break;
2288
- case 'duo_mobile_send_push_notification_for_inline_form':
2289
- $this->mo2f_duo_mobile_send_push_notification_for_inline_form();
2290
- break;
2291
- case 'mo2f_inline_kba_option':
2292
- $this->mo2f_inline_validate_kba();
2293
- break;
2294
-
2295
- case 'miniorange_inline_complete_otp_over_sms':
2296
- $this->mo2f_inline_send_otp();
2297
- break;
2298
-
2299
- case 'miniorange_inline_complete_otp':
2300
- $this->mo2f_inline_validate_otp();
2301
- break;
2302
-
2303
- case 'miniorange_inline_login':
2304
- $this->mo2f_inline_login();
2305
- break;
2306
- case 'miniorange_inline_register':
2307
- $this->mo2f_inline_register();
2308
- break;
2309
- case 'mo2f_users_backup1':
2310
- $this->mo2f_download_backup_codes_inline();
2311
- break;
2312
- case 'mo2f_goto_wp_dashboard':
2313
- $this->mo2f_goto_wp_dashboard();
2314
- break;
2315
- case 'miniorange_backup_nonce':
2316
- $this->mo2f_use_backup_codes($_POST);
2317
- break;
2318
- case 'miniorange_validate_backup_nonce':
2319
- $this->check_backup_codes_validation($_POST);
2320
- break;
2321
- case 'miniorange_create_backup_codes':
2322
- $this->mo2f_create_backup_codes();
2323
- break;
2324
- default:
2325
- $error = new WP_Error();
2326
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
2327
-
2328
- return $error;
2329
- break;
2330
-
2331
-
2332
- }
2333
- }
2334
- }
2335
-
2336
- function deniedMessage($message)
2337
- {
2338
- if(empty($message) && get_option("deniedMessage") )
2339
- {
2340
- delete_option('deniedMessage');
2341
- }
2342
- else
2343
- return $message;
2344
- }
2345
- function remove_current_activity($session_id) {
2346
- global $Mo2fdbQueries;
2347
- $session_variables = array(
2348
- 'mo2f_current_user_id',
2349
- 'mo2f_1stfactor_status',
2350
- 'mo_2factor_login_status',
2351
- 'mo2f-login-qrCode',
2352
- 'mo2f_transactionId',
2353
- 'mo2f_login_message',
2354
- 'mo2f_rba_status',
2355
- 'mo_2_factor_kba_questions',
2356
- 'mo2f_show_qr_code',
2357
- 'mo2f_google_auth',
2358
- 'mo2f_authy_keys'
2359
- );
2360
-
2361
- $cookie_variables = array(
2362
- 'mo2f_current_user_id',
2363
- 'mo2f_1stfactor_status',
2364
- 'mo_2factor_login_status',
2365
- 'mo2f-login-qrCode',
2366
- 'mo2f_transactionId',
2367
- 'mo2f_login_message',
2368
- 'mo2f_rba_status_status',
2369
- 'mo2f_rba_status_sessionUuid',
2370
- 'mo2f_rba_status_decision_flag',
2371
- 'kba_question1',
2372
- 'kba_question2',
2373
- 'mo2f_show_qr_code',
2374
- 'mo2f_google_auth',
2375
- 'mo2f_authy_keys'
2376
- );
2377
-
2378
- $temp_table_variables = array(
2379
- 'session_id',
2380
- 'mo2f_current_user_id',
2381
- 'mo2f_login_message',
2382
- 'mo2f_1stfactor_status',
2383
- 'mo2f_transactionId',
2384
- 'mo_2_factor_kba_questions',
2385
- 'mo2f_rba_status',
2386
- 'ts_created'
2387
- );
2388
-
2389
- MO2f_Utility::unset_session_variables( $session_variables );
2390
- MO2f_Utility::unset_cookie_variables( $cookie_variables );
2391
- $key = get_option( 'mo2f_encryption_key' );
2392
- $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
2393
- $Mo2fdbQueries->save_user_login_details( $session_id, array(
2394
-
2395
- 'mo2f_current_user_id' => '',
2396
- 'mo2f_login_message' => '',
2397
- 'mo2f_1stfactor_status' => '',
2398
- 'mo2f_transactionId' => '',
2399
- 'mo_2_factor_kba_questions' => '',
2400
- 'mo2f_rba_status' => '',
2401
- 'ts_created' => ''
2402
- ) );
2403
-
2404
-
2405
- }
2406
- function mo2f_ultimate_member_custom_login(){
2407
- echo '<div id="mo2f_um_validate_otp" class="um-field um-field-password um-field-user_password um-field-password um-field-type_password" data-key="user_password"><div class="um-field-label"><label for="mo2f_um_validate_otp">Two factor code*</label><div class="um-clear"></div></div><div class="um-field-area"><input class="um-form-field valid " type="text" name="mo2f_validate_otp_token" id="mo2f_um_validate_otp" value="" placeholder="" data-validate="" data-key="user_password">
2408
-
2409
- </div></div>';
2410
- }
2411
-
2412
- public function miniorange_pass2login_start_session() {
2413
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
2414
- $session_path = ini_get('session.save_path');
2415
- if( is_writable($session_path) && is_readable($session_path) ) {
2416
- if(session_status() != PHP_SESSION_DISABLED )
2417
- session_start();
2418
- }
2419
- }
2420
- }
2421
-
2422
- function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
2423
- global $Mo2fdbQueries,$LoginuserID;
2424
- $LoginuserID = $user_id;
2425
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
2426
- if(is_null($session_id)) {
2427
- $session_id=$this->create_session();
2428
- }
2429
- if(MO2F_IS_ONPREM){
2430
- $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
2431
- $challenge_questions = array_keys($question_answers);
2432
- $random_keys = array_rand($challenge_questions,2);
2433
- $challenge_ques1 = $challenge_questions[$random_keys[0]];
2434
- $challenge_ques2 = $challenge_questions[$random_keys[1]];
2435
- $questions[0] = array('question'=>addslashes($challenge_ques1));
2436
- $questions[1] = array('question'=>addslashes($challenge_ques2));
2437
- update_user_meta( $user_id, 'kba_questions_user', $questions );
2438
- $mo2fa_login_message = 'Please answer the following questions:';
2439
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
2440
- $mo2f_kbaquestions = $questions;
2441
- MO2f_Utility::mo2f_set_transient($session_id, 'mo_2_factor_kba_questions', $questions);
2442
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
2443
- }
2444
-
2445
- else{
2446
- $challengeKba = new Customer_Setup();
2447
- $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2448
- $response = json_decode( $content, true );
2449
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2450
- if ( $response['status'] == 'SUCCESS' ) {
2451
- MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
2452
- $this->mo2f_transactionid = $response['txId'];
2453
- $questions = array();
2454
- $questions[0] = $response['questions'][0];
2455
- $questions[1] = $response['questions'][1];
2456
- MO2f_Utility::mo2f_set_transient($session_id, 'mo_2_factor_kba_questions', $questions);
2457
- $this->mo2f_kbaquestions=$questions;
2458
- $mo2fa_login_message = 'Please answer the following questions:';
2459
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
2460
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
2461
- } else if ( $response['status'] == 'ERROR' ) {
2462
- $this->remove_current_activity($session_id);
2463
- $error = new WP_Error();
2464
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2465
-
2466
- return $error;
2467
- }
2468
- } else {
2469
- $this->remove_current_activity($session_id);
2470
- $error = new WP_Error();
2471
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2472
-
2473
- return $error;
2474
- }
2475
- }
2476
- }
2477
-
2478
- function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt=null,$show_back_button =null ,$mo2fa_transaction_id =false ) {
2479
-
2480
- $login_status = $mo2fa_login_status;
2481
- $login_message = $mo2fa_login_message;
2482
- switch ($login_status) {
2483
- case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
2484
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId' );
2485
- mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
2486
- exit;
2487
- break;
2488
- case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
2489
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2490
-
2491
-
2492
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2493
- exit;
2494
- break;
2495
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
2496
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2497
-
2498
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button ,$mo2fa_transaction_id );
2499
- exit;
2500
- break;
2501
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM':
2502
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2503
-
2504
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2505
- exit;
2506
- break;
2507
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_WHATSAPP':
2508
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2509
-
2510
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2511
- exit;
2512
- break;
2513
- case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
2514
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2515
-
2516
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2517
- exit;
2518
- break;
2519
- case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
2520
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2521
-
2522
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2523
- exit;
2524
- break;
2525
- case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
2526
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2527
-
2528
- mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2529
- exit;
2530
- break;
2531
- case 'MO_2_FACTOR_CHALLENGE_DUO_PUSH_NOTIFICATIONS':
2532
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2533
- mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id
2534
- );
2535
- exit;
2536
- break;
2537
-
2538
- case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
2539
- mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
2540
- exit;
2541
- break;
2542
-
2543
- case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
2544
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_transactionId' );
2545
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2546
-
2547
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
2548
- exit;
2549
- break;
2550
-
2551
- case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
2552
- $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId' );
2553
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2554
-
2555
- mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
2556
- exit;
2557
- break;
2558
-
2559
- case 'MO_2_FACTOR_RECONFIG_GOOGLE':
2560
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2561
-
2562
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
2563
- exit;
2564
- break;
2565
-
2566
- case 'MO_2_FACTOR_RECONFIG_KBA':
2567
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2568
-
2569
- $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
2570
- exit;
2571
- break;
2572
-
2573
- case 'MO_2_FACTOR_SETUP_SUCCESS':
2574
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2575
-
2576
- $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
2577
- break;
2578
-
2579
- case 'MO_2_FACTOR_GENERATE_BACKUP_CODES':
2580
- $current_user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
2581
-
2582
- mo2f_backup_codes_generate($current_user_id, $redirect_to, $session_id_encrypt);
2583
- exit;
2584
-
2585
- case 'MO_2_FACTOR_CHALLENGE_BACKUP':
2586
- mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt);
2587
- exit;
2588
-
2589
- case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
2590
-
2591
- if(MO2F_IS_ONPREM){
2592
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
2593
-
2594
- $ques = get_user_meta( $user_id, 'kba_questions_user');
2595
- mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
2596
- }
2597
- else{
2598
- $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo_2_factor_kba_questions');
2599
- mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
2600
- }
2601
- exit;
2602
- break;
2603
-
2604
- case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
2605
- mo2f_get_device_form( $redirect_to, $session_id_encrypt );
2606
- exit;
2607
- break;
2608
-
2609
- case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
2610
- $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
2611
-
2612
- prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
2613
- exit;
2614
- break;
2615
-
2616
- default:
2617
- $this->mo_2_factor_pass2login_show_wp_login_form();
2618
-
2619
- break;
2620
- }
2621
- }
2622
-
2623
- function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
2624
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
2625
- return true;
2626
- }
2627
-
2628
- return false;
2629
- }
2630
-
2631
- function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
2632
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
2633
- return true;
2634
- }
2635
-
2636
- return false;
2637
- }
2638
-
2639
- function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
2640
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
2641
- return true;
2642
- }
2643
-
2644
- return false;
2645
- }
2646
-
2647
- function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
2648
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
2649
- return true;
2650
- }
2651
-
2652
- return false;
2653
- }
2654
-
2655
- function miniorange_pass2login_reconfig_google( $login_status ) {
2656
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
2657
- return true;
2658
- }
2659
-
2660
- return false;
2661
- }
2662
-
2663
- function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
2664
-
2665
- do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
2666
-
2667
-
2668
- }
2669
-
2670
- function miniorange_pass2login_reconfig_kba( $login_status ) {
2671
- if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
2672
- return true;
2673
- }
2674
-
2675
- return false;
2676
- }
2677
-
2678
- function miniorange_pass2login_check_kba_status( $login_status ) {
2679
- if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
2680
- return true;
2681
- }
2682
-
2683
- return false;
2684
- }
2685
-
2686
- function miniorange_pass2login_check_trusted_device_status( $login_status ) {
2687
-
2688
- if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
2689
- return true;
2690
- }
2691
-
2692
- return false;
2693
- }
2694
-
2695
- function mo_2_factor_pass2login_woocommerce(){
2696
- ?>
2697
- <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
2698
- <?php
2699
- }
2700
- function mo_2_factor_pass2login_show_wp_login_form() {
2701
-
2702
- $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2703
- if(is_null($session_id_encrypt)) {
2704
- $session_id_encrypt=$this->create_session();
2705
- }
2706
- if(class_exists('Theme_My_Login'))
2707
- {
2708
- wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
2709
- wp_localize_script( 'tmlajax_script', 'my_ajax_object',
2710
- array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
2711
- }
2712
- if(class_exists('LoginWithAjax')){
2713
- wp_enqueue_script( 'login_with_ajax_script', plugins_url( 'includes/js/login_with_ajax.js', dirname(dirname(__FILE__))));
2714
- wp_localize_script( 'login_with_ajax_script', 'my_ajax_object',
2715
- array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
2716
- }
2717
- ?>
2718
- <p><input type="hidden" name="miniorange_login_nonce"
2719
- value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-nonce' )); ?>"/>
2720
-
2721
- <input type="hidden" id="sessid" name="session_id"
2722
- value="<?php echo esc_html($session_id_encrypt); ?>"/>
2723
-
2724
- </p>
2725
-
2726
- <?php
2727
- if ( get_option( 'mo2f_remember_device' ) ) {
2728
- ?>
2729
- <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
2730
- <?php
2731
- wp_enqueue_script( 'jquery');
2732
- wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
2733
- wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
2734
- wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
2735
- wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
2736
- wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
2737
- wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
2738
- wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
2739
- wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
2740
- }else{
2741
-
2742
-
2743
- if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option'))
2744
- {
2745
- echo "<p>";
2746
- echo '<div id="mo2f_backup_code_secton"><label title="'.__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator').'" for="mo2f_2fa_code">'.__('2 Factor Authentication code*','google-authenticator').'</label><span id="google-auth-info"></span><br/>';
2747
- echo '<input type="text" placeholder="No soft Token ? Skip" class="input" style="font-size:15px;margin:0px" name="mo_softtoken" id="mo2f_2fa_code" class="mo2f_2fa_code" style="ime-mode: inactive;" />';
2748
- echo '<p style="color:#2271b1;font-size:12px; margin-bottom:5px">* Skip the authentication code if it doesn\'t apply.</p></div>';
2749
- echo "</p>";
2750
- echo '<input type="checkbox" id="mo2f_use_backup_code" name="mo2f_use_backup_code" onclick="mo2f_handle_backup_codes(this);" value="mo2f_use_backup_code">
2751
- <label for="mo2f_use_backup_code"> Use Backup Codes</label><br><br>';
2752
- echo '<script>
2753
- function mo2f_handle_backup_codes(e){
2754
- if(e.checked)
2755
- document.querySelector("#mo2f_backup_code_secton").style.display="none";
2756
- else
2757
- document.querySelector("#mo2f_backup_code_secton").style.display="block";
2758
-
2759
- }
2760
-
2761
- </script>';
2762
-
2763
- }
2764
- }
2765
-
2766
- }
2767
-
2768
- function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
2769
- global $Mo2fdbQueries,$moWpnsUtility;
2770
- if (is_null($session_id_encrypt)){
2771
- $session_id_encrypt=$this->create_session();
2772
- }
2773
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2774
- $useragent = $_SERVER['HTTP_USER_AGENT'];
2775
- MO2f_Utility::mo2f_debug_file('Check user agent to check request from mobile device '.$useragent);
2776
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
2777
- $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
2778
-
2779
- MO2f_Utility::unset_session_variables( $session_cookie_variables );
2780
- MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
2781
- MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
2782
-
2783
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2784
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2785
- MO2f_Utility::mo2f_debug_file('Request from mobile device so promting soft token'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2786
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
2787
- } else {
2788
- $challengeMobile = new Customer_Setup();
2789
- $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2790
- $response = json_decode( $content, true );
2791
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2792
- if ( $response['status'] == 'SUCCESS' ) {
2793
- $qrCode = $response['qrCode'];
2794
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_transactionId', $response['txId']);
2795
-
2796
-
2797
- $this->mo2f_transactionid=$response['txId'];
2798
- $mo2fa_login_message = '';
2799
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
2800
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' Sent miniOrange QR code Authentication successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2801
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
2802
- } else if ( $response['status'] == 'ERROR' ) {
2803
- $this->remove_current_activity($session_id_encrypt);
2804
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' An error occured while processing your request'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2805
- $error = new WP_Error();
2806
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2807
-
2808
- return $error;
2809
- }
2810
- } else {
2811
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' An error occured while processing your request'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2812
- $this->remove_current_activity($session_id_encrypt);
2813
- $error = new WP_Error();
2814
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2815
-
2816
- return $error;
2817
- }
2818
- }
2819
-
2820
- }
2821
-
2822
- function mo2f_pass2login_duo_push_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt ){
2823
- global $Mo2fdbQueries;
2824
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
2825
- if (is_null($session_id_encrypt)){
2826
- $session_id_encrypt=$this->create_session();
2827
- }
2828
-
2829
- $mo2fa_login_message ='';
2830
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_DUO_PUSH_NOTIFICATIONS';
2831
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
2832
-
2833
- }
2834
-
2835
- function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2836
-
2837
- global $Mo2fdbQueries,$moWpnsUtility;
2838
- if(is_null($session_id)){
2839
- $session_id=$this->create_session();
2840
- }
2841
- $challengeMobile = new Customer_Setup();
2842
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2843
- if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2844
- MO2f_Utility::mo2f_debug_file('Push notification has sent successfully for '.$mo2f_second_factor.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2845
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2846
- $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2847
- $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2848
-
2849
- }else {
2850
- $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2851
- }
2852
- $response = json_decode( $content, true );
2853
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2854
- if ( $response['status'] == 'SUCCESS' ) {
2855
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
2856
- update_user_meta($current_user->ID,'mo2f_EV_txid',$response['txId']);
2857
-
2858
- MO2f_Utility::mo2f_debug_file('Push notification has sent successfully for '.$mo2f_second_factor.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2859
- $this->mo2f_transactionid=$response['txId'];
2860
-
2861
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2862
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2863
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2864
- } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2865
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
2866
- update_user_meta($current_user->ID,'mo2f_EV_txid',$response['txId']);
2867
-
2868
- MO2f_Utility::mo2f_debug_file('An error occured while sending push notification-'.$mo2f_second_factor.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2869
- $this->mo2f_transactionid=$response['txId'];
2870
- $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2871
- $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2872
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2873
- }
2874
- } else {
2875
- MO2f_Utility::mo2f_debug_file('An error occured while processing your request.'. 'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2876
- $this->remove_current_activity($session_id);
2877
- $error = new WP_Error();
2878
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2879
-
2880
- return $error;
2881
- }
2882
- }
2883
-
2884
- function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2885
- global $Mo2fdbQueries,$moWpnsUtility;
2886
-
2887
- if(is_null($session_id)){
2888
- $session_id=$this->create_session();
2889
- }
2890
- $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2891
- if($mo2f_second_factor == 'EMAIL')
2892
- {
2893
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2894
- $wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
2895
- if($wdewdeqdqq >get_site_option('EmailTransactionCurrent', 30) or get_site_option(base64_encode("limitReached")))
2896
- {
2897
- update_site_option(base64_encode("remainingOTP"),0);
2898
- }
2899
- }
2900
- else
2901
- $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2902
- if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2903
- $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2904
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2905
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2906
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2907
- } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2908
- $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2909
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2910
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2911
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2912
- } elseif ($mo2f_second_factor == 'OTP Over Telegram') {
2913
- $chatID = get_user_meta($user->ID,'mo2f_chat_id',true);
2914
- $otpToken = '';
2915
- for($i=1;$i<7;$i++)
2916
- {
2917
- $otpToken .= rand(0,9);
2918
- }
2919
-
2920
- update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
2921
- update_user_meta($user->ID,'mo2f_telegram_time',time());
2922
-
2923
- $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
2924
- $postdata = array( 'mo2f_otp_token' => $otpToken,
2925
- 'mo2f_chatid' => $chatID
2926
- );
2927
-
2928
- $args = array(
2929
- 'method' => 'POST',
2930
- 'timeout' => 10,
2931
- 'sslverify' => false,
2932
- 'headers' => array(),
2933
- 'body' => $postdata,
2934
- );
2935
-
2936
- $mo2f_api=new Mo2f_Api();
2937
- $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
2938
-
2939
- if($data == 'SUCCESS')
2940
- {
2941
- $mo2fa_login_message ='Please enter the one time passcode sent on your<b> Telegram</b> app.';
2942
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM';
2943
- MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2944
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2945
- }
2946
-
2947
- }
2948
- else {
2949
- $challengeMobile = new Customer_Setup();
2950
- $content = '';
2951
- $response = [];
2952
- $otpLIMiTE = 0;
2953
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
2954
- {
2955
- if($mo2f_second_factor == 'OTP Over SMS')
2956
- $mo2f_second_factor = 'SMS';
2957
- $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2958
- $response = json_decode( $content, true );
2959
-
2960
- }
2961
- else
2962
- {
2963
- MO2f_Utility::mo2f_debug_file('Error in sending OTP over Email or SMS.'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2964
- $response['status'] = 'FAILED';
2965
- $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2966
- $otpLIMiTE = 1;
2967
- }
2968
- if ( json_last_error() == JSON_ERROR_NONE ) {
2969
- if ( $response['status'] == 'SUCCESS' ) {
2970
- if($mo2f_second_factor == 'EMAIL')
2971
- {
2972
- MO2f_Utility::mo2f_debug_file(' OTP has been sent successfully over email.'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2973
- $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2974
- if($cmVtYWluaW5nT1RQ>0)
2975
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2976
- }
2977
- elseif($mo2f_second_factor == 'SMS')
2978
- {
2979
- MO2f_Utility::mo2f_debug_file(' OTP has been sent successfully over phone.'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2980
- $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
2981
- if($mo2f_sms>0)
2982
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
2983
- }
2984
- if(!isset($response['phoneDelivery']['contact']))
2985
- $response['phoneDelivery']['contact'] = '';
2986
- $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2987
- update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2988
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
2989
-
2990
-
2991
- $this->mo2f_transactionid=$response['txId'];
2992
- $mo2fa_login_message = $message;
2993
- $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2994
- if($mo2f_second_factor == 'EMAIL')
2995
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2996
- else
2997
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2998
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2999
- } else {
3000
-
3001
-
3002
- if($response['message'] == 'TEST FAILED.')
3003
- $response['message'] = 'There is an error in sending the OTP.';
3004
-
3005
- $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
3006
-
3007
- if($otpLIMiTE ==1)
3008
- $last_message = 'or contact miniOrange';
3009
-
3010
- else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
3011
- $last_message = 'Or check your SMTP Server and remaining transacions.';
3012
- else
3013
- {
3014
- $last_message = 'Or <a href="'.MoWpnsConstants::VIEW_TRANSACTIONS.'"> Check your remaining transacions </a>';
3015
- if($user->user_email === get_site_option('mo2f_email'))
3016
- $last_message = $last_message . 'or </br><a href="'.MoWpnsConstants::rechargeLink.'">Add SMS Transactions</a> to your account';
3017
- }
3018
- $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
3019
- if(!isset($response['txId']))
3020
- $response['txId'] = '';
3021
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
3022
-
3023
-
3024
- $this->mo2f_transactionid=$response['txId'];
3025
- $mo2fa_login_message = $message;
3026
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
3027
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
3028
- }
3029
- } else {
3030
- $this->remove_current_activity($session_id);
3031
- $error = new WP_Error();
3032
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
3033
- return $error;
3034
- }
3035
- }
3036
- }
3037
-
3038
- function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
3039
- global $Mo2fdbQueries;
3040
- if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
3041
- $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypted, 'mo2f_current_user_id');
3042
- $mo2f_1stfactor_status = MO2f_Utility::mo2f_get_transient( $session_id_encrypted, 'mo2f_1stfactor_status' );
3043
-
3044
-
3045
- } else {
3046
- $user_id=$this->mo2f_userID;
3047
- $mo2f_1stfactor_status=$this->fstfactor;
3048
- }
3049
-
3050
- if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
3051
- $currentuser = get_user_by( 'id', $user_id );
3052
- wp_set_current_user( $user_id, $currentuser->user_login );
3053
- $mobile_login = new Miniorange_Mobile_Login();
3054
- $mobile_login->remove_current_activity($session_id_encrypted);
3055
-
3056
- delete_expired_transients( true );
3057
- delete_site_option($session_id_encrypted);
3058
-
3059
- wp_set_auth_cookie( $user_id, true );
3060
- do_action( 'wp_login', $currentuser->user_login, $currentuser );
3061
- redirect_user_to( $currentuser, $redirect_to );
3062
- exit;
3063
- } else {
3064
- $this->remove_current_activity($session_id_encrypted);
3065
- }
3066
- }
3067
-
3068
- function create_session(){
3069
- global $Mo2fdbQueries;
3070
- $session_id = MO2f_Utility::random_str(20);
3071
- $Mo2fdbQueries->insert_user_login_session($session_id);
3072
- $key = get_option( 'mo2f_encryption_key' );
3073
- $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
3074
- return $session_id_encrypt;
3075
- }
3076
-
3077
- function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
3078
- global $Mo2fdbQueries,$moWpnsUtility;
3079
- MO2f_Utility::mo2f_debug_file('MO initiate 2nd factor'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3080
- $this->miniorange_pass2login_start_session();
3081
- if(is_null($session_id_encrypt)) {
3082
- $session_id_encrypt=$this->create_session();
3083
- }
3084
-
3085
- if(class_exists('UM_Functions'))
3086
- {
3087
- MO2f_Utility::mo2f_debug_file('Using UM login form.');
3088
- if(!isset($_POST['wp-submit']) and isset($_POST['um_request']))
3089
- {
3090
- $meta = get_option('um_role_'.$currentuser->roles[0].'_meta');
3091
- if(isset($meta) and $meta != '')
3092
- {
3093
- if(isset($meta['_um_login_redirect_url']))
3094
- $redirect_to = $meta['_um_login_redirect_url'];
3095
- if($redirect_to == '')
3096
- {
3097
- $redirect_to = get_site_url();
3098
- }
3099
- }
3100
- $login_form_url = '';
3101
- if(isset($_POST['redirect_to']))
3102
- $login_form_url = esc_url_raw($_POST['redirect_to']);
3103
-
3104
- if($login_form_url != '' and !is_null($login_form_url))
3105
- {
3106
- $redirect_to = $login_form_url;
3107
- }
3108
-
3109
- }
3110
-
3111
- }
3112
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID, 600);
3113
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 600);
3114
-
3115
-
3116
- $this->mo2f_userID=$currentuser->ID;
3117
- $this->fstfactor='VALIDATE_SUCCESS';
3118
-
3119
- $is_customer_admin = true;
3120
-
3121
- $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
3122
- if($dG90YWxVc2Vyc0Nsb3Vk<3)
3123
- $is_customer_admin = true;
3124
-
3125
- $roles = ( array ) $currentuser->roles;
3126
- $twofactor_enabled = 0;
3127
- foreach ( $roles as $role ) {
3128
- if(get_option('mo2fa_'.$role)=='1')
3129
- $twofactor_enabled=1;
3130
- }
3131
- if ($twofactor_enabled!=1 && is_super_admin( $currentuser->ID )){
3132
- if(get_site_option('mo2fa_superadmin')==1){
3133
- $twofactor_enabled=1;
3134
- }
3135
- }
3136
-
3137
- if ( $is_customer_admin && $twofactor_enabled ) {
3138
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
3139
- $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
3140
-
3141
- if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
3142
- $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
3143
- }else{
3144
- $mo2f_allwed_login_attempts= 'disabled';
3145
- }
3146
- update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
3147
-
3148
- $twofactor_transactions = new Mo2fDB;
3149
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
3150
- $tfa_enabled = $Mo2fdbQueries->get_user_detail( 'mo2f_2factor_enable_2fa_byusers', $currentuser->ID );
3151
- if($tfa_enabled == 0 && ($mo_2factor_user_registration_status != 'MO_2_FACTOR_PLUGIN_SETTINGS') && $tfa_enabled != '')
3152
- $exceeded =1;
3153
-
3154
- if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
3155
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
3156
- try {
3157
- $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
3158
- MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
3159
- $this->mo2f_rbastatus=$mo2f_rba_status;
3160
- } catch ( Exception $e ) {
3161
- echo $e->getMessage();
3162
- }
3163
-
3164
- if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
3165
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3166
- } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
3167
-
3168
- $this->mo2f_restrict_access( 'Access_denied' );
3169
- exit;
3170
- } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
3171
- $this->mo2f_restrict_access( 'Access_denied' );
3172
- exit;
3173
- } else {
3174
-
3175
- $mo2f_second_factor = '';
3176
-
3177
- $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
3178
-
3179
- if(!MO2F_IS_ONPREM and $mo2f_second_factor!= 'OTP Over Telegram')
3180
- $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
3181
-
3182
- // adding function for the mfa call
3183
-
3184
- $configure_array_method = $this->mo2fa_return_methods_value($currentuser->ID);
3185
-
3186
- if (sizeof( $configure_array_method) >1 && get_site_option('mo2f_nonce_enable_configured_methods') == true && !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option')) {
3187
- update_site_option('mo2f_login_with_mfa_use','1');
3188
- mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encrypt,$redirect_to);
3189
- exit;
3190
- }
3191
- else
3192
- $this->mo2fa_select_method($currentuser, $mo2f_second_factor, $otp_token,$session_id_encrypt, $redirect_to,$kba_configuration_status);
3193
- }
3194
- }else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
3195
- $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
3196
-
3197
- } else {
3198
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
3199
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3200
- else
3201
- return $currentuser;
3202
- }
3203
-
3204
- }else { //plugin is not activated for current role then logged him in without asking 2 factor
3205
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3206
- }
3207
-
3208
- }
3209
- function mo2fa_return_methods_value($currentuserid)
3210
- {
3211
- global $Mo2fdbQueries;
3212
- $count_methods = $Mo2fdbQueries->get_user_configured_methods($currentuserid );
3213
- $value = empty( $count_methods ) ? '' : get_object_vars( $count_methods[0] );
3214
- $configured_methods_arr=array();
3215
- foreach ($value as $config_status_option => $config_status) {
3216
- if(strpos($config_status_option, 'config_status')){
3217
- $config_status_string_array =explode('_',$config_status_option);
3218
- $config_method = MO2f_Utility::mo2f_decode_2_factor($config_status_string_array[1],'wpdb');
3219
- if(1 == $value[$config_status_option])
3220
- array_push($configured_methods_arr,$config_method);
3221
-
3222
- }
3223
- }
3224
-
3225
- return $configured_methods_arr;
3226
- }
3227
- function mo2fa_select_method($currentuser, $mo2f_second_factor, $otp_token,$session_id_encrypt, $redirect_to,$kba_configuration_status)
3228
- {
3229
- global $moWpnsUtility;
3230
-
3231
- if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
3232
- $mo2f_second_factor = "EMAIL";
3233
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
3234
- {
3235
- update_site_option("bGltaXRSZWFjaGVk",1);
3236
- }
3237
- }
3238
- else
3239
- $mo2f_second_factor = MO2f_Utility::mo2f_decode_2_factor($mo2f_second_factor, "server" );
3240
-
3241
- if($mo2f_second_factor == 'OTPOverTelegram')
3242
- $mo2f_second_factor = "OTP Over Telegram";
3243
-
3244
- if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
3245
- {
3246
- $error=$this->mo2f_validate_soft_token($currentuser, $mo2f_second_factor, $otp_token,$session_id_encrypt, $redirect_to);
3247
- if(is_wp_error( $error))
3248
- {
3249
- return $error;
3250
- }
3251
- }
3252
- else
3253
- {
3254
- if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status )
3255
- {
3256
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
3257
- }
3258
- else
3259
- {
3260
- if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' )
3261
- {
3262
- $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
3263
- }
3264
- else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification')
3265
- {
3266
- MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3267
- $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
3268
- }
3269
- else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL' ||$mo2f_second_factor == 'OTP Over Telegram'|| $mo2f_second_factor == 'OTP Over Whatsapp') {
3270
- MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3271
- $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
3272
- }
3273
- else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
3274
- MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3275
- $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
3276
- }
3277
- else if ( $mo2f_second_factor == 'Duo Authenticator') {
3278
- MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3279
- $this->mo2f_pass2login_duo_push_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
3280
-
3281
- }
3282
- else if ( $mo2f_second_factor == 'NONE' ) {
3283
- MO2f_Utility::mo2f_debug_file('mo2f_second_factor is NONE'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3284
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
3285
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3286
- else
3287
- return $currentuser;
3288
- }
3289
- else
3290
- {
3291
- $this->remove_current_activity($session_id_encrypt);
3292
- $error = new WP_Error();
3293
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3294
- MO2f_Utility::mo2f_debug_file('Two factor method has not been configured '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3295
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Two Factor method has not been configured.', );
3296
- wp_send_json_success($data);
3297
- }
3298
- else
3299
- {
3300
- MO2f_Utility::mo2f_debug_file('Two factor method has not been configured '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3301
- $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
3302
- return $error;
3303
- }
3304
- }
3305
- }
3306
- }
3307
- }
3308
- function mo2fa_inline($currentuser,$redirect_to,$session_id){
3309
-
3310
- global $Mo2fdbQueries;
3311
- $currentUserId = $currentuser->ID;
3312
- $email = $currentuser->user_email;
3313
- $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
3314
- $Mo2fdbQueries->update_user_details( $currentUserId, array(
3315
- 'user_registration_with_miniorange' =>'SUCCESS',
3316
- 'mo2f_user_email' =>$email,
3317
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
3318
- ) );
3319
-
3320
- $mo2fa_login_message = '';
3321
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
3322
-
3323
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
3324
- }
3325
-
3326
- function mo2f_validate_soft_token($currentuser, $mo2f_second_factor, $softtoken,$session_id_encrypt,$redirect_to = null){
3327
- global $Mo2fdbQueries;
3328
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
3329
- $customer = new Customer_Setup();
3330
- $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3331
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
3332
- if ( get_option( 'mo2f_remember_device' ) ) {
3333
- $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
3334
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
3335
- } else {
3336
- $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3337
- }
3338
- } else {
3339
- if( MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3340
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid One Time Passcode.', );
3341
- wp_send_json_success($data);
3342
- }
3343
- else
3344
- return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
3345
- }
3346
- }
3347
-
3348
- function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
3349
- {
3350
-
3351
- $challengeMobile = new Customer_Setup();
3352
- $content = '';
3353
- $response = [];
3354
- $otpLIMiTE = 0;
3355
- if(get_site_option("cmVtYWluaW5nT1RQ")>0)
3356
- {
3357
- $content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
3358
- $response = json_decode( $content, true );
3359
- if(!MO2F_IS_ONPREM)
3360
- {
3361
- if(isset($response['txId'])){
3362
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_transactionid', $response['txId']);
3363
- }
3364
- }
3365
-
3366
- }
3367
- else
3368
- {
3369
- $response['status'] = 'FAILED';
3370
- $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
3371
- $otpLIMiTE = 1;
3372
- }
3373
- if ( json_last_error() == JSON_ERROR_NONE ) {
3374
- if ( $response['status'] == 'SUCCESS' ) {
3375
- $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
3376
- if($cmVtYWluaW5nT1RQ>0)
3377
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
3378
- $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
3379
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
3380
- $mo2fa_transaction_id = isset($response['txId'])?$response['txId']:null;
3381
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 ,$mo2fa_transaction_id);
3382
- }
3383
- else
3384
- {
3385
- if($response['status'] == 'FAILED' && $response['message'] == 'OTP limit has been exceeded'){
3386
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
3387
- $mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
3388
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
3389
- }else if($response['status'] == 'FAILED'){
3390
- $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
3391
- $mo2fa_login_message = 'Your SMTP has not been set, please set your SMTP first to get OTP.';
3392
- $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
3393
- }
3394
- }
3395
- }
3396
- }
3397
- function mo2f_restrict_access( $identity ) {
3398
- apply_filters( 'mo2f_rba_addon', $identity );
3399
- exit;
3400
- }
3401
-
3402
- function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
3403
- $session_id=$this->create_session();
3404
- if ( get_option( 'mo2f_remember_device' ) ) {
3405
- $this->miniorange_pass2login_start_session();
3406
- MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
3407
- $this->mo2f_userID=$currentuser->ID;
3408
- mo2f_collect_device_attributes_handler($session_id,$redirect_to );
3409
- exit;
3410
- } else {
3411
- $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to ,null ,$session_id );
3412
- }
3413
- }
3414
-
3415
- function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
3416
- global $Mo2fdbQueries,$moWpnsUtility;
3417
- if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
3418
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3419
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp;Invalid User Credentials', );
3420
- wp_send_json_success($data);
3421
- }
3422
- else
3423
- return $user;
3424
- }
3425
- if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
3426
- return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
3427
- }
3428
- // if an app password is enabled, this is an XMLRPC / APP login ?
3429
- if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
3430
-
3431
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
3432
- if ( is_wp_error( $currentuser ) ) {
3433
- $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
3434
-
3435
- return false;
3436
- } else {
3437
- return $currentuser;
3438
- }
3439
-
3440
- } else {
3441
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
3442
- if ( is_wp_error( $currentuser ) ) {
3443
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3444
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
3445
- wp_send_json_success($data);
3446
- }
3447
- else{
3448
- $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
3449
- MO2f_Utility::mo2f_debug_file('Invalid username and password.'.'User_IP-'.$moWpnsUtility->get_client_ip());
3450
- return $currentuser;
3451
- }
3452
- } else {
3453
-
3454
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
3455
- MO2f_Utility::mo2f_debug_file('Username and password validate successfully'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3456
- if(isset($_REQUEST['woocommerce-login-nonce'])){
3457
- MO2f_Utility::mo2f_debug_file('It is a woocommerce login form. Get woocommerce redirectUrl');
3458
- if ( ! empty( $_REQUEST[ 'redirect_to' ] ) ) {
3459
- $redirect_to = wp_unslash( $_REQUEST[ 'redirect_to' ] );
3460
- } elseif ( isset($_REQUEST[ '_wp_http_referer' ]) ) {
3461
- $redirect_to = $_REQUEST[ '_wp_http_referer' ];
3462
- } else {
3463
- $redirect_to = wc_get_page_permalink( 'myaccount' );
3464
- }
3465
- }else{
3466
- $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? $_REQUEST[ 'redirect_to' ] : (isset($_REQUEST[ 'redirect' ]) ? $_REQUEST[ 'redirect' ] : null);
3467
- }
3468
- $redirect_to = esc_url_raw($redirect_to);
3469
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
3470
- $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
3471
- if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
3472
- {
3473
- MO2f_Utility::mo2f_debug_file('Initiating 2nd factor for KBA'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3474
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
3475
- }
3476
- else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
3477
- {
3478
- MO2f_Utility::mo2f_debug_file('Initiating 2nd factor for email verification'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3479
- $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
3480
- }
3481
- else
3482
- {
3483
- if ( empty($_POST[ 'mo2f_use_backup_code' ]) && empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')) && get_option('mo2fa_administrator'))
3484
- {
3485
- $currentuser = wp_authenticate_username_password( $user, $username, $password );
3486
- if(class_exists('UM_Functions')){
3487
- $passcode = isset($_POST[ "mo2f_validate_otp_token" ]) ? $_POST[ "mo2f_validate_otp_token" ] : $_POST['mo_softtoken'];
3488
- if(!is_null($passcode) and !empty($passcode))
3489
- {
3490
- $passcode = sanitize_text_field($passcode);
3491
- $this->miniorange_pass2login_start_session();
3492
- $session_id_encrypt=$this->create_session();
3493
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID, 600);
3494
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 6000);
3495
-
3496
- $customer = new Customer_Setup();
3497
- if($mo2f_configured_2FA_method == 'miniOrange Soft Token')
3498
- $method='SOFT TOKEN';
3499
- else if($mo2f_configured_2FA_method == 'Google Authenticator')
3500
- $method = 'GOOGLE AUTHENTICATOR';
3501
- $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$currentuser->ID);
3502
- $content = json_decode($customer->validate_otp_token( $method,$email , null, $passcode, get_option('mo2f_customerKey'), get_option('mo2f_api_key'),$currentuser),true);
3503
-
3504
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
3505
- $redirect_to = isset($_POST[ 'redirect_to' ]) ? esc_url_raw($_POST[ 'redirect_to' ]) : null;
3506
-
3507
- $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
3508
- }
3509
- else
3510
- {
3511
- $error = new WP_Error();
3512
- $error->add('WRONG PASSCODE:', __('<strong>Wrong Two-factor Authentication code.</strong>'));
3513
- return $error;
3514
- }
3515
-
3516
-
3517
- }
3518
- else
3519
- {
3520
- $error = new WP_Error();
3521
- $error->add('EMPTY PASSCODE:', __('<strong>Empty Two-factor Authentication code.</strong>'));
3522
- return $error;
3523
- }
3524
- }
3525
-
3526
-
3527
- if(isset($_POST['mo_woocommerce_login_prompt'])){
3528
-
3529
- $this->miniorange_initiate_2nd_factor( $currentuser, "", $redirect_to,"",$session_id);
3530
- }
3531
- if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3532
- $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Please enter the One Time Passcode', );
3533
- wp_send_json_success($data);
3534
- }
3535
- else
3536
- return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
3537
- // Prevent PHP notices when using app password login
3538
-
3539
- }
3540
- else
3541
- {
3542
- $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
3543
- }
3544
- $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? $_POST['miniorange_rba_attribures'] : null;
3545
- $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
3546
- $mo2f_backup_code=isset($_POST[ 'mo2f_use_backup_code' ]) ? trim( $_POST[ 'mo2f_use_backup_code' ] ) : '';
3547
-
3548
- if(is_null($session_id)) {
3549
- $session_id=$this->create_session();
3550
- }
3551
-
3552
- if("mo2f_use_backup_code"==$mo2f_backup_code){ //BACKUP CODES
3553
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 600);
3554
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_current_user_id', $currentuser->ID, 600);
3555
- $mo2fa_login_message = __('Please provide backup code.','miniorange-2-factor-authentication');
3556
- $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
3557
- $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id);
3558
- exit;
3559
- }
3560
-
3561
- $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
3562
-
3563
-
3564
- if(is_wp_error( $error)){
3565
- return $error;
3566
- }
3567
- return $error;
3568
- }
3569
- }
3570
- }
3571
-
3572
- }
3573
-
3574
- function display_email_verification($head,$body,$color)
3575
- {
3576
- echo "<div style='background-color: #d5e3d9; height:850px;' >
3577
- <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
3578
- <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
3579
- <img alt='logo' style='margin-left:240px ;
3580
- margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
3581
- <div><hr></div>
3582
-
3583
- <tbody>
3584
- <tr>
3585
- <td>
3586
-
3587
- <p style='margin-top:0;margin-bottom:10px'>
3588
- <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".esc_html($head)."</h1></p>
3589
- <p style='margin-top:0;margin-bottom:10px'>
3590
- <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".esc_html($body)."</h2></p>
3591
- <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
3592
-
3593
- </td>
3594
- </tr>
3595
-
3596
- </div>
3597
- </div>
3598
- </div>";
3599
- }
3600
-
3601
- function mo_2_factor_enable_jquery_default_login() {
3602
- wp_enqueue_script( 'jquery' );
3603
- }
3604
-
3605
- function miniorange_pass2login_footer_form() {
3606
- ?>
3607
- <script>
3608
- jQuery(document).ready(function () {
3609
- if (document.getElementById('loginform') != null) {
3610
- jQuery('#loginform').on('submit', function (e) {
3611
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
3612
- });
3613
- } else {
3614
- if (document.getElementsByClassName('login') != null) {
3615
- jQuery('.login').on('submit', function (e) {
3616
- jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
3617
- });
3618
- }
3619
- }
3620
- });
3621
- </script>
3622
- <?php
3623
-
3624
- }
3625
-
3626
-
3627
- }
3628
-
3629
- ?>
1
+ <?php
2
+ /** miniOrange enables user to log in through mobile authentication as an additional layer of security over password.
3
+ * Copyright (C) 2015 miniOrange
4
+ *
5
+ * This program is free software: you can redistribute it and/or modify
6
+ * it under the terms of the GNU General Public License as published by
7
+ * the Free Software Foundation, either version 3 of the License, or
8
+ * (at your option) any later version.
9
+ *
10
+ * This program is distributed in the hope that it will be useful,
11
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
12
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
+ * GNU General Public License for more details.
14
+ *
15
+ * You should have received a copy of the GNU General Public License
16
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
17
+ * @package miniOrange OAuth
18
+ * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
19
+ */
20
+ /**
21
+ * This library is miniOrange Authentication Service.
22
+ * Contains Request Calls to Customer service.
23
+ **/
24
+
25
+ include 'two_fa_login.php';
26
+ class Miniorange_Password_2Factor_Login {
27
+
28
+ private $mo2f_kbaquestions;
29
+ private $mo2f_userID;
30
+ private $mo2f_rbastatus;
31
+ private $mo2f_transactionid;
32
+
33
+ function mo2f_inline_login(){
34
+ global $moWpnsUtility;
35
+ $email = sanitize_email( $_POST['email'] );
36
+ $password = sanitize_text_field( $_POST['password'] );
37
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
38
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
39
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
40
+ if( $moWpnsUtility->check_empty_or_null( $email ) || $moWpnsUtility->check_empty_or_null( $password ) )
41
+ {
42
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
43
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
44
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
45
+ return;
46
+ }
47
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
48
+ }
49
+ function mo2f_inline_register(){
50
+ global $moWpnsUtility, $Mo2fdbQueries;
51
+ $email = sanitize_email($_POST['email']);
52
+ $company = sanitize_text_field($_SERVER["SERVER_NAME"]);
53
+ $password = sanitize_text_field($_POST['password']);
54
+ $confirmPassword = sanitize_text_field($_POST['confirmPassword']);
55
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
56
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
57
+
58
+
59
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
60
+ if( strlen( $password ) < 6 || strlen( $confirmPassword ) < 6)
61
+ {
62
+ $login_message=MoWpnsMessages::showMessage('PASS_LENGTH');
63
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
64
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
65
+ }
66
+ if( $password != $confirmPassword )
67
+ {
68
+ $login_message=MoWpnsMessages::showMessage('PASS_MISMATCH');
69
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
70
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
71
+ }
72
+ if( MoWpnsUtility::check_empty_or_null( $email ) || MoWpnsUtility::check_empty_or_null( $password )
73
+ || MoWpnsUtility::check_empty_or_null( $confirmPassword ) )
74
+ {
75
+ $login_message=MoWpnsMessages::showMessage('REQUIRED_FIELDS');
76
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
77
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
78
+ }
79
+
80
+ update_option( 'mo2f_email', $email );
81
+
82
+ update_option( 'mo_wpns_company' , $company );
83
+
84
+ update_option( 'mo_wpns_password' , $password );
85
+
86
+ $customer = new MocURL();
87
+ $content = json_decode($customer->check_customer($email), true);
88
+ $Mo2fdbQueries->insert_user( $user_id );
89
+ switch ($content['status'])
90
+ {
91
+ case 'CUSTOMER_NOT_FOUND':
92
+ $customerKey = json_decode($customer->create_customer($email, $company, $password, $phone = '', $first_name = '', $last_name = ''), true);
93
+
94
+ if(strcasecmp($customerKey['status'], 'SUCCESS') == 0)
95
+ {
96
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
97
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
98
+ }
99
+
100
+ break;
101
+ default:
102
+ $this->inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt);
103
+ break;
104
+ }
105
+
106
+ }
107
+
108
+ function mo2f_download_backup_codes_inline(){
109
+ $nonce = sanitize_text_field($_POST['mo2f_inline_backup_nonce']);
110
+ $backups= sanitize_text_field($_POST['mo2f_inline_backup_codes']);
111
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-backup-nonce' ) ) {
112
+ $error = new WP_Error();
113
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
114
+ return $error;
115
+ } else {
116
+ $codes=explode(",", $backups);
117
+ $session_id = sanitize_text_field($_POST['session_id']);
118
+ $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
119
+
120
+
121
+ update_user_meta($id, 'mo_backup_code_downloaded', 1);
122
+ delete_user_meta($id, 'chqwetcsdvnvd');
123
+ MO2f_Utility::mo2f_download_backup_codes($id, $codes);
124
+ }
125
+ }
126
+
127
+ function mo2f_goto_wp_dashboard(){
128
+ global $Mo2fdbQueries;
129
+ $nonce = sanitize_text_field($_POST['mo2f_inline_wp_dashboard_nonce']);
130
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-wp-dashboard-nonce' ) ) {
131
+ $error = new WP_Error();
132
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
133
+ return $error;
134
+ } else {
135
+ $pass2fa= new Miniorange_Password_2Factor_Login();
136
+ $pass2fa->mo2fa_pass2login(esc_url_raw($_POST['redirect_to']),sanitize_text_field($_POST['session_id']));
137
+ exit;
138
+ }
139
+ }
140
+
141
+ function mo2f_use_backup_codes($POSTED){
142
+ $nonce = sanitize_text_field($POSTED['miniorange_backup_nonce']);
143
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-backup-nonce' ) ) {
144
+ $error = new WP_Error();
145
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
146
+ return $error;
147
+ }else {
148
+ $this->miniorange_pass2login_start_session();
149
+ $session_id_encrypt = isset($POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
150
+ $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
151
+ $mo2fa_login_message = __('Please provide your backup codes.','miniorange-2-factor-authentication');
152
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
153
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
154
+ }
155
+ }
156
+
157
+ function check_backup_codes_validation($POSTED){
158
+ global $Mo2fdbQueries;
159
+ $nonce = sanitize_text_field($POSTED['miniorange_validate_backup_nonce']);
160
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
161
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-validate-backup-nonce' ) ) {
162
+ $error = new WP_Error();
163
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
164
+ return $error;
165
+ } else {
166
+ $this->miniorange_pass2login_start_session();
167
+ $currentuser_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
168
+ $redirect_to = isset($POSTED[ 'redirect_to' ]) ? esc_url_raw($POSTED[ 'redirect_to' ]) : null;
169
+ if(isset($currentuser_id)){
170
+ if(MO2f_Utility::mo2f_check_empty_or_null($POSTED[ 'mo2f_backup_code' ]) ){
171
+ $mo2fa_login_message = __('Please provide backup code.','miniorange-2-factor-authentication');
172
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
173
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
174
+ }
175
+ $backup_codes=get_user_meta($currentuser_id,'mo2f_backup_codes',true);
176
+ $mo2f_backup_code= sanitize_text_field($POSTED[ 'mo2f_backup_code' ]);
177
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser_id );
178
+
179
+ if(!empty($backup_codes)){
180
+ $mo2f_backup_code = md5($mo2f_backup_code);
181
+ if(in_array($mo2f_backup_code,$backup_codes)){
182
+ foreach ($backup_codes as $key => $value) {
183
+ if($value==$mo2f_backup_code){
184
+ unset($backup_codes[$key]);
185
+ update_user_meta($currentuser_id,'mo2f_backup_codes', $backup_codes);
186
+ $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
187
+ }
188
+ }
189
+ }else{
190
+ $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
191
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
192
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
193
+ }
194
+ }else{
195
+
196
+ if(isset($mo2f_backup_code)){
197
+ $generate_backup_code = new Customer_Cloud_Setup();
198
+ $data = $generate_backup_code->mo2f_validate_backup_codes($mo2f_backup_code,$mo2f_user_email);
199
+
200
+ if( $data == 'success'){
201
+ $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
202
+ }else if($data == 'error_in_validation'){
203
+ $mo2fa_login_message = __('Error occurred while validating the backup codes.','miniorange-2-factor-authentication');
204
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
205
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
206
+ }else if($data == 'used_code'){
207
+ $mo2fa_login_message = __('The code you provided is already used or incorrect.','miniorange-2-factor-authentication');
208
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
209
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
210
+ }else if($data == 'total_code_used'){
211
+ $mo2fa_login_message = __('You have used all the backup codes. Please contact <a herf="mailto:2fasupport@xecurify.com">2fasupport@xecurify.com</a>','miniorange-2-factor-authentication');
212
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
213
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
214
+ }else if($data == 'backup_code_not_generated'){
215
+ $mo2fa_login_message = __('Backup code has not generated for you.','miniorange-2-factor-authentication');
216
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
217
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
218
+ }else if($data == 'DBConnectionerror'){
219
+ $mo2fa_login_message = __('Error occurred while establising connection.','miniorange-2-factor-authentication');
220
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
221
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
222
+
223
+ }else if($data == 'missingparameter'){
224
+ $mo2fa_login_message = __('Some parameters are missing while validating backup codes.');
225
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
226
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
227
+ }
228
+
229
+
230
+ }else{
231
+ $mo2fa_login_message = __('Please enter backup code.','miniorange-2-factor-authentication');
232
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
233
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
234
+ }
235
+ }
236
+
237
+
238
+ }else{
239
+ $this->remove_current_activity($session_id_encrypt);
240
+ return new WP_Error('invalid_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') . '</strong>: ' . __('Please try again..', 'miniorange-2-factor-authentication'));
241
+ }
242
+ }
243
+ }
244
+
245
+ function mo2f_create_backup_codes(){
246
+ $nonce = sanitize_text_field($_POST['miniorange_generate_backup_nonce']);
247
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-generate-backup-nonce' ) ) {
248
+ $error = new WP_Error();
249
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
250
+ return $error;
251
+ }else {
252
+ global $Mo2fdbQueries;
253
+
254
+ $redirect_to = esc_url_raw($_POST['redirect_to']);
255
+ $session_id = sanitize_text_field($_POST['session_id']);
256
+ $id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id, 'mo2f_current_user_id');
257
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
258
+ if(empty($mo2f_user_email)){
259
+ $currentuser = get_user_by( 'id', $id );
260
+ $mo2f_user_email = $currentuser->user_email;
261
+ }
262
+ $generate_backup_code = new Customer_Cloud_Setup();
263
+ $codes=$generate_backup_code->mo_2f_generate_backup_codes($mo2f_user_email, site_url());
264
+ if($codes == 'AllUsed'){
265
+ $mo2fa_login_message = "You have already used all the backup codes for this user and domain.";
266
+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
267
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
268
+ }else if($codes == 'UserLimitReached') {
269
+ $mo2fa_login_message = "Backup code generation limit has reached for this domain.";
270
+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
271
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
272
+ }else if($codes == 'LimitReached'){
273
+ $mo2fa_login_message = "backup code generation limit has reached for this user.";
274
+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
275
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
276
+ }else if($codes == 'invalid_request'){
277
+ $mo2fa_login_message = "Invalid request.";
278
+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
279
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
280
+ }
281
+ $codes = explode(' ', $codes);
282
+ $codes_hash=MO2f_Utility::mo2f_get_codes_hash($codes);
283
+ $str1="";
284
+ for ($x = 0; $x < sizeof($codes); $x++) {
285
+ $str = $codes[$x];
286
+ $str1.=$str;
287
+ if($x != 4){
288
+ $str1.=',';
289
+ }
290
+ }
291
+
292
+ $key = get_option( 'mo2f_encryption_key' );
293
+ $codes_encrypt = MO2f_Utility::encrypt_data($str1, $key);
294
+ update_user_meta($id,'chqwetcsdvnvd', $codes_encrypt);
295
+
296
+ $mo2f_user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $id );
297
+ if(empty($mo2f_user_email)){
298
+ $currentuser = get_user_by( 'id', $id );
299
+ $mo2f_user_email = $currentuser->user_email;
300
+ }
301
+ $result = MO2f_Utility::mo2f_email_backup_codes($codes, $mo2f_user_email);
302
+ update_user_meta($id, 'mo_backup_code_generated', 1);
303
+
304
+ $mo2fa_login_message = "An email containing the backup codes has been sent. Please click on Use backup codes to login using the backup codes.";
305
+ $mo2fa_login_status = sanitize_text_field($_POST['login_status']);
306
+
307
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null ,$session_id);
308
+ }
309
+ }
310
+
311
+ function inline_get_current_customer($user_id,$email,$password,$redirect_to,$session_id_encrypt)
312
+ {
313
+ global $Mo2fdbQueries;
314
+ $customer = new MocURL();
315
+
316
+ $content = $customer->get_customer_key($email, $password);
317
+ $customerKey = json_decode($content, true);
318
+ if(json_last_error() == JSON_ERROR_NONE)
319
+ {
320
+ if(isset($customerKey['phone'])){
321
+ update_option( 'mo_wpns_admin_phone', $customerKey['phone'] );
322
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
323
+ }
324
+ update_option('mo2f_email',$email);
325
+ $this->inline_save_success_customer_config($user_id,$email, $customerKey['id'], $customerKey['apiKey'], $customerKey['token'], $customerKey['appSecret']);
326
+ $login_message=MoWpnsMessages::showMessage('REG_SUCCESS');
327
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
328
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
329
+ }
330
+ else
331
+ {
332
+ $Mo2fdbQueries->update_user_details( $user_id, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_VERIFY_CUSTOMER' ) );
333
+ $login_message=MoWpnsMessages::showMessage('ACCOUNT_EXISTS');
334
+ $login_status="MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS";
335
+ $this->miniorange_pass2login_form_fields($login_status, $login_message,$redirect_to,null,$session_id_encrypt);
336
+ }
337
+ }
338
+
339
+ function inline_save_success_customer_config($user_id,$email, $id, $apiKey, $token, $appSecret)
340
+ {
341
+ global $Mo2fdbQueries;
342
+ update_option( 'mo2f_customerKey' , $id );
343
+ update_option( 'mo2f_api_key' , $apiKey );
344
+ update_option( 'mo2f_customer_token' , $token );
345
+ update_option( 'mo2f_app_secret' , $appSecret );
346
+ update_option( 'mo_wpns_enable_log_requests' , true );
347
+ update_option( 'mo2f_miniorange_admin', $id );
348
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
349
+ update_option( 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS' );
350
+ $Mo2fdbQueries->update_user_details( $user_id, array(
351
+ 'mo2f_user_email' =>sanitize_email($email)
352
+ ) );
353
+ }
354
+ function mo2f_inline_validate_otp(){
355
+ if(isset($_POST['miniorange_inline_validate_otp_nonce'])){
356
+ $nonce = sanitize_text_field($_POST['miniorange_inline_validate_otp_nonce']);
357
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-validate-otp-nonce' ) ) {
358
+ $error = new WP_Error();
359
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
360
+ return $error;
361
+ } else {
362
+ global $Mo2fdbQueries;
363
+ $this->miniorange_pass2login_start_session();
364
+ $otp_token = '';
365
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
366
+ $mo2fa_login_message = '';
367
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
368
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
369
+ if( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
370
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
371
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
372
+ } else{
373
+ $otp_token = sanitize_text_field( $_POST['otp_token'] );
374
+ }
375
+ $current_user = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
376
+
377
+
378
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
379
+
380
+ if($selected_2factor_method == 'OTP Over Telegram')
381
+ {
382
+
383
+ $userID = $current_user;
384
+ $otp = $otp_token;
385
+ $otpToken = get_user_meta($userID,'mo2f_otp_token',true);
386
+ $time = get_user_meta($userID,'mo2f_telegram_time',true);
387
+ $accepted_time = time()-300;
388
+ $time = (int)$time;
389
+
390
+
391
+ if($otp == $otpToken)
392
+ {
393
+ if($accepted_time<$time){
394
+ update_user_meta($userID,'mo2f_chat_id',get_user_meta($userID,'mo2f_temp_chatID',true));
395
+ delete_user_meta($userID,'mo2f_temp_chatID');
396
+ delete_user_meta($userID,'mo2f_otp_token');
397
+ delete_user_meta($userID,'mo2f_telegram_time');
398
+ $Mo2fdbQueries->update_user_details($userID, array(
399
+ "mo2f_configured_2FA_method" => 'OTP Over Telegram',
400
+ 'mo2f_OTPOverTelegram_config_status' => true,
401
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
402
+ ) );
403
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
404
+ }
405
+ else
406
+ {
407
+ delete_user_meta($userID,'mo2f_otp_token');
408
+ delete_user_meta($userID,'mo2f_telegram_time');
409
+ $mo2fa_login_message = __('OTP has been expired please initiate a new transaction by clicking on verify button.','miniorange-2-factor-authentication');
410
+ }
411
+ }
412
+ else
413
+ {
414
+ $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
415
+ }
416
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
417
+ }
418
+
419
+ $user_phone = $Mo2fdbQueries->get_user_detail('mo2f_user_phone',$current_user);
420
+ $customer = new Customer_Setup();
421
+ $content = json_decode($customer->validate_otp_token( $selected_2factor_method, null, get_user_meta($current_user,'mo2f_transactionId',true), $otp_token, get_site_option('mo2f_customerKey'), get_site_option('mo2f_api_key') ),true);
422
+ if($content['status'] == 'ERROR'){
423
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
424
+ }else if(strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated
425
+ $phone = get_user_meta($current_user,'mo2f_user_phone',true) ;
426
+ if($user_phone && strlen($user_phone) >= 4){
427
+ if($phone != $user_phone ){
428
+
429
+ $Mo2fdbQueries->update_user_details( $current_user, array(
430
+ 'mobile_registration_status' =>false
431
+ ) );
432
+ }
433
+ }
434
+
435
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
436
+ if(!($Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user)=='OTP OVER EMAIL')){
437
+ $Mo2fdbQueries->update_user_details( $current_user, array(
438
+ 'mo2f_OTPOverSMS_config_status' =>true,
439
+ 'mo2f_user_phone' =>$phone
440
+ ) );
441
+ }else{
442
+ $Mo2fdbQueries->update_user_details( $current_user, array('mo2f_email_otp_registration_status'=>true) );
443
+
444
+ }
445
+ $Mo2fdbQueries->update_user_details($current_user, array(
446
+ "mo2f_configured_2FA_method" => 'OTP Over SMS',
447
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
448
+ ) );
449
+ $TwoF_setup = new Two_Factor_Setup();
450
+ $response = json_decode($TwoF_setup->mo2f_update_userinfo($email,'SMS',null,null,null),true);
451
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
452
+
453
+ }else{ // OTP Validation failed.
454
+ $mo2fa_login_message = __('Invalid OTP. Please try again.','miniorange-2-factor-authentication');
455
+ }
456
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
457
+ }
458
+ }
459
+
460
+ }
461
+ function mo2f_inline_send_otp(){
462
+ if(isset($_POST['miniorange_inline_verify_phone_nonce'])){
463
+ $nonce = sanitize_text_field($_POST['miniorange_inline_verify_phone_nonce']);
464
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-verify-phone-nonce' ) ) {
465
+ $error = new WP_Error();
466
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
467
+ return $error;
468
+ } else {
469
+ global $Mo2fdbQueries;
470
+ $this->miniorange_pass2login_start_session();
471
+ if(isset($_POST['verify_phone']))
472
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
473
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
474
+
475
+ $current_user = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
476
+
477
+
478
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
479
+ $customer = new Customer_Setup();
480
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$current_user);
481
+ $parameters = array();
482
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user);
483
+
484
+ $mo2fa_login_message = '';
485
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
486
+ if($selected_2factor_method=='SMS' || $selected_2factor_method=='PHONE VERIFICATION' ||$selected_2factor_method== 'SMS AND EMAIL'){
487
+ $phone = sanitize_text_field( $_POST['verify_phone'] );
488
+ if( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ){
489
+ $mo2fa_login_message = __('Please enter your phone number.','miniorange-2-factor-authentication');
490
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
491
+ }
492
+ $phone = str_replace(' ', '', $phone);
493
+ update_user_meta($current_user,'mo2f_user_phone',$phone);
494
+ }
495
+ if($selected_2factor_method == 'OTP_OVER_SMS' || $selected_2factor_method == 'SMS' ){
496
+ $currentMethod = "SMS";
497
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
498
+ $currentMethod = "OTP_OVER_SMS_AND_EMAIL";
499
+ $parameters = array("phone" => $phone, "email" => $email);
500
+ }else if($selected_2factor_method == 'PHONE VERIFICATION'){
501
+ $currentMethod = "PHONE_VERIFICATION";
502
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
503
+ $currentMethod = "OTP_OVER_EMAIL";
504
+ $parameters = $email;
505
+ }
506
+
507
+ else if($selected_2factor_method == 'OTP Over Telegram')
508
+ {
509
+ $currentMethod = "OTP Over Telegram";
510
+ $user_id = $current_user;
511
+ $chatID = sanitize_text_field($_POST['verify_chatID']);
512
+ $otpToken = '';
513
+ for($i=1;$i<7;$i++)
514
+ {
515
+ $otpToken .= rand(0,9);
516
+ }
517
+
518
+ update_user_meta($user_id,'mo2f_otp_token',$otpToken);
519
+ update_user_meta($user_id,'mo2f_telegram_time',time());
520
+ update_user_meta($user_id,'mo2f_temp_chatID',$chatID);
521
+ $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
522
+ $postdata = array( 'mo2f_otp_token' => $otpToken,
523
+ 'mo2f_chatid' => $chatID
524
+ );
525
+
526
+ $args = array(
527
+ 'method' => 'POST',
528
+ 'timeout' => 10,
529
+ 'sslverify' => false,
530
+ 'headers' => array(),
531
+ 'body' => $postdata,
532
+ );
533
+
534
+ $mo2f_api=new Mo2f_Api();
535
+ $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
536
+
537
+ if($data == 'SUCCESS')
538
+ $mo2fa_login_message = 'An OTP has been sent to your given chat ID. Please enter it below for verification.';
539
+ else
540
+ $mo2fa_login_message = 'There were an erroe while sending the OTP. Please confirm your chatID and try again.';
541
+
542
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
543
+
544
+ }
545
+ if($selected_2factor_method == 'SMS AND EMAIL'){
546
+ $content = json_decode($customer->send_otp_token($parameters,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
547
+ }
548
+ else if($selected_2factor_method == 'OTP OVER EMAIL'){
549
+ $content = json_decode($customer->send_otp_token($email,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
550
+ }
551
+ else{
552
+ $content = json_decode($customer->send_otp_token($phone,$currentMethod,get_option( 'mo2f_customerKey'),get_option( 'mo2f_api_key')), true);
553
+
554
+ }
555
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */
556
+ if($content['status'] == 'ERROR'){
557
+ $mo2fa_login_message = Mo2fConstants::langTranslate($content['message']);
558
+ }else if($content['status'] == 'SUCCESS'){
559
+ update_user_meta($current_user,'mo2f_transactionId',$content['txId']);
560
+ if($selected_2factor_method == 'SMS'){
561
+ if(get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')>0)
562
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1);
563
+ $mo2fa_login_message = __('The One Time Passcode has been sent to','miniorange-2-factor-authentication'). $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
564
+ }else if($selected_2factor_method == 'SMS AND EMAIL'){
565
+ $mo2fa_login_message = 'The One Time Passcode has been sent to ' . $parameters["phone"] . ' and '. $parameters["email"] . '. Please enter the one time passcode sent to your email and phone to verify.';
566
+ }else if($selected_2factor_method == 'OTP OVER EMAIL'){
567
+ $mo2fa_login_message = __('The One Time Passcode has been sent to ','miniorange-2-factor-authentication') . $parameters . '.' . __('Please enter the one time passcode sent to your email to verify.','miniorange-2-factor-authentication');
568
+ }else if($selected_2factor_method== 'PHONE VERIFICATION'){
569
+ $mo2fa_login_message = __('You will receive a phone call on this number ','miniorange-2-factor-authentication') . $phone . '.' . __('Please enter the one time passcode below to verify your number.','miniorange-2-factor-authentication');
570
+ }
571
+ }else if($content['status'] == 'FAILED'){
572
+ $mo2fa_login_message = __($content['message'],'miniorange-2-factor-authentication');
573
+ }else{
574
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
575
+ }
576
+ }else{
577
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
578
+ }
579
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
580
+ }
581
+ }
582
+
583
+ }
584
+ function mo2f_inline_validate_kba(){
585
+ if(isset($_POST['mo2f_inline_save_kba_nonce'])){
586
+ $nonce = sanitize_text_field($_POST['mo2f_inline_save_kba_nonce']);
587
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-kba-nonce' ) ) {
588
+ $error = new WP_Error();
589
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
590
+ return $error;
591
+ } else {
592
+ global $Mo2fdbQueries;
593
+ $this->miniorange_pass2login_start_session();
594
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
595
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
596
+ $mo2fa_login_message = '';
597
+ $mo2fa_login_status = isset($_POST['mo2f_inline_kba_status']) ? 'MO_2_FACTOR_SETUP_SUCCESS' : 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
598
+ $temp_array = array(sanitize_text_field($_POST['mo2f_kbaquestion_1']),sanitize_text_field($_POST['mo2f_kbaquestion_2']),sanitize_text_field($_POST['mo2f_kbaquestion_3']));
599
+ $kba_questions = array();
600
+ foreach($temp_array as $question){
601
+ if(MO2f_Utility::mo2f_check_empty_or_null( $question)){
602
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
603
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
604
+ }else{
605
+ $ques = sanitize_text_field($question);
606
+ $ques = addcslashes(stripslashes($ques), '"\\');
607
+ array_push($kba_questions, $ques);
608
+ }
609
+ }
610
+ if(!(array_unique($kba_questions) == $kba_questions)){
611
+ $mo2fa_login_message = __('The questions you select must be unique.','miniorange-2-factor-authentication');
612
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
613
+ }
614
+ $temp_array_ans = array(sanitize_text_field($_POST['mo2f_kba_ans1']),sanitize_text_field($_POST['mo2f_kba_ans2']),sanitize_text_field($_POST['mo2f_kba_ans3']));
615
+ $kba_answers = array();
616
+ foreach($temp_array_ans as $answer){
617
+ if(MO2f_Utility::mo2f_check_empty_or_null( $answer)){
618
+ $mo2fa_login_message = __('All the fields are required. Please enter valid entries.','miniorange-2-factor-authentication');
619
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
620
+ }else{
621
+ $ques = sanitize_text_field($answer);
622
+ $answer = strtolower($answer);
623
+ array_push($kba_answers, $answer);
624
+ }
625
+ }
626
+ $size = sizeof($kba_questions);
627
+ $kba_q_a_list = array();
628
+ for($c = 0; $c < $size; $c++){
629
+ array_push($kba_q_a_list, $kba_questions[$c]);
630
+ array_push($kba_q_a_list, $kba_answers[$c]);
631
+ }
632
+
633
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
634
+
635
+
636
+ $current_user = get_user_by('id',$user_id);
637
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
638
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
639
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
640
+ 'mo2f_SecurityQuestions_config_status' =>true,
641
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
642
+ ) );
643
+ if(!MO2F_IS_ONPREM)
644
+ {
645
+ $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
646
+ $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
647
+ $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
648
+ $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
649
+ $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
650
+ $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
651
+
652
+ $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
653
+ $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
654
+ $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
655
+
656
+ $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
657
+ $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
658
+ $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
659
+
660
+ $kba_registration = new Two_Factor_Setup();
661
+ $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user_id ), true );
662
+
663
+ if ( json_last_error() == JSON_ERROR_NONE ) {
664
+
665
+ if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
666
+ $response = json_decode( $kba_registration->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
667
+ }
668
+
669
+ }
670
+ }
671
+
672
+ $kba_q1 = $kba_q_a_list[0];
673
+ $kba_a1 = md5($kba_q_a_list[1]);
674
+ $kba_q2 = $kba_q_a_list[2];
675
+ $kba_a2 = md5($kba_q_a_list[3]);
676
+ $kba_q3 = $kba_q_a_list[4];
677
+ $kba_a3 = md5($kba_q_a_list[5]);
678
+ $question_answer = array($kba_q1 => $kba_a1 ,$kba_q2 => $kba_a2 , $kba_q3 => $kba_a3 );
679
+ update_user_meta( $current_user->ID , 'mo2f_kba_challenge', $question_answer );
680
+ if(!isset($_POST['mo2f_inline_kba_status'])){
681
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','Security Questions');
682
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( 'mo2f_configured_2FA_method' => 'Security Questions' ) );
683
+ }
684
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
685
+ }
686
+ }
687
+ }
688
+
689
+ function mo2f_inline_validate_mobile_authentication(){
690
+ if(isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])){
691
+ $nonce = sanitize_text_field($_POST['mo_auth_inline_mobile_registration_complete_nonce']);
692
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce' ) ) {
693
+ $error = new WP_Error();
694
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
695
+ return $error;
696
+ } else {
697
+ global $Mo2fdbQueries;
698
+ $this->miniorange_pass2login_start_session();
699
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
700
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
701
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
702
+
703
+
704
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
705
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
706
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
707
+ $mo2fa_login_message = '';
708
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
709
+ $enduser = new Two_Factor_Setup();
710
+ if($selected_2factor_method == 'SOFT TOKEN')
711
+ $selected_2factor_method_onprem = 'miniOrange Soft Token';
712
+ else if($selected_2factor_method == 'PUSH NOTIFICATIONS')
713
+ $selected_2factor_method_onprem = 'miniOrange Push Notification';
714
+ else if($selected_2factor_method == 'MOBILE AUTHENTICATION')
715
+ $selected_2factor_method_onprem = 'miniOrange QR Code Authentication';
716
+
717
+ $response = json_decode($enduser->mo2f_update_userinfo($email,$selected_2factor_method,null,null,null),true);
718
+ if(json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */
719
+ if($response['status'] == 'ERROR'){
720
+ $mo2fa_login_message = Mo2fConstants::langTranslate($response['message']);
721
+ }else if($response['status'] == 'SUCCESS'){
722
+ $Mo2fdbQueries->update_user_details( $user_id, array(
723
+ 'mobile_registration_status' =>true,
724
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
725
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
726
+ 'mo2f_miniOrangePushNotification_config_status' => true,
727
+ 'mo2f_configured_2FA_method' =>$selected_2factor_method_onprem ,
728
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
729
+ ) );
730
+ //
731
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
732
+ }else{
733
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
734
+ }
735
+ }else{
736
+ $mo2fa_login_message = __('Invalid request. Please try again','miniorange-2-factor-authentication');
737
+ }
738
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
739
+ }
740
+ }
741
+
742
+ }
743
+
744
+ function mo2f_duo_mobile_send_push_notification_for_inline_form(){
745
+ if(isset($_POST['duo_mobile_send_push_notification_inline_form_nonce'])){
746
+ $nonce = sanitize_text_field($_POST['duo_mobile_send_push_notification_inline_form_nonce']);
747
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-send-duo-push-notification-inline-nonce' ) ) {
748
+ $error = new WP_Error();
749
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
750
+ return $error;
751
+ } else {
752
+
753
+ global $Mo2fdbQueries;
754
+ $this->miniorange_pass2login_start_session();
755
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
756
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
757
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
758
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
759
+
760
+ $Mo2fdbQueries->update_user_details( $user_id, array(
761
+ 'mobile_registration_status' =>true,
762
+ ) );
763
+ $mo2fa_login_message = '';
764
+
765
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
766
+
767
+
768
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
769
+
770
+ }
771
+ }
772
+ }
773
+
774
+ function mo2f_inline_validate_duo_authentication(){
775
+ if(isset($_POST['mo_auth_inline_duo_auth_mobile_registration_complete_nonce'])){
776
+ $nonce = sanitize_text_field($_POST['mo_auth_inline_duo_auth_mobile_registration_complete_nonce']);
777
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-duo_auth-registration-complete-nonce' ) ) {
778
+ $error = new WP_Error();
779
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
780
+ return $error;
781
+ } else {
782
+
783
+ global $Mo2fdbQueries;
784
+ $this->miniorange_pass2login_start_session();
785
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
786
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
787
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
788
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
789
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
790
+ $email = sanitize_email($Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id));
791
+ $Mo2fdbQueries->update_user_details( $user_id, array(
792
+ 'mobile_registration_status' =>true,
793
+ ) );
794
+ $mo2fa_login_message = '';
795
+
796
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
797
+ $ikey = get_site_option('mo2f_d_integration_key');
798
+ $skey = get_site_option('mo2f_d_secret_key');
799
+ $host = get_site_option('mo2f_d_api_hostname');
800
+
801
+
802
+
803
+ $duo_preauth = preauth( $email ,true, $skey, $ikey, $host);
804
+
805
+
806
+ if(isset($duo_preauth['response']['stat']) && $duo_preauth['response']['stat'] == 'OK'){
807
+
808
+ if(isset($duo_preauth['response']['response']['status_msg']) && $duo_preauth['response']['response']['status_msg'] == 'Account is active'){
809
+ $mo2fa_login_message = $email.' user is already exists, please go for step B duo will send push notification on your configured mobile.';
810
+
811
+ }else if(isset($duo_preauth['response']['response']['enroll_portal_url'])){
812
+ $duo_enroll_url = $duo_preauth['response']['response']['enroll_portal_url'];
813
+ update_user_meta( $user_id , 'user_not_enroll_on_duo_before', $duo_enroll_url );
814
+ update_user_meta( $user_id , 'user_not_enroll', true );
815
+
816
+ }else{
817
+ $mo2fa_login_message = 'Your account is inactive from duo side, please contact to your administrator.';
818
+ }
819
+
820
+ }else{
821
+ $mo2fa_login_message = 'Error through during preauth.';
822
+
823
+ }
824
+
825
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
826
+
827
+
828
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
829
+
830
+ }
831
+ }
832
+ }
833
+
834
+ function mo2f_inline_setup_success($current_user_id,$redirect_to,$session_id){
835
+ global $Mo2fdbQueries;
836
+ $Mo2fdbQueries->update_user_details( $current_user_id, array('mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS') );
837
+
838
+ $code_generate = get_user_meta($current_user_id, 'mo_backup_code_generated', true);
839
+ if(empty($code_generate)){
840
+ $mo2fa_login_message = '';
841
+ $mo2fa_login_status = 'MO_2_FACTOR_GENERATE_BACKUP_CODES';
842
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
843
+ }else{
844
+ $pass2fa= new Miniorange_Password_2Factor_Login();
845
+ $pass2fa->mo2fa_pass2login($redirect_to,$session_id);
846
+ exit;
847
+ }
848
+ }
849
+
850
+ function mo2f_inline_get_qr_code_for_mobile($email,$id){
851
+ $registerMobile = new Two_Factor_Setup();
852
+ $content = $registerMobile->register_mobile($email);
853
+ $response = json_decode($content, true);
854
+ $message = '';
855
+ $miniorageqr=array();
856
+ if(json_last_error() == JSON_ERROR_NONE) {
857
+ if($response['status'] == 'ERROR'){
858
+ $miniorageqr['message']=Mo2fConstants::langTranslate($response['message']);;
859
+ delete_user_meta( $id, 'miniorageqr' );
860
+ }else{
861
+ if($response['status'] == 'IN_PROGRESS'){
862
+
863
+ $miniorageqr['message']='';
864
+ $miniorageqr['mo2f-login-qrCode']=$response['qrCode'];
865
+ $miniorageqr['mo2f-login-transactionId']=$response['txId'];
866
+ $miniorageqr['mo2f_show_qr_code']='MO_2_FACTOR_SHOW_QR_CODE';
867
+ update_user_meta($id,'miniorageqr',$miniorageqr);
868
+ }else{
869
+ $miniorageqr['message']=__('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
870
+ delete_user_meta( $id, 'miniorageqr' );
871
+ }
872
+ }
873
+ }
874
+ return $miniorageqr;
875
+ }
876
+
877
+ function inline_mobile_configure(){
878
+ if(isset($_POST['miniorange_inline_show_qrcode_nonce'])){
879
+ $nonce = sanitize_text_field($_POST['miniorange_inline_show_qrcode_nonce']);
880
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-show-qrcode-nonce' ) ) {
881
+ $error = new WP_Error();
882
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
883
+ return $error;
884
+ } else {
885
+ global $Mo2fdbQueries;
886
+ $this->miniorange_pass2login_start_session();
887
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
888
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
889
+
890
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
891
+ $current_user = get_user_by('id',$user_id);
892
+ $mo2fa_login_message = '';
893
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
894
+ $user_registration_status = $Mo2fdbQueries->get_user_detail('mo_2factor_user_registration_status',$current_user->ID);
895
+ if($user_registration_status == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
896
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
897
+ $miniorageqr = $this->mo2f_inline_get_qr_code_for_mobile($email,$current_user->ID);
898
+ $mo2fa_login_message=$miniorageqr['message'];
899
+ MO2f_Utility::mo2f_set_transient( $session_id_encrypt,'mo2f_transactionId', $miniorageqr['mo2f-login-transactionId'] );
900
+
901
+ $this->mo2f_transactionid=$miniorageqr['mo2f-login-transactionId'];
902
+ }else{
903
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange before configuring your mobile.','miniorange-2-factor-authentication');
904
+ }
905
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,$miniorageqr,$session_id_encrypt);
906
+ }
907
+ }
908
+ }
909
+
910
+ function inline_validate_and_set_ga(){
911
+ if(isset($_POST['mo2f_inline_validate_ga_nonce'])){
912
+ $nonce = sanitize_text_field($_POST['mo2f_inline_validate_ga_nonce']);
913
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-google-auth-nonce' ) ) {
914
+ $error = new WP_Error();
915
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
916
+ return $error;
917
+ } else {
918
+ global $Mo2fdbQueries;
919
+ $this->miniorange_pass2login_start_session();
920
+ $otpToken = sanitize_text_field($_POST['google_auth_code']);
921
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
922
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
923
+
924
+
925
+ $current_user = get_user_by('id',$user_id);
926
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
927
+ $ga_secret = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'secret_ga');
928
+
929
+ $mo2fa_login_message = '';
930
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
931
+ if(MO2f_Utility::mo2f_check_number_length($otpToken)){
932
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
933
+ $google_auth = new Miniorange_Rba_Attributes();
934
+ $google_response = json_decode($google_auth->mo2f_validate_google_auth($email,$otpToken,$ga_secret),true);
935
+ if(json_last_error() == JSON_ERROR_NONE) {
936
+ if($google_response['status'] == 'SUCCESS'){
937
+ $response = $google_response;
938
+ if(json_last_error() == JSON_ERROR_NONE || MO2F_IS_ONPREM) {
939
+ if($response['status'] == 'SUCCESS'){
940
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
941
+ 'mo2f_GoogleAuthenticator_config_status' => true,
942
+ 'mo2f_configured_2FA_method' => 'Google Authenticator',
943
+ 'mo2f_AuthyAuthenticator_config_status' => false,
944
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
945
+ ) );
946
+
947
+ if(MO2F_IS_ONPREM){
948
+ update_user_meta($current_user->ID,'mo2f_2FA_method_to_configure','GOOGLE AUTHENTICATOR');
949
+ $gauth_obj= new Google_auth_onpremise();
950
+ $gauth_obj->mo_GAuth_set_secret($current_user->ID, $ga_secret);
951
+ }
952
+ update_user_meta($current_user->ID,'mo2f_external_app_type','GOOGLE AUTHENTICATOR');
953
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
954
+
955
+ //When user sets method of another admin from USers section.
956
+ if(!empty(get_user_meta($current_user->ID,'mo2fa_set_Authy_inline'))){
957
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
958
+ 'mo2f_GoogleAuthenticator_config_status' => false,
959
+ 'mo2f_AuthyAuthenticator_config_status' => true,
960
+ 'mo2f_configured_2FA_method' => "Authy Authenticator",
961
+ 'user_registration_with_miniorange' => 'SUCCESS',
962
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
963
+ ) );
964
+ update_user_meta( $current_user->ID, 'mo2f_external_app_type', "Authy Authenticator" );
965
+ delete_user_meta($current_user->ID ,'mo2fa_set_Authy_inline');
966
+ }
967
+ }else{
968
+ $mo2fa_login_message = __('An error occured while setting up Google/Authy Authenticator. Please Try again.','miniorange-2-factor-authentication');
969
+ }
970
+ }else{
971
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
972
+ }
973
+ }else{
974
+ $mo2fa_login_message = __('An error occured while processing your request. Please Try again.','miniorange-2-factor-authentication');
975
+ }
976
+ }else{
977
+ $mo2fa_login_message = __('An error occured while validating the user. Please Try again.','miniorange-2-factor-authentication');
978
+ }
979
+ }else{
980
+ $mo2fa_login_message = __('Only digits are allowed. Please enter again.','miniorange-2-factor-authentication');
981
+ }
982
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id_encrypt);
983
+ }
984
+ }
985
+ }
986
+
987
+ function back_to_select_2fa(){
988
+ if( isset($_POST['miniorange_inline_two_factor_setup'])){ /* return back to choose second factor screen */
989
+ $nonce = sanitize_text_field($_POST['miniorange_inline_two_factor_setup']);
990
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-setup-nonce' ) ) {
991
+ $error = new WP_Error();
992
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
993
+ return $error;
994
+ } else {
995
+ global $Mo2fdbQueries;
996
+ $this->miniorange_pass2login_start_session();
997
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
998
+
999
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1000
+
1001
+
1002
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1003
+ $current_user = get_user_by('id',$user_id);
1004
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array( "mo2f_configured_2FA_method" => '' ) );
1005
+ $mo2fa_login_message = '';
1006
+ $mo2fa_login_status ='MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1007
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
1008
+ }
1009
+ }
1010
+ }
1011
+
1012
+ function create_user_in_miniOrange($current_user_id,$email,$currentMethod)
1013
+ {
1014
+ $tempEmail = get_user_meta($current_user_id,'mo2f_email_miniOrange',true);
1015
+ if(isset($tempEmail) and $tempEmail != '')
1016
+ $email = $tempEmail;
1017
+ global $Mo2fdbQueries;
1018
+
1019
+ $enduser = new Two_Factor_Setup();
1020
+ if($current_user_id == get_option('mo2f_miniorange_admin'))
1021
+ $email = get_option('mo2f_email');
1022
+
1023
+ $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
1024
+
1025
+ if(json_last_error() == JSON_ERROR_NONE){
1026
+
1027
+
1028
+
1029
+ if($check_user['status'] == 'ERROR'){
1030
+ return $check_user;
1031
+
1032
+ }
1033
+ else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
1034
+
1035
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
1036
+ 'user_registration_with_miniorange' =>'SUCCESS',
1037
+ 'mo2f_user_email' =>$email,
1038
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
1039
+ ) );
1040
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
1041
+
1042
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1043
+ return $check_user;
1044
+ }
1045
+ else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
1046
+ $current_user = get_user_by('id',$current_user_id);
1047
+ $content = json_decode($enduser->mo_create_user($current_user,$email), true);
1048
+
1049
+ if(json_last_error() == JSON_ERROR_NONE) {
1050
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
1051
+ update_site_option(base64_encode("totalUsersCloud"),get_site_option(base64_encode("totalUsersCloud"))+1);
1052
+ $Mo2fdbQueries->update_user_details( $current_user_id, array(
1053
+ 'user_registration_with_miniorange' =>'SUCCESS',
1054
+ 'mo2f_user_email' =>$email,
1055
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
1056
+ ) );
1057
+
1058
+ $mo2fa_login_message = '';
1059
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1060
+ return $check_user;
1061
+ }else{
1062
+ $check_user['status']='ERROR';
1063
+ $check_user['message']='There is an issue in user creation in miniOrange. Please skip and contact miniorange';
1064
+ return $check_user;
1065
+ }
1066
+ }
1067
+
1068
+
1069
+ }
1070
+ else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
1071
+ $mo2fa_login_message = __('The email associated with your account is already registered. Please contact your admin to change the email.','miniorange-2-factor-authentication');
1072
+ $check_user['status']='ERROR';
1073
+ $check_user['message']=$mo2fa_login_message;
1074
+ return $check_user;
1075
+ }
1076
+
1077
+ }
1078
+
1079
+ }
1080
+ function mo2f_skip_2fa_setup()
1081
+ {
1082
+ if(isset($_POST['miniorange_skip_2fa_nonce'])){
1083
+ $nonce = sanitize_text_field($_POST['miniorange_skip_2fa_nonce']);
1084
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skip-nonce' ) ) {
1085
+ $error = new WP_Error();
1086
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
1087
+ return $error;
1088
+ }
1089
+ else{
1090
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1091
+ global $Mo2fdbQueries;
1092
+ $redirect_to = esc_url_raw($_POST['redirect_to']);
1093
+ $session_id_encrypt = sanitize_text_field($session_id_encrypt);
1094
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1095
+
1096
+
1097
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_2factor_enable_2fa_byusers' => 0) );
1098
+
1099
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1100
+ }
1101
+ }
1102
+ }
1103
+
1104
+ function save_inline_2fa_method(){
1105
+ if(isset($_POST['miniorange_inline_save_2factor_method_nonce'])){
1106
+ $nonce = sanitize_text_field($_POST['miniorange_inline_save_2factor_method_nonce']);
1107
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce' ) ) {
1108
+ $error = new WP_Error();
1109
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
1110
+ return $error;
1111
+ } else {
1112
+
1113
+
1114
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1115
+ global $Mo2fdbQueries;
1116
+ $this->miniorange_pass2login_start_session();
1117
+ $mo2fa_login_message = '';
1118
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1119
+
1120
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1121
+
1122
+
1123
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1124
+ $current_user = get_user_by('id',$user_id);
1125
+ $currentUserId = $current_user->ID;
1126
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
1127
+ $user_registration_with_miniorange = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange',$current_user->ID);
1128
+ if($user_registration_with_miniorange == 'SUCCESS'){
1129
+ $selected_method = isset($_POST['mo2f_selected_2factor_method']) ? sanitize_text_field($_POST['mo2f_selected_2factor_method']) : 'NONE';
1130
+
1131
+ if($selected_method == 'OUT OF BAND EMAIL'){
1132
+ if(!MO2F_IS_ONPREM)
1133
+ {
1134
+ $current_user = get_userdata($currentUserId);
1135
+ $email = $current_user->user_email;
1136
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1137
+
1138
+ if($response['status']=='ERROR') {
1139
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1140
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
1141
+ }
1142
+ else
1143
+ {
1144
+ $enduser = new Two_Factor_Setup();
1145
+
1146
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
1147
+ 'mo2f_email_verification_status' =>true,
1148
+ 'mo2f_configured_2FA_method' =>'Email Verification',
1149
+ 'mo2f_user_email' => $email
1150
+ ) );
1151
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1152
+ }
1153
+ }
1154
+ else
1155
+ {
1156
+ $enduser = new Two_Factor_Setup();
1157
+
1158
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
1159
+ 'mo2f_email_verification_status' =>true,
1160
+ 'mo2f_configured_2FA_method' =>'Email Verification',
1161
+ 'mo2f_user_email' => $email
1162
+ ) );
1163
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1164
+ }
1165
+ }
1166
+ else if($selected_method == 'OTP OVER EMAIL'){
1167
+ $email = $current_user->user_email;
1168
+ if(!MO2F_IS_ONPREM)
1169
+ {
1170
+ $current_user = get_userdata($currentUserId);
1171
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1172
+ if($response['status']=='ERROR') {
1173
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1174
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
1175
+ }
1176
+ else
1177
+ {
1178
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
1179
+ if($user_email != '' and !is_null($user_email))
1180
+ $email = $user_email;
1181
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
1182
+
1183
+ }
1184
+ }
1185
+ else
1186
+ {
1187
+ $this->mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user);
1188
+ }
1189
+ }else if($selected_method == "GOOGLE AUTHENTICATOR"){
1190
+ $this->miniorange_pass2login_start_session();
1191
+ $mo2fa_login_message = '';
1192
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1193
+ $google_auth = new Miniorange_Rba_Attributes();
1194
+
1195
+ $gauth_name= get_site_option('mo2f_google_appname');
1196
+ $google_account_name= $gauth_name ? $gauth_name : 'miniOrangeAu';
1197
+
1198
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$current_user->ID);
1199
+
1200
+ if ( MO2F_IS_ONPREM ) { //this should not be here
1201
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1202
+ 'mo2f_configured_2FA_method' =>$selected_method,
1203
+ ) );
1204
+ include_once dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'gaonprem.php';
1205
+ $gauth_obj = new Google_auth_onpremise();
1206
+
1207
+ $onpremise_secret = $gauth_obj->createSecret();
1208
+ $issuer = get_site_option( 'mo2f_GA_account_name', 'miniOrangeAu' );
1209
+ $url = $gauth_obj->geturl( $onpremise_secret, $issuer, $email );
1210
+ $mo2f_google_auth = array();
1211
+ $mo2f_google_auth['ga_qrCode'] = $url;
1212
+ $mo2f_google_auth['ga_secret'] = $onpremise_secret;
1213
+
1214
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $onpremise_secret);
1215
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'ga_qrCode', $url);
1216
+
1217
+ }else{
1218
+ $current_user = get_userdata($currentUserId);
1219
+ $email = $current_user->user_email;
1220
+ $tempemail = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentUserId );
1221
+
1222
+ if(!isset($tempemail) and !is_null($tempemail) and $tempemail != '')
1223
+ {
1224
+ $email = $tempemail;
1225
+ }
1226
+
1227
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1228
+ if($response['status']=='ERROR') {
1229
+ $mo2fa_login_message=$response['message'];
1230
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1231
+
1232
+ }else{
1233
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1234
+ 'mo2f_configured_2FA_method' =>$selected_method,
1235
+ ) );
1236
+ $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email, $google_account_name ), true );
1237
+ if ( json_last_error() == JSON_ERROR_NONE ) {
1238
+ if ( $google_response['status'] == 'SUCCESS' ) {
1239
+
1240
+ $mo2f_google_auth = array();
1241
+ $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
1242
+ $mo2f_google_auth['ga_secret'] = $google_response['secret'];
1243
+
1244
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'secret_ga', $mo2f_google_auth['ga_secret']);
1245
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'ga_qrCode', $mo2f_google_auth['ga_qrCode']);
1246
+
1247
+ } else {
1248
+ $mo2fa_login_message = __( 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.', 'miniorange-2-factor-authentication' );
1249
+ }
1250
+ }
1251
+ }
1252
+ }
1253
+
1254
+
1255
+ }else if($selected_method == "DUO PUSH NOTIFICATIONS"){
1256
+ $this->miniorange_pass2login_start_session();
1257
+ $mo2fa_login_message = '';
1258
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1259
+
1260
+ $selected_method = "Duo Authenticator";
1261
+
1262
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1263
+ 'mo2f_configured_2FA_method' =>$selected_method
1264
+ ) );
1265
+
1266
+
1267
+
1268
+
1269
+ }
1270
+ else{
1271
+ //inline for others
1272
+ if(!MO2F_IS_ONPREM or $selected_method == 'MOBILE AUTHENTICATION' or $selected_method == 'PUSH NOTIFICATIONS' or $selected_method == 'SOFT TOKEN' )
1273
+ {
1274
+ $current_user = get_userdata($currentUserId);
1275
+ $email = $current_user->user_email;
1276
+ $response = $this->create_user_in_miniOrange($currentUserId,$email,$selected_method);
1277
+ if(!is_null($response) && $response['status']=='ERROR') {
1278
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1279
+ $mo2fa_login_message=$response['message'].'Skip the two-factor for login';
1280
+ }
1281
+ else {
1282
+ if($selected_method == 'OTP OVER TELEGRAM')
1283
+ {
1284
+ $selected_method = 'OTP Over Telegram';
1285
+ }
1286
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array('mo2f_configured_2FA_method' =>$selected_method) );
1287
+ }
1288
+ }else{
1289
+ if($selected_method == 'OTP OVER TELEGRAM')
1290
+ {
1291
+ $selected_method = 'OTP Over Telegram';
1292
+ }
1293
+ $Mo2fdbQueries->update_user_details( $current_user->ID, array(
1294
+ 'mo2f_configured_2FA_method' =>$selected_method,
1295
+ ) );
1296
+ }
1297
+ }
1298
+ }else{
1299
+ $mo2fa_login_message = __('Invalid request. Please register with miniOrange to configure 2 Factor plugin.','miniorange-2-factor-authentication');
1300
+ }
1301
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id_encrypt);
1302
+ }
1303
+ }
1304
+ }
1305
+
1306
+ function check_kba_validation($POSTED){
1307
+ global $moWpnsUtility;
1308
+ if ( isset( $POSTED['miniorange_kba_nonce'] ) ) { /*check kba validation*/
1309
+ $nonce = $POSTED['miniorange_kba_nonce'];
1310
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-kba-nonce' ) ) {
1311
+ $error = new WP_Error();
1312
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1313
+ return $error;
1314
+ }else{
1315
+ $this->miniorange_pass2login_start_session();
1316
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1317
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1318
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1319
+ if ( isset( $user_id ) ) {
1320
+ if ( MO2f_Utility::mo2f_check_empty_or_null( sanitize_text_field($_POST['mo2f_answer_1']) ) || MO2f_Utility::mo2f_check_empty_or_null( sanitize_text_field($_POST['mo2f_answer_2'] )) ) {
1321
+ MO2f_Utility::mo2f_debug_file('Please provide both the answers of KBA'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1322
+ $mo2fa_login_message = 'Please provide both the answers.';
1323
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1324
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1325
+ }
1326
+ $otpToken = array();
1327
+ $kba_questions = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo_2_factor_kba_questions' );
1328
+ $otpToken[0] = $kba_questions[0]['question'];
1329
+ $otpToken[1] = sanitize_text_field( $_POST['mo2f_answer_1'] );
1330
+ $otpToken[2] = $kba_questions[1]['question'];
1331
+ $otpToken[3] = sanitize_text_field( $_POST['mo2f_answer_2'] );
1332
+ $check_trust_device = isset( $_POST['mo2f_trust_device'] ) ? sanitize_text_field($_POST['mo2f_trust_device']) : 'false';
1333
+ //if the php session folder has insufficient permissions, cookies to be used
1334
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_transactionId', $session_id_encrypt );
1335
+ MO2f_Utility::mo2f_debug_file('Transaction Id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1336
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
1337
+ $kba_validate = new Customer_Setup();
1338
+ $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_login_transaction_id, $otpToken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1339
+ global $Mo2fdbQueries;
1340
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1341
+ if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
1342
+ if ( get_option( 'mo2f_remember_device' ) && $check_trust_device == 'on' ) {
1343
+ try {
1344
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
1345
+ } catch ( Exception $e ) {
1346
+ echo esc_html($e->getMessage());
1347
+ }
1348
+ MO2f_Utility::mo2f_debug_file('Remeber device logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1349
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1350
+ } else {
1351
+ MO2f_Utility::mo2f_debug_file('Logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1352
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1353
+ }
1354
+ } else {
1355
+ MO2f_Utility::mo2f_debug_file('The answers you have provided for KBA are incorrect'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1356
+ $mo2fa_login_message = 'The answers you have provided are incorrect.';
1357
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
1358
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
1359
+ }
1360
+ } else {
1361
+ MO2f_Utility::mo2f_debug_file('User id not found'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1362
+ $this->remove_current_activity($session_id_encrypt);
1363
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1364
+ }
1365
+ }
1366
+ }
1367
+ }
1368
+ function check_rba_cancalation($POSTED){
1369
+ $nonce = sanitize_text_field($POSTED['mo2f_trust_device_cancel_nonce']);
1370
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-cancel-nonce' ) ) {
1371
+ $error = new WP_Error();
1372
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1373
+ return $error;
1374
+ } else {
1375
+ $this->miniorange_pass2login_start_session();
1376
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1377
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1378
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1379
+ }
1380
+ }
1381
+ function check_rba_validation($POSTED){
1382
+ $nonce = $POSTED['mo2f_trust_device_confirm_nonce'];
1383
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-trust-device-confirm-nonce' ) ) {
1384
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id'] ): null;
1385
+ $this->remove_current_activity($session_id_encrypt);
1386
+ $error = new WP_Error();
1387
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR ' ) . '</strong>:' . mo2f_lt( 'Invalid Request.' ) );
1388
+ return $error;
1389
+ } else {
1390
+ $this->miniorange_pass2login_start_session();
1391
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1392
+ try {
1393
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1394
+ Global $Mo2fdbQueries;
1395
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1396
+ $mo2f_rba_status = MO2f_Utility::mo2f_retrieve_user_temp_values( 'mo2f_rba_status',$session_id_encrypt );
1397
+ mo2f_register_profile( $email, 'true', $mo2f_rba_status );
1398
+ } catch ( Exception $e ) {
1399
+ echo esc_html($e->getMessage());
1400
+ }
1401
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1402
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1403
+ }
1404
+ }
1405
+
1406
+ function miniorange2f_back_to_inline_registration($POSTED)
1407
+ {
1408
+ $nonce = sanitize_text_field($_POST['miniorange_back_inline_reg_nonce']);
1409
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-back-inline-reg-nonce' ) ) {
1410
+ $error = new WP_Error();
1411
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1412
+ return $error;
1413
+ } else {
1414
+
1415
+ $session_id_encrypt = sanitize_text_field($POSTED['session_id']);
1416
+ $redirect_to = esc_url_raw($POSTED['redirect_to']);
1417
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
1418
+ $mo2fa_login_message = '';
1419
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
1420
+ }
1421
+
1422
+ }
1423
+
1424
+ function check_miniorange_challenge_forgotphone($POSTED){/*check kba validation*/
1425
+ $nonce = sanitize_text_field($_POST['miniorange_forgotphone']);
1426
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1427
+ $error = new WP_Error();
1428
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1429
+ return $error;
1430
+ } else {
1431
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1432
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1433
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1434
+ $mo2fa_login_message = '';
1435
+ $this->miniorange_pass2login_start_session();
1436
+ $customer = new Customer_Setup();
1437
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1438
+ Global $Mo2fdbQueries;
1439
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1440
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1441
+ if ( $kba_configuration_status ) {
1442
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1443
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1444
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1445
+ } else {
1446
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1447
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1448
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1449
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1450
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1451
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1452
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1453
+ //if the php session folder has insufficient permissions, cookies to be used
1454
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1455
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1456
+ $this->mo2f_transactionid=$content['txId'];
1457
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1458
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1459
+ } else {
1460
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1461
+ }
1462
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1463
+ }
1464
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1465
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1466
+ }
1467
+ }
1468
+ function check_miniorange_alternate_login_kba($POSTED){
1469
+ $nonce = $POSTED['miniorange_alternate_login_kba_nonce'];
1470
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-alternate-login-kba-nonce' ) ) {
1471
+ $error = new WP_Error();
1472
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1473
+ return $error;
1474
+ } else {
1475
+ $this->miniorange_pass2login_start_session();
1476
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1477
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1478
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1479
+ $this->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1480
+ }
1481
+ }
1482
+
1483
+ function check_miniorange_duo_push_validation($POSTED){
1484
+ global $moWpnsUtility;
1485
+ $nonce = $POSTED['miniorange_duo_push_validation_nonce'];
1486
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-duo-validation-nonce' ) ) {
1487
+ $error = new WP_Error();
1488
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1489
+ return $error;
1490
+ } else {
1491
+ $this->miniorange_pass2login_start_session();
1492
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1493
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1494
+
1495
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1496
+ if ( get_option( 'mo2f_remember_device' ) ) {
1497
+
1498
+ MO2f_Utility::mo2f_debug_file('Remember device- Duo push notification logged in successfully'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1499
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1500
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1501
+ } else {
1502
+ MO2f_Utility::mo2f_debug_file('Duo push notification - Logged in successfully'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1503
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1504
+ }
1505
+
1506
+ }
1507
+ }
1508
+
1509
+ function check_miniorange_duo_push_validation_failed($POSTED){
1510
+ global $moWpnsUtility;
1511
+ $nonce = $POSTED['miniorange_duo_push_validation_failed_nonce'];
1512
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-duo-push-validation-failed-nonce' ) ) {
1513
+ $error = new WP_Error();
1514
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1515
+ return $error;
1516
+ } else {
1517
+ MO2f_Utility::mo2f_debug_file('Denied duo push notification'.' User_IP-'.$moWpnsUtility->get_client_ip());
1518
+ $this->miniorange_pass2login_start_session();
1519
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1520
+ $this->remove_current_activity($session_id_encrypt);
1521
+
1522
+ }
1523
+
1524
+ }
1525
+
1526
+ function check_miniorange_mobile_validation($POSTED){
1527
+ /*check mobile validation */
1528
+ global $moWpnsUtility;
1529
+ $nonce = $POSTED['miniorange_mobile_validation_nonce'];
1530
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-nonce' ) ) {
1531
+ $error = new WP_Error();
1532
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1533
+ return $error;
1534
+ } else {
1535
+ if(MO2F_IS_ONPREM && (isset($POSTED['tx_type']) && $POSTED['tx_type'] !='PN'))
1536
+ {
1537
+ $txid = $POSTED['TxidEmail'];
1538
+ $status = get_option($txid);
1539
+ if($status != '')
1540
+ {
1541
+ if($status != 1)
1542
+ {
1543
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1544
+ }
1545
+ }
1546
+ }
1547
+ $this->miniorange_pass2login_start_session();
1548
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1549
+ //if the php session folder has insufficient permissions, cookies to be used
1550
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1551
+ MO2f_Utility::mo2f_debug_file('Transaction_id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip());
1552
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1553
+ $checkMobileStatus = new Two_Factor_Setup();
1554
+ $content = $checkMobileStatus->check_mobile_status( $mo2f_login_transaction_id );
1555
+ $response = json_decode( $content, true );
1556
+ if(MO2F_IS_ONPREM)
1557
+ {
1558
+ MO2f_Utility::mo2f_debug_file('MO QR-code/push notification auth logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip());
1559
+ $this->mo2fa_pass2login($redirect_to,$session_id_encrypt);
1560
+ }
1561
+ if ( json_last_error() == JSON_ERROR_NONE ) {
1562
+ if ( $response['status'] == 'SUCCESS' ) {
1563
+ if ( get_option( 'mo2f_remember_device' ) ) {
1564
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1565
+ MO2f_Utility::mo2f_debug_file('Remember device flow prompted'.' User_IP-'.$moWpnsUtility->get_client_ip());
1566
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null,$session_id_encrypt );
1567
+ } else {
1568
+ MO2f_Utility::mo2f_debug_file('MO QR-code/push notification auth logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip());
1569
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1570
+ }
1571
+ } else {
1572
+ MO2f_Utility::mo2f_debug_file('Invalid_username'.' User_IP-'.$moWpnsUtility->get_client_ip());
1573
+ $this->remove_current_activity($session_id_encrypt);
1574
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1575
+ }
1576
+ } else {
1577
+ MO2f_Utility::mo2f_debug_file('Invalid_username'.' User_IP-'.$moWpnsUtility->get_client_ip());
1578
+ $this->remove_current_activity($session_id_encrypt);
1579
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again.' ) );
1580
+ }
1581
+ }
1582
+ }
1583
+ function check_miniorange_mobile_validation_failed($POSTED){
1584
+ /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
1585
+ $nonce = $POSTED['miniorange_mobile_validation_failed_nonce'];
1586
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-mobile-validation-failed-nonce' ) ) {
1587
+ $error = new WP_Error();
1588
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1589
+ return $error;
1590
+ } else {
1591
+ MO2f_Utility::mo2f_debug_file('MO QR-code/push notification auth denied.');
1592
+ $this->miniorange_pass2login_start_session();
1593
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1594
+ $this->remove_current_activity($session_id_encrypt);
1595
+
1596
+ }
1597
+ }
1598
+
1599
+ function check_mo2f_duo_authenticator_success_form($POSTED){
1600
+ if(isset($POSTED['mo2f_duo_authenticator_success_nonce'])){
1601
+ $nonce = sanitize_text_field($POSTED['mo2f_duo_authenticator_success_nonce']);
1602
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-success-nonce' ) ) {
1603
+ $error = new WP_Error();
1604
+ $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
1605
+ return $error;
1606
+ } else {
1607
+
1608
+ global $Mo2fdbQueries;
1609
+ $this->miniorange_pass2login_start_session();
1610
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1611
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1612
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1613
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1614
+ $selected_2factor_method = $Mo2fdbQueries->get_user_detail('mo2f_configured_2FA_method',$user_id);
1615
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$user_id);
1616
+ $mo2fa_login_message = '';
1617
+
1618
+
1619
+ delete_user_meta($user_id,'user_not_enroll');
1620
+ delete_site_option('current_user_email');
1621
+ $Mo2fdbQueries->update_user_details( $user_id, array(
1622
+ 'mobile_registration_status' =>true,
1623
+ 'mo2f_DuoAuthenticator_config_status' => true,
1624
+ 'mo2f_configured_2FA_method' =>$selected_2factor_method ,
1625
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
1626
+ ) );
1627
+ $mo2fa_login_status = 'MO_2_FACTOR_SETUP_SUCCESS';
1628
+
1629
+
1630
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
1631
+
1632
+ }
1633
+ }
1634
+ }
1635
+ function check_inline_mo2f_duo_authenticator_error($POSTED){
1636
+ $nonce = $POSTED['mo2f_inline_duo_authentcator_error_nonce'];
1637
+
1638
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-inline-duo-authenticator-error-nonce' ) ) {
1639
+ $error = new WP_Error();
1640
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1641
+
1642
+ return $error;
1643
+ } else {
1644
+ global $Mo2fdbQueries;
1645
+ $this->miniorange_pass2login_start_session();
1646
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1647
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1648
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1649
+
1650
+
1651
+
1652
+ $Mo2fdbQueries->update_user_details( $user_id, array(
1653
+ 'mobile_registration_status' =>false,
1654
+ ) );
1655
+
1656
+ }
1657
+ }
1658
+ function check_miniorange_forgotphone($POSTED){
1659
+ $nonce = $POSTED['miniorange_forgotphone'];
1660
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-forgotphone' ) ) {
1661
+ $error = new WP_Error();
1662
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1663
+ return $error;
1664
+ } else {
1665
+ global $Mo2fdbQueries;
1666
+ $mo2fa_login_status = isset( $POSTED['request_origin_method'] ) ? $POSTED['request_origin_method'] : null;
1667
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1668
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1669
+ $mo2fa_login_message = '';
1670
+ $this->miniorange_pass2login_start_session();
1671
+ $customer = new Customer_Setup();
1672
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1673
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1674
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user_id );
1675
+ if ( $kba_configuration_status ) {
1676
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL';
1677
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1678
+ $pass2fa_login->mo2f_pass2login_kba_verification( $user_id, $redirect_to,$session_id_encrypt );
1679
+ } else {
1680
+ $hidden_user_email = MO2f_Utility::mo2f_get_hidden_email( $user_email );
1681
+ $content = json_decode( $customer->send_otp_token( $user_email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1682
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1683
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1684
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1685
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1686
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt );
1687
+ //if the php session folder has insufficient permissions, cookies to be used
1688
+ MO2f_Utility::set_user_values( $session_id_encrypt,'mo2f_login_message', 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.' );
1689
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_transactionId', $content['txId'] );
1690
+ $this->mo2f_transactionid=$content['txId'];
1691
+ $mo2fa_login_message = 'A one time passcode has been sent to <b>' . $hidden_user_email . '</b>. Please enter the OTP to verify your identity.';
1692
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
1693
+ } else {
1694
+ $mo2fa_login_message = 'Error occurred while sending OTP over email. Please try again.';
1695
+ }
1696
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id_encrypt );
1697
+ }
1698
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
1699
+ $pass2fa_login->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1700
+ }
1701
+ }
1702
+ function check_miniorange_softtoken($POSTED){
1703
+ /*Click on the link of phone is offline */
1704
+ $nonce = $POSTED['miniorange_softtoken'];
1705
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-softtoken' ) ) {
1706
+ $error = new WP_Error();
1707
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1708
+ return $error;
1709
+ } else {
1710
+ $this->miniorange_pass2login_start_session();
1711
+ $session_id_encrypt = isset( $POSTED['session_id'] ) ? $POSTED['session_id'] : null;
1712
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
1713
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
1714
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables );
1715
+ MO2f_Utility::unset_temp_user_details_in_table('mo2f_transactionId',$session_id_encrypt );
1716
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1717
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
1718
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
1719
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1720
+ }
1721
+ }
1722
+ function check_miniorange_soft_token($POSTED){
1723
+ /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
1724
+ global $moWpnsUtility;
1725
+ $nonce = sanitize_text_field($_POST['miniorange_soft_token_nonce']);
1726
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-soft-token-nonce' ) ) {
1727
+ $error = new WP_Error();
1728
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1729
+ return $error;
1730
+ }else {
1731
+ $this->miniorange_pass2login_start_session();
1732
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1733
+ $mo2fa_login_status = isset( $_POST['request_origin_method'] ) ? sanitize_text_field($_POST['request_origin_method']) : null;
1734
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
1735
+ $softtoken = '';
1736
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1737
+ $attempts = get_option('mo2f_attempts_before_redirect', 3);
1738
+ if ( MO2f_utility::mo2f_check_empty_or_null( $_POST['mo2fa_softtoken'] ) ) {
1739
+ if($attempts>1 || $attempts=='disabled')
1740
+ {
1741
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1742
+ $mo2fa_login_message = 'Please enter OTP to proceed.';
1743
+ MO2f_Utility::mo2f_debug_file('Please enter OTP to proceed'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1744
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1745
+ }else{
1746
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1747
+ $this->remove_current_activity($session_id_encrypt);
1748
+ MO2f_Utility::mo2f_debug_file('Number of attempts exceeded'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1749
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1750
+ }
1751
+ } else {
1752
+ $softtoken = sanitize_text_field( $_POST['mo2fa_softtoken'] );
1753
+ if ( ! MO2f_utility::mo2f_check_number_length( $softtoken ) ) {
1754
+ if($attempts>1|| $attempts=='disabled')
1755
+ {
1756
+ update_option('mo2f_attempts_before_redirect', $attempts-1 );
1757
+ $mo2fa_login_message = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
1758
+ MO2f_Utility::mo2f_debug_file('Invalid OTP. Only digits within range 4-8 are allowed'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1759
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
1760
+ }else{
1761
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1762
+ $this->remove_current_activity($session_id_encrypt);
1763
+ update_option('mo2f_attempts_before_redirect', 3);
1764
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1765
+ $data = array('reload' => "reload", );
1766
+ wp_send_json_success($data);
1767
+ }
1768
+ else{
1769
+ MO2f_Utility::mo2f_debug_file('Number of attempts exceeded'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id);
1770
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1771
+ }
1772
+ }
1773
+ }
1774
+ }
1775
+
1776
+ global $Mo2fdbQueries;
1777
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
1778
+ if ( isset( $user_id ) ) {
1779
+ $customer = new Customer_Setup();
1780
+ $content = '';
1781
+ $current_user = get_userdata($user_id);
1782
+ //if the php session folder has insufficient permissions, cookies to be used
1783
+ $mo2f_login_transaction_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1784
+ $mo2f_login_transaction_id = isset($_POST['mo2fa_transaction_id'])?sanitize_text_field($_POST['mo2fa_transaction_id']):MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId');
1785
+ MO2f_Utility::mo2f_debug_file('Transaction_id-'.$mo2f_login_transaction_id.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1786
+ if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' ) {
1787
+ $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),$current_user ), true );
1788
+ }elseif (isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_WHATSAPP' ) {
1789
+
1790
+ $otpToken = get_user_meta($current_user->ID,'mo2f_otp_token_wa',true);
1791
+ $time = get_user_meta($current_user->ID,'mo2f_whatsapp_time',true);
1792
+ $accepted_time = time()-600;
1793
+ $time = (int)$time;
1794
+ global $Mo2fdbQueries;
1795
+
1796
+ if($softtoken == $otpToken)
1797
+ {
1798
+ if($accepted_time<$time){
1799
+ update_option('mo2f_attempts_before_redirect', 3);
1800
+ if ( get_option( 'mo2f_remember_device' ) ) {
1801
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1802
+ MO2f_Utility::mo2f_debug_file('Remeber device setup'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1803
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1804
+ }
1805
+ else{
1806
+
1807
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1808
+ }
1809
+ }
1810
+ else
1811
+ {
1812
+ $this->remove_current_activity($session_id_encrypt);
1813
+
1814
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: OTP has been Expired please reinitiate another transaction.' ) );
1815
+
1816
+ }
1817
+ }
1818
+ else
1819
+ {
1820
+
1821
+ update_option('mo2f_attempts_before_redirect', $attempts-1);
1822
+ $message = 'Invalid OTP please enter again.';
1823
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1824
+
1825
+ }
1826
+ }
1827
+ elseif (isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM' ) {
1828
+
1829
+ $otpToken = get_user_meta($current_user->ID,'mo2f_otp_token',true);
1830
+ $time = get_user_meta($current_user->ID,'mo2f_telegram_time',true);
1831
+ $accepted_time = time()-300;
1832
+ $time = (int)$time;
1833
+ global $Mo2fdbQueries;
1834
+
1835
+ if($softtoken == $otpToken)
1836
+ {
1837
+ if($accepted_time<$time){
1838
+ update_option('mo2f_attempts_before_redirect', 3);
1839
+ if ( get_option( 'mo2f_remember_device' ) ) {
1840
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1841
+ MO2f_Utility::mo2f_debug_file('Remember device flow'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1842
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1843
+ }
1844
+ else{
1845
+ MO2f_Utility::mo2f_debug_file('OTP over Telegram - Logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1846
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1847
+ }
1848
+ }
1849
+ else
1850
+ {
1851
+ $this->remove_current_activity($session_id_encrypt);
1852
+ MO2f_Utility::mo2f_debug_file('OTP has been Expired please reinitiate another transaction'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1853
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: OTP has been Expired please reinitiate another transaction.' ) );
1854
+
1855
+ }
1856
+ }
1857
+ else
1858
+ {
1859
+ if($attempts<=1){
1860
+ $this->remove_current_activity($session_id_encrypt);
1861
+ update_option('mo2f_attempts_before_redirect', 3);
1862
+ return new WP_Error( 'attempts failed try again ', __( '<strong>ERROR</strong>: maximum attempts.' ) );
1863
+ }
1864
+ MO2f_Utility::mo2f_debug_file('OTP over Telegram - Invalid OTP'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1865
+ update_option('mo2f_attempts_before_redirect', $attempts-1);
1866
+ $message = 'Invalid OTP please enter again.';
1867
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1868
+
1869
+ }
1870
+ }
1871
+ else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' ) {
1872
+ $content = json_decode( $customer->validate_otp_token( 'SMS', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1873
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' ) {
1874
+ $content = json_decode( $customer->validate_otp_token( 'PHONE VERIFICATION', null, $mo2f_login_transaction_id, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1875
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ) {
1876
+ $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1877
+ } else if ( isset( $mo2fa_login_status ) && $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
1878
+ $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $user_email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
1879
+ } else {
1880
+ $this->remove_current_activity($session_id_encrypt);
1881
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Invalid Request. Please try again.' ) );
1882
+ }
1883
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
1884
+ update_option('mo2f_attempts_before_redirect', 3);
1885
+ if ( get_option( 'mo2f_remember_device' ) ) {
1886
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
1887
+ MO2f_Utility::mo2f_debug_file('Remember device flow'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1888
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to,null,$session_id_encrypt );
1889
+ } else {
1890
+ if($mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL')
1891
+ {
1892
+ $Mo2fdbQueries->update_user_details( $user_id, array('mo2f_configured_2FA_method' =>'OTP Over Email','mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS', 'mo2f_OTPOverEmail_config_status' => 1) );
1893
+ $enduser = new Two_Factor_Setup();
1894
+
1895
+ $enduser->mo2f_update_userinfo( $user_email, 'OTP Over Email', null, null, null );
1896
+
1897
+ }
1898
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' Logged in successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1899
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
1900
+ }
1901
+ } else {
1902
+ if($attempts>1 || $attempts=='disabled')
1903
+ {
1904
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' Enter wrong OTP'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1905
+ update_option('mo2f_attempts_before_redirect', $attempts-1);
1906
+ $message = $mo2fa_login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'You have entered an invalid OTP.<br>Please click on <b>Sync Time</b> in the miniOrange Authenticator app to sync your phone time with the miniOrange servers and try again.' : 'Invalid OTP. Please try again.';
1907
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $message, $redirect_to,null,$session_id_encrypt );
1908
+ }else{
1909
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1910
+ $this->remove_current_activity($session_id_encrypt);
1911
+ update_option('mo2f_attempts_before_redirect', 3);
1912
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
1913
+ $data = array('reload' => "reload", );
1914
+ wp_send_json_success($data);
1915
+ }
1916
+ else{
1917
+ MO2f_Utility::mo2f_debug_file('Number of attempts exceeded'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1918
+ return new WP_Error( 'limit_exceeded', '<strong>ERROR</strong>: Number of attempts exceeded.');
1919
+ }
1920
+
1921
+ }
1922
+ }
1923
+ } else {
1924
+ $this->remove_current_activity($session_id_encrypt);
1925
+ MO2f_Utility::mo2f_debug_file('User id not found'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user_id.' Email-'.$user_email);
1926
+ return new WP_Error( 'invalid_username', __( '<strong>ERROR</strong>: Please try again..' ) );
1927
+ }
1928
+ }
1929
+ }
1930
+ function check_miniorange_attribute_collection($POSTED){
1931
+ $nonce = $POSTED['miniorange_attribute_collection_nonce'];
1932
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-attribute-collection-nonce' ) ) {
1933
+ $error = new WP_Error();
1934
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1935
+ return $error;
1936
+ } else {
1937
+ $this->miniorange_pass2login_start_session();
1938
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
1939
+ $currentuser = get_user_by( 'id', $user_id );
1940
+ $attributes = isset( $POSTED['miniorange_rba_attribures'] ) ? $POSTED['miniorange_rba_attribures'] : null;
1941
+ $redirect_to = isset( $POSTED['redirect_to'] ) ? esc_url_raw($POSTED['redirect_to']) : null;
1942
+ $session_id = isset( $POSTED['session_id'] ) ? sanitize_text_field($POSTED['session_id']) : null;
1943
+ $this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to,$session_id );
1944
+ }
1945
+ }
1946
+ function check_miniorange_inline_skip_registration($POSTED){
1947
+ $error = new WP_Error();
1948
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
1949
+ }
1950
+ function miniorange_pass2login_redirect() {
1951
+ do_action('mo2f_network_init');
1952
+ global $Mo2fdbQueries;
1953
+
1954
+ if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) {
1955
+ if ( isset( $_POST['miniorange_login_nonce'] ) ) {
1956
+ $nonce = sanitize_text_field($_POST['miniorange_login_nonce']);
1957
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
1958
+
1959
+ if(is_null($session_id)) {
1960
+ $session_id=$this->create_session();
1961
+ }
1962
+
1963
+
1964
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-login-nonce' ) ) {
1965
+ $this->remove_current_activity($session_id);
1966
+ $error = new WP_Error();
1967
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1968
+ return $error;
1969
+ } else {
1970
+ $this->miniorange_pass2login_start_session();
1971
+ $mobile_login = new Miniorange_Mobile_Login();
1972
+ //validation and sanitization
1973
+ $username = isset( $_POST['mo2fa_username'] ) ? sanitize_user($_POST['mo2fa_username']) : '';
1974
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $username ) ) {
1975
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please enter username to proceed' );
1976
+ $mobile_login->mo_auth_show_error_message();
1977
+ return;
1978
+ } else {
1979
+ $username = sanitize_user( $_POST['mo2fa_username'] );
1980
+ }
1981
+ if ( username_exists( $username ) ) { /*if username exists in wp site */
1982
+ $user = new WP_User( $username );
1983
+ $redirect_to = isset( $_REQUEST['redirect_to'] ) ? esc_url_raw($_REQUEST['redirect_to']) : null;
1984
+
1985
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_current_user_id', $user->ID, 600);
1986
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 600);
1987
+
1988
+
1989
+ $this->mo2f_userId=$user->ID;
1990
+ $this->fstfactor='VALIDATE_SUCCESS';
1991
+ $current_roles = miniorange_get_user_role( $user );
1992
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
1993
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
1994
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
1995
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $user->ID );
1996
+
1997
+ if(MO2F_IS_ONPREM )
1998
+ {
1999
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
2000
+
2001
+ }
2002
+ if ( $mo2f_configured_2FA_method ) {
2003
+ if ( $email && $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or (MO2F_IS_ONPREM and $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS')) {
2004
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status ) {
2005
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
2006
+ } else {
2007
+ $mo2f_second_factor = '';
2008
+
2009
+ if(MO2F_IS_ONPREM)
2010
+ {
2011
+ global $Mo2fdbQueries;
2012
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2013
+ if($mo2f_second_factor == 'Security Questions')
2014
+ {
2015
+ $mo2f_second_factor = 'KBA';
2016
+ }
2017
+ else if($mo2f_second_factor == 'Google Authenticator')
2018
+ {
2019
+ $mo2f_second_factor = 'GOOGLE AUTHENTICATOR';
2020
+ }
2021
+ else if($mo2f_second_factor == 'Email Verification'){
2022
+ $mo2f_second_factor = 'Email Verification';
2023
+ }
2024
+ else if($mo2f_second_factor == 'OTP Over SMS'){
2025
+ $mo2f_second_factor = 'SMS';
2026
+ }
2027
+ else if($mo2f_second_factor == 'OTP Over Email'){
2028
+ $mo2f_second_factor = 'EMAIL';
2029
+ }
2030
+ elseif($mo2f_second_factor == 'miniOrange Soft Token'){
2031
+ $mo2f_second_factor = "SOFT TOKEN";
2032
+ }
2033
+ else if($mo2f_second_factor == "miniOrange Push Notification"){
2034
+ $mo2f_second_factor = "PUSH NOTIFICATIONS";
2035
+ }
2036
+ else if($mo2f_second_factor == "miniOrange QR Code Authentication"){
2037
+ $mo2f_second_factor = "MOBILE AUTHENTICATION";
2038
+ }
2039
+ }else{
2040
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $user );
2041
+ }
2042
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' ) {
2043
+ $this->mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id );
2044
+ } else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' ) {
2045
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
2046
+ }
2047
+ else if($mo2f_second_factor == 'Email Verification'){
2048
+ $this->mo2f_pass2login_push_oobemail_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
2049
+ }
2050
+ else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'OTP Over Telegram'|| $mo2f_second_factor == 'EMAIL' || $mo2f_second_factor == "OTP Over Email") {
2051
+ $this->mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to, $session_id );
2052
+ } else if ( $mo2f_second_factor == 'KBA' ) {
2053
+ $this->mo2f_pass2login_kba_verification( $user->ID, $redirect_to, $session_id );
2054
+ } else {
2055
+ $this->remove_current_activity($session_id);
2056
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please try again or contact your admin.' );
2057
+ $mobile_login->mo_auth_show_success_message();
2058
+ }
2059
+ }
2060
+ } else {
2061
+ MO2f_Utility::set_user_values($session_id, 'mo2f_login_message', 'Please login into your account using password.' );
2062
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
2063
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
2064
+ $mobile_login->mo2f_redirectto_wp_login();
2065
+ }
2066
+ } else {
2067
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Please login into your account using password.' );
2068
+ $mobile_login->mo_auth_show_success_message('Please login into your account using password.');
2069
+ update_user_meta($user->ID,'userMessage','Please login into your account using password.');
2070
+ $mobile_login->mo2f_redirectto_wp_login();
2071
+ }
2072
+ } else {
2073
+ $mobile_login->remove_current_activity($session_id);
2074
+ MO2f_Utility::set_user_values( $session_id, "mo2f_login_message", 'Invalid Username.' );
2075
+ $mobile_login->mo_auth_show_error_message('Invalid Username.');
2076
+ }
2077
+ }
2078
+ }
2079
+
2080
+ }
2081
+ if(isset($_GET['reconfigureMethod']) && is_user_logged_in()){
2082
+ $userIDGet = get_current_user_id();
2083
+ $txidGet = isset($_GET['transactionId'])?sanitize_text_field($_GET['transactionId']):'';
2084
+ $methodGet = isset($_GET['reconfigureMethod'])?sanitize_text_field($_GET['reconfigureMethod']):'';
2085
+ if(get_site_option($txidGet) === $userIDGet && ctype_xdigit($txidGet) && ctype_xdigit($methodGet)){
2086
+ $method = get_site_option($methodGet);
2087
+ $Mo2fdbQueries->update_user_details( $userIDGet, array(
2088
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS',
2089
+ 'mo2f_configured_2FA_method' => $method
2090
+ ) );
2091
+ $is_Authy_configured = $Mo2fdbQueries->get_user_detail('mo2f_AuthyAuthenticator_config_status',$userIDGet);
2092
+ if($method == 'Google Authenticator' || $is_Authy_configured){
2093
+ update_user_meta($userIDGet,'mo2fa_set_Authy_inline',true);
2094
+ }
2095
+ delete_site_option($txidGet);
2096
+ }else{
2097
+ $head = "You are not authorized to perform this action";
2098
+ $body = "Please contact to your admin";
2099
+ $this->display_email_verification($head,$body,'red');
2100
+ exit();
2101
+ }
2102
+ }
2103
+ if(isset($_GET['Txid'])&&isset($_GET['accessToken']))
2104
+ {
2105
+ $userIDGet = sanitize_text_field($_GET['userID']);
2106
+ $txIdGet = sanitize_text_field($_GET['Txid']);
2107
+ $otpToken = get_site_option($userIDGet);
2108
+ $txidstatus = get_site_option($txIdGet);
2109
+ $userIDd = $userIDGet.'D';
2110
+ $otpTokenD = get_site_option($userIDd);
2111
+ $mo2f_dirName = dirname(__FILE__);
2112
+ $mo2f_dirName = explode('wp-content', $mo2f_dirName);
2113
+ $mo2f_dirName = explode('handler', $mo2f_dirName[1]);
2114
+
2115
+ $head = "You are not authorized to perform this action";
2116
+ $body = "Please contact to your admin";
2117
+ $color = "red";
2118
+ if(3 == $txidstatus)
2119
+ {
2120
+ $time = "time".$txIdGet;
2121
+ $currentTimeInMillis = round(microtime(true) * 1000);
2122
+ $generatedTimeINMillis = get_site_option($time);
2123
+ $difference = ($currentTimeInMillis-$generatedTimeINMillis)/1000 ;
2124
+ if($difference <= 300)
2125
+ {
2126
+ $accessTokenGet = sanitize_text_field($_GET['accessToken']);
2127
+ if( $accessTokenGet == $otpToken)
2128
+ {
2129
+ update_site_option($txIdGet,1);
2130
+ $body = "Transaction has been successfully validated. Please continue with the transaction.";
2131
+ $head = "TRANSACTION SUCCESSFUL";
2132
+ $color = "green";
2133
+ }
2134
+ else if($accessTokenGet==$otpTokenD)
2135
+ {
2136
+ update_site_option($txIdGet,0);
2137
+ $body = "Transaction has been Canceled. Please Try Again.";
2138
+ $head = "TRANSACTION DENIED";
2139
+ }
2140
+ }
2141
+ delete_site_option($userIDGet);
2142
+ delete_site_option($userIDd);
2143
+ delete_site_option($time);
2144
+
2145
+ }
2146
+
2147
+ $this->display_email_verification($head,$body,$color);
2148
+ exit;
2149
+
2150
+ }
2151
+ elseif (isset($_POST['emailInlineCloud'])) {
2152
+ $nonce = sanitize_text_field($_POST['miniorange_emailChange_nonce']);
2153
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-email-change-nonce' ) ) {
2154
+ $error = new WP_Error();
2155
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2156
+ return $error;
2157
+ } else {
2158
+ $email = sanitize_text_field($_POST['emailInlineCloud']);
2159
+ $current_user_id = sanitize_text_field($_POST['current_user_id']);
2160
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2161
+ $redirect_to = isset( $_POST['redirect_to'] ) ? esc_url_raw($_POST['redirect_to']) : null;
2162
+ if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
2163
+ global $Mo2fdbQueries;
2164
+ $Mo2fdbQueries->update_user_details( $current_user_id, array( "mo2f_user_email" => $email, "mo2f_configured_2FA_method" => '' ) );
2165
+ prompt_user_to_select_2factor_mthod_inline($current_user_id,'MO_2_FACTOR_INITIALIZE_TWO_FACTOR','',$redirect_to,$session_id_encrypt,null);
2166
+ }
2167
+ }
2168
+ }
2169
+ else if(isset($_POST['txid']))
2170
+ {
2171
+ $txidpost = sanitize_text_field($_POST['txid']);
2172
+ $status = get_site_option($txidpost);
2173
+ update_option('optionVal1',$status); //??
2174
+ if($status ==1 || $status ==0)
2175
+ delete_site_option($txidpost);
2176
+ echo esc_html($status);
2177
+ exit();
2178
+ }
2179
+
2180
+
2181
+
2182
+ else{
2183
+
2184
+ $value=isset($_POST['option'])?sanitize_text_field($_POST['option']):false;
2185
+
2186
+ switch ($value) {
2187
+ case 'miniorange_rba_validate':
2188
+ $this->check_rba_validation($_POST);
2189
+ break;
2190
+ case 'miniorange_mfactor_method':
2191
+ $current_userID= MO2f_Utility::mo2f_get_transient($_POST['session_id'], 'mo2f_current_user_id');
2192
+ $currentuser = get_user_by('id',$current_userID);
2193
+ $this->mo2fa_select_method($currentuser, sanitize_text_field($_POST['mo2f_selected_mfactor_method']), null,sanitize_text_field($_POST['session_id']), esc_url_raw($_POST['redirect_to']),null);
2194
+ break;
2195
+
2196
+ case 'miniorange_rba_cancle':
2197
+
2198
+ $this->check_rba_cancalation($_POST);
2199
+ break;
2200
+
2201
+ case 'miniorange_forgotphone':
2202
+ $this->check_miniorange_challenge_forgotphone($_POST);
2203
+ break;
2204
+
2205
+ case 'miniorange2f_back_to_inline_registration':
2206
+ $this->miniorange2f_back_to_inline_registration($_POST);
2207
+ exit;
2208
+
2209
+ case 'miniorange_alternate_login_kba':
2210
+
2211
+ $this->check_miniorange_alternate_login_kba($_POST);
2212
+ break;
2213
+
2214
+ case 'miniorange_kba_validate':
2215
+ $this->check_kba_validation($_POST);
2216
+
2217
+ break;
2218
+
2219
+ case 'miniorange_mobile_validation':
2220
+ $this->check_miniorange_mobile_validation($_POST);
2221
+ break;
2222
+
2223
+ case 'miniorange_duo_push_validation':
2224
+ $this->check_miniorange_duo_push_validation($_POST);
2225
+ break;
2226
+
2227
+ case 'mo2f_inline_duo_authenticator_success_form':
2228
+ $this->check_mo2f_duo_authenticator_success_form($_POST);
2229
+ break;
2230
+
2231
+ case 'mo2f_inline_duo_authenticator_error':
2232
+ $this->check_inline_mo2f_duo_authenticator_error($_POST);
2233
+ break;
2234
+
2235
+ case 'miniorange_mobile_validation_failed':
2236
+ $this->check_miniorange_mobile_validation_failed($_POST);
2237
+ break;
2238
+
2239
+ case 'miniorange_duo_push_validation_failed':
2240
+ $this->check_miniorange_duo_push_validation_failed($_POST);
2241
+ break;
2242
+
2243
+ case 'miniorange_softtoken':
2244
+ $this->check_miniorange_softtoken($_POST);
2245
+
2246
+ break;
2247
+
2248
+
2249
+ case 'miniorange_soft_token':
2250
+
2251
+ $this->check_miniorange_soft_token($_POST);
2252
+ break;
2253
+
2254
+ case 'miniorange_inline_skip_registration':
2255
+ $this->check_miniorange_inline_skip_registration($_POST);
2256
+ break;
2257
+
2258
+ case 'miniorange_attribute_collection':
2259
+ $this->check_miniorange_attribute_collection($_POST);
2260
+ break;
2261
+
2262
+ case 'miniorange_inline_save_2factor_method':
2263
+ $this->save_inline_2fa_method();
2264
+ break;
2265
+
2266
+ case 'mo2f_skip_2fa_setup':
2267
+ $this->mo2f_skip_2fa_setup();
2268
+ break;
2269
+
2270
+ case 'miniorange_back_inline':
2271
+ $this->back_to_select_2fa();
2272
+ break;
2273
+
2274
+ case 'miniorange_inline_ga_validate':
2275
+ $this->inline_validate_and_set_ga();
2276
+ break;
2277
+
2278
+ case 'miniorange_inline_show_mobile_config':
2279
+ $this->inline_mobile_configure();
2280
+ break;
2281
+
2282
+ case 'miniorange_inline_complete_mobile':
2283
+ $this->mo2f_inline_validate_mobile_authentication();
2284
+ break;
2285
+ case 'miniorange_inline_duo_auth_mobile_complete':
2286
+ $this->mo2f_inline_validate_duo_authentication();
2287
+ break;
2288
+ case 'duo_mobile_send_push_notification_for_inline_form':
2289
+ $this->mo2f_duo_mobile_send_push_notification_for_inline_form();
2290
+ break;
2291
+ case 'mo2f_inline_kba_option':
2292
+ $this->mo2f_inline_validate_kba();
2293
+ break;
2294
+
2295
+ case 'miniorange_inline_complete_otp_over_sms':
2296
+ $this->mo2f_inline_send_otp();
2297
+ break;
2298
+
2299
+ case 'miniorange_inline_complete_otp':
2300
+ $this->mo2f_inline_validate_otp();
2301
+ break;
2302
+
2303
+ case 'miniorange_inline_login':
2304
+ $this->mo2f_inline_login();
2305
+ break;
2306
+ case 'miniorange_inline_register':
2307
+ $this->mo2f_inline_register();
2308
+ break;
2309
+ case 'mo2f_users_backup1':
2310
+ $this->mo2f_download_backup_codes_inline();
2311
+ break;
2312
+ case 'mo2f_goto_wp_dashboard':
2313
+ $this->mo2f_goto_wp_dashboard();
2314
+ break;
2315
+ case 'miniorange_backup_nonce':
2316
+ $this->mo2f_use_backup_codes($_POST);
2317
+ break;
2318
+ case 'miniorange_validate_backup_nonce':
2319
+ $this->check_backup_codes_validation($_POST);
2320
+ break;
2321
+ case 'miniorange_create_backup_codes':
2322
+ $this->mo2f_create_backup_codes();
2323
+ break;
2324
+ default:
2325
+ $error = new WP_Error();
2326
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Invalid Request.' ) );
2327
+
2328
+ return $error;
2329
+ break;
2330
+
2331
+
2332
+ }
2333
+ }
2334
+ }
2335
+
2336
+ function deniedMessage($message)
2337
+ {
2338
+ if(empty($message) && get_option("deniedMessage") )
2339
+ {
2340
+ delete_option('deniedMessage');
2341
+ }
2342
+ else
2343
+ return $message;
2344
+ }
2345
+ function remove_current_activity($session_id) {
2346
+ global $Mo2fdbQueries;
2347
+ $session_variables = array(
2348
+ 'mo2f_current_user_id',
2349
+ 'mo2f_1stfactor_status',
2350
+ 'mo_2factor_login_status',
2351
+ 'mo2f-login-qrCode',
2352
+ 'mo2f_transactionId',
2353
+ 'mo2f_login_message',
2354
+ 'mo2f_rba_status',
2355
+ 'mo_2_factor_kba_questions',
2356
+ 'mo2f_show_qr_code',
2357
+ 'mo2f_google_auth',
2358
+ 'mo2f_authy_keys'
2359
+ );
2360
+
2361
+ $cookie_variables = array(
2362
+ 'mo2f_current_user_id',
2363
+ 'mo2f_1stfactor_status',
2364
+ 'mo_2factor_login_status',
2365
+ 'mo2f-login-qrCode',
2366
+ 'mo2f_transactionId',
2367
+ 'mo2f_login_message',
2368
+ 'mo2f_rba_status_status',
2369
+ 'mo2f_rba_status_sessionUuid',
2370
+ 'mo2f_rba_status_decision_flag',
2371
+ 'kba_question1',
2372
+ 'kba_question2',
2373
+ 'mo2f_show_qr_code',
2374
+ 'mo2f_google_auth',
2375
+ 'mo2f_authy_keys'
2376
+ );
2377
+
2378
+ $temp_table_variables = array(
2379
+ 'session_id',
2380
+ 'mo2f_current_user_id',
2381
+ 'mo2f_login_message',
2382
+ 'mo2f_1stfactor_status',
2383
+ 'mo2f_transactionId',
2384
+ 'mo_2_factor_kba_questions',
2385
+ 'mo2f_rba_status',
2386
+ 'ts_created'
2387
+ );
2388
+
2389
+ MO2f_Utility::unset_session_variables( $session_variables );
2390
+ MO2f_Utility::unset_cookie_variables( $cookie_variables );
2391
+ $key = get_option( 'mo2f_encryption_key' );
2392
+ $session_id = MO2f_Utility::decrypt_data( $session_id, $key );
2393
+ $Mo2fdbQueries->save_user_login_details( $session_id, array(
2394
+
2395
+ 'mo2f_current_user_id' => '',
2396
+ 'mo2f_login_message' => '',
2397
+ 'mo2f_1stfactor_status' => '',
2398
+ 'mo2f_transactionId' => '',
2399
+ 'mo_2_factor_kba_questions' => '',
2400
+ 'mo2f_rba_status' => '',
2401
+ 'ts_created' => ''
2402
+ ) );
2403
+
2404
+
2405
+ }
2406
+ function mo2f_ultimate_member_custom_login(){
2407
+ echo '<div id="mo2f_um_validate_otp" class="um-field um-field-password um-field-user_password um-field-password um-field-type_password" data-key="user_password"><div class="um-field-label"><label for="mo2f_um_validate_otp">Two factor code*</label><div class="um-clear"></div></div><div class="um-field-area"><input class="um-form-field valid " type="text" name="mo2f_validate_otp_token" id="mo2f_um_validate_otp" value="" placeholder="" data-validate="" data-key="user_password">
2408
+
2409
+ </div></div>';
2410
+ }
2411
+
2412
+ public function miniorange_pass2login_start_session() {
2413
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
2414
+ $session_path = ini_get('session.save_path');
2415
+ if( is_writable($session_path) && is_readable($session_path) ) {
2416
+ if(session_status() != PHP_SESSION_DISABLED )
2417
+ session_start();
2418
+ }
2419
+ }
2420
+ }
2421
+
2422
+ function mo2f_pass2login_kba_verification( $user_id, $redirect_to, $session_id ) {
2423
+ global $Mo2fdbQueries,$LoginuserID;
2424
+ $LoginuserID = $user_id;
2425
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user_id );
2426
+ if(is_null($session_id)) {
2427
+ $session_id=$this->create_session();
2428
+ }
2429
+ if(MO2F_IS_ONPREM){
2430
+ $question_answers = get_user_meta($user_id , 'mo2f_kba_challenge', true);
2431
+ $challenge_questions = array_keys($question_answers);
2432
+ $random_keys = array_rand($challenge_questions,2);
2433
+ $challenge_ques1 = $challenge_questions[$random_keys[0]];
2434
+ $challenge_ques2 = $challenge_questions[$random_keys[1]];
2435
+ $questions[0] = array('question'=>addslashes($challenge_ques1));
2436
+ $questions[1] = array('question'=>addslashes($challenge_ques2));
2437
+ update_user_meta( $user_id, 'kba_questions_user', $questions );
2438
+ $mo2fa_login_message = 'Please answer the following questions:';
2439
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
2440
+ $mo2f_kbaquestions = $questions;
2441
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo_2_factor_kba_questions', $questions);
2442
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
2443
+ }
2444
+
2445
+ else{
2446
+ $challengeKba = new Customer_Setup();
2447
+ $content = $challengeKba->send_otp_token( $user_email, 'KBA', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2448
+ $response = json_decode( $content, true );
2449
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2450
+ if ( $response['status'] == 'SUCCESS' ) {
2451
+ MO2f_Utility::set_user_values( $session_id,"mo2f_transactionId", $response['txId'] );
2452
+ $this->mo2f_transactionid = $response['txId'];
2453
+ $questions = array();
2454
+ $questions[0] = $response['questions'][0];
2455
+ $questions[1] = $response['questions'][1];
2456
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo_2_factor_kba_questions', $questions);
2457
+ $this->mo2f_kbaquestions=$questions;
2458
+ $mo2fa_login_message = 'Please answer the following questions:';
2459
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION';
2460
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id ,$this->mo2f_kbaquestions );
2461
+ } else if ( $response['status'] == 'ERROR' ) {
2462
+ $this->remove_current_activity($session_id);
2463
+ $error = new WP_Error();
2464
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2465
+
2466
+ return $error;
2467
+ }
2468
+ } else {
2469
+ $this->remove_current_activity($session_id);
2470
+ $error = new WP_Error();
2471
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2472
+
2473
+ return $error;
2474
+ }
2475
+ }
2476
+ }
2477
+
2478
+ function miniorange_pass2login_form_fields( $mo2fa_login_status = null, $mo2fa_login_message = null, $redirect_to = null, $qrCode = null, $session_id_encrypt=null,$show_back_button =null ,$mo2fa_transaction_id =false ) {
2479
+
2480
+ $login_status = $mo2fa_login_status;
2481
+ $login_message = $mo2fa_login_message;
2482
+ switch ($login_status) {
2483
+ case 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION':
2484
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId' );
2485
+ mo2f_get_qrcode_authentication_prompt( $login_status, $login_message, $redirect_to, $qrCode, $session_id_encrypt, $transactionid );
2486
+ exit;
2487
+ break;
2488
+ case 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN':
2489
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2490
+
2491
+
2492
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2493
+ exit;
2494
+ break;
2495
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL':
2496
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2497
+
2498
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id,$show_back_button ,$mo2fa_transaction_id );
2499
+ exit;
2500
+ break;
2501
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM':
2502
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2503
+
2504
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2505
+ exit;
2506
+ break;
2507
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_WHATSAPP':
2508
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2509
+
2510
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2511
+ exit;
2512
+ break;
2513
+ case 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS':
2514
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2515
+
2516
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2517
+ exit;
2518
+ break;
2519
+ case 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION':
2520
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2521
+
2522
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2523
+ exit;
2524
+ break;
2525
+ case 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION':
2526
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2527
+
2528
+ mo2f_get_otp_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id );
2529
+ exit;
2530
+ break;
2531
+ case 'MO_2_FACTOR_CHALLENGE_DUO_PUSH_NOTIFICATIONS':
2532
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2533
+ mo2f_get_duo_push_authentication_prompt( $login_status, $login_message, $redirect_to, $session_id_encrypt,$user_id
2534
+ );
2535
+ exit;
2536
+ break;
2537
+
2538
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL':
2539
+ mo2f_get_forgotphone_form( $login_status, $login_message, $redirect_to, $session_id_encrypt );
2540
+ exit;
2541
+ break;
2542
+
2543
+ case 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS':
2544
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_transactionId' );
2545
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2546
+
2547
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
2548
+ exit;
2549
+ break;
2550
+
2551
+ case 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL':
2552
+ $transactionid = $this->mo2f_transactionid ? $this->mo2f_transactionid : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_transactionId' );
2553
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2554
+
2555
+ mo2f_get_push_notification_oobemail_prompt( $user_id, $login_status, $login_message, $redirect_to, $session_id_encrypt, $transactionid );
2556
+ exit;
2557
+ break;
2558
+
2559
+ case 'MO_2_FACTOR_RECONFIG_GOOGLE':
2560
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2561
+
2562
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_google' );
2563
+ exit;
2564
+ break;
2565
+
2566
+ case 'MO_2_FACTOR_RECONFIG_KBA':
2567
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2568
+
2569
+ $this->mo2f_redirect_shortcode_addon( $user_id, $login_status, $login_message, 'reconfigure_kba' );
2570
+ exit;
2571
+ break;
2572
+
2573
+ case 'MO_2_FACTOR_SETUP_SUCCESS':
2574
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo2f_current_user_id');
2575
+
2576
+ $this->mo2f_inline_setup_success($user_id,$redirect_to,$session_id_encrypt);
2577
+ break;
2578
+
2579
+ case 'MO_2_FACTOR_GENERATE_BACKUP_CODES':
2580
+ $current_user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
2581
+
2582
+ mo2f_backup_codes_generate($current_user_id, $redirect_to, $session_id_encrypt);
2583
+ exit;
2584
+
2585
+ case 'MO_2_FACTOR_CHALLENGE_BACKUP':
2586
+ mo2f_backup_form($login_status, $login_message, $redirect_to, $session_id_encrypt);
2587
+ exit;
2588
+
2589
+ case 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION':
2590
+
2591
+ if(MO2F_IS_ONPREM){
2592
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
2593
+
2594
+ $ques = get_user_meta( $user_id, 'kba_questions_user');
2595
+ mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $ques[0] );
2596
+ }
2597
+ else{
2598
+ $kbaquestions = $this->mo2f_kbaquestions ? $this->mo2f_kbaquestions : MO2f_Utility::mo2f_get_transient($session_id_encrypt, 'mo_2_factor_kba_questions');
2599
+ mo2f_get_kba_authentication_prompt($login_status, $login_message, $redirect_to, $session_id_encrypt, $kbaquestions );
2600
+ }
2601
+ exit;
2602
+ break;
2603
+
2604
+ case 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE':
2605
+ mo2f_get_device_form( $redirect_to, $session_id_encrypt );
2606
+ exit;
2607
+ break;
2608
+
2609
+ case 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS':
2610
+ $user_id = $this->mo2f_userID ? $this->mo2f_userID : MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_current_user_id' );
2611
+
2612
+ prompt_user_to_select_2factor_mthod_inline($user_id, $login_status, $login_message,$redirect_to,$session_id_encrypt,$qrCode);
2613
+ exit;
2614
+ break;
2615
+
2616
+ default:
2617
+ $this->mo_2_factor_pass2login_show_wp_login_form();
2618
+
2619
+ break;
2620
+ }
2621
+ }
2622
+
2623
+ function miniorange_pass2login_check_mobile_status( $login_status ) { //mobile authentication
2624
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION' ) {
2625
+ return true;
2626
+ }
2627
+
2628
+ return false;
2629
+ }
2630
+
2631
+ function miniorange_pass2login_check_otp_status( $login_status, $sso = false ) {
2632
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL' || $login_status == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS' || $login_status == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION' || $login_status == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION' ) {
2633
+ return true;
2634
+ }
2635
+
2636
+ return false;
2637
+ }
2638
+
2639
+ function miniorange_pass2login_check_forgotphone_status( $login_status ) { // after clicking on forgotphone link when both kba and email are configured
2640
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AND_OTP_OVER_EMAIL' ) {
2641
+ return true;
2642
+ }
2643
+
2644
+ return false;
2645
+ }
2646
+
2647
+ function miniorange_pass2login_check_push_oobemail_status( $login_status ) { // for push and out of and email
2648
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' || $login_status == 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL' ) {
2649
+ return true;
2650
+ }
2651
+
2652
+ return false;
2653
+ }
2654
+
2655
+ function miniorange_pass2login_reconfig_google( $login_status ) {
2656
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_GOOGLE' ) {
2657
+ return true;
2658
+ }
2659
+
2660
+ return false;
2661
+ }
2662
+
2663
+ function mo2f_redirect_shortcode_addon( $current_user_id, $login_status, $login_message, $identity ) {
2664
+
2665
+ do_action( 'mo2f_shortcode_addon', $current_user_id, $login_status, $login_message, $identity );
2666
+
2667
+
2668
+ }
2669
+
2670
+ function miniorange_pass2login_reconfig_kba( $login_status ) {
2671
+ if ( $login_status == 'MO_2_FACTOR_RECONFIG_KBA' ) {
2672
+ return true;
2673
+ }
2674
+
2675
+ return false;
2676
+ }
2677
+
2678
+ function miniorange_pass2login_check_kba_status( $login_status ) {
2679
+ if ( $login_status == 'MO_2_FACTOR_CHALLENGE_KBA_AUTHENTICATION' ) {
2680
+ return true;
2681
+ }
2682
+
2683
+ return false;
2684
+ }
2685
+
2686
+ function miniorange_pass2login_check_trusted_device_status( $login_status ) {
2687
+
2688
+ if ( $login_status == 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE' ) {
2689
+ return true;
2690
+ }
2691
+
2692
+ return false;
2693
+ }
2694
+
2695
+ function mo_2_factor_pass2login_woocommerce(){
2696
+ ?>
2697
+ <input type="hidden" name="mo_woocommerce_login_prompt" value="1">
2698
+ <?php
2699
+ }
2700
+ function mo_2_factor_pass2login_show_wp_login_form() {
2701
+
2702
+ $session_id_encrypt = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
2703
+ if(is_null($session_id_encrypt)) {
2704
+ $session_id_encrypt=$this->create_session();
2705
+ }
2706
+ if(class_exists('Theme_My_Login'))
2707
+ {
2708
+ wp_enqueue_script( 'tmlajax_script', plugins_url( 'includes/js/tmlajax.js', dirname(dirname(__FILE__)) ) );
2709
+ wp_localize_script( 'tmlajax_script', 'my_ajax_object',
2710
+ array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
2711
+ }
2712
+ if(class_exists('LoginWithAjax')){
2713
+ wp_enqueue_script( 'login_with_ajax_script', plugins_url( 'includes/js/login_with_ajax.js', dirname(dirname(__FILE__))));
2714
+ wp_localize_script( 'login_with_ajax_script', 'my_ajax_object',
2715
+ array( 'ajax_url' => admin_url( 'admin-ajax.php' ) ) );
2716
+ }
2717
+ ?>
2718
+ <p><input type="hidden" name="miniorange_login_nonce"
2719
+ value="<?php echo esc_html(wp_create_nonce( 'miniorange-2-factor-login-nonce' )); ?>"/>
2720
+
2721
+ <input type="hidden" id="sessid" name="session_id"
2722
+ value="<?php echo esc_html($session_id_encrypt); ?>"/>
2723
+
2724
+ </p>
2725
+
2726
+ <?php
2727
+ if ( get_option( 'mo2f_remember_device' ) ) {
2728
+ ?>
2729
+ <p><input type="hidden" id="miniorange_rba_attribures" name="miniorange_rba_attribures" value=""/></p>
2730
+ <?php
2731
+ wp_enqueue_script( 'jquery');
2732
+ wp_enqueue_script( 'flash_script', plugins_url( 'includes/js/rba/js/jquery.flash.js', dirname(dirname(__FILE__)) ) );
2733
+ wp_enqueue_script( 'uaparser_script', plugins_url( 'includes/js/rba/js/ua-parser.js', dirname(dirname(__FILE__)) ) );
2734
+ wp_enqueue_script( 'client_script', plugins_url( 'includes/js/rba/js/client.js', dirname(dirname(__FILE__)) ) );
2735
+ wp_enqueue_script( 'device_script', plugins_url( 'includes/js/rba/js/device_attributes.js', dirname(dirname(__FILE__)) ) );
2736
+ wp_enqueue_script( 'swf_script', plugins_url( 'includes/js/rba/js/swfobject.js', dirname(dirname(__FILE__)) ) );
2737
+ wp_enqueue_script( 'font_script', plugins_url( 'includes/js/rba/js/fontdetect.js', dirname(dirname(__FILE__)) ) );
2738
+ wp_enqueue_script( 'murmur_script', plugins_url( 'includes/js/rba/js/murmurhash3.js', dirname(dirname(__FILE__)) ) );
2739
+ wp_enqueue_script( 'miniorange_script', plugins_url( 'includes/js/rba/js/miniorange-fp.js', dirname(dirname(__FILE__)) ) );
2740
+ }else{
2741
+
2742
+
2743
+ if( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option'))
2744
+ {
2745
+ echo "<p>";
2746
+ echo '<div id="mo2f_backup_code_secton"><label title="'.__('If you don\'t have 2-factor authentication enabled for your WordPress account, leave this field empty.','google-authenticator').'" for="mo2f_2fa_code">'.__('2 Factor Authentication code*','google-authenticator').'</label><span id="google-auth-info"></span><br/>';
2747
+ echo '<input type="text" placeholder="No soft Token ? Skip" class="input" style="font-size:15px;margin:0px" name="mo_softtoken" id="mo2f_2fa_code" class="mo2f_2fa_code" style="ime-mode: inactive;" />';
2748
+ echo '<p style="color:#2271b1;font-size:12px; margin-bottom:5px">* Skip the authentication code if it doesn\'t apply.</p></div>';
2749
+ echo "</p>";
2750
+ echo '<input type="checkbox" id="mo2f_use_backup_code" name="mo2f_use_backup_code" onclick="mo2f_handle_backup_codes(this);" value="mo2f_use_backup_code">
2751
+ <label for="mo2f_use_backup_code"> Use Backup Codes</label><br><br>';
2752
+ echo '<script>
2753
+ function mo2f_handle_backup_codes(e){
2754
+ if(e.checked)
2755
+ document.querySelector("#mo2f_backup_code_secton").style.display="none";
2756
+ else
2757
+ document.querySelector("#mo2f_backup_code_secton").style.display="block";
2758
+
2759
+ }
2760
+
2761
+ </script>';
2762
+
2763
+ }
2764
+ }
2765
+
2766
+ }
2767
+
2768
+ function mo2f_pass2login_mobile_verification( $user, $redirect_to, $session_id_encrypt=null ) {
2769
+ global $Mo2fdbQueries,$moWpnsUtility;
2770
+ if (is_null($session_id_encrypt)){
2771
+ $session_id_encrypt=$this->create_session();
2772
+ }
2773
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2774
+ $useragent = sanitize_text_field($_SERVER['HTTP_USER_AGENT']);
2775
+ MO2f_Utility::mo2f_debug_file('Check user agent to check request from mobile device '.$useragent);
2776
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $useragent ) ) {
2777
+ $session_cookie_variables = array( 'mo2f-login-qrCode', 'mo2f_transactionId' );
2778
+
2779
+ MO2f_Utility::unset_session_variables( $session_cookie_variables );
2780
+ MO2f_Utility::unset_cookie_variables( $session_cookie_variables);
2781
+ MO2f_Utility::unset_temp_user_details_in_table( 'mo2f_transactionId',$session_id_encrypt);
2782
+
2783
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2784
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2785
+ MO2f_Utility::mo2f_debug_file('Request from mobile device so promting soft token'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2786
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt );
2787
+ } else {
2788
+ $challengeMobile = new Customer_Setup();
2789
+ $content = $challengeMobile->send_otp_token( $user_email, 'MOBILE AUTHENTICATION', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2790
+ $response = json_decode( $content, true );
2791
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2792
+ if ( $response['status'] == 'SUCCESS' ) {
2793
+ $qrCode = $response['qrCode'];
2794
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_transactionId', $response['txId']);
2795
+
2796
+
2797
+ $this->mo2f_transactionid=$response['txId'];
2798
+ $mo2fa_login_message = '';
2799
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION';
2800
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' Sent miniOrange QR code Authentication successfully'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2801
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, $qrCode,$session_id_encrypt );
2802
+ } else if ( $response['status'] == 'ERROR' ) {
2803
+ $this->remove_current_activity($session_id_encrypt);
2804
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' An error occured while processing your request'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2805
+ $error = new WP_Error();
2806
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2807
+
2808
+ return $error;
2809
+ }
2810
+ } else {
2811
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' An error occured while processing your request'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2812
+ $this->remove_current_activity($session_id_encrypt);
2813
+ $error = new WP_Error();
2814
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2815
+
2816
+ return $error;
2817
+ }
2818
+ }
2819
+
2820
+ }
2821
+
2822
+ function mo2f_pass2login_duo_push_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt ){
2823
+ global $Mo2fdbQueries;
2824
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
2825
+ if (is_null($session_id_encrypt)){
2826
+ $session_id_encrypt=$this->create_session();
2827
+ }
2828
+
2829
+ $mo2fa_login_message ='';
2830
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_DUO_PUSH_NOTIFICATIONS';
2831
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id_encrypt);
2832
+
2833
+ }
2834
+
2835
+ function mo2f_pass2login_push_oobemail_verification( $current_user, $mo2f_second_factor, $redirect_to, $session_id=null ) {
2836
+
2837
+ global $Mo2fdbQueries,$moWpnsUtility;
2838
+ if(is_null($session_id)){
2839
+ $session_id=$this->create_session();
2840
+ }
2841
+ $challengeMobile = new Customer_Setup();
2842
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
2843
+ if(MO2F_IS_ONPREM && $mo2f_second_factor != "PUSH NOTIFICATIONS"){
2844
+ MO2f_Utility::mo2f_debug_file('Push notification has sent successfully for '.$mo2f_second_factor.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2845
+ include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'api'.DIRECTORY_SEPARATOR.'Mo2f_OnPremRedirect.php';
2846
+ $mo2fOnPremRedirect = new Mo2f_OnPremRedirect();
2847
+ $content = $mo2fOnPremRedirect->mo2f_pass2login_push_email_onpremise($current_user, $redirect_to, $session_id );
2848
+
2849
+ }else {
2850
+ $content = $challengeMobile->send_otp_token( $user_email, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) );
2851
+ }
2852
+ $response = json_decode( $content, true );
2853
+ if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2854
+ if ( $response['status'] == 'SUCCESS' ) {
2855
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
2856
+ update_user_meta($current_user->ID,'mo2f_EV_txid',$response['txId']);
2857
+
2858
+ MO2f_Utility::mo2f_debug_file('Push notification has sent successfully for '.$mo2f_second_factor.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2859
+ $this->mo2f_transactionid=$response['txId'];
2860
+
2861
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'A Push Notification has been sent to your phone. We are waiting for your approval.' : 'An email has been sent to ' . MO2f_Utility::mo2f_get_hidden_email( $user_email ) . '. We are waiting for your approval.';
2862
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2863
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null,$session_id);
2864
+ } else if ( $response['status'] == 'ERROR' || $response['status'] == 'FAILED' ) {
2865
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
2866
+ update_user_meta($current_user->ID,'mo2f_EV_txid',$response['txId']);
2867
+
2868
+ MO2f_Utility::mo2f_debug_file('An error occured while sending push notification-'.$mo2f_second_factor.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2869
+ $this->mo2f_transactionid=$response['txId'];
2870
+ $mo2fa_login_message = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'An error occured while sending push notification to your app. You can click on <b>Phone is Offline</b> button to enter soft token from app or <b>Forgot your phone</b> button to receive OTP to your registered email.' : 'An error occured while sending email. Please try again.';
2871
+ $mo2fa_login_status = $mo2f_second_factor == 'PUSH NOTIFICATIONS' ? 'MO_2_FACTOR_CHALLENGE_PUSH_NOTIFICATIONS' : 'MO_2_FACTOR_CHALLENGE_OOB_EMAIL';
2872
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2873
+ }
2874
+ } else {
2875
+ MO2f_Utility::mo2f_debug_file('An error occured while processing your request.'. 'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$current_user->ID.' Email-'.$current_user->user_email);
2876
+ $this->remove_current_activity($session_id);
2877
+ $error = new WP_Error();
2878
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
2879
+
2880
+ return $error;
2881
+ }
2882
+ }
2883
+
2884
+ function mo2f_pass2login_otp_verification( $user, $mo2f_second_factor, $redirect_to,$session_id=null ) {
2885
+ global $Mo2fdbQueries,$moWpnsUtility;
2886
+
2887
+ if(is_null($session_id)){
2888
+ $session_id=$this->create_session();
2889
+ }
2890
+ $mo2f_external_app_type = get_user_meta( $user->ID, 'mo2f_external_app_type', true );
2891
+ if($mo2f_second_factor == 'EMAIL')
2892
+ {
2893
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2894
+ $wdewdeqdqq = get_site_option(base64_encode("remainingOTP"));
2895
+ if($wdewdeqdqq >get_site_option('EmailTransactionCurrent', 30) or get_site_option(base64_encode("limitReached")))
2896
+ {
2897
+ update_site_option(base64_encode("remainingOTP"),0);
2898
+ }
2899
+ }
2900
+ else
2901
+ $mo2f_user_phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
2902
+ if ( $mo2f_second_factor == 'SOFT TOKEN' ) {
2903
+ $mo2fa_login_message = 'Please enter the one time passcode shown in the miniOrange<b> Authenticator</b> app.';
2904
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
2905
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2906
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2907
+ } else if ( $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' ) {
2908
+ $mo2fa_login_message ='Please enter the one time passcode shown in the <b> Authenticator</b> app.';
2909
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION';
2910
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2911
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to, null,$session_id );
2912
+ } elseif ($mo2f_second_factor == 'OTP Over Telegram') {
2913
+ $chatID = get_user_meta($user->ID,'mo2f_chat_id',true);
2914
+ $otpToken = '';
2915
+ for($i=1;$i<7;$i++)
2916
+ {
2917
+ $otpToken .= rand(0,9);
2918
+ }
2919
+
2920
+ update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
2921
+ update_user_meta($user->ID,'mo2f_telegram_time',time());
2922
+
2923
+ $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
2924
+ $postdata = array( 'mo2f_otp_token' => $otpToken,
2925
+ 'mo2f_chatid' => $chatID
2926
+ );
2927
+
2928
+ $args = array(
2929
+ 'method' => 'POST',
2930
+ 'timeout' => 10,
2931
+ 'sslverify' => false,
2932
+ 'headers' => array(),
2933
+ 'body' => $postdata,
2934
+ );
2935
+
2936
+ $mo2f_api=new Mo2f_Api();
2937
+ $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
2938
+
2939
+ if($data == 'SUCCESS')
2940
+ {
2941
+ $mo2fa_login_message ='Please enter the one time passcode sent on your<b> Telegram</b> app.';
2942
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_TELEGRAM';
2943
+ MO2f_Utility::mo2f_debug_file($mo2fa_login_status.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2944
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2945
+ }
2946
+
2947
+ }
2948
+ else {
2949
+ $challengeMobile = new Customer_Setup();
2950
+ $content = '';
2951
+ $response = [];
2952
+ $otpLIMiTE = 0;
2953
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')>0 or $mo2f_second_factor != 'EMAIL')
2954
+ {
2955
+ if($mo2f_second_factor == 'OTP Over SMS')
2956
+ $mo2f_second_factor = 'SMS';
2957
+ $content = $challengeMobile->send_otp_token( $mo2f_user_phone, $mo2f_second_factor, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$user);
2958
+ $response = json_decode( $content, true );
2959
+
2960
+ }
2961
+ else
2962
+ {
2963
+ MO2f_Utility::mo2f_debug_file('Error in sending OTP over Email or SMS.'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2964
+ $response['status'] = 'FAILED';
2965
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
2966
+ $otpLIMiTE = 1;
2967
+ }
2968
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2969
+ if ( $response['status'] == 'SUCCESS' ) {
2970
+ if($mo2f_second_factor == 'EMAIL')
2971
+ {
2972
+ MO2f_Utility::mo2f_debug_file(' OTP has been sent successfully over email.'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2973
+ $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
2974
+ if($cmVtYWluaW5nT1RQ>0)
2975
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
2976
+ }
2977
+ elseif($mo2f_second_factor == 'SMS')
2978
+ {
2979
+ MO2f_Utility::mo2f_debug_file(' OTP has been sent successfully over phone.'.' User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$user->ID.' Email-'.$user->user_email);
2980
+ $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
2981
+ if($mo2f_sms>0)
2982
+ update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
2983
+ }
2984
+ if(!isset($response['phoneDelivery']['contact']))
2985
+ $response['phoneDelivery']['contact'] = '';
2986
+ $message = 'The OTP has been sent to ' . MO2f_Utility::get_hidden_phone( $response['phoneDelivery']['contact'] ) . '. Please enter the OTP you received to Validate.';
2987
+ update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
2988
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
2989
+
2990
+
2991
+ $this->mo2f_transactionid=$response['txId'];
2992
+ $mo2fa_login_message = $message;
2993
+ $currentMethod = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2994
+ if($mo2f_second_factor == 'EMAIL')
2995
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
2996
+ else
2997
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
2998
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
2999
+ } else {
3000
+
3001
+
3002
+ if($response['message'] == 'TEST FAILED.')
3003
+ $response['message'] = 'There is an error in sending the OTP.';
3004
+
3005
+ $last_message = 'Or <a href = " https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/login?redirectUrl=https://login.xecurify.com/moas/initializepayment&requestOrigin=otp_recharge_plan">puchase trascactions</a>';
3006
+
3007
+ if($otpLIMiTE ==1)
3008
+ $last_message = 'or contact miniOrange';
3009
+
3010
+ else if(MO2F_IS_ONPREM and ($mo2f_second_factor == 'OTP Over Email' or $mo2f_second_factor =='EMAIL' or $mo2f_second_factor == 'Email Verification'))
3011
+ $last_message = 'Or check your SMTP Server and remaining transacions.';
3012
+ else
3013
+ {
3014
+ $last_message = 'Or <a href="'.MoWpnsConstants::VIEW_TRANSACTIONS.'"> Check your remaining transacions </a>';
3015
+ if($user->user_email === get_site_option('mo2f_email'))
3016
+ $last_message = $last_message . 'or </br><a href="'.MoWpnsConstants::rechargeLink.'">Add SMS Transactions</a> to your account';
3017
+ }
3018
+ $message = $response['message'] . ' You can click on <a href="https://faq.miniorange.com/knowledgebase/i-am-locked-cant-access-my-account-what-do-i-do/">I am locked out</a> to login via alternate method '.$last_message;
3019
+ if(!isset($response['txId']))
3020
+ $response['txId'] = '';
3021
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
3022
+
3023
+
3024
+ $this->mo2f_transactionid=$response['txId'];
3025
+ $mo2fa_login_message = $message;
3026
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS';
3027
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id );
3028
+ }
3029
+ } else {
3030
+ $this->remove_current_activity($session_id);
3031
+ $error = new WP_Error();
3032
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: An error occured while processing your request. Please Try again.' ) );
3033
+ return $error;
3034
+ }
3035
+ }
3036
+ }
3037
+
3038
+ function mo2fa_pass2login( $redirect_to = null, $session_id_encrypted=null ) {
3039
+ global $Mo2fdbQueries;
3040
+ if(empty($this->mo2f_userID)&&empty($this->fstfactor)){
3041
+ $user_id = MO2f_Utility::mo2f_get_transient($session_id_encrypted, 'mo2f_current_user_id');
3042
+ $mo2f_1stfactor_status = MO2f_Utility::mo2f_get_transient( $session_id_encrypted, 'mo2f_1stfactor_status' );
3043
+
3044
+
3045
+ } else {
3046
+ $user_id=$this->mo2f_userID;
3047
+ $mo2f_1stfactor_status=$this->fstfactor;
3048
+ }
3049
+
3050
+ if ( $user_id && $mo2f_1stfactor_status && ( $mo2f_1stfactor_status == 'VALIDATE_SUCCESS' ) ) {
3051
+ $currentuser = get_user_by( 'id', $user_id );
3052
+ wp_set_current_user( $user_id, $currentuser->user_login );
3053
+ $mobile_login = new Miniorange_Mobile_Login();
3054
+ $mobile_login->remove_current_activity($session_id_encrypted);
3055
+
3056
+ delete_expired_transients( true );
3057
+ delete_site_option($session_id_encrypted);
3058
+
3059
+ wp_set_auth_cookie( $user_id, true );
3060
+ do_action( 'wp_login', $currentuser->user_login, $currentuser );
3061
+ redirect_user_to( $currentuser, $redirect_to );
3062
+ exit;
3063
+ } else {
3064
+ $this->remove_current_activity($session_id_encrypted);
3065
+ }
3066
+ }
3067
+
3068
+ function create_session(){
3069
+ global $Mo2fdbQueries;
3070
+ $session_id = MO2f_Utility::random_str(20);
3071
+ $Mo2fdbQueries->insert_user_login_session($session_id);
3072
+ $key = get_option( 'mo2f_encryption_key' );
3073
+ $session_id_encrypt = MO2f_Utility::encrypt_data($session_id, $key);
3074
+ return $session_id_encrypt;
3075
+ }
3076
+
3077
+ function miniorange_initiate_2nd_factor( $currentuser, $attributes = null, $redirect_to = null, $otp_token = "",$session_id_encrypt=null ) {
3078
+ global $Mo2fdbQueries,$moWpnsUtility;
3079
+ MO2f_Utility::mo2f_debug_file('MO initiate 2nd factor'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3080
+ $this->miniorange_pass2login_start_session();
3081
+ if(is_null($session_id_encrypt)) {
3082
+ $session_id_encrypt=$this->create_session();
3083
+ }
3084
+
3085
+ if(class_exists('UM_Functions'))
3086
+ {
3087
+ MO2f_Utility::mo2f_debug_file('Using UM login form.');
3088
+ if(!isset($_POST['wp-submit']) and isset($_POST['um_request']))
3089
+ {
3090
+ $meta = get_option('um_role_'.$currentuser->roles[0].'_meta');
3091
+ if(isset($meta) and $meta != '')
3092
+ {
3093
+ if(isset($meta['_um_login_redirect_url']))
3094
+ $redirect_to = $meta['_um_login_redirect_url'];
3095
+ if($redirect_to == '')
3096
+ {
3097
+ $redirect_to = get_site_url();
3098
+ }
3099
+ }
3100
+ $login_form_url = '';
3101
+ if(isset($_POST['redirect_to']))
3102
+ $login_form_url = esc_url_raw($_POST['redirect_to']);
3103
+
3104
+ if($login_form_url != '' and !is_null($login_form_url))
3105
+ {
3106
+ $redirect_to = $login_form_url;
3107
+ }
3108
+
3109
+ }
3110
+
3111
+ }
3112
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID, 600);
3113
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 600);
3114
+
3115
+
3116
+ $this->mo2f_userID=$currentuser->ID;
3117
+ $this->fstfactor='VALIDATE_SUCCESS';
3118
+
3119
+ $is_customer_admin = true;
3120
+
3121
+ $dG90YWxVc2Vyc0Nsb3Vk = get_site_option("dG90YWxVc2Vyc0Nsb3Vk"); //directly added without encoding
3122
+ if($dG90YWxVc2Vyc0Nsb3Vk<3)
3123
+ $is_customer_admin = true;
3124
+
3125
+ $roles = ( array ) $currentuser->roles;
3126
+ $twofactor_enabled = 0;
3127
+ foreach ( $roles as $role ) {
3128
+ if(get_option('mo2fa_'.$role)=='1')
3129
+ $twofactor_enabled=1;
3130
+ }
3131
+ if ($twofactor_enabled!=1 && is_super_admin( $currentuser->ID )){
3132
+ if(get_site_option('mo2fa_superadmin')==1){
3133
+ $twofactor_enabled=1;
3134
+ }
3135
+ }
3136
+
3137
+ if ( $is_customer_admin && $twofactor_enabled ) {
3138
+ $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $currentuser->ID );
3139
+ $kba_configuration_status = $Mo2fdbQueries->get_user_detail( 'mo2f_SecurityQuestions_config_status', $currentuser->ID );
3140
+
3141
+ if(MoWpnsUtility::get_mo2f_db_option('mo2f_enable_brute_force', 'get_option')){
3142
+ $mo2f_allwed_login_attempts=get_option('mo2f_allwed_login_attempts');
3143
+ }else{
3144
+ $mo2f_allwed_login_attempts= 'disabled';
3145
+ }
3146
+ update_user_meta( $currentuser->ID, 'mo2f_user_login_attempts', $mo2f_allwed_login_attempts );
3147
+
3148
+ $twofactor_transactions = new Mo2fDB;
3149
+ $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($currentuser->ID);
3150
+ $tfa_enabled = $Mo2fdbQueries->get_user_detail( 'mo2f_2factor_enable_2fa_byusers', $currentuser->ID );
3151
+ if($tfa_enabled == 0 && ($mo_2factor_user_registration_status != 'MO_2_FACTOR_PLUGIN_SETTINGS') && $tfa_enabled != '')
3152
+ $exceeded =1;
3153
+
3154
+ if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { //checking if user has configured any 2nd factor method
3155
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
3156
+ try {
3157
+ $mo2f_rba_status = mo2f_collect_attributes( $email, stripslashes( $attributes ) ); // Rba flow
3158
+ MO2f_Utility::set_user_values( $session_id_encrypt, 'mo2f_rba_status', $mo2f_rba_status );
3159
+ $this->mo2f_rbastatus=$mo2f_rba_status;
3160
+ } catch ( Exception $e ) {
3161
+ echo $e->getMessage();
3162
+ }
3163
+
3164
+ if ( $mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag'] ) {
3165
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3166
+ } else if ( ($mo2f_rba_status['status'] == 'DENY' ) && get_option( 'mo2f_rba_installed' ) ) {
3167
+
3168
+ $this->mo2f_restrict_access( 'Access_denied' );
3169
+ exit;
3170
+ } else if ( ($mo2f_rba_status['status'] == 'ERROR') && get_option( 'mo2f_rba_installed' ) ) {
3171
+ $this->mo2f_restrict_access( 'Access_denied' );
3172
+ exit;
3173
+ } else {
3174
+
3175
+ $mo2f_second_factor = '';
3176
+
3177
+ $mo2f_second_factor = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
3178
+
3179
+ if(!MO2F_IS_ONPREM and $mo2f_second_factor!= 'OTP Over Telegram')
3180
+ $mo2f_second_factor = mo2f_get_user_2ndfactor( $currentuser );
3181
+
3182
+ // adding function for the mfa call
3183
+
3184
+ $configure_array_method = $this->mo2fa_return_methods_value($currentuser->ID);
3185
+
3186
+ if (sizeof( $configure_array_method) >1 && get_site_option('mo2f_nonce_enable_configured_methods') == true && !MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option')) {
3187
+ update_site_option('mo2f_login_with_mfa_use','1');
3188
+ mo2fa_prompt_mfa_form_for_user($configure_array_method,$session_id_encrypt,$redirect_to);
3189
+ exit;
3190
+ }
3191
+ else
3192
+ $this->mo2fa_select_method($currentuser, $mo2f_second_factor, $otp_token,$session_id_encrypt, $redirect_to,$kba_configuration_status);
3193
+ }
3194
+ }else if(!$exceeded && MoWpnsUtility::get_mo2f_db_option('mo2f_inline_registration', 'site_option')){
3195
+ $this->mo2fa_inline( $currentuser, $redirect_to, $session_id_encrypt );
3196
+
3197
+ } else {
3198
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
3199
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3200
+ else
3201
+ return $currentuser;
3202
+ }
3203
+
3204
+ }else { //plugin is not activated for current role then logged him in without asking 2 factor
3205
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3206
+ }
3207
+
3208
+ }
3209
+ function mo2fa_return_methods_value($currentuserid)
3210
+ {
3211
+ global $Mo2fdbQueries;
3212
+ $count_methods = $Mo2fdbQueries->get_user_configured_methods($currentuserid );
3213
+ $value = empty( $count_methods ) ? '' : get_object_vars( $count_methods[0] );
3214
+ $configured_methods_arr=array();
3215
+ foreach ($value as $config_status_option => $config_status) {
3216
+ if(strpos($config_status_option, 'config_status')){
3217
+ $config_status_string_array =explode('_',$config_status_option);
3218
+ $config_method = MO2f_Utility::mo2f_decode_2_factor($config_status_string_array[1],'wpdb');
3219
+ if(1 == $value[$config_status_option])
3220
+ array_push($configured_methods_arr,$config_method);
3221
+
3222
+ }
3223
+ }
3224
+
3225
+ return $configured_methods_arr;
3226
+ }
3227
+ function mo2fa_select_method($currentuser, $mo2f_second_factor, $otp_token,$session_id_encrypt, $redirect_to,$kba_configuration_status)
3228
+ {
3229
+ global $moWpnsUtility;
3230
+
3231
+ if($mo2f_second_factor == 'OTP Over Email' || $mo2f_second_factor == 'OTP OVER EMAIL' || $mo2f_second_factor == "EMAIL") {
3232
+ $mo2f_second_factor = "EMAIL";
3233
+ if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
3234
+ {
3235
+ update_site_option("bGltaXRSZWFjaGVk",1);
3236
+ }
3237
+ }
3238
+ else
3239
+ $mo2f_second_factor = MO2f_Utility::mo2f_decode_2_factor($mo2f_second_factor, "server" );
3240
+
3241
+ if($mo2f_second_factor == 'OTPOverTelegram')
3242
+ $mo2f_second_factor = "OTP Over Telegram";
3243
+
3244
+ if((($mo2f_second_factor == 'GOOGLE AUTHENTICATOR') || ($mo2f_second_factor =='SOFT TOKEN') || ($mo2f_second_factor =='AUTHY AUTHENTICATOR')) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option')&& !get_option('mo2f_remember_device') && !isset($_POST['mo_woocommerce_login_prompt']) )
3245
+ {
3246
+ $error=$this->mo2f_validate_soft_token($currentuser, $mo2f_second_factor, $otp_token,$session_id_encrypt, $redirect_to);
3247
+ if(is_wp_error( $error))
3248
+ {
3249
+ return $error;
3250
+ }
3251
+ }
3252
+ else
3253
+ {
3254
+ if ( MO2f_Utility::check_if_request_is_from_mobile_device( $_SERVER['HTTP_USER_AGENT'] ) && $kba_configuration_status )
3255
+ {
3256
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to, $session_id_encrypt );
3257
+ }
3258
+ else
3259
+ {
3260
+ if ( $mo2f_second_factor == 'MOBILE AUTHENTICATION' )
3261
+ {
3262
+ $this->mo2f_pass2login_mobile_verification( $currentuser, $redirect_to, $session_id_encrypt );
3263
+ }
3264
+ else if ( $mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL' || $mo2f_second_factor == 'Email Verification')
3265
+ {
3266
+ MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3267
+ $this->mo2f_pass2login_push_oobemail_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
3268
+ }
3269
+ else if ( $mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR' || $mo2f_second_factor == 'EMAIL' ||$mo2f_second_factor == 'OTP Over Telegram'|| $mo2f_second_factor == 'OTP Over Whatsapp') {
3270
+ MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3271
+ $this->mo2f_pass2login_otp_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
3272
+ }
3273
+ else if ( $mo2f_second_factor == 'KBA' or $mo2f_second_factor == 'Security Questions') {
3274
+ MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3275
+ $this->mo2f_pass2login_kba_verification( $currentuser->ID, $redirect_to , $session_id_encrypt );
3276
+ }
3277
+ else if ( $mo2f_second_factor == 'Duo Authenticator') {
3278
+ MO2f_Utility::mo2f_debug_file('Initiating 2fa validation template for '.$mo2f_second_factor.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3279
+ $this->mo2f_pass2login_duo_push_verification( $currentuser, $mo2f_second_factor, $redirect_to, $session_id_encrypt );
3280
+
3281
+ }
3282
+ else if ( $mo2f_second_factor == 'NONE' ) {
3283
+ MO2f_Utility::mo2f_debug_file('mo2f_second_factor is NONE'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3284
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request'))
3285
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3286
+ else
3287
+ return $currentuser;
3288
+ }
3289
+ else
3290
+ {
3291
+ $this->remove_current_activity($session_id_encrypt);
3292
+ $error = new WP_Error();
3293
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3294
+ MO2f_Utility::mo2f_debug_file('Two factor method has not been configured '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3295
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Two Factor method has not been configured.', );
3296
+ wp_send_json_success($data);
3297
+ }
3298
+ else
3299
+ {
3300
+ MO2f_Utility::mo2f_debug_file('Two factor method has not been configured '.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3301
+ $error->add( 'empty_username', __( '<strong>ERROR</strong>: Two Factor method has not been configured.' ) );
3302
+ return $error;
3303
+ }
3304
+ }
3305
+ }
3306
+ }
3307
+ }
3308
+ function mo2fa_inline($currentuser,$redirect_to,$session_id){
3309
+
3310
+ global $Mo2fdbQueries;
3311
+ $currentUserId = $currentuser->ID;
3312
+ $email = $currentuser->user_email;
3313
+ $Mo2fdbQueries->insert_user( $currentUserId, array( 'user_id' => $currentUserId ) );
3314
+ $Mo2fdbQueries->update_user_details( $currentUserId, array(
3315
+ 'user_registration_with_miniorange' =>'SUCCESS',
3316
+ 'mo2f_user_email' =>$email,
3317
+ 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'
3318
+ ) );
3319
+
3320
+ $mo2fa_login_message = '';
3321
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
3322
+
3323
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message,$redirect_to,null,$session_id);
3324
+ }
3325
+
3326
+ function mo2f_validate_soft_token($currentuser, $mo2f_second_factor, $softtoken,$session_id_encrypt,$redirect_to = null){
3327
+ global $Mo2fdbQueries;
3328
+ $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $currentuser->ID );
3329
+ $customer = new Customer_Setup();
3330
+ $content = json_decode( $customer->validate_otp_token( $mo2f_second_factor, $email, null, $softtoken, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3331
+ if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
3332
+ if ( get_option( 'mo2f_remember_device' ) ) {
3333
+ $mo2fa_login_status = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
3334
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, null, $redirect_to, null, $session_id_encrypt );
3335
+ } else {
3336
+ $this->mo2fa_pass2login( $redirect_to, $session_id_encrypt );
3337
+ }
3338
+ } else {
3339
+ if( MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3340
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid One Time Passcode.', );
3341
+ wp_send_json_success($data);
3342
+ }
3343
+ else
3344
+ return new WP_Error( 'invalid_one_time_passcode', '<strong>ERROR</strong>: Invalid One Time Passcode.');
3345
+ }
3346
+ }
3347
+
3348
+ function mo2f_otp_over_email_send($email,$redirect_to,$session_id_encrypt,$current_user)
3349
+ {
3350
+
3351
+ $challengeMobile = new Customer_Setup();
3352
+ $content = '';
3353
+ $response = [];
3354
+ $otpLIMiTE = 0;
3355
+ if(get_site_option("cmVtYWluaW5nT1RQ")>0)
3356
+ {
3357
+ $content = $challengeMobile->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ,$current_user);
3358
+ $response = json_decode( $content, true );
3359
+ if(!MO2F_IS_ONPREM)
3360
+ {
3361
+ if(isset($response['txId'])){
3362
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_transactionid', $response['txId']);
3363
+ }
3364
+ }
3365
+
3366
+ }
3367
+ else
3368
+ {
3369
+ $response['status'] = 'FAILED';
3370
+ $response['message'] = '<p style = "color:red;">OTP limit has been exceeded</p>';
3371
+ $otpLIMiTE = 1;
3372
+ }
3373
+ if ( json_last_error() == JSON_ERROR_NONE ) {
3374
+ if ( $response['status'] == 'SUCCESS' ) {
3375
+ $cmVtYWluaW5nT1RQ = get_site_option("cmVtYWluaW5nT1RQ");
3376
+ if($cmVtYWluaW5nT1RQ>0)
3377
+ update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
3378
+ $mo2fa_login_message = 'An OTP has been sent to '.$email.' please verify to set the two-factor';
3379
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
3380
+ $mo2fa_transaction_id = isset($response['txId'])?$response['txId']:null;
3381
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt, 1 ,$mo2fa_transaction_id);
3382
+ }
3383
+ else
3384
+ {
3385
+ if($response['status'] == 'FAILED' && $response['message'] == 'OTP limit has been exceeded'){
3386
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
3387
+ $mo2fa_login_message = 'There was an issue while sending the OTP to '.$email.'. Please check your remaining transactions and try again.';
3388
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
3389
+ }else if($response['status'] == 'FAILED'){
3390
+ $mo2fa_login_status = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
3391
+ $mo2fa_login_message = 'Your SMTP has not been set, please set your SMTP first to get OTP.';
3392
+ $this->miniorange_pass2login_form_fields( $mo2fa_login_status, $mo2fa_login_message, $redirect_to,null, $session_id_encrypt );
3393
+ }
3394
+ }
3395
+ }
3396
+ }
3397
+ function mo2f_restrict_access( $identity ) {
3398
+ apply_filters( 'mo2f_rba_addon', $identity );
3399
+ exit;
3400
+ }
3401
+
3402
+ function mo2f_collect_device_attributes_for_authenticated_user( $currentuser, $redirect_to = null ) {
3403
+ $session_id=$this->create_session();
3404
+ if ( get_option( 'mo2f_remember_device' ) ) {
3405
+ $this->miniorange_pass2login_start_session();
3406
+ MO2f_Utility::set_user_values( $session_id, "mo2f_current_user_id", $currentuser->ID );
3407
+ $this->mo2f_userID=$currentuser->ID;
3408
+ mo2f_collect_device_attributes_handler($session_id,$redirect_to );
3409
+ exit;
3410
+ } else {
3411
+ $this->miniorange_initiate_2nd_factor( $currentuser, null, $redirect_to ,null ,$session_id );
3412
+ }
3413
+ }
3414
+
3415
+ function mo2f_check_username_password( $user, $username, $password, $redirect_to = null ) {
3416
+ global $Mo2fdbQueries,$moWpnsUtility;
3417
+ if ( is_a( $user, 'WP_Error' ) && ! empty( $user ) ) {
3418
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3419
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp;Invalid User Credentials', );
3420
+ wp_send_json_success($data);
3421
+ }
3422
+ else
3423
+ return $user;
3424
+ }
3425
+ if($GLOBALS['pagenow'] == 'wp-login.php' && isset($_POST['mo_woocommerce_login_prompt'])){
3426
+ return new WP_Error( 'Unauthorized Access.' , '<strong>ERROR</strong>: Access Denied.');
3427
+ }
3428
+ // if an app password is enabled, this is an XMLRPC / APP login ?
3429
+ if ( defined( 'XMLRPC_REQUEST' ) && XMLRPC_REQUEST ) {
3430
+
3431
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
3432
+ if ( is_wp_error( $currentuser ) ) {
3433
+ $this->error = new IXR_Error( 403, __( 'Bad login/pass combination.' ) );
3434
+
3435
+ return false;
3436
+ } else {
3437
+ return $currentuser;
3438
+ }
3439
+
3440
+ } else {
3441
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
3442
+ if ( is_wp_error( $currentuser ) ) {
3443
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3444
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Invalid User Credentials', );
3445
+ wp_send_json_success($data);
3446
+ }
3447
+ else{
3448
+ $currentuser->add( 'invalid_username_password', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Username or password.' ) );
3449
+ MO2f_Utility::mo2f_debug_file('Invalid username and password.'.'User_IP-'.$moWpnsUtility->get_client_ip());
3450
+ return $currentuser;
3451
+ }
3452
+ } else {
3453
+
3454
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
3455
+ MO2f_Utility::mo2f_debug_file('Username and password validate successfully'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3456
+ if(isset($_REQUEST['woocommerce-login-nonce'])){
3457
+ MO2f_Utility::mo2f_debug_file('It is a woocommerce login form. Get woocommerce redirectUrl');
3458
+ if ( ! empty( $_REQUEST[ 'redirect_to' ] ) ) {
3459
+ $redirect_to = wp_unslash( $_REQUEST[ 'redirect_to' ] );
3460
+ } elseif ( isset($_REQUEST[ '_wp_http_referer' ]) ) {
3461
+ $redirect_to = sanitize_text_field($_REQUEST[ '_wp_http_referer' ]);
3462
+ } else {
3463
+ $redirect_to = wc_get_page_permalink( 'myaccount' );
3464
+ }
3465
+ }else{
3466
+ $redirect_to = isset($_REQUEST[ 'redirect_to' ]) ? sanitize_text_field($_REQUEST[ 'redirect_to' ]) : (isset($_REQUEST[ 'redirect' ]) ? sanitize_text_field($_REQUEST[ 'redirect' ]) : null);
3467
+ }
3468
+ $redirect_to = esc_url_raw($redirect_to);
3469
+ $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $currentuser->ID );
3470
+ $cloud_methods = array("MOBILE AUTHENTICATION","PUSH NOTIFICATIONS","SOFT TOKEN");
3471
+ if (MO2F_IS_ONPREM && $mo2f_configured_2FA_method=='Security Questions')
3472
+ {
3473
+ MO2f_Utility::mo2f_debug_file('Initiating 2nd factor for KBA'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3474
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , "" , $session_id );
3475
+ }
3476
+ else if(MO2F_IS_ONPREM && $mo2f_configured_2FA_method =='Email Verification')
3477
+ {
3478
+ MO2f_Utility::mo2f_debug_file('Initiating 2nd factor for email verification'.'User_IP-'.$moWpnsUtility->get_client_ip() .' User_Id-'.$currentuser->ID.' Email-'.$currentuser->user_email);
3479
+ $this->miniorange_initiate_2nd_factor($currentuser, null , $redirect_to , null ,$session_id );
3480
+ }
3481
+ else
3482
+ {
3483
+ if ( empty($_POST[ 'mo2f_use_backup_code' ]) && empty( $_POST['mo_softtoken'] ) && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'get_option') && $mo2f_configured_2FA_method && !get_option('mo2f_remember_device') && (($mo2f_configured_2FA_method == 'Google Authenticator') ||($mo2f_configured_2FA_method == 'miniOrange Soft Token') || ($mo2f_configured_2FA_method =='Authy Authenticator')) && get_option('mo2fa_administrator'))
3484
+ {
3485
+ $currentuser = wp_authenticate_username_password( $user, $username, $password );
3486
+ if(class_exists('UM_Functions')){
3487
+ $passcode = isset($_POST[ "mo2f_validate_otp_token" ]) ? sanitize_text_field($_POST[ "mo2f_validate_otp_token" ]) : sanitize_text_field($_POST['mo_softtoken']);
3488
+ if(!is_null($passcode) and !empty($passcode))
3489
+ {
3490
+ $passcode = sanitize_text_field($passcode);
3491
+ $this->miniorange_pass2login_start_session();
3492
+ $session_id_encrypt=$this->create_session();
3493
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_current_user_id', $currentuser->ID, 600);
3494
+ MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 6000);
3495
+
3496
+ $customer = new Customer_Setup();
3497
+ if($mo2f_configured_2FA_method == 'miniOrange Soft Token')
3498
+ $method='SOFT TOKEN';
3499
+ else if($mo2f_configured_2FA_method == 'Google Authenticator')
3500
+ $method = 'GOOGLE AUTHENTICATOR';
3501
+ $email = $Mo2fdbQueries->get_user_detail('mo2f_user_email',$currentuser->ID);
3502
+ $content = json_decode($customer->validate_otp_token( $method,$email , null, $passcode, get_option('mo2f_customerKey'), get_option('mo2f_api_key'),$currentuser),true);
3503
+
3504
+ if(strcasecmp($content['status'], 'SUCCESS') == 0) {
3505
+ $redirect_to = isset($_POST[ 'redirect_to' ]) ? esc_url_raw($_POST[ 'redirect_to' ]) : null;
3506
+
3507
+ $this->mo2fa_pass2login($redirect_to, $session_id_encrypt);
3508
+ }
3509
+ else
3510
+ {
3511
+ $error = new WP_Error();
3512
+ $error->add('WRONG PASSCODE:', __('<strong>Wrong Two-factor Authentication code.</strong>'));
3513
+ return $error;
3514
+ }
3515
+
3516
+
3517
+ }
3518
+ else
3519
+ {
3520
+ $error = new WP_Error();
3521
+ $error->add('EMPTY PASSCODE:', __('<strong>Empty Two-factor Authentication code.</strong>'));
3522
+ return $error;
3523
+ }
3524
+ }
3525
+
3526
+
3527
+ if(isset($_POST['mo_woocommerce_login_prompt'])){
3528
+
3529
+ $this->miniorange_initiate_2nd_factor( $currentuser, "", $redirect_to,"",$session_id);
3530
+ }
3531
+ if(MO2f_Utility::get_index_value('GLOBALS','mo2f_is_ajax_request')){
3532
+ $data = array('notice' => '<div style="border-left:3px solid #dc3232;">&nbsp; Please enter the One Time Passcode', );
3533
+ wp_send_json_success($data);
3534
+ }
3535
+ else
3536
+ return new WP_Error( 'one_time_passcode_empty', '<strong>ERROR</strong>: Please enter the One Time Passcode.');
3537
+ // Prevent PHP notices when using app password login
3538
+
3539
+ }
3540
+ else
3541
+ {
3542
+ $otp_token = isset($_POST[ 'mo_softtoken' ]) ? trim( $_POST[ 'mo_softtoken' ] ) : '';
3543
+ }
3544
+ $attributes = isset( $_POST['miniorange_rba_attribures'] ) ? sanitize_text_field($_POST['miniorange_rba_attribures']) : null;
3545
+ $session_id = isset( $_POST['session_id'] ) ? sanitize_text_field($_POST['session_id']) : null;
3546
+ $mo2f_backup_code=isset($_POST[ 'mo2f_use_backup_code' ]) ? trim($_POST[ 'mo2f_use_backup_code' ] ) : '';
3547
+
3548
+ if(is_null($session_id)) {
3549
+ $session_id=$this->create_session();
3550
+ }
3551
+
3552
+ if("mo2f_use_backup_code"==$mo2f_backup_code){ //BACKUP CODES
3553
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_1stfactor_status', 'VALIDATE_SUCCESS', 600);
3554
+ MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_current_user_id', $currentuser->ID, 600);
3555
+ $mo2fa_login_message = __('Please provide backup code.','miniorange-2-factor-authentication');
3556
+ $mo2fa_login_status = 'MO_2_FACTOR_CHALLENGE_BACKUP';
3557
+ $this->miniorange_pass2login_form_fields($mo2fa_login_status, $mo2fa_login_message, $redirect_to, null, $session_id);
3558
+ exit;
3559
+ }
3560
+
3561
+ $error=$this->miniorange_initiate_2nd_factor( $currentuser, $attributes, $redirect_to, $otp_token, $session_id );
3562
+
3563
+
3564
+ if(is_wp_error( $error)){
3565
+ return $error;
3566
+ }
3567
+ return $error;
3568
+ }
3569
+ }
3570
+ }
3571
+
3572
+ }
3573
+
3574
+ function display_email_verification($head,$body,$color)
3575
+ {
3576
+ echo "<div style='background-color: #d5e3d9; height:850px;' >
3577
+ <div style='height:350px; background-color: #3CB371; border-radius: 2px; padding:2%; '>
3578
+ <div class='mo2f_tamplate_layout' style='background-color: #ffffff;border-radius: 5px;box-shadow: 0 5px 15px rgba(0,0,0,.5); width:850px;height:350px; align-self: center; margin: 180px auto; ' >
3579
+ <img alt='logo' style='margin-left:240px ;
3580
+ margin-top:10px;width=40%;' src='https://auth.miniorange.com/moas/images/logo_large.png' />
3581
+ <div><hr></div>
3582
+
3583
+ <tbody>
3584
+ <tr>
3585
+ <td>
3586
+
3587
+ <p style='margin-top:0;margin-bottom:10px'>
3588
+ <p style='margin-top:0;margin-bottom:10px'> <h1 style='color:".$color.";text-align:center;font-size:50px'>".esc_html($head)."</h1></p>
3589
+ <p style='margin-top:0;margin-bottom:10px'>
3590
+ <p style='margin-top:0;margin-bottom:10px;text-align:center'><h2 style='text-align:center'>".esc_html($body)."</h2></p>
3591
+ <p style='margin-top:0;margin-bottom:0px;font-size:11px'>
3592
+
3593
+ </td>
3594
+ </tr>
3595
+
3596
+ </div>
3597
+ </div>
3598
+ </div>";
3599
+ }
3600
+
3601
+ function mo_2_factor_enable_jquery_default_login() {
3602
+ wp_enqueue_script( 'jquery' );
3603
+ }
3604
+
3605
+ function miniorange_pass2login_footer_form() {
3606
+ ?>
3607
+ <script>
3608
+ jQuery(document).ready(function () {
3609
+ if (document.getElementById('loginform') != null) {
3610
+ jQuery('#loginform').on('submit', function (e) {
3611
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
3612
+ });
3613
+ } else {
3614
+ if (document.getElementsByClassName('login') != null) {
3615
+ jQuery('.login').on('submit', function (e) {
3616
+ jQuery('#miniorange_rba_attribures').val(JSON.stringify(rbaAttributes.attributes));
3617
+ });
3618
+ }
3619
+ }
3620
+ });
3621
+ </script>
3622
+ <?php
3623
+
3624
+ }
3625
+
3626
+
3627
+ }
3628
+
3629
+ ?>
handler/twofa/two_fa_settings.php CHANGED
@@ -1,5072 +1,5072 @@
1
- <?php
2
- include 'two_fa_pass2login.php';
3
- include_once 'two_fa_get_details.php';
4
- include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_setup_notification.php';
5
- include 'class_miniorange_2fa_strong_password.php';
6
-
7
- class Miniorange_Authentication {
8
-
9
- private $defaultCustomerKey = "16555";
10
- private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
11
-
12
- function __construct() {
13
- add_action( 'admin_init', array( $this, 'miniorange_auth_save_settings' ) );
14
- add_action( 'plugins_loaded', array( $this, 'mo2f_update_db_check' ) );
15
-
16
- global $wp_roles;
17
- if ( ! isset( $wp_roles ) ) {
18
- $wp_roles = new WP_Roles();
19
- }
20
-
21
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option') == 1 ) {
22
- $mo2f_rba_attributes = new Miniorange_Rba_Attributes();
23
- $pass2fa_login = new Miniorange_Password_2Factor_Login();
24
- $mo2f_2factor_setup = new Two_Factor_Setup();
25
- add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
26
- //for shortcode addon
27
- $mo2f_ns_config = new MoWpnsUtility();
28
- add_action( 'login_form', array( $pass2fa_login, 'mo_2_factor_pass2login_show_wp_login_form' ),10 );
29
-
30
- //strong password file
31
- $mo2f_strong_password = new class_miniorange_2fa_strong_password();
32
-
33
- if($mo2f_ns_config->hasLoginCookie())
34
- {
35
- add_action('user_profile_update_errors', array( $mo2f_strong_password, 'validatePassword'), 0, 3 );
36
- add_action( 'woocommerce_save_account_details_errors', array( $mo2f_strong_password, 'woocommerce_password_edit_account' ),1,2 );
37
- }
38
- add_filter( 'woocommerce_process_registration_errors', array($mo2f_strong_password,'woocommerce_password_protection'),1,4);
39
- add_filter( 'woocommerce_registration_errors', array($mo2f_strong_password,'woocommerce_password_registration_protection'),1,3);
40
- add_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', [ $this, 'disable_admin_bar' ] );
41
-
42
- add_filter( 'mo2f_shortcode_rba_gauth', array( $mo2f_rba_attributes, 'mo2f_validate_google_auth' ), 10, 3 );
43
- add_filter( 'mo2f_shortcode_kba', array( $mo2f_2factor_setup, 'register_kba_details' ), 10, 7 );
44
- add_filter( 'mo2f_update_info', array( $mo2f_2factor_setup, 'mo2f_update_userinfo' ), 10, 5 );
45
- add_action( 'mo2f_shortcode_form_fields', array(
46
- $pass2fa_login,
47
- 'miniorange_pass2login_form_fields'
48
- ), 10, 5 );
49
-
50
- add_action( 'delete_user', array( $this, 'mo2f_delete_user' ) );
51
-
52
- add_filter( 'mo2f_gauth_service', array( $mo2f_rba_attributes, 'mo2f_google_auth_service' ), 10, 1 );
53
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) { //password + 2nd factor enabled
54
- if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
55
-
56
- remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
57
-
58
- add_filter( 'authenticate', array( $pass2fa_login, 'mo2f_check_username_password' ), 99999, 4 );
59
- add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
60
- add_action( 'login_form', array(
61
- $pass2fa_login,
62
- 'mo_2_factor_pass2login_show_wp_login_form'
63
- ), 10 );
64
-
65
- if ( get_option( 'mo2f_remember_device' ) ) {
66
- add_action( 'login_footer', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ) );
67
- add_action( 'woocommerce_before_customer_login_form', array(
68
- $pass2fa_login,
69
- 'miniorange_pass2login_footer_form'
70
- ) );
71
- }
72
- add_action( 'login_enqueue_scripts', array(
73
- $pass2fa_login,
74
- 'mo_2_factor_enable_jquery_default_login'
75
- ) );
76
-
77
- if(get_site_option('mo2f_woocommerce_login_prompt')){
78
- add_action( 'woocommerce_login_form', array(
79
- $pass2fa_login,
80
- 'mo_2_factor_pass2login_show_wp_login_form'
81
- ) );
82
- }
83
- else if(!get_site_option('mo2f_woocommerce_login_prompt') && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option') ) {
84
- add_action('woocommerce_login_form_end' ,array(
85
- $pass2fa_login,
86
- 'mo_2_factor_pass2login_woocommerce'
87
- ) );
88
- }
89
- add_action( 'wp_enqueue_scripts', array(
90
- $pass2fa_login,
91
- 'mo_2_factor_enable_jquery_default_login'
92
- ) );
93
-
94
- //Actions for other plugins to use miniOrange 2FA plugin
95
- add_action( 'miniorange_pre_authenticate_user_login', array(
96
- $pass2fa_login,
97
- 'mo2f_check_username_password'
98
- ), 1, 4 );
99
- add_action( 'miniorange_post_authenticate_user_login', array(
100
- $pass2fa_login,
101
- 'miniorange_initiate_2nd_factor'
102
- ), 1, 3 );
103
- add_action( 'miniorange_collect_attributes_for_authenticated_user', array(
104
- $pass2fa_login,
105
- 'mo2f_collect_device_attributes_for_authenticated_user'
106
- ), 1, 2 );
107
-
108
- }
109
-
110
- } else { //login with phone enabled
111
-
112
- if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
113
-
114
- $mobile_login = new Miniorange_Mobile_Login();
115
- add_action( 'login_form', array( $mobile_login, 'miniorange_login_form_fields' ), 99999,10 );
116
- add_action( 'login_footer', array( $mobile_login, 'miniorange_login_footer_form' ) );
117
-
118
- remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
119
- add_filter( 'authenticate', array( $mobile_login, 'mo2fa_default_login' ), 99999, 3 );
120
- add_action( 'login_enqueue_scripts', array( $mobile_login, 'custom_login_enqueue_scripts' ) );
121
- }
122
- }
123
- }
124
- }
125
-
126
- function define_global() {
127
- global $Mo2fdbQueries;
128
- $Mo2fdbQueries = new Mo2fDB();
129
- }
130
-
131
- function mo2f_delete_user($user_id){
132
- global $Mo2fdbQueries;
133
- delete_user_meta($user_id,'mo2f_kba_challenge');
134
- delete_user_meta($user_id,'mo2f_2FA_method_to_configure');
135
- delete_user_meta($user_id,'Security Questions');
136
- delete_user_meta($user_id,'mo2f_chat_id');
137
- $Mo2fdbQueries->delete_user_details( $user_id);
138
- delete_user_meta($user_id,'mo2f_2FA_method_to_test');
139
- }
140
-
141
- function mo2f_update_db_check() {
142
-
143
- $userid = wp_get_current_user()->ID;
144
- add_option('mo2f_onprem_admin' , $userid );
145
- if(is_multisite()){
146
- add_site_option('mo2fa_superadmin',1);
147
- }
148
- // Deciding on On-Premise solution
149
- $is_NC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
150
- $is_NNC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
151
- // Old users
152
- if ( get_option( 'mo2f_customerKey' ) && ! $is_NC )
153
- add_option( 'is_onprem', 0 );
154
-
155
- //new users using cloud
156
- if(get_option( 'mo2f_customerKey' ) && $is_NC && $is_NNC)
157
- add_option( 'is_onprem', 0 );
158
-
159
- if(get_option( 'mo2f_app_secret' ) && $is_NC && $is_NNC){
160
- add_option( 'is_onprem', 0 );
161
- }else{
162
- add_option( 'is_onprem', 1 );
163
-
164
- }
165
- if(get_option('mo2f_network_features',"not_exits")=="not_exits"){
166
- do_action('mo2f_network_create_db');
167
- update_option('mo2f_network_features',1);
168
- }
169
- if(get_option('mo2f_encryption_key',"not_exits")=="not_exits"){
170
- $get_encryption_key = MO2f_Utility::random_str(16);
171
- update_option('mo2f_encryption_key',$get_encryption_key);
172
-
173
- }
174
- global $Mo2fdbQueries;
175
- $user_id = get_option( 'mo2f_miniorange_admin' );
176
- $current_db_version = get_option( 'mo2f_dbversion' );
177
-
178
- if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
179
- update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
180
- $Mo2fdbQueries->generate_tables();
181
-
182
- }
183
- if(MO2F_IS_ONPREM){
184
- $twofactordb = new Mo2fDB;
185
- $userSync = get_site_option('mo2f_user_sync');
186
- if($userSync<1){
187
- update_site_option('mo2f_user_sync',1);
188
- $twofactordb->get_all_onprem_userids();
189
- }
190
- }
191
-
192
- if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
193
-
194
- if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option')) {
195
- update_option( 'mo2f_is_NC', 0 );
196
- }
197
-
198
- $check_if_user_column_exists = false;
199
-
200
- if ( $user_id && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
201
- $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
202
- if ( $does_table_exist ) {
203
- $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
204
- }
205
- if ( ! $check_if_user_column_exists ) {
206
- $Mo2fdbQueries->generate_tables();
207
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
208
-
209
- add_option( 'mo2f_phone', get_option( 'user_phone' ) );
210
- add_option( 'mo2f_enable_login_with_2nd_factor', get_option( 'mo2f_show_loginwith_phone' ) );
211
- add_option( 'mo2f_remember_device', get_option( 'mo2f_deviceid_enabled' ) );
212
- add_option( 'mo2f_transactionId', get_option( 'mo2f-login-transactionId' ) );
213
- add_option( 'mo2f_is_NC', 0 );
214
- $phone = get_user_meta( $user_id, 'mo2f_user_phone', true );
215
- $user_phone = $phone ? $phone : get_user_meta( $user_id, 'mo2f_phone', true );
216
-
217
- $Mo2fdbQueries->update_user_details( $user_id,
218
- array(
219
- 'mo2f_GoogleAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_google_authentication_status', true ),
220
- 'mo2f_SecurityQuestions_config_status' => get_user_meta( $user_id, 'mo2f_kba_registration_status', true ),
221
- 'mo2f_EmailVerification_config_status' => true,
222
- 'mo2f_AuthyAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_authy_authentication_status', true ),
223
- 'mo2f_user_email' => get_user_meta( $user_id, 'mo_2factor_map_id_with_email', true ),
224
- 'mo2f_user_phone' => $user_phone,
225
- 'user_registration_with_miniorange' => get_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange', true ),
226
- 'mobile_registration_status' => get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ),
227
- 'mo2f_configured_2FA_method' => get_user_meta( $user_id, 'mo2f_selected_2factor_method', true ),
228
- 'mo_2factor_user_registration_status' => get_user_meta( $user_id, 'mo_2factor_user_registration_status', true )
229
- ) );
230
-
231
- if ( get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ) ) {
232
- $Mo2fdbQueries->update_user_details( $user_id,
233
- array(
234
- 'mo2f_miniOrangeSoftToken_config_status' => true,
235
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
236
- 'mo2f_miniOrangePushNotification_config_status' => true
237
- ) );
238
- }
239
-
240
- if ( get_user_meta( $user_id, 'mo2f_otp_registration_status', true ) ) {
241
- $Mo2fdbQueries->update_user_details( $user_id,
242
- array(
243
- 'mo2f_OTPOverSMS_config_status' => true
244
- ) );
245
- }
246
-
247
- $mo2f_external_app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true ) == 'AUTHY 2-FACTOR AUTHENTICATION' ?
248
- 'Authy Authenticator' : 'Google Authenticator';
249
-
250
- update_user_meta( $user_id, 'mo2f_external_app_type', $mo2f_external_app_type );
251
-
252
- delete_option( 'mo2f_show_loginwith_phone' );
253
- delete_option( 'mo2f_deviceid_enabled' );
254
- delete_option( 'mo2f-login-transactionId' );
255
- delete_user_meta( $user_id, 'mo2f_google_authentication_status' );
256
- delete_user_meta( $user_id, 'mo2f_kba_registration_status' );
257
- delete_user_meta( $user_id, 'mo2f_email_verification_status' );
258
- delete_user_meta( $user_id, 'mo2f_authy_authentication_status' );
259
- delete_user_meta( $user_id, 'mo_2factor_map_id_with_email' );
260
- delete_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange' );
261
- delete_user_meta( $user_id, 'mo2f_mobile_registration_status' );
262
- delete_user_meta( $user_id, 'mo2f_otp_registration_status' );
263
- delete_user_meta( $user_id, 'mo2f_selected_2factor_method' );
264
- delete_user_meta( $user_id, 'mo2f_configure_test_option' );
265
- delete_user_meta( $user_id, 'mo_2factor_user_registration_status' );
266
-
267
- update_option( 'mo2f_existing_user_values_updated', 1 );
268
-
269
- }
270
- }
271
- }
272
-
273
- if ( $user_id && ! get_option( 'mo2f_login_option_updated' ) ) {
274
-
275
- $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
276
- if ( $does_table_exist ) {
277
- $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
278
- if ( $check_if_user_column_exists ) {
279
- $selected_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
280
-
281
- update_option( 'mo2f_login_option_updated', 1 );
282
- }
283
- }
284
-
285
- }
286
-
287
-
288
- }
289
-
290
-
291
- function feedback_request() {
292
- display_feedback_form();
293
- }
294
- public function disable_admin_bar() {
295
-
296
- global $wp_admin_bar;
297
- $wp_admin_bar = ''; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
298
- }
299
- function get_customer_SMS_transactions() {
300
-
301
- if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && MoWpnsUtility::get_mo2f_db_option('mo2f_show_sms_transaction_message', 'get_option') ) {
302
- if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
303
- $customer = new Customer_Setup();
304
-
305
- $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
306
-
307
- update_option( 'mo2f_set_transactions', 1 );
308
- if ( ! array_key_exists( 'smsRemaining', $content ) ) {
309
- $smsRemaining = 0;
310
- } else {
311
- $smsRemaining = $content['smsRemaining'];
312
-
313
- if ( $smsRemaining == null ) {
314
- $smsRemaining = 0;
315
- }
316
- }
317
- update_option( 'mo2f_number_of_transactions', $smsRemaining );
318
- } else {
319
- $smsRemaining = MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option');
320
- }
321
-
322
- $this->display_customer_transactions( $smsRemaining );
323
- }
324
- }
325
-
326
- function display_customer_transactions( $content ) {
327
- echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>' . mo2f_lt( 'miniOrange 2-Factor Plugin:' ) . '</b> ' . mo2f_lt( 'You have' ) . ' <b style="color:red">' . esc_html($content) . ' ' . mo2f_lt( 'SMS transactions' ) . ' </b>' . mo2f_lt( 'remaining' ) . '<input type="submit" name="submit" value="' . mo2f_lt( 'Check Transactions' ) . ' " class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
328
- }
329
-
330
- function prompt_user_to_setup_two_factor() {
331
- global $Mo2fdbQueries;
332
- $user = wp_get_current_user();
333
- $selected_2_Factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
334
- if ( $selected_2_Factor_method == 'NONE' ) {
335
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option') || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
336
- echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
337
- '<a href="admin.php?page=mo_2fa_two_fa">' . mo2f_lt( ' Click here' ) . '</a>' . mo2f_lt( ' to set it up.' ) .
338
- '<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
339
- }
340
- }
341
- }
342
-
343
-
344
- function mo_auth_success_message() {
345
- $message = get_option( 'mo2f_message' ); ?>
346
- <script>
347
- jQuery(document).ready(function () {
348
- var message = "<?php echo esc_html($message); ?>";
349
- jQuery('#messages').append("<div style='padding:5px;'><div class='error notice is-dismissible mo2f_error_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 99999;background-color: bisque;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
350
- });
351
- </script>
352
- <?php
353
- }
354
-
355
- function mo_auth_error_message() {
356
- $message = get_option( 'mo2f_message' ); ?>
357
-
358
- <script>
359
- jQuery(document).ready(function () {
360
- var message = "<?php echo esc_html($message); ?>";
361
- jQuery('#messages').append("<div style='padding:5px;'><div class='updated notice is-dismissible mo2f_success_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 9999;background-color: #bcffb4;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
362
- });
363
- </script>
364
- <?php
365
-
366
- }
367
-
368
- function miniorange_auth_menu() {
369
- global $user;
370
- $user = wp_get_current_user();
371
- $roles = $user->roles;
372
- $miniorange_role = array_shift( $roles );
373
-
374
- $is_plugin_activated = MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option');
375
- $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $user->ID ? true : false;
376
- $is_2fa_enabled_for_users = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option');
377
- $can_current_user_manage_options = current_user_can( 'manage_options' );
378
- $admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
379
- ? true : false;
380
-
381
- if(MO2F_IS_ONPREM)
382
- {
383
- $can_current_user_manage_options = true; // changes by prdp
384
- $is_customer_admin = true;
385
- }
386
- if ( $admin_registration_status ) {
387
- if ( $can_current_user_manage_options && $is_customer_admin ) {
388
- $mo2fa_hook_page = $this->hookpages();
389
- }
390
- } else if ( $can_current_user_manage_options ) {
391
- $mo2fa_hook_page = $this->hookpages();
392
- }
393
-
394
-
395
- }
396
-
397
- function hookpages() {
398
- $url = explode('handler',plugin_dir_url(__FILE__));
399
- if(get_site_option('mo2f_enable_custom_icon')!=1)
400
- $iconurl = $url[0] . '/includes/images/miniorange_icon.png';
401
- else
402
- $iconurl = site_url(). '/wp-content/uploads/miniorange/plugin_icon.png';
403
- $menu_slug = 'miniOrange_2_factor_settings';
404
- add_menu_page( 'miniOrange 2 Factor Auth', MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
405
- }
406
-
407
- function mo_auth_login_options() {
408
- global $user;
409
- $user = wp_get_current_user();
410
- update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
411
- mo_2_factor_register( $user );
412
- }
413
-
414
- function mo_2_factor_enable_frontend_style() {
415
- wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url( 'includes/css/front_end_login.css?version='.MO2F_VERSION.'', __FILE__ ) );
416
- wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
417
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
418
- wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
419
- wp_enqueue_style( 'mo2f_login_popup_style', plugins_url( "includes/css/mo2f_login_popup_ui.css?version=".MO2F_VERSION."", __FILE__ ) );
420
- }
421
-
422
- function plugin_settings_style( $mo2fa_hook_page ) {
423
-
424
- if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
425
- return;
426
- }
427
-
428
- wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url( 'includes/css/style_settings.css?version='.MO2F_VERSION.'', __FILE__ ) );
429
- wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
430
- wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
431
- wp_enqueue_style( 'bootstrap_style_ass', plugins_url( 'includes/css/bootstrap-tour-standalone.css?version='.MO2F_VERSION.'', __FILE__ ) );
432
- wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
433
- wp_enqueue_style( 'mo2f_ns_admin_settings_datatable_style', plugins_url('includes/css/jquery.dataTables.min.css', __FILE__));
434
- }
435
-
436
- function plugin_settings_script( $mo2fa_hook_page ) {
437
- if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
438
- return;
439
- }
440
- wp_enqueue_script( 'jquery' );
441
- wp_enqueue_script( 'mo_2_factor_admin_settings_phone_script', plugins_url( 'includes/js/phone.js', __FILE__ ) );
442
- wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', __FILE__ ) );
443
- wp_enqueue_script( 'bootstrap_script_hehe', plugins_url( 'includes/js/bootstrap-tour-standalone.min.js', __FILE__ ) );
444
- wp_enqueue_script( 'mo2f_ns_admin_datatable_script', plugins_url('includes/js/jquery.dataTables.min.js', __FILE__ ), array('jquery'));
445
-
446
- }
447
- public function setup_wizard_header() {
448
- ?>
449
- <!DOCTYPE html>
450
- <html <?php language_attributes(); ?>>
451
- <head>
452
- <meta name="viewport" content="width=device-width"/>
453
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
454
- <title><?php esc_html_e( 'miniOrange 2-factor Setup Wizard', 'miniorange 2-factor-authentication' ); ?></title>
455
- <?php do_action( 'admin_print_styles' ); ?>
456
- <?php do_action( 'admin_print_scripts' ); ?>
457
- <?php do_action( 'admin_head' ); ?>
458
- </head>
459
- <body class="mo2f-setup-setup-wizard">
460
- <?php
461
- }
462
-
463
- /**
464
- * Outputs the content of the current step.
465
- *
466
- * @since 2.6.0
467
- */
468
-
469
- private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $footer = '' ) {
470
-
471
- wp_register_script('mo2f_qr_code_js',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))));
472
- wp_register_script('mo2f_qr_code_minjs',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))));
473
- wp_register_script('mo2f_phone_js',plugins_url( "/includes/js/phone.js", dirname(dirname(__FILE__ ))));
474
-
475
- wp_register_style('mo2f_phone_css',plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))));
476
- $contact_url = 'https://wordpress.org/plugins/miniorange-2-factor-authentication/';
477
- echo '<head>';
478
- wp_print_scripts( 'mo2f_qr_code_js' );
479
- wp_print_scripts( 'mo2f_qr_code_minjs' );
480
- wp_print_scripts( 'mo2f_phone_js' );
481
- wp_print_styles( 'mo2f_phone_css' );
482
- echo '</head>';
483
-
484
- ?>
485
- <style type="text/css">
486
- #mo2f-setup-wizard-settings-area {
487
- visibility: hidden;
488
- animation: loadWpMOTFASettingsNoJSView 0s 2s forwards;
489
- }
490
-
491
- @keyframes loadWpMOTFASettingsNoJSView{
492
- to { visibility: visible; }
493
- }
494
-
495
- body {
496
- background: #F1F1F1;
497
- font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
498
- margin: 0;
499
- }
500
-
501
- #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header {
502
- text-align: center;
503
- border-top: 4px solid #E27730;
504
- }
505
-
506
- #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header h1 {
507
- margin: 0;
508
- }
509
-
510
- #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
511
- display: inline-block;
512
- width: 320px;
513
- margin-top: 10px;
514
- padding: 0 10px;
515
- }
516
-
517
-
518
- #mo2f-setup-wizard-settings-area .mo2f-setup-logo img {
519
- width: 100%;
520
- height: 100%;
521
- }
522
-
523
- #mo2f-setup-settings-error-loading-area {
524
- box-sizing: border-box;
525
- max-width: 90%;
526
- width: auto;
527
- margin: 0 auto;
528
- background: #fff;
529
- border: 1px solid #DDDDDD;
530
- border-radius: 6px;
531
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
532
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
533
- padding: 20px 30px;
534
- }
535
- #mo2f-setup-settings-error-loading-area2 {
536
- box-sizing: border-box;
537
- max-width: 90%;
538
- width: auto;
539
- margin: 0 auto;
540
- background: #fff;
541
- border: 1px solid #DDDDDD;
542
- border-radius: 6px;
543
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
544
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
545
- padding: 20px 30px;
546
- }
547
- #mo2f-setup-settings-error-loading-area3 {
548
- box-sizing: border-box;
549
- max-width: 90%;
550
- width: auto;
551
- margin: 0 auto;
552
- background: #fff;
553
- border: 1px solid #DDDDDD;
554
- border-radius: 6px;
555
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
556
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
557
- padding: 20px 30px;
558
- }
559
- #mo2f-setup-settings-error-loading-area4 {
560
- box-sizing: border-box;
561
- max-width: 90%;
562
- width: auto;
563
- margin: 0 auto;
564
- background: #fff;
565
- border: 1px solid #DDDDDD;
566
- border-radius: 6px;
567
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
568
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
569
- padding: 20px 30px;
570
- }
571
- #mo2f-setup-settings-error-loading-area1 {
572
- box-sizing: border-box;
573
- max-width: 90%;
574
- width: auto;
575
- margin: 0 auto;
576
- background: #fff;
577
- border: 1px solid #DDDDDD;
578
- border-radius: 6px;
579
- webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
580
- box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
581
- padding: 20px 30px;
582
- }
583
- #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
584
- text-align: center;
585
- margin-top: 20px;
586
- font-size: 14px;
587
- }
588
-
589
- #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer a {
590
- color: #999999;
591
- }
592
-
593
- #mo2f-setup-error-js h3 {
594
- font-size: 24px;
595
- font-weight: 500;
596
- line-height: 23px;
597
- margin: 0 0 15px;
598
- color: #444444;
599
- }
600
-
601
- #mo2f-setup-error-js p.info,
602
- #mo2f-setup-error-js ul.info {
603
- color: #777777;
604
- font-size: 16px;
605
- line-height: 23px;
606
- margin: 0 0 10px;
607
- }
608
-
609
- #mo2f-setup-error-js ul.info {
610
- margin: -10px 0 20px;
611
- }
612
- .mo2f-input-radios-with-icons label {
613
- width: 90%;
614
- height: 40px;
615
- color: #444;
616
- border: 1px solid #ddd;
617
- background: #fff;
618
- border-radius: 3px;
619
- font-size: 16px;
620
- display: block;
621
- margin-bottom: 20px;
622
- padding: 24px 9px 9px 9px;
623
- cursor: pointer
624
- }
625
-
626
- .mo2f-input-radios-with-icons label:hover {
627
- border: 1px solid #999;
628
- -webkit-box-shadow: 0 0 0 1px #999;
629
- box-shadow: 0 0 0 1px #999
630
- }
631
-
632
- .mo2f-styled-radio {
633
- width: 32px;
634
- height: 32px;
635
- position: relative;
636
- display: inline-block;
637
- border-radius: 50%;
638
- background-color: #e6e6e6
639
- float: left;
640
- margin-top: -4px;
641
- }
642
- .mo_wpns_table_textbox {
643
- width:100%;
644
- height:30px;
645
- }
646
-
647
- #mo2f-setup-error-js a.button {
648
- display: inline-block;
649
- background-color: #E27730;
650
- color: #ffffff;
651
- line-height: 22px;
652
- font-size: 16px;
653
- padding: 14px 30px;
654
- font-weight: 500;
655
- border-radius: 3px;
656
- border: none;
657
- cursor: pointer;
658
- text-decoration: none;
659
- margin-top: 7px;
660
- }
661
-
662
- #mo2f-setup-error-js a.button:hover {
663
- background-color: #c45e1b;
664
- }
665
-
666
- #mo2f-setup-error-js .medium-bold {
667
- font-weight: 500;
668
- }
669
-
670
- #mo2f-setup-nojs-error-message > div {
671
- border: 1px solid #DDDDDD;
672
- border-left: 4px solid #DC3232;
673
- color: #777777;
674
- font-size: 14px;
675
- padding: 18px 18px 18px 21px;
676
- font-weight: 300;
677
- text-align: left;
678
- }
679
- table {
680
- table-layout: fixed ;
681
- width: 100% ;
682
- }
683
- td {
684
- width: 48% ;
685
- }
686
- @media (min-width: 782px) {
687
- #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
688
- margin-top: 50px;
689
- padding: 0;
690
- }
691
-
692
- #mo2f-setup-settings-error-loading-area {
693
- width: 650px;
694
- margin-top: 40px;
695
- padding: 52px 67px 49px;
696
- }
697
- #mo2f-setup-settings-error-loading-area1 {
698
- width: 650px;
699
- margin-top: 40px;
700
- padding: 52px 67px 49px;
701
- }
702
- #mo2f-setup-settings-error-loading-area2 {
703
- width: 650px;
704
- margin-top: 40px;
705
- padding: 52px 67px 49px;
706
- }
707
- #mo2f-setup-settings-error-loading-area3 {
708
- width: 650px;
709
- margin-top: 40px;
710
- padding: 52px 67px 49px;
711
- }
712
- #mo2f-setup-settings-error-loading-area4 {
713
- width: 650px;
714
- margin-top: 40px;
715
- padding: 52px 67px 49px;
716
- }
717
- .mo2f-styled-radio {
718
- width: 32px;
719
- height: 32px;
720
- position: relative;
721
- display: inline-block;
722
- border-radius: 50%;
723
- background-color: #e6e6e6;
724
- float: left;
725
- margin-top: -4px;
726
- }
727
-
728
- #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
729
- margin-top: 50px;
730
- }
731
-
732
- #mo2f-setup-error-js p.info {
733
- margin: 0 0 20px;
734
- }
735
- .mo2f-setup-button.mo2f-setup-button-large {
736
- line-height: 22px;
737
- font-size: 18px;
738
- padding: 19px 39px
739
- }
740
- .mo2f-setup-button.mo2f-setup-button-large {
741
- line-height: 22px;
742
- font-size: 18px;
743
- padding: 19px 39px;
744
- }
745
- .mo2f-styled-radio-text {
746
- margin-left: 10px
747
- }
748
- .mo2f-setup-button.mo2f-setup-button-main:hover {
749
- background-color: #c45e1b;
750
- }
751
- .mo2f-setup-button.mo2f-setup-button-main {
752
- background-color: #e27730;
753
- color: #fff;
754
- font-weight: 500;
755
- }
756
- .mo2f-setup-wizard-timeline {
757
- -webkit-box-align: center;
758
- -ms-flex-align: center;
759
- align-items: center;
760
- display: -webkit-box;
761
- display: -ms-flexbox;
762
- display: flex;
763
- margin: 41px auto 0;
764
- max-width: 650px;
765
- padding: 0 20px
766
- }
767
-
768
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line {
769
- background: #ddd;
770
- height: 2px;
771
- margin: 0 6px;
772
- width: 100%
773
- }
774
-
775
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line.mo2f-setup-wizard-timeline-line-active {
776
- background: #6aa08b
777
- }
778
-
779
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step {
780
- border: none;
781
- background-color: #b6b6b6;
782
- border-radius: 50%;
783
- -ms-flex-negative: 0;
784
- flex-shrink: 0;
785
- height: 16px;
786
- width: 16px
787
- }
788
-
789
- .mo2f-setup-wizard-step-footer {
790
- display: block;
791
- text-align: center;
792
- min-height: 110px;
793
- padding: 0 20px;
794
- margin-top: 30px
795
- }
796
- .popup_text
797
- {
798
- color:black;
799
- margin-top: 2%;
800
- font-weight: 600;
801
- font-size: 12px !important;
802
- }
803
- .overlay{
804
- position: fixed;
805
- top: 0;
806
- left: 0;
807
- right: 0;
808
- bottom: 0;
809
- width: 100%;
810
- height: 100%;
811
- background: #000;
812
- opacity: .5;
813
- z-index: 0;
814
- }
815
- .overlay_success {
816
- width: min-content;
817
- height: 40px;
818
- float: left;
819
- z-index: 1;
820
- top: 0;
821
- right: 0;
822
- text-align: center;
823
- margin-bottom: 4%
824
- background-color:#bcffb4 !important ;
825
- /* overflow-x: hidden; */
826
- background: #b1ffb1;
827
- border-left: 4px solid #46b450;
828
- }
829
- .overlay_error {
830
- width: min-content;
831
- height: min-content;
832
- padding-bottom: 1%;
833
- float: left;
834
- z-index: 1;
835
- top: 0;
836
- right: 0;
837
- margin-bottom: 4%;
838
- text-align: center;
839
- background-color:bisque !important ;
840
- /* overflow-x: hidden; */
841
- border-left: 4px solid red;
842
- }
843
-
844
- .mo2f-setup-wizard-step-footer a {
845
- font-size: 14px;
846
- display: block;
847
- color: #999;
848
- margin: 20px 0
849
- }
850
-
851
- .mo2f-setup-wizard-step-footer a:active,
852
- .mo2f-setup-wizard-step-footer a:hover {
853
- color: #777;
854
- text-decoration: underline
855
- }
856
-
857
-
858
- .mo2f-button.mo2f-button-main {
859
- background-color: #e27730;
860
- color: #fff;
861
- font-weight: 500;
862
- -webkit-box-flex: 11;
863
- -ms-flex: 11;
864
- flex: 11;
865
- padding: 12px 25px;
866
- font-size: 16px;
867
- }
868
-
869
- .mo2f-button.mo2f-button-main:focus,
870
- .mo2f-button.mo2f-button-main:hover {
871
- background-color: #c45e1b
872
- }
873
-
874
- .mo2f-button.mo2f-button-main:disabled {
875
- opacity: .65;
876
- cursor: not-allowed;
877
- background-color: #e27730;
878
- -webkit-box-flex: 11;
879
- -ms-flex: 11;
880
- flex: 11;
881
- margin-right: 30px
882
- }
883
-
884
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step .icon {
885
- display: none
886
- }
887
-
888
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-active,
889
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed {
890
- background-color: #6aa08b;
891
- position: relative
892
- }
893
-
894
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed {
895
- background-color: #d83638;
896
- position: relative
897
- }
898
-
899
- .mo2f-step-show{
900
- margin: 0 0 16px;
901
- font-size: 14px;
902
- line-height: 18px;
903
- color: #b6b6b6;
904
- }
905
- .mo2f_table_textbox {
906
- width: 200px;
907
- height: 20px !important;
908
- font-size: 14px !important;
909
- }
910
- .mo2f_table_textbox_phone {
911
- width: 200px;
912
- height: 40px !important;
913
- font-size: 14px !important;
914
- }
915
- .mo2f_kba_ques {
916
- width: 394px !important;
917
- border-radius: 4px !important;
918
- height: 40px !important;
919
- font-size: 14px !important;
920
- }
921
-
922
- .mo2f_kba_tb_data {
923
- padding-left: 15px;
924
- }
925
-
926
- .mo2f_kba_table {
927
- padding: 0 10px;
928
- width: 100%;
929
- }
930
- .mo2f_kba_body {
931
- border: hidden !important;
932
- }
933
-
934
-
935
- .mo2f_table_textbox_KBA {
936
- width: 200px;
937
- height: 40px !important;
938
- font-size: 14px !important;
939
- }
940
-
941
-
942
- .mo2f_kba_header {
943
- font-weight: bold;
944
- }
945
-
946
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed .icon-success,
947
- .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed .icon-failed {
948
- color: #fff;
949
- display: block;
950
- position: absolute;
951
- left: 3px;
952
- top: 3px
953
- }
954
- .mo2f-setup-wizard-step-footer {
955
- display: -webkit-box;
956
- display: -ms-flexbox;
957
- display: flex;
958
- -webkit-box-pack: justify;
959
- -ms-flex-pack: justify;
960
- justify-content: space-between;
961
- -webkit-box-align: center;
962
- -ms-flex-align: center;
963
- align-items: center;
964
- padding: 0;
965
- margin-top: 0
966
- }
967
- .mo2f_blur {
968
- filter: blur(5px);
969
- -webkit-filter: blur(5px);
970
- -moz-filter: blur(5px);
971
- -o-filter: blur(5px);
972
- -ms-filter: blur(5px);
973
- }
974
- .mo2f_loader {
975
- border: 16px solid #b9acac;
976
- border-radius: 50%;
977
- border-top: 16px solid #fb540b;
978
- width: 50px;
979
- height: 50px;
980
- -webkit-animation: spin 2s linear infinite; /* Safari */
981
- animation: spin 2s linear infinite;
982
- position: fixed;
983
- left: 50%;
984
- top: 50%;
985
- z-index: 100;
986
- }
987
-
988
- /* Safari */
989
- @-webkit-keyframes spin {
990
- 0% { -webkit-transform: rotate(0deg); }
991
- 100% { -webkit-transform: rotate(360deg); }
992
- }
993
-
994
- @keyframes spin {
995
- 0% { transform: rotate(0deg); }
996
- 100% { transform: rotate(360deg); }
997
- }
998
- .mo2f-setup-wizard-step-footer-buttons {
999
- margin-bottom: 0;
1000
- }
1001
- .mo2f-setup-wizard-step-footer-buttons button {
1002
- margin-bottom: 0;
1003
- margin-right: 15px;
1004
- width: inherit
1005
- }
1006
- .miniorange_button
1007
- {
1008
- background:#00A0D2!important;
1009
- border-color:#0073AA!important;
1010
- box-shadow:0 1px 0 rgba(120,200,230,.5) inset,0 1px 0 rgba(0,0,0,.15)!important;
1011
- color:#FFF!important;
1012
- text-decoration:none!important;
1013
- cursor:pointer!important;
1014
- border-width:1px!important;
1015
- border-style:solid!important;
1016
- border-radius:3px!important;
1017
- white-space:nowrap!important;
1018
- box-sizing:border-box!important;
1019
- line-height:28px!important;
1020
- padding:0 12px!important;
1021
- font-size:13px!important;
1022
- }
1023
-
1024
-
1025
- .mo2f_IR_phone_OTP{
1026
- font-size:15px;
1027
- width:150px !important;
1028
- color:#212F3C;
1029
- border:none;
1030
- display:block;
1031
- border-bottom-style: solid;
1032
- border-width: 2px;
1033
- border-color:#D0D3D4;
1034
- border-radius:0px;
1035
- outline:none;
1036
- padding:5px;
1037
-
1038
- }
1039
- .mo2f-setup-wizard-step-footer-buttons button:last-child {
1040
- margin-right: 0
1041
- }
1042
- a .text-with-arrow-left .icon {
1043
- margin-right: 10px
1044
- }
1045
-
1046
- a .text-with-arrow {
1047
- display: -webkit-box;
1048
- display: -ms-flexbox;
1049
- display: flex;
1050
- -webkit-box-pack: center;
1051
- -ms-flex-pack: center;
1052
- justify-content: center
1053
- }
1054
-
1055
- }
1056
- </style>
1057
- <!--[if IE]>
1058
- <style>
1059
- #mo2f-setup-wizard-settings-area{
1060
- visibility: visible !important;
1061
- }
1062
- </style>
1063
-
1064
- <![endif]-->
1065
- <div class="mo2f_loader" id="mo2f_loader" style="display: none;"></div>
1066
-
1067
- <div id="mo2f-setup-wizard-settings-area" class="mo2f-setup-wizard-settings-area wpms-container">
1068
- <header class="mo2f-setup-wizard-header">
1069
- <h1 >
1070
- <div>
1071
- <img width="70px" height="auto" src="<?php echo plugin_dir_url(dirname(dirname(__FILE__))) . 'includes/images/miniorange_logo.png'; ?>" alt="<?php esc_attr_e( 'miniOrange 2-factor Logo', 'miniorange-2-factor-authentication' ); ?>" >
1072
- <p> miniOrange 2-factor authentication Setup</p>
1073
- </div>
1074
- </h1>
1075
- </header>
1076
- <div id="mo2f-setup-settings-error-loading-area-container">
1077
- <div id="mo2f-setup-settings-error-loading-area">
1078
- <div>
1079
- <div id="mo2f-setup-error-js">
1080
- <p class="subtitle" style="text-align:center;" > This setup guide will take you through all the steps you need to follow to enable the two-factor authentication for your website.</p>
1081
-
1082
- <br><br>
1083
- <button type="button" style="text-align:center;display: flex;margin: auto;" class="mo2f-setup-button mo2f-setup-button-main mo2f-setup-button-large" id ='mo2f_get_started' target="_blank" class="button" rel="noopener noreferrer"> <?php esc_html_e("Let's Get Started", 'mo2f-setup'); ?></button>
1084
-
1085
- <br><br>
1086
- <div style="text-align:center;display: flex;margin: auto;flex-direction: column;">
1087
- <a href="<?php echo esc_url( $contact_url ); ?>" target="_blank" rel="noopener noreferrer">
1088
- <?php esc_html_e( 'Facing issues? Contact Us', 'mo2f-setup' ); ?>
1089
- </a>
1090
- </div>
1091
- </div>
1092
- </div>
1093
- </div>
1094
- <div class="mo2f-setup-error-footer">
1095
- <?php echo wp_kses_post( $footer ); ?>
1096
- </div>
1097
- </div>
1098
- <div id = "mo2f_methods_setup_wizard">
1099
- <div class="mo2f-setup-wizard-timeline">
1100
-
1101
- <div class="mo2f-setup-wizard-timeline-step mo2f-setup-wizard-timeline-step-active" id="mo2f-setup-wizard-step1"></div>
1102
- <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line1"></div>
1103
- <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step2"> </div>
1104
- <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line2"></div>
1105
- <div class="mo2f-setup-wizard-timeline-step"id="mo2f-setup-wizard-step3"> </div>
1106
- <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line3"></div>
1107
- <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step4"> </div>
1108
-
1109
- </div>
1110
- <div id="mo2f-setup-settings-error-loading-area1" style="width: 900px">
1111
-
1112
- <p class="mo2f-step-show"> Step 1 of 4</p>
1113
- <h3 style="text-align:center;font-size:xx-large;"> Select the Authentication method you want to configure </h3>
1114
- <br>
1115
- <div class="mo2f-input-radios-with-icons">
1116
- <table>
1117
- <tr>
1118
- <td>
1119
- <label title="<?php echo __('You have to enter 6 digits code generated by google Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1120
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1121
- <span class="mo2f-styled-radio-text"> Google Authenticator</span>
1122
- </label>
1123
- </td>
1124
- <td>
1125
- <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
1126
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over SMS" />
1127
- <span class="mo2f-styled-radio-text">
1128
- <?php echo __('OTP Over SMS (Registration required)', 'miniorange-2-factor-authentication'); ?>
1129
- </span>
1130
- </label></td>
1131
- </tr>
1132
- <tr>
1133
- <td>
1134
-
1135
- <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
1136
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Email" />
1137
- <span class="mo2f-styled-radio-text">
1138
- <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
1139
- </span>
1140
- </label>
1141
- </td>
1142
-
1143
- <td>
1144
- <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
1145
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Security Questions" />
1146
- <span class="mo2f-styled-radio-text">
1147
- <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
1148
- </span>
1149
- </label>
1150
- </td>
1151
- </tr>
1152
- <tr>
1153
- <td>
1154
-
1155
- <label title="<?php echo __('You have to enter 6 digits code generated by Microsoft Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1156
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1157
- <span class="mo2f-styled-radio-text">
1158
- <?php echo __('Microsoft Authenticator', 'miniorange-2-factor-authentication'); ?>
1159
- </span>
1160
- </label>
1161
- </td>
1162
- <td>
1163
- <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1164
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1165
- <span class="mo2f-styled-radio-text">
1166
- <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
1167
- </span>
1168
- </label>
1169
- </td></tr>
1170
- <tr><td>
1171
-
1172
- <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1173
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Duo Authenticator" />
1174
- <span class="mo2f-styled-radio-text">
1175
- <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
1176
- </span>
1177
- </label>
1178
- </td>
1179
- <td>
1180
- <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
1181
- <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Telegram" />
1182
- <span class="mo2f-styled-radio-text">
1183
- <?php echo __('OTP Over Telegram', 'miniorange-2-factor-authentication'); ?>
1184
- </span>
1185
- </label>
1186
- </td>
1187
- </table>
1188
- </div>
1189
-
1190
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1191
- <br />
1192
-
1193
-
1194
- <div class="mo2f-setup-wizard-step-footer">
1195
- <a href="#previousStep1"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1196
- <div class="mo2f-setup-wizard-step-footer-buttons">
1197
- <input type="button" name="mo2f_next_step1" id="mo2f_next_step1" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1198
-
1199
- </div>
1200
- </div>
1201
- </div>
1202
-
1203
-
1204
-
1205
-
1206
-
1207
- <div id="mo2f-setup-settings-error-loading-area2" style="width: 900px; display: none;">
1208
- <p class="mo2f-step-show"> Step 2 of 4</p>
1209
-
1210
- <h4 style="text-align:center;font-size: xx-large;"> Register with miniOrange </h4>
1211
-
1212
- <form name="f" id="mo2f_registration_form" method="post" action="">
1213
- <input type="hidden" name="option" value="mo_wpns_register_customer" />
1214
- <div class="mo2f_table_layout">
1215
- <div style="margin-bottom:30px;">
1216
- <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1217
- <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Seems like email is already registered. Please click on 'Already have an account'</p></div>
1218
- <p> Please enter a valid email id that you have access to and select a password</p>
1219
- <table class="mo_wpns_settings_table">
1220
- <tr>
1221
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1222
- <td><input style="padding: 5px;" class="mo_wpns_table_textbox" type="email" id="mo2f_email" name="email"
1223
- required placeholder="person@example.com" /></td>
1224
- </tr>
1225
-
1226
- <tr>
1227
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1228
- <td><input style="padding: 5px;" class="mo_wpns_table_textbox" required id= "mo2f_password" type="password"
1229
- name="password" placeholder="Choose your password (Min. length 6)" /></td>
1230
- </tr>
1231
- <tr>
1232
- <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1233
- <td><input style="padding: 5px;" class="mo_wpns_table_textbox" id= "mo2f_confirmPassword" required type="password"
1234
- name="confirmPassword" placeholder="Confirm your password" /></td>
1235
- </tr>
1236
- <tr>
1237
- <td>&nbsp;</td>
1238
- <td><br>
1239
- <a href="#mo2f_account_exist">Already have an account?</a>
1240
-
1241
- </tr>
1242
- </table>
1243
- </div>
1244
- </div>
1245
- </form>
1246
- <form name="f" id="mo2f_login_form" style="display: none;" method="post" action="">
1247
- <input type="hidden" name="option" value="mo_wpns_verify_customer" />
1248
- <div class="mo2f_table_layout">
1249
- <div style="margin-bottom:30px;">
1250
- <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1251
- <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Invalid Credentials</p></div>
1252
-
1253
- <p>Please enter your miniOrange email and password. <a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1254
- <table class="mo_wpns_settings_table">
1255
- <tr>
1256
- <td><b><font color="#FF0000">*</font>Email:</b></td>
1257
- <td><input style="padding: 5px;" class="mo_wpns_table_textbox" type="email" id="mo2f_email_login" name="email"
1258
- required placeholder="person@example.com" /></td>
1259
- </tr>
1260
- <tr>
1261
- <td><b><font color="#FF0000">*</font>Password:</b></td>
1262
- <td><input style="padding: 5px;" class="mo_wpns_table_textbox" required id= "mo2f_password_login" type="password"
1263
- name="password" placeholder="Enter your miniOrange password" /></td>
1264
- </tr>
1265
- <tr>
1266
- <td>&nbsp;</td>
1267
- <td><br>
1268
- <a href="#mo2f_register_new_account">Go Back to Registration Page</a>
1269
-
1270
- </tr>
1271
-
1272
- </table>
1273
- </div>
1274
- </div>
1275
- </form>
1276
-
1277
-
1278
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1279
- <br/>
1280
-
1281
-
1282
- <div class="mo2f-setup-wizard-step-footer">
1283
- <a href="#previousStep2"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1284
- <div class="mo2f-setup-wizard-step-footer-buttons">
1285
- <input type="button" name="mo2f_next_step2" id="mo2f_next_step2" class="mo2f-button mo2f-button-main" value="Create Account and continue" />
1286
-
1287
- </div>
1288
- </div>
1289
-
1290
-
1291
- </div>
1292
-
1293
- <div id="mo2f-setup-settings-error-loading-area3" style="width: 900px; display: none;">
1294
- <p class="mo2f-step-show"> Step 3 of 4</p>
1295
-
1296
- <h3 style="text-align:center;font-size: xx-large;" id="mo2f_setup_method_title"> Configure 2-factor authentication </h3>
1297
-
1298
- <div class="overlay_success" style="width:760px; display: none;" id= "mo2f_success_block_configuration">
1299
- <p class ="popup_text" id="mo2f_configure_success_message" >An OTP has been sent to the below email.</p>
1300
- <br><br></div>
1301
-
1302
- <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block_configuration">
1303
- <p class ="popup_text" id="mo2f_configure_Error_message" style="color: red;" >Invalid OTP</p>
1304
- </div>
1305
- <div id="mo2f_main_content"> </div>
1306
-
1307
- <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1308
- <br/>
1309
-
1310
-
1311
-
1312
- <div class="mo2f-setup-wizard-step-footer">
1313
- <a href="#previousStep3"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1314
- <div class="mo2f-setup-wizard-step-footer-buttons">
1315
- <input type="button" name="mo2f_next_step3" id="mo2f_next_step3" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1316
-
1317
- </div>
1318
- </div>
1319
-
1320
-
1321
- </div>
1322
-
1323
- <div id="mo2f-setup-settings-error-loading-area4" style="width: 900px; display: none;">
1324
- <p class="mo2f-step-show"> Step 4 of 4</p>
1325
- <div style="text-align: center;">
1326
- <h3 style="text-align:center;font-size: xx-large;"> Congratulations! </h3>
1327
- <br>
1328
- You have successfully configured the two-factor authentication.
1329
- <br><br><br>
1330
- <input type="button" name="mo2f_next_step4" id="mo2f_next_step4" class="mo2f-button mo2f-button-main" value="Advance Settings" />
1331
-
1332
- </div>
1333
- </div>
1334
-
1335
- </div>
1336
-
1337
-
1338
- </div>
1339
- </div>
1340
-
1341
-
1342
-
1343
- <script type="text/javascript">
1344
-
1345
- var selected_2FA_method = '';
1346
- var ele = document.getElementsByName('mo2f_selected_2factor_method');
1347
- for(i = 0; i < ele.length; i++) {
1348
- if(ele[i].checked)
1349
- selected_2FA_method = ele[i].value;
1350
- }
1351
- jQuery("#mo2f_setup_method_title").text(selected_2FA_method);
1352
-
1353
- jQuery('#mo2f_next_step4').click(function(e){
1354
- localStorage.setItem("last_tab", 'unlimittedUser_2fa');
1355
- window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1356
-
1357
- });
1358
-
1359
-
1360
- jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1361
- jQuery("#mo2f_get_started").click(function(e){
1362
- jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'none');
1363
- jQuery('#mo2f_methods_setup_wizard').css('display', 'block');
1364
-
1365
- });
1366
-
1367
- jQuery('a[href="#previousStep3"]').click(function(e){
1368
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1369
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1370
-
1371
- var selected_2FA_method = '';
1372
- var ele = document.getElementsByName('mo2f_selected_2factor_method');
1373
- for(i = 0; i < ele.length; i++) {
1374
- if(ele[i].checked)
1375
- selected_2FA_method = ele[i].value;
1376
- }
1377
- if(selected_2FA_method =='OTP Over SMS')
1378
- {
1379
- document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1380
- document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "block";
1381
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1382
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1383
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1384
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1385
- }
1386
- else
1387
- {
1388
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1389
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1390
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1391
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1392
- var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1393
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1394
- var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1395
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1396
- document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1397
- document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1398
-
1399
- }
1400
- });
1401
-
1402
- jQuery('a[href="#previousStep2"]').click(function(e){
1403
- document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1404
- document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1405
- var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1406
- lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1407
- var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1408
- stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1409
-
1410
- });
1411
-
1412
- jQuery('a[href="#previousStep1"]').click(function(e){
1413
- jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'block');
1414
- jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1415
-
1416
- });
1417
-
1418
- jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1419
- document.getElementById('mo2f_registration_form').style.display = "none";
1420
- document.getElementById('mo2f_login_form').style.display = "block";
1421
- document.getElementById('mo2f_next_step2').value = 'Login and Continue';
1422
- });
1423
-
1424
- jQuery('a[href=\"#mo2f_register_new_account\"]').click(function (e) {
1425
- document.getElementById('mo2f_registration_form').style.display = "block";
1426
- document.getElementById('mo2f_login_form').style.display = "none";
1427
- document.getElementById('mo2f_next_step2').value = 'Create Account and Continue';
1428
- });
1429
-
1430
- jQuery('#mo2f_next_step3').click(function(e){
1431
- document.getElementById('mo2f_loader').style.display = "block";
1432
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1433
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1434
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1435
-
1436
- var selected_2FA_method = '';
1437
- var ele = document.getElementsByName('mo2f_selected_2factor_method');
1438
- for(i = 0; i < ele.length; i++) {
1439
- if(ele[i].checked)
1440
- selected_2FA_method = ele[i].value;
1441
- }
1442
- var data ='';
1443
- if(selected_2FA_method == 'Google Authenticator')
1444
- {
1445
- data= { 'action':'mo_two_factor_ajax',
1446
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_GA_setup_wizard',
1447
- 'mo2f_google_auth_code' : jQuery('#mo2f_google_auth_code').val(),
1448
- 'mo2f_session_id' : jQuery('#mo2f_session_id').val()
1449
- };
1450
-
1451
- }
1452
- else if (selected_2FA_method =='OTP Over SMS')
1453
- {
1454
- data= { 'action':'mo_two_factor_ajax',
1455
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverSMS_setup_wizard',
1456
- 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1457
- };
1458
-
1459
- }
1460
- else if(selected_2FA_method == 'OTP Over Email')
1461
- {
1462
- data= { 'action':'mo_two_factor_ajax',
1463
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverEmail_setup_wizard',
1464
- 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1465
- };
1466
-
1467
- }
1468
- else if(selected_2FA_method == 'Security Questions')
1469
- {
1470
- data= { 'action':'mo_two_factor_ajax',
1471
- 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_KBA_setup_wizard',
1472
- 'mo2f_kbaquestion_1' : jQuery('#mo2f_kbaquestion_1').val(),
1473
- 'mo2f_kbaquestion_2' : jQuery('#mo2f_kbaquestion_2').val(),
1474
- 'mo2f_kbaquestion_3' : jQuery('#mo2f_kbaquestion_3').val(),
1475
- 'mo2f_kba_ans1' : jQuery('#mo2f_kba_ans1').val(),
1476
- 'mo2f_kba_ans2' : jQuery('#mo2f_kba_ans2').val(),
1477
- 'mo2f_kba_ans3' : jQuery('#mo2f_kba_ans3').val()
1478
- };
1479
-
1480
- }
1481
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1482
- jQuery.post(ajax_url, data, function(response){
1483
- document.getElementById('mo2f_loader').style.display = "none";
1484
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1485
-
1486
- if(response =='SUCCESS')
1487
- {
1488
- var lineElement = document.getElementById("mo2f-setup-wizard-line3");
1489
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1490
- var stepElement = document.getElementById("mo2f-setup-wizard-step4");
1491
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1492
- document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1493
- jQuery('#mo2f-setup-settings-error-loading-area4').css('display','block');
1494
-
1495
- }
1496
- else
1497
- {
1498
- document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1499
- document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1500
- }
1501
- });
1502
-
1503
- });
1504
-
1505
- jQuery("#mo2f_next_step2").click(function(e){
1506
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1507
- document.getElementById('mo2f_loader').style.display = "block";
1508
- document.getElementById('mo2f_Error_block').style.display = "none";
1509
- document.getElementById('mo2f_next_step2').disabled = true;
1510
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1511
- var email = jQuery("#mo2f_email").val();
1512
- var password = jQuery("#mo2f_password").val();
1513
- if(jQuery("#mo2f_next_step2").val() == 'Login and Continue')
1514
- {
1515
- email = jQuery("#mo2f_email_login").val();
1516
- password = jQuery("#mo2f_password_login").val();
1517
- }
1518
- var data= { 'action':'mo_two_factor_ajax',
1519
- 'mo_2f_two_factor_ajax' : 'mo_wpns_register_verify_customer',
1520
- 'email': email,
1521
- 'password':password,
1522
- 'confirmPassword' : jQuery("#mo2f_confirmPassword").val(),
1523
- 'Login and Continue' : jQuery("#mo2f_next_step2").val()
1524
- };
1525
-
1526
- jQuery.post(ajax_url, data, function(response){
1527
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1528
-
1529
- document.getElementById('mo2f_next_step2').disabled = false;
1530
- if(response == 'SUCCESS')
1531
- {
1532
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1533
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1534
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1535
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1536
- document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1537
- jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1538
-
1539
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1540
- var data= { 'action':'mo_two_factor_ajax',
1541
- 'mo_2f_two_factor_ajax' : 'mo_2fa_configure_OTPOverSMS_setup_wizard'
1542
- };
1543
- jQuery.post(ajax_url, data, function(response){
1544
-
1545
- document.getElementById('mo2f_loader').style.display = "none";
1546
- document.getElementById('mo2f_main_content').innerHTML = response;
1547
- jQuery("#phone").intlTelInput();
1548
-
1549
- jQuery('#mo2f_send_otp').click(function(e){
1550
- document.getElementById('mo2f_loader').style.display = "block";
1551
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1552
-
1553
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1554
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1555
-
1556
- var data = { 'action':'mo_two_factor_ajax',
1557
- 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1558
- 'phone' : jQuery('#phone').val(),
1559
- 'selected_2FA_method' : 'SMS'
1560
- };
1561
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1562
- jQuery.post(ajax_url, data, function(response){
1563
- document.getElementById('mo2f_loader').style.display = "none";
1564
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1565
-
1566
- if(response == 'SUCCESS')
1567
- {
1568
- $message = 'An OTP has been sent to the below phone number. Please enter the OTP to set the 2FA';
1569
- document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1570
- document.getElementById('mo2f_success_block_configuration').style.display = "block";
1571
-
1572
- }
1573
- else
1574
- {
1575
- document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1576
- document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1577
-
1578
- }
1579
- });
1580
-
1581
- });
1582
-
1583
- });
1584
- }
1585
- else
1586
- {
1587
- document.getElementById('mo2f_loader').style.display = "none";
1588
- document.getElementById('mo2f_Error_message').innerHTML = response;
1589
- document.getElementById('mo2f_Error_block').style.display = "block";
1590
- }
1591
-
1592
- });
1593
-
1594
- });
1595
-
1596
- jQuery("#mo2f_next_step1").click(function(e){
1597
- var ele = document.getElementsByName('mo2f_selected_2factor_method');
1598
- var selected_2FA_method = '';
1599
- for(i = 0; i < ele.length; i++) {
1600
- if(ele[i].checked)
1601
- selected_2FA_method = ele[i].value;
1602
- }
1603
- var configMessage = 'Configure '+selected_2FA_method;
1604
- jQuery("#mo2f_setup_method_title").text(configMessage);
1605
-
1606
- if(selected_2FA_method == '')
1607
- {
1608
- return '';
1609
- }
1610
-
1611
- document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "none";
1612
- var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1613
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1614
- var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1615
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1616
-
1617
- if(selected_2FA_method !="OTP Over SMS" && selected_2FA_method != '')
1618
- {
1619
- var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1620
- lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1621
- var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1622
- stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1623
- jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1624
-
1625
- document.getElementById('mo2f_loader').style.display = "block";
1626
-
1627
- var mo2f_setup_call = "";
1628
- if(selected_2FA_method == "Google Authenticator")
1629
- {
1630
- mo2f_setup_call = "mo_2fa_configure_GA_setup_wizard";
1631
- }
1632
- else if(selected_2FA_method =="OTP Over Email")
1633
- {
1634
- mo2f_setup_call ="mo_2fa_configure_OTPOverEmail_setup_wizard";
1635
- }
1636
- else if (selected_2FA_method == "Security Questions")
1637
- {
1638
- mo2f_setup_call = "mo_2fa_configure_KBA_setup_wizard";
1639
- }
1640
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1641
- var data= { 'action' : 'mo_two_factor_ajax',
1642
- 'mo_2f_two_factor_ajax' : mo2f_setup_call
1643
- };
1644
- jQuery.post(ajax_url, data, function(response){
1645
- document.getElementById('mo2f_loader').style.display = "none";
1646
- document.getElementById('mo2f_main_content').innerHTML = response;
1647
-
1648
- if(selected_2FA_method == 'Google Authenticator')
1649
- {
1650
- jQuery('.mo2f_gauth').qrcode({
1651
- 'render': 'image',
1652
- size: 175,
1653
- 'text': jQuery('.mo2f_gauth').data('qrcode')
1654
- });
1655
- jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(e){
1656
- var element = document.getElementById('mo2f_scanbarcode_a');
1657
- if(element.style.display === 'none')
1658
- element.style.display = 'block';
1659
-
1660
- else
1661
- element.style.display = "none";
1662
- });
1663
-
1664
- }
1665
- else if(selected_2FA_method =='OTP Over Email')
1666
- {
1667
- jQuery('#mo2f_send_otp').click(function(e){
1668
- document.getElementById('mo2f_loader').style.display = "block";
1669
- document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1670
-
1671
- document.getElementById('mo2f_success_block_configuration').style.display = "none";
1672
- document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1673
-
1674
- var data = { 'action':'mo_two_factor_ajax',
1675
- 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1676
- 'phone' : jQuery('#phone').val(),
1677
- 'mo2f_session_id' : jQuery('#mo2f_session_id').val(),
1678
- 'selected_2FA_method' : 'OTP Over Email'
1679
- };
1680
- var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1681
- jQuery.post(ajax_url, data, function(response){
1682
- document.getElementById('mo2f_loader').style.display = "none";
1683
- document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1684
-
1685
- if(response == 'SUCCESS')
1686
- {
1687
- $message = 'An OTP has been sent to the below email please enter the OTP to set the 2FA';
1688
- document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1689
- document.getElementById('mo2f_success_block_configuration').style.display = "block";
1690
-
1691
- }
1692
- else
1693
- {
1694
- document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1695
- document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1696
-
1697
- }
1698
- });
1699
-
1700
- });
1701
- }
1702
- else if (selected_2FA_method =='Security Questions')
1703
- {
1704
-
1705
- var mo_option_to_hide1;
1706
- //hidden element in dropdown list 2
1707
- var mo_option_to_hide2;
1708
-
1709
- jQuery('#mo2f_kbaquestion_1').change(function(){
1710
- list = 1;
1711
- var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1712
- //if an element is currently hidden, unhide it
1713
- if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1714
- mo_option_to_hide1.style.display = 'block';
1715
- } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1716
- mo_option_to_hide2.style.display = 'block';
1717
- }
1718
- //select the element to hide and then hide it
1719
- if (list == 1) {
1720
- if (list_selected != 0) {
1721
- mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
1722
- mo_option_to_hide2.style.display = 'none';
1723
- }
1724
- }
1725
- });
1726
- jQuery('#mo2f_kbaquestion_2').change(function(){
1727
- list = 2;
1728
- var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1729
- //if an element is currently hidden, unhide it
1730
- if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1731
- mo_option_to_hide1.style.display = 'block';
1732
- } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1733
- mo_option_to_hide2.style.display = 'block';
1734
- }
1735
- //select the element to hide and then hide it
1736
- if (list == 2) {
1737
- if (list_selected != 0) {
1738
- mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
1739
- mo_option_to_hide1.style.display = 'none';
1740
- }
1741
- }
1742
- });
1743
-
1744
- }
1745
- });
1746
-
1747
-
1748
- }
1749
- else if(selected_2FA_method == 'OTP Over SMS')
1750
- {
1751
- jQuery('#mo2f-setup-settings-error-loading-area2').css('display','block');
1752
- }
1753
-
1754
-
1755
- });
1756
- jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
1757
-
1758
-
1759
- localStorage.setItem("last_tab", 'setup_2fa');
1760
- var selectedMethod = jQuery(this).val();
1761
- var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1762
- var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-select-method-setup-wizard' )); ?>";
1763
-
1764
- if(selectedMethod == 'Duo Authenticator' || selectedMethod =='OTP Over Telegram')
1765
- {
1766
- var data= { 'action':'mo_two_factor_ajax',
1767
- 'mo_2f_two_factor_ajax' : 'select_method_setup_wizard',
1768
- 'mo2f_method': selectedMethod,
1769
- 'nonce': nonce };
1770
-
1771
- jQuery.post(ajax_url, data, function(response){
1772
- window.location.href = '<?php echo esc_url(admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1773
- });
1774
- }
1775
-
1776
- });
1777
-
1778
- jQuery('a[href="#skiptwofactor"]').click(function(e){
1779
- localStorage.setItem("last_tab", 'setup_2fa');
1780
- window.location.href = '<?php echo esc_url(admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1781
- });
1782
-
1783
-
1784
- </script>
1785
- <?php
1786
- }
1787
-
1788
- /**
1789
- * Attempt to catch the js error preventing the Vue app from loading and displaying that message for better support.
1790
- *
1791
- * @since 2.6.0
1792
- */
1793
- private function settings_inline_js() {
1794
- ?>
1795
- <script type="text/javascript">
1796
- window.onerror = function myErrorHandler( errorMsg, url, lineNumber ) {
1797
- /* Don't try to put error in container that no longer exists post-vue loading */
1798
- var message_container = document.getElementById( 'mo2f-setup-nojs-error-message' );
1799
- if ( ! message_container ) {
1800
- return false;
1801
- }
1802
- var message = document.getElementById( 'mo2f-setup-alert-message' );
1803
- message.innerHTML = errorMsg;
1804
- message_container.style.display = 'block';
1805
- return false;
1806
- }
1807
- </script>
1808
- <?php
1809
- }
1810
-
1811
-
1812
- public function setup_wizard_content() {
1813
- $admin_url = is_network_admin() ? network_admin_url() : admin_url();
1814
-
1815
- $this->settings_error_page( 'mo2f-setup-vue-setup-wizard', '<a href="' . esc_url($admin_url).'admin.php?page=mo_2fa_two_fa">' . esc_html__( 'Go back to the Dashboard', 'mo2f-setup' ) . '</a>' );
1816
- $this->settings_inline_js();
1817
- }
1818
-
1819
- /**
1820
- * Outputs the simplified footer used for the Setup Wizard.
1821
- *
1822
- * @since 2.6.0
1823
- */
1824
- public function setup_wizard_footer() {
1825
- ?>
1826
- <?php wp_print_scripts( 'mo2f-setup-vue-script' ); ?>
1827
- </body>
1828
- </html>
1829
- <?php
1830
- }
1831
-
1832
-
1833
- function miniorange_auth_save_settings() {
1834
- if (get_site_option('mo2f_plugin_redirect')) {
1835
- delete_site_option('mo2f_plugin_redirect');
1836
-
1837
- do_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', $this );
1838
- wp_enqueue_script('jquery');
1839
- wp_enqueue_script('wp-mo2f-setup-wizard',plugins_url( 'includes/js/setup-wizard-2fa.js', dirname(dirname(__FILE__))));
1840
-
1841
- wp_localize_script(
1842
- 'wp-mo2f-setup-wizard',
1843
- 'mo2f_setup_wizard',[
1844
- 'ajax_url' => admin_url( 'admin-ajax.php' ),
1845
- 'plugin_url' => get_site_option('siteurl'),
1846
- 'nonce' => wp_create_nonce( 'mo2f-setup-wizard-nonce' )]
1847
- );
1848
- $this->setup_wizard_header();
1849
- $this->setup_wizard_content();
1850
- $this->setup_wizard_footer();
1851
- exit;
1852
- }
1853
- if ( array_key_exists( 'page', $_REQUEST ) && $_REQUEST['page'] == 'mo_2fa_two_fa' ) {
1854
- if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1855
- if(session_status() != PHP_SESSION_DISABLED )
1856
- session_start();
1857
- }
1858
- }
1859
-
1860
- global $user;
1861
- global $Mo2fdbQueries;
1862
- $defaultCustomerKey = $this->defaultCustomerKey;
1863
- $defaultApiKey = $this->defaultApiKey;
1864
-
1865
- $user = wp_get_current_user();
1866
- $user_id = $user->ID;
1867
-
1868
- if ( current_user_can( 'manage_options' ) ) {
1869
-
1870
- if(strlen(get_option('mo2f_encryption_key'))>17){
1871
- $get_encryption_key = MO2f_Utility::random_str(16);
1872
- update_option('mo2f_encryption_key',$get_encryption_key);
1873
- }
1874
-
1875
- if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_deactivate_account" ) {
1876
- $nonce = $_POST['mo_auth_deactivate_account_nonce'];
1877
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-deactivate-account-nonce' ) ) {
1878
- $error = new WP_Error();
1879
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1880
-
1881
- return $error;
1882
- } else {
1883
- $url = admin_url( 'plugins.php' );
1884
- wp_redirect( $url );
1885
- }
1886
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_remove_account" ) {
1887
- $nonce = $_POST['mo_auth_remove_account_nonce'];
1888
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-remove-account-nonce' ) ) {
1889
- $error = new WP_Error();
1890
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1891
- return $error;
1892
- } else {
1893
- update_option( 'mo2f_register_with_another_email', 1 );
1894
- $this->mo_auth_deactivate();
1895
- }
1896
- }else if(isset($_POST['option']) and sanitize_text_field($_POST['option']) == 'mo2f_skiplogin'){
1897
- $nonce = $_POST['mo2f_skiplogin_nonce'];
1898
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skiplogin-failed-nonce' ) ) {
1899
- $error = new WP_Error();
1900
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1901
- return $error;
1902
- } else {
1903
- update_option('mo2f_tour_started',2);
1904
- }
1905
- }else if(isset($_POST['option']) and sanitize_text_field($_POST['option']) == 'mo2f_userlogout'){
1906
- $nonce = $_POST['mo2f_userlogout_nonce'];
1907
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-userlogout-failed-nonce' ) ) {
1908
- $error = new WP_Error();
1909
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1910
- return $error;
1911
- } else {
1912
- update_option('mo2f_tour_started',2);
1913
- wp_logout();
1914
- wp_redirect(admin_url());
1915
- }
1916
- }else if(isset($_POST['option']) and sanitize_text_field($_POST['option']) == 'restart_plugin_tour'){
1917
- $nonce = $_POST['_wpnonce'];
1918
- if ( ! wp_verify_nonce( $nonce, 'restart_plugin_tour' ) ) {
1919
- $error = new WP_Error();
1920
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1921
- return $error;
1922
- } else {
1923
- $page = isset($_POST['page'])? $_POST['page'] : '';
1924
- $page = sanitize_text_field($page);
1925
- update_option('mo2f_two_factor_tour',0);
1926
- update_option('mo2f_tour_firewall',0);
1927
- update_option('mo2f_tour_loginSpam',0);
1928
- update_option('mo2f_tour_backup',0);
1929
- update_option('mo2f_tour_malware_scan',0);
1930
- update_option('mo2f_tour_advance_blocking',0);
1931
- switch ($_REQUEST['page']) {
1932
- case 'mo_2fa_two_fa':
1933
- update_option('mo2f_two_factor_tour',1);
1934
- break;
1935
- case 'mo_2fa_waf':
1936
- update_option('mo2f_tour_firewall',1);
1937
- break;
1938
- case 'mo_2fa_login_and_spam':
1939
- update_option('mo2f_tour_loginSpam',1);
1940
- break;
1941
- case 'mo_2fa_backup':
1942
- update_option('mo2f_tour_backup',1);
1943
- break;
1944
- case 'mo_2fa_malwarescan':
1945
- update_option('mo2f_tour_malware_scan',1);
1946
- break;
1947
- case 'mo_2fa_advancedblocking':
1948
- update_option('mo2f_tour_advance_blocking',1);
1949
- break;
1950
- }
1951
- if($page != '')
1952
- {
1953
- $url = get_option('siteurl').'/wp-admin/admin.php?page='.$page;
1954
- wp_redirect($url);
1955
- exit;
1956
- }
1957
- $redirect=explode('&',htmlentities($_SERVER['REQUEST_URI']))[0];
1958
- header("Location: ".$redirect);
1959
- return;
1960
- }
1961
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo2f_save_proxy_settings" ) {
1962
- $nonce = $_POST['mo2f_save_proxy_settings_nonce'];
1963
- if ( ! wp_verify_nonce( $nonce, 'mo2f-save-proxy-settings-nonce' ) ) {
1964
- $error = new WP_Error();
1965
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1966
- return $error;
1967
- } else {
1968
- $proxyHost = sanitize_text_field($_POST['proxyHost']);
1969
- $portNumber = sanitize_text_field($_POST['portNumber']);
1970
- $proxyUsername = sanitize_text_field($_POST['proxyUsername']);
1971
- $proxyPassword = sanitize_text_field($_POST['proxyPass']);
1972
-
1973
- update_option( 'mo2f_proxy_host', $proxyHost );
1974
- update_option( 'mo2f_port_number', $portNumber );
1975
- update_option( 'mo2f_proxy_username', $proxyUsername );
1976
- update_option( 'mo2f_proxy_password', $proxyPassword );
1977
- update_option( 'mo2f_message', 'Proxy settings saved successfully.' );
1978
- $this->mo_auth_show_success_message();
1979
- }
1980
-
1981
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_register_customer" ) { //register the admin to miniOrange
1982
- //miniorange_register_customer_nonce
1983
- $nonce = $_POST['miniorange_register_customer_nonce'];
1984
- if ( ! wp_verify_nonce( $nonce, 'miniorange-register-customer-nonce' ) ) {
1985
- $error = new WP_Error();
1986
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1987
-
1988
- return $error;
1989
- } else {
1990
- //validate and sanitize
1991
- $email = '';
1992
- $password = '';
1993
- $confirmPassword = '';
1994
- $is_registration = get_user_meta( $user->ID, 'mo2f_email_otp_count', true );
1995
-
1996
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['confirmPassword'] ) ) {
1997
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
1998
-
1999
- return;
2000
- } else if ( strlen( $_POST['password'] ) < 6 || strlen( $_POST['confirmPassword'] ) < 6 ) {
2001
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "MIN_PASS_LENGTH" ) );
2002
-
2003
- } else {
2004
- $email = sanitize_email( $_POST['email'] );
2005
- $password = sanitize_text_field( $_POST['password'] );
2006
- $confirmPassword = sanitize_text_field( $_POST['confirmPassword'] );
2007
-
2008
- $email = strtolower( $email );
2009
-
2010
- $pattern = '/^[(\w)*(\!\@\#\$\%\^\&\*\.\-\_)*]+$/';
2011
-
2012
- if(preg_match($pattern,$password)){
2013
- if ( strcmp( $password, $confirmPassword ) == 0 ) {
2014
- update_option( 'mo2f_email', $email );
2015
-
2016
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2017
- update_option( 'mo2f_password', stripslashes( $password ) );
2018
- $customer = new Customer_Setup();
2019
- $customerKey = json_decode( $customer->check_customer(), true );
2020
-
2021
- if ( strcasecmp( $customerKey['status'], 'CUSTOMER_NOT_FOUND' ) == 0 ) {
2022
- if ( $customerKey['status'] == 'ERROR' ) {
2023
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $customerKey['message'] ) );
2024
- } else {
2025
- $this->mo2f_create_customer( $user );
2026
- delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2027
- delete_user_meta( $user->ID, 'register_account_popup' );
2028
- if(get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure'))
2029
- update_user_meta( $user->ID, 'configure_2FA', 1 );
2030
-
2031
- }
2032
- } else { //customer already exists, redirect him to login page
2033
-
2034
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_ALREADY_EXISTS" ) );
2035
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
2036
-
2037
- }
2038
-
2039
- } else {
2040
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PASSWORDS_MISMATCH" ) );
2041
- $this->mo_auth_show_error_message();
2042
- }
2043
- }
2044
- else{
2045
- update_option( 'mo2f_message', "Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*-_) should be present." );
2046
- $this->mo_auth_show_error_message();
2047
- }
2048
- }
2049
- }
2050
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_verify_customer" ) { //register the admin to miniOrange if already exist
2051
-
2052
- $nonce = $_POST['miniorange_verify_customer_nonce'];
2053
-
2054
- if ( ! wp_verify_nonce( $nonce, 'miniorange-verify-customer-nonce' ) ) {
2055
- $error = new WP_Error();
2056
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2057
-
2058
- return $error;
2059
- } else {
2060
-
2061
- //validation and sanitization
2062
- $email = '';
2063
- $password = '';
2064
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2065
-
2066
-
2067
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) ) {
2068
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2069
- $this->mo_auth_show_error_message();
2070
-
2071
- return;
2072
- } else {
2073
- $email = sanitize_email( $_POST['email'] );
2074
- $password = sanitize_text_field( $_POST['password'] );
2075
- }
2076
-
2077
- update_option( 'mo2f_email', $email );
2078
- update_option( 'mo2f_password', stripslashes( $password ) );
2079
- $customer = new Customer_Setup();
2080
- $content = $customer->get_customer_key();
2081
- $customerKey = json_decode( $content, true );
2082
-
2083
- if ( json_last_error() == JSON_ERROR_NONE ) {
2084
- if ( is_array( $customerKey ) && array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
2085
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
2086
- $this->mo_auth_show_error_message();
2087
- } else if ( is_array( $customerKey ) ) {
2088
- if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
2089
- update_option( 'mo2f_customerKey', $customerKey['id'] );
2090
- update_option( 'mo2f_api_key', $customerKey['apiKey'] );
2091
- update_option( 'mo2f_customer_token', $customerKey['token'] );
2092
- update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
2093
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
2094
- update_option( 'mo2f_miniorange_admin', $user->ID );
2095
-
2096
- $mo2f_emailVerification_config_status = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ? true : false;
2097
-
2098
- delete_option( 'mo2f_password' );
2099
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
2100
-
2101
- $Mo2fdbQueries->update_user_details( $user->ID, array(
2102
- 'mo2f_EmailVerification_config_status' => $mo2f_emailVerification_config_status,
2103
- 'mo2f_user_email' => get_option( 'mo2f_email' ),
2104
- 'user_registration_with_miniorange' => 'SUCCESS',
2105
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
2106
- 'mo2f_2factor_enable_2fa_byusers' => 1,
2107
- ) );
2108
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
2109
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2110
- $configured_2FA_method = 'NONE';
2111
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2112
- $enduser = new Two_Factor_Setup();
2113
- $userinfo = json_decode( $enduser->mo2f_get_userinfo( $user_email ), true );
2114
-
2115
- $mo2f_second_factor = 'NONE';
2116
- if ( json_last_error() == JSON_ERROR_NONE ) {
2117
- if ( $userinfo['status'] == 'SUCCESS' ) {
2118
- $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
2119
-
2120
- }
2121
- }
2122
- if ( $mo2f_second_factor != 'NONE' ) {
2123
- $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
2124
-
2125
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
2126
-
2127
- $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
2128
- $Mo2fdbQueries->update_user_details( $user->ID, array(
2129
- 'mo2f_configured_2FA_method' => $configured_2FA_method,
2130
- 'mo2f_' . $auth_method_abr . '_config_status' => true
2131
- ) );
2132
-
2133
- } else {
2134
- if ( in_array( $configured_2FA_method, array(
2135
- 'Email Verification',
2136
- 'Authy Authenticator',
2137
- 'OTP over SMS'
2138
- ) ) ) {
2139
- $enduser->mo2f_update_userinfo( $user_email, 'NONE', null, '', true );
2140
- }
2141
- }
2142
-
2143
-
2144
- }
2145
-
2146
- $mo2f_message = Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" );
2147
- if ( $configured_2FA_method != 'NONE' && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
2148
- $mo2f_message .= ' <b>' . $configured_2FA_method . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . '.';
2149
- }
2150
- $mo2f_message .= ' ' . '<a href=\"admin.php?page=mo_2fa_two_fa\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" );
2151
-
2152
- delete_user_meta( $user->ID, 'register_account_popup' );
2153
-
2154
- $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
2155
- if ( ! empty( $mo2f_customer_selected_plan ) ) {
2156
- delete_option( 'mo2f_customer_selected_plan' );
2157
- header( 'Location: admin.php?page=mo_2fa_upgrade' );
2158
- } else if ( $mo2f_second_factor == 'NONE' ) {
2159
- update_user_meta( $user->ID, 'configure_2FA', 1 );
2160
- }
2161
-
2162
- update_option( 'mo2f_message', $mo2f_message );
2163
- $this->mo_auth_show_success_message();
2164
- } else {
2165
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
2166
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
2167
- update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
2168
- $this->mo_auth_show_error_message();
2169
- }
2170
-
2171
- }
2172
- } else {
2173
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
2174
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
2175
- update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
2176
- $this->mo_auth_show_error_message();
2177
- }
2178
-
2179
- delete_option( 'mo2f_password' );
2180
- }
2181
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo_2factor_phone_verification' ) { //at registration time
2182
- $phone = sanitize_text_field( $_POST['phone_number'] );
2183
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $phone ) );
2184
-
2185
- $phone = str_replace( ' ', '', $phone );
2186
- $auth_type = 'SMS';
2187
- $customer = new Customer_Setup();
2188
-
2189
- $send_otp_response = json_decode( $customer->send_otp_token( $phone, $auth_type, $defaultCustomerKey, $defaultApiKey ), true );
2190
-
2191
- if ( strcasecmp( $send_otp_response['status'], 'SUCCESS' ) == 0 ) {
2192
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2193
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2194
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $send_otp_response['txId'] );
2195
-
2196
- if ( get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) ) {
2197
- update_option( 'mo2f_message', 'Another One Time Passcode has been sent <b>( ' . get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) . ' )</b> for verification to ' . $phone );
2198
- update_user_meta( $user->ID, 'mo2f_sms_otp_count', get_user_meta( $user->ID, 'mo2f_sms_otp_count', true ) + 1 );
2199
- } else {
2200
- update_option( 'mo2f_message', 'One Time Passcode has been sent for verification to ' . $phone );
2201
- update_user_meta( $user->ID, 'mo2f_sms_otp_count', 1 );
2202
- }
2203
-
2204
- $this->mo_auth_show_success_message();
2205
- } else {
2206
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SENDING_SMS" ) );
2207
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2208
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2209
- $this->mo_auth_show_error_message();
2210
- }
2211
-
2212
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_2factor_resend_otp" ) { //resend OTP over email for admin
2213
-
2214
- $nonce = $_POST['mo_2factor_resend_otp_nonce'];
2215
-
2216
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-otp-nonce' ) ) {
2217
- $error = new WP_Error();
2218
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2219
-
2220
- return $error;
2221
- } else {
2222
- $customer = new Customer_Setup();
2223
- $content = json_decode( $customer->send_otp_token( get_option( 'mo2f_email' ), 'EMAIL', $defaultCustomerKey, $defaultApiKey ), true );
2224
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2225
- if ( get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) ) {
2226
- update_user_meta( $user->ID, 'mo2f_email_otp_count', get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) + 1 );
2227
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "RESENT_OTP" ) . ' <b>( ' . get_user_meta( $user->ID, 'mo2f_email_otp_count', true ) . ' )</b> to <b>' . ( get_option( 'mo2f_email' ) ) . '</b> ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2228
- } else {
2229
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . '<b> ' . ( get_option( 'mo2f_email' ) ) . ' </b>' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2230
- update_user_meta( $user->ID, 'mo2f_email_otp_count', 1 );
2231
- }
2232
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2233
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2234
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2235
- $this->mo_auth_show_success_message();
2236
- } else {
2237
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
2238
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2239
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2240
- $this->mo_auth_show_error_message();
2241
- }
2242
- }
2243
-
2244
-
2245
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo2f_dismiss_notice_option" ) {
2246
- update_option( 'mo2f_bug_fix_done', 1 );
2247
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_2factor_validate_otp" ) { //validate OTP over email for admin
2248
-
2249
- $nonce = $_POST['mo_2factor_validate_otp_nonce'];
2250
-
2251
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-otp-nonce' ) ) {
2252
- $error = new WP_Error();
2253
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2254
-
2255
- return $error;
2256
- } else {
2257
- //validation and sanitization
2258
- $otp_token = '';
2259
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2260
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2261
- $this->mo_auth_show_error_message();
2262
-
2263
- return;
2264
- } else {
2265
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2266
- }
2267
-
2268
- $customer = new Customer_Setup();
2269
-
2270
- $transactionId = get_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', true );
2271
-
2272
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', null, $transactionId, $otp_token, $defaultCustomerKey, $defaultApiKey ), true );
2273
-
2274
- if ( $content['status'] == 'ERROR' ) {
2275
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2276
-
2277
- } else {
2278
-
2279
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
2280
- $this->mo2f_create_customer( $user );
2281
- delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2282
- delete_user_meta( $user->ID, 'register_account_popup' );
2283
- update_user_meta( $user->ID, 'configure_2FA', 1 );
2284
- } else { // OTP Validation failed.
2285
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2286
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_OTP_DELIVERED_FAILURE' ) );
2287
-
2288
- }
2289
- }
2290
- }
2291
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_2factor_validate_user_otp" ) { //validate OTP over email for additional admin
2292
-
2293
- //validation and sanitization
2294
- $nonce = $_POST['mo_2factor_validate_user_otp_nonce'];
2295
-
2296
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-validate-user-otp-nonce' ) ) {
2297
- $error = new WP_Error();
2298
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2299
-
2300
- return $error;
2301
- } else {
2302
- $otp_token = '';
2303
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2304
- update_option( 'mo2f_message', 'All the fields are required. Please enter valid entries.' );
2305
- $this->mo_auth_show_error_message();
2306
-
2307
- return;
2308
- } else {
2309
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2310
- }
2311
-
2312
- $user_email = get_user_meta( $user->ID, 'user_email', true );
2313
-
2314
- $customer = new Customer_Setup();
2315
- $mo2f_transactionId = isset( $_SESSION['mo2f_transactionId'] ) && ! empty( $_SESSION['mo2f_transactionId'] ) ? $_SESSION['mo2f_transactionId'] : get_option( 'mo2f_transactionId' );
2316
-
2317
- $content = json_decode( $customer->validate_otp_token( 'EMAIL', '', $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2318
-
2319
- if ( $content['status'] == 'ERROR' ) {
2320
- update_option( 'mo2f_message', $content['message'] );
2321
- $this->mo_auth_show_error_message();
2322
- } else {
2323
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated and generate QRCode
2324
- $this->mo2f_create_user( $user, $user_email );
2325
- delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2326
- } else {
2327
- update_option( 'mo2f_message', 'Invalid OTP. Please try again.' );
2328
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_OTP_DELIVERED_FAILURE' ) );
2329
- $this->mo_auth_show_error_message();
2330
- }
2331
- }
2332
-
2333
- }
2334
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_2factor_send_query" ) { //Help me or support
2335
- $nonce = $_POST['mo_2factor_send_query_nonce'];
2336
-
2337
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-send-query-nonce' ) ) {
2338
- $error = new WP_Error();
2339
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2340
-
2341
- return $error;
2342
- } else {
2343
-
2344
- $query = '';
2345
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['EMAIL_MANDATORY'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['query'] ) ) {
2346
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_MANDATORY" ) );
2347
- $this->mo_auth_show_error_message();
2348
-
2349
- return;
2350
- } else {
2351
- $query = sanitize_text_field( $_POST['query'] );
2352
- $email = sanitize_text_field( $_POST['EMAIL_MANDATORY'] );
2353
- $phone = sanitize_text_field( $_POST['query_phone'] );
2354
- $contact_us = new Customer_Setup();
2355
- $submited = json_decode( $contact_us->submit_contact_us( $email, $phone, $query ), true );
2356
- if ( json_last_error() == JSON_ERROR_NONE ) {
2357
- if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) {
2358
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $submited['message'] ) );
2359
- $this->mo_auth_show_error_message();
2360
- } else {
2361
- if ( $submited == false ) {
2362
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SUBMITTING_QUERY" ) );
2363
- $this->mo_auth_show_error_message();
2364
- } else {
2365
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "QUERY_SUBMITTED_SUCCESSFULLY" ) );
2366
- $this->mo_auth_show_success_message();
2367
- }
2368
- }
2369
- }
2370
-
2371
- }
2372
- }
2373
- }
2374
-
2375
- else if(isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'woocommerce_disable_login_prompt' ){
2376
- if(isset($_POST['woocommerce_login_prompt'])){
2377
- update_site_option('mo2f_woocommerce_login_prompt' , true);
2378
- }
2379
- else{
2380
- update_site_option('mo2f_woocommerce_login_prompt' , false);
2381
- }
2382
- }
2383
-
2384
- else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo_auth_advanced_options_save' ) {
2385
- update_option( 'mo2f_message', 'Your settings are saved successfully.' );
2386
- $this->mo_auth_show_success_message();
2387
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo_auth_login_settings_save' ) {
2388
- $nonce = $_POST['mo_auth_login_settings_save_nonce'];
2389
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-login-settings-save-nonce' ) ) {
2390
- $error = new WP_Error();
2391
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2392
- return $error;
2393
- } else {
2394
- $mo_2factor_user_registration_status = $Mo2fdbQueries->get_user_detail( 'mo_2factor_user_registration_status', $user->ID );
2395
- if ( $mo_2factor_user_registration_status == 'MO_2_FACTOR_PLUGIN_SETTINGS' or MO2F_IS_ONPREM ) {
2396
-
2397
- if($_POST['mo2f_login_option'] == 0 && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option')){
2398
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "LOGIN_WITH_2ND_FACTOR" ) );
2399
- $this->mo_auth_show_error_message();
2400
- }else{
2401
- update_option( 'mo2f_login_option', isset( $_POST['mo2f_login_option'] ) ? $_POST['mo2f_login_option'] : 0 );
2402
- update_option( 'mo2f_remember_device', isset( $_POST['mo2f_remember_device'] ) ? $_POST['mo2f_remember_device'] : 0 );
2403
- if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') == 0 ) {
2404
- update_option( 'mo2f_remember_device', 0 );
2405
- }
2406
- if(isset($_POST['mo2f_enable_login_with_2nd_factor']))
2407
- {
2408
- update_option('mo2f_login_option',1);
2409
- }
2410
- update_option( 'mo2f_enable_forgotphone', isset( $_POST['mo2f_forgotphone'] ) ? $_POST['mo2f_forgotphone'] : 0 );
2411
- update_option( 'mo2f_enable_login_with_2nd_factor', isset( $_POST['mo2f_login_with_username_and_2factor'] ) ? $_POST['mo2f_login_with_username_and_2factor'] : 0 );
2412
- update_option( 'mo2f_enable_xmlrpc', isset( $_POST['mo2f_enable_xmlrpc'] ) ? $_POST['mo2f_enable_xmlrpc'] : 0 );
2413
- if ( get_option( 'mo2f_remember_device' ) && ! get_option( 'mo2f_app_secret' ) ) {
2414
- $get_app_secret = new Miniorange_Rba_Attributes();
2415
- $rba_response = json_decode( $get_app_secret->mo2f_get_app_secret(), true ); //fetch app secret
2416
- if ( json_last_error() == JSON_ERROR_NONE ) {
2417
- if ( $rba_response['status'] == 'SUCCESS' ) {
2418
- update_option( 'mo2f_app_secret', $rba_response['appSecret'] );
2419
- } else {
2420
- update_option( 'mo2f_remember_device', 0 );
2421
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_SETTINGS" ) );
2422
- $this->mo_auth_show_error_message();
2423
- }
2424
- } else {
2425
- update_option( 'mo2f_remember_device', 0 );
2426
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_SETTINGS" ) );
2427
- $this->mo_auth_show_error_message();
2428
- }
2429
- }
2430
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "SETTINGS_SAVED" ) );
2431
- $this->mo_auth_show_success_message();
2432
- }
2433
-
2434
- } else {
2435
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQUEST" ) );
2436
- $this->mo_auth_show_error_message();
2437
- }
2438
- }
2439
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_sync_sms_transactions" ) {
2440
- $customer = new Customer_Setup();
2441
- $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
2442
- if ( ! array_key_exists( 'smsRemaining', $content ) ) {
2443
- $smsRemaining = 0;
2444
- } else {
2445
- $smsRemaining = $content['smsRemaining'];
2446
- if ( $smsRemaining == null ) {
2447
- $smsRemaining = 0;
2448
- }
2449
- }
2450
- update_option( 'mo2f_number_of_transactions', $smsRemaining );
2451
- }
2452
-
2453
-
2454
- }
2455
-
2456
- if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_fix_database_error' ) {
2457
- $nonce = $_POST['mo2f_fix_database_error_nonce'];
2458
-
2459
- if ( ! wp_verify_nonce( $nonce, 'mo2f-fix-database-error-nonce' ) ) {
2460
- $error = new WP_Error();
2461
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2462
-
2463
- return $error;
2464
- } else {
2465
- global $Mo2fdbQueries;
2466
-
2467
- $Mo2fdbQueries->database_table_issue();
2468
-
2469
- }
2470
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_registration_closed' ) {
2471
- $nonce = $_POST['mo2f_registration_closed_nonce'];
2472
- if ( ! wp_verify_nonce( $nonce, 'mo2f-registration-closed-nonce' ) ) {
2473
- $error = new WP_Error();
2474
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2475
- return $error;
2476
- } else {
2477
- delete_user_meta( $user->ID, 'register_account_popup' );
2478
- $mo2f_message = 'Please set up the second-factor by clicking on Configure button.';
2479
- update_option( 'mo2f_message', $mo2f_message );
2480
- $this->mo_auth_show_success_message();
2481
- }
2482
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo2f_goto_verifycustomer" ) {
2483
- $nonce = $_POST['mo2f_goto_verifycustomer_nonce'];
2484
- if ( ! wp_verify_nonce( $nonce, 'mo2f-goto-verifycustomer-nonce' ) ) {
2485
- $error = new WP_Error();
2486
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2487
- return $error;
2488
- } else {
2489
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2490
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_YOUR_EMAIL_PASSWORD" ) );
2491
- update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
2492
- }
2493
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo_2factor_gobackto_registration_page' ) { //back to registration page for admin
2494
- $nonce = $_POST['mo_2factor_gobackto_registration_page_nonce'];
2495
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-gobackto-registration-page-nonce' ) ) {
2496
- $error = new WP_Error();
2497
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2498
- return $error;
2499
- } else {
2500
- delete_option( 'mo2f_email' );
2501
- delete_option( 'mo2f_password' );
2502
- update_option( 'mo2f_message', "" );
2503
-
2504
- MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
2505
- delete_option( 'mo2f_transactionId' );
2506
- delete_user_meta( $user->ID, 'mo2f_sms_otp_count' );
2507
- delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
2508
- delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
2509
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'REGISTRATION_STARTED' ) );
2510
- }
2511
-
2512
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_skip_feedback' ) {
2513
-
2514
- $nonce = $_POST['mo2f_skip_feedback_nonce'];
2515
-
2516
- if ( ! wp_verify_nonce( $nonce, 'mo2f-skip-feedback-nonce' ) ) {
2517
- $error = new WP_Error();
2518
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2519
-
2520
- return $error;
2521
- } else {
2522
- deactivate_plugins( '/miniorange-2-factor-authentication/miniorange_2_factor_settings.php' );
2523
- }
2524
-
2525
- }else if ( isset( $_POST['mo2f_feedback'] ) and $_POST['mo2f_feedback'] == 'mo2f_feedback' ) {
2526
-
2527
- $nonce = $_POST['mo2f_feedback_nonce'];
2528
-
2529
- if ( ! wp_verify_nonce( $nonce, 'mo2f-feedback-nonce' ) ) {
2530
- $error = new WP_Error();
2531
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2532
-
2533
- return $error;
2534
- } else {
2535
- $reasons_not_to_worry_about = array( "Upgrading to Standard / Premium", "Temporary deactivation - Testing" );
2536
-
2537
- $message = 'Plugin Deactivated:';
2538
-
2539
- if ( isset( $_POST['deactivate_plugin'] ) ) {
2540
- if ( $_POST['query_feedback'] == '' and $_POST['deactivate_plugin'] == 'Other Reasons:' ) {
2541
- // feedback add
2542
- update_option( 'mo2f_message', 'Please let us know the reason for deactivation so that we improve the user experience.' );
2543
- } else {
2544
-
2545
- if ( ! in_array( $_POST['deactivate_plugin'], $reasons_not_to_worry_about ) ) {
2546
-
2547
- $message .= sanitize_text_field($_POST['deactivate_plugin']);
2548
-
2549
- if ( $_POST['query_feedback'] != '' ) {
2550
- $message .= ':' . sanitize_text_field($_POST['query_feedback']);
2551
- }
2552
-
2553
-
2554
- if($_POST['deactivate_plugin'] == "Conflicts with other plugins"){
2555
- $plugin_selected = $_POST['plugin_selected'];
2556
- $plugin = MO2f_Utility::get_plugin_name_by_identifier($plugin_selected);
2557
-
2558
- $message .= ", Plugin selected - " . $plugin . ".";
2559
- }
2560
-
2561
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2562
- if ( $email == '' ) {
2563
- $email = $user->user_email;
2564
- }
2565
-
2566
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );;
2567
-
2568
- $contact_us = new Customer_Setup();
2569
- $submited = json_decode( $contact_us->send_email_alert( $email, $phone, $message ), true );
2570
-
2571
- if ( json_last_error() == JSON_ERROR_NONE ) {
2572
- if ( is_array( $submited ) && array_key_exists( 'status', $submited ) && $submited['status'] == 'ERROR' ) {
2573
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $submited['message'] ) );
2574
- $this->mo_auth_show_error_message();
2575
- } else {
2576
- if ( $submited == false ) {
2577
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SUBMITTING_QUERY" ) );
2578
- $this->mo_auth_show_error_message();
2579
- } else {
2580
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "QUERY_SUBMITTED_SUCCESSFULLY" ) );
2581
- $this->mo_auth_show_success_message();
2582
- }
2583
- }
2584
- }
2585
- }
2586
-
2587
- deactivate_plugins( '/miniorange-2-factor-authentication/miniorange_2_factor_settings.php' );
2588
-
2589
- }
2590
-
2591
- } else {
2592
- update_option( 'mo2f_message', 'Please Select one of the reasons if your reason isnot mention please select Other Reasons' );
2593
-
2594
- }
2595
- }
2596
-
2597
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_2factor_resend_user_otp" ) { //resend OTP over email for additional admin and non-admin user
2598
-
2599
- $nonce = $_POST['mo_2factor_resend_user_otp_nonce'];
2600
-
2601
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-resend-user-otp-nonce' ) ) {
2602
- $error = new WP_Error();
2603
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2604
-
2605
- return $error;
2606
- } else {
2607
- $customer = new Customer_Setup();
2608
- $content = json_decode( $customer->send_otp_token( get_user_meta( $user->ID, 'user_email', true ), 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2609
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2610
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( get_user_meta( $user->ID, 'user_email', true ) ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2611
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2612
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2613
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2614
- $this->mo_auth_show_success_message();
2615
- } else {
2616
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_EMAIL" ) );
2617
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2618
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2619
- $this->mo_auth_show_error_message();
2620
-
2621
- }
2622
- }
2623
-
2624
- }else if ( isset( $_POST['option'] ) and ( $_POST['option'] == "mo2f_configure_miniorange_authenticator_validate" || $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete' ) ) { //mobile registration successfully complete for all users
2625
-
2626
- $nonce = $_POST['mo2f_configure_miniorange_authenticator_validate_nonce'];
2627
-
2628
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-miniorange-authenticator-validate-nonce' ) ) {
2629
- $error = new WP_Error();
2630
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2631
-
2632
- return $error;
2633
- } else {
2634
- delete_option( 'mo2f_transactionId' );
2635
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
2636
- MO2f_Utility::unset_session_variables( $session_variables );
2637
-
2638
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2639
- $TwoFA_method_to_configure = sanitize_text_field($_POST['mo2f_method']);
2640
- $enduser = new Two_Factor_Setup();
2641
- $current_method = MO2f_Utility::mo2f_decode_2_factor( $TwoFA_method_to_configure, "server" );
2642
-
2643
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, null, null, null ), true );
2644
-
2645
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
2646
- if ( $response['status'] == 'ERROR' ) {
2647
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
2648
-
2649
- $this->mo_auth_show_error_message();
2650
-
2651
-
2652
- } else if ( $response['status'] == 'SUCCESS' ) {
2653
-
2654
- $selectedMethod = $TwoFA_method_to_configure;
2655
-
2656
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
2657
-
2658
-
2659
- $Mo2fdbQueries->update_user_details( $user->ID, array(
2660
- 'mo2f_configured_2FA_method' => $selectedMethod,
2661
- 'mobile_registration_status' => true,
2662
- 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
2663
- 'mo2f_miniOrangeSoftToken_config_status' => true,
2664
- 'mo2f_miniOrangePushNotification_config_status' => true,
2665
- 'user_registration_with_miniorange' => 'SUCCESS',
2666
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
2667
- ) );
2668
-
2669
- delete_user_meta( $user->ID, 'configure_2FA' );
2670
- //update_user_meta( $user->ID, 'currentMethod' , $selectedMethod);
2671
- mo2f_display_test_2fa_notification($user);
2672
-
2673
- } else {
2674
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
2675
- $this->mo_auth_show_error_message();
2676
- }
2677
-
2678
- } else {
2679
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2680
- $this->mo_auth_show_error_message();
2681
- }
2682
- }
2683
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_mobile_authenticate_success' ) { // mobile registration for all users(common)
2684
-
2685
- $nonce = $_POST['mo2f_mobile_authenticate_success_nonce'];
2686
-
2687
- if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-success-nonce' ) ) {
2688
- $error = new WP_Error();
2689
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2690
-
2691
- return $error;
2692
- } else {
2693
-
2694
- if ( current_user_can( 'manage_options' ) ) {
2695
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2696
- } else {
2697
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2698
- }
2699
-
2700
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
2701
- MO2f_Utility::unset_session_variables( $session_variables );
2702
-
2703
- delete_user_meta( $user->ID, 'test_2FA' );
2704
- $this->mo_auth_show_success_message();
2705
- }
2706
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_mobile_authenticate_error' ) { //mobile registration failed for all users(common)
2707
- $nonce = $_POST['mo2f_mobile_authenticate_error_nonce'];
2708
-
2709
- if ( ! wp_verify_nonce( $nonce, 'mo2f-mobile-authenticate-error-nonce' ) ) {
2710
- $error = new WP_Error();
2711
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2712
-
2713
- return $error;
2714
- } else {
2715
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "AUTHENTICATION_FAILED" ) );
2716
- MO2f_Utility::unset_session_variables( 'mo2f_show_qr_code' );
2717
- $this->mo_auth_show_error_message();
2718
- }
2719
-
2720
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_setting_configuration" ) // redirect to setings page
2721
- {
2722
-
2723
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS' ) );
2724
-
2725
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_refresh_mobile_qrcode" ) { // refrsh Qrcode for all users
2726
-
2727
- $nonce = $_POST['mo_auth_refresh_mobile_qrcode_nonce'];
2728
-
2729
- if ( ! wp_verify_nonce( $nonce, 'mo-auth-refresh-mobile-qrcode-nonce' ) ) {
2730
- $error = new WP_Error();
2731
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2732
-
2733
- return $error;
2734
- } else {
2735
- $session_id = sanitize_text_field($_POST['mo2f_session_id']);
2736
- $twofactor_transactions = new Mo2fDB;
2737
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
2738
-
2739
- if($exceeded){
2740
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
2741
- $this->mo_auth_show_error_message();
2742
- return;
2743
- }
2744
-
2745
- $mo_2factor_user_registration_status = get_option( 'mo_2factor_user_registration_status');
2746
- if ( in_array( $mo_2factor_user_registration_status, array(
2747
- 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR',
2748
- 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION',
2749
- 'MO_2_FACTOR_PLUGIN_SETTINGS'
2750
- ) ) ) {
2751
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2752
- $this->mo2f_get_qr_code_for_mobile( $email, $user->ID, $session_id );
2753
-
2754
- } else {
2755
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "REGISTER_WITH_MO" ) );
2756
- $this->mo_auth_show_error_message();
2757
-
2758
- }
2759
- }
2760
- }else if ( isset( $_POST['mo2fa_register_to_upgrade_nonce'] ) ) { //registration with miniOrange for upgrading
2761
- $nonce = $_POST['mo2fa_register_to_upgrade_nonce'];
2762
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-user-reg-to-upgrade-nonce' ) ) {
2763
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2764
- } else {
2765
- $requestOrigin = $_POST['requestOrigin'];
2766
- update_option( 'mo2f_customer_selected_plan', $requestOrigin );
2767
- header( 'Location: admin.php?page=mo_2fa_account' );
2768
-
2769
- }
2770
- }else if ( isset( $_POST['miniorange_get_started'] ) && isset( $_POST['miniorange_user_reg_nonce'] ) ) { //registration with miniOrange for additional admin and non-admin
2771
- $nonce = $_POST['miniorange_user_reg_nonce'];
2772
- $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2773
- if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-user-reg-nonce' ) ) {
2774
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
2775
- } else {
2776
- $email = '';
2777
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo_useremail'] ) ) {
2778
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_EMAILID" ) );
2779
-
2780
- return;
2781
- } else {
2782
- $email = sanitize_email( $_POST['mo_useremail'] );
2783
- }
2784
-
2785
- if ( ! MO2f_Utility::check_if_email_is_already_registered( $email ) ) {
2786
- update_user_meta( $user->ID, 'user_email', $email );
2787
-
2788
- $enduser = new Two_Factor_Setup();
2789
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
2790
-
2791
- if ( json_last_error() == JSON_ERROR_NONE ) {
2792
- if ( $check_user['status'] == 'ERROR' ) {
2793
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
2794
- $this->mo_auth_show_error_message();
2795
-
2796
- return;
2797
- } else if ( strcasecmp( $check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER' ) == 0 ) {
2798
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_IN_USE" ) );
2799
- $this->mo_auth_show_error_message();
2800
-
2801
- return;
2802
- } else if ( strcasecmp( $check_user['status'], 'USER_FOUND' ) == 0 || strcasecmp( $check_user['status'], 'USER_NOT_FOUND' ) == 0 ) {
2803
-
2804
-
2805
- $enduser = new Customer_Setup();
2806
- $content = json_decode( $enduser->send_otp_token( $email, 'EMAIL', get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2807
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
2808
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $email ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
2809
- $_SESSION['mo2f_transactionId'] = $content['txId'];
2810
- update_option( 'mo2f_transactionId', $content['txId'] );
2811
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS';
2812
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2813
- update_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account', $content['txId'] );
2814
- $this->mo_auth_show_success_message();
2815
- } else {
2816
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
2817
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2818
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_OVER_EMAIL" ) );
2819
- $this->mo_auth_show_error_message();
2820
- }
2821
-
2822
-
2823
- }
2824
- }
2825
- } else {
2826
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "EMAIL_IN_USE" ) );
2827
- $this->mo_auth_show_error_message();
2828
- }
2829
- }
2830
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo_2factor_backto_user_registration' ) { //back to registration page for additional admin and non-admin
2831
- $nonce = $_POST['mo_2factor_backto_user_registration_nonce'];
2832
-
2833
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-backto-user-registration-nonce' ) ) {
2834
- $error = new WP_Error();
2835
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2836
-
2837
- return $error;
2838
- } else {
2839
- delete_user_meta( $user->ID, 'user_email' );
2840
- $Mo2fdbQueries->delete_user_details( $user->ID );
2841
- MO2f_Utility::unset_session_variables( 'mo2f_transactionId' );
2842
- delete_option( 'mo2f_transactionId' );
2843
- }
2844
-
2845
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_soft_token' ) { // validate Soft Token during test for all users
2846
-
2847
- $nonce = $_POST['mo2f_validate_soft_token_nonce'];
2848
-
2849
-
2850
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-soft-token-nonce' ) ) {
2851
- $error = new WP_Error();
2852
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2853
-
2854
- return $error;
2855
- } else {
2856
- $otp_token = '';
2857
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2858
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
2859
- $this->mo_auth_show_error_message();
2860
-
2861
- return;
2862
- } else {
2863
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2864
- }
2865
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2866
- $customer = new Customer_Setup();
2867
- $content = json_decode( $customer->validate_otp_token( 'SOFT TOKEN', $email, null, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2868
- if ( $content['status'] == 'ERROR' ) {
2869
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2870
- $this->mo_auth_show_error_message();
2871
- } else {
2872
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated and generate QRCode
2873
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2874
-
2875
- delete_user_meta( $user->ID, 'test_2FA' );
2876
- $this->mo_auth_show_success_message();
2877
-
2878
-
2879
- } else { // OTP Validation failed.
2880
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2881
- $this->mo_auth_show_error_message();
2882
-
2883
- }
2884
- }
2885
- }
2886
- }
2887
-
2888
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_Telegram' ) { //validate otp over Telegram
2889
-
2890
- $nonce = $_POST['mo2f_validate_otp_over_Telegram_nonce'];
2891
-
2892
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-Telegram-nonce' ) ) {
2893
- $error = new WP_Error();
2894
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2895
-
2896
- return $error;
2897
- } else {
2898
-
2899
- $otp = sanitize_text_field($_POST['otp_token']);
2900
- $otpToken = get_user_meta($user->ID,'mo2f_otp_token',true);
2901
-
2902
- $time = get_user_meta($user->ID,'mo2f_telegram_time',true);
2903
- $accepted_time = time()-300;
2904
- $time = (int)$time;
2905
- global $Mo2fdbQueries;
2906
- if($otp == $otpToken)
2907
- {
2908
- if($accepted_time<$time){
2909
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2910
- delete_user_meta( $user->ID, 'test_2FA' );
2911
- delete_user_meta($user->ID,'mo2f_telegram_time');
2912
-
2913
- $this->mo_auth_show_success_message();
2914
-
2915
- }
2916
- else
2917
- {
2918
- update_option( 'mo2f_message', 'OTP has been expired please initiate another transaction for verification' );
2919
- delete_user_meta( $user->ID, 'test_2FA' );
2920
- $this->mo_auth_show_error_message();
2921
-
2922
- }
2923
- }
2924
- else
2925
- {
2926
- update_option( 'mo2f_message', 'Wrong OTP Please try again.' );
2927
- $this->mo_auth_show_error_message();
2928
-
2929
- }
2930
- }
2931
- }
2932
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_sms' ) { //validate otp over sms and phone call during test for all users
2933
-
2934
- $nonce = $_POST['mo2f_validate_otp_over_sms_nonce'];
2935
-
2936
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-sms-nonce' ) ) {
2937
- $error = new WP_Error();
2938
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2939
-
2940
- return $error;
2941
- } else {
2942
- $otp_token = '';
2943
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
2944
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
2945
- $this->mo_auth_show_error_message();
2946
-
2947
- return;
2948
- } else {
2949
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
2950
- }
2951
- $mo2f_transactionId = get_user_meta($user->ID, 'mo2f_transactionId', true);
2952
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2953
- $selected_2_2factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
2954
- $customer = new Customer_Setup();
2955
- $content = json_decode( $customer->validate_otp_token($selected_2_2factor_method , $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
2956
-
2957
- if ( $content['status'] == 'ERROR' ) {
2958
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
2959
- $this->mo_auth_show_error_message();
2960
- } else {
2961
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
2962
- if ( current_user_can( 'manage_options' ) ) {
2963
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
2964
- } else {
2965
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( "COMPLETED_TEST" ) );
2966
- }
2967
-
2968
- delete_user_meta( $user->ID, 'test_2FA' );
2969
- $this->mo_auth_show_success_message();
2970
-
2971
- } else {
2972
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
2973
- $this->mo_auth_show_error_message();
2974
- }
2975
-
2976
- }
2977
- }
2978
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_out_of_band_success' ) {
2979
- $nonce = $_POST['mo2f_out_of_band_success_nonce'];
2980
-
2981
- if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-success-nonce' ) ) {
2982
- $error = new WP_Error();
2983
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2984
-
2985
- return $error;
2986
- } else {
2987
- $show = 1;
2988
- if(MO2F_IS_ONPREM )
2989
- {
2990
- $txid = isset($_POST['TxidEmail'])? $_POST['TxidEmail']:null;
2991
- $status = get_option($txid);
2992
- if($status != '')
2993
- {
2994
- if($status != 1)
2995
- {
2996
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_VER_REQ" ));
2997
- $show = 0;
2998
- $this->mo_auth_show_error_message();
2999
-
3000
- }
3001
- }
3002
- }
3003
- $mo2f_configured_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
3004
- if(MO2F_IS_ONPREM and $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL')
3005
- $mo2f_configured_2FA_method = 'Email Verification';
3006
-
3007
- $mo2f_EmailVerification_config_status = $Mo2fdbQueries->get_user_detail( 'mo2f_EmailVerification_config_status', $user->ID );
3008
- if ( ! current_user_can( 'manage_options' ) && $mo2f_configured_2FA_method == 'OUT OF BAND EMAIL' ) {
3009
- if ( $mo2f_EmailVerification_config_status ) {
3010
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3011
- } else {
3012
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3013
- $enduser = new Two_Factor_Setup();
3014
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $mo2f_configured_2FA_method, null, null, null ), true );
3015
- update_option( 'mo2f_message', '<b> ' . Mo2fConstants:: langTranslate( "EMAIL_VERFI" ) . '</b> ' . Mo2fConstants:: langTranslate( "SET_AS_2ND_FACTOR" ) );
3016
- }
3017
- } else {
3018
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3019
- }
3020
- delete_user_meta( $user->ID, 'test_2FA' );
3021
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3022
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3023
- 'mo2f_EmailVerification_config_status' => true
3024
- ) );
3025
- if($show)
3026
- $this->mo_auth_show_success_message();
3027
- }
3028
-
3029
-
3030
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_out_of_band_error' ) { //push and out of band email denied
3031
- $nonce = $_POST['mo2f_out_of_band_error_nonce'];
3032
-
3033
- if ( ! wp_verify_nonce( $nonce, 'mo2f-out-of-band-error-nonce' ) ) {
3034
- $error = new WP_Error();
3035
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3036
-
3037
- return $error;
3038
- } else {
3039
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "DENIED_REQUEST" ) );
3040
- delete_user_meta( $user->ID, 'test_2FA' );
3041
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3042
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3043
- 'mo2f_EmailVerification_config_status' => true
3044
- ) );
3045
- $this->mo_auth_show_error_message();
3046
- }
3047
-
3048
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_duo_authenticator_success_form' ) {
3049
- $nonce = $_POST['mo2f_duo_authenticator_success_nonce'];
3050
-
3051
- if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-success-nonce' ) ) {
3052
- $error = new WP_Error();
3053
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3054
-
3055
- return $error;
3056
- }else{
3057
-
3058
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3059
-
3060
- delete_user_meta( $user->ID, 'test_2FA' );
3061
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3062
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3063
- 'mo2f_DuoAuthenticator_config_status' => true
3064
- ) );
3065
-
3066
- $this->mo_auth_show_success_message();
3067
-
3068
- }
3069
- }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == 'mo2f_duo_authenticator_error' ) { //push and out of band email denied
3070
- $nonce = $_POST['mo2f_duo_authentcator_error_nonce'];
3071
-
3072
- if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-authenticator-error-nonce' ) ) {
3073
- $error = new WP_Error();
3074
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3075
-
3076
- return $error;
3077
- } else {
3078
- global $Mo2fdbQueries;
3079
-
3080
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "DENIED_DUO_REQUEST" ) );
3081
- delete_user_meta( $user->ID, 'test_2FA' );
3082
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3083
- 'mobile_registration_status' =>false,
3084
- ) );
3085
- $this->mo_auth_show_error_message();
3086
- }
3087
-
3088
- }
3089
- else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_google_authy_test' ) {
3090
-
3091
- $nonce = sanitize_text_field($_POST['mo2f_validate_google_authy_test_nonce']);
3092
-
3093
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-google-authy-test-nonce' ) ) {
3094
- $error = new WP_Error();
3095
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3096
-
3097
- return $error;
3098
- } else {
3099
- $otp_token = '';
3100
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3101
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
3102
- $this->mo_auth_show_error_message();
3103
-
3104
- return;
3105
- } else {
3106
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3107
- }
3108
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3109
-
3110
- $customer = new Customer_Setup();
3111
- $content = json_decode( $customer->validate_otp_token( 'GOOGLE AUTHENTICATOR', $email, null, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3112
- if ( json_last_error() == JSON_ERROR_NONE ) {
3113
-
3114
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
3115
-
3116
- if ( current_user_can( 'manage_options' ) ) {
3117
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3118
- } else {
3119
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3120
- }
3121
-
3122
- delete_user_meta( $user->ID, 'test_2FA' );
3123
- $this->mo_auth_show_success_message();
3124
-
3125
-
3126
- } else { // OTP Validation failed.
3127
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3128
- $this->mo_auth_show_error_message();
3129
-
3130
- }
3131
- } else {
3132
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
3133
- $this->mo_auth_show_error_message();
3134
-
3135
- }
3136
- }
3137
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_validate_otp_over_email' ) {
3138
- $nonce = $_POST['mo2f_validate_otp_over_email_test_nonce'];
3139
-
3140
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-otp-over-email-test-nonce' ) ) {
3141
- $error = new WP_Error();
3142
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3143
-
3144
- return $error;
3145
- } else {
3146
- $otp_token = '';
3147
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3148
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ENTER_VALUE" ) );
3149
- $this->mo_auth_show_error_message();
3150
-
3151
- return;
3152
- } else {
3153
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3154
- }
3155
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3156
-
3157
- $customer = new Customer_Setup();
3158
-
3159
- $mo2f_transactionId = get_user_meta($user->ID, 'mo2f_transactionId', true);
3160
- $content = json_decode( $customer->validate_otp_token( 'OTP_OVER_EMAIL', $email, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3161
- if ( json_last_error() == JSON_ERROR_NONE ) {
3162
-
3163
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //Google OTP validated
3164
-
3165
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3166
- delete_user_meta( $user->ID, 'configure_2FA');
3167
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Email','mo2f_OTPOverEmail_config_status'=>true ) );
3168
- delete_user_meta( $user->ID, 'test_2FA' );
3169
- $this->mo_auth_show_success_message();
3170
-
3171
-
3172
- } else { // OTP Validation failed.
3173
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3174
- $this->mo_auth_show_error_message();
3175
-
3176
- }
3177
- } else {
3178
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_OTP" ) );
3179
- $this->mo_auth_show_error_message();
3180
-
3181
- }
3182
- }
3183
- }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_google_appname' ) {
3184
- $nonce = sanitize_text_field($_POST['mo2f_google_appname_nonce']);
3185
-
3186
- if ( ! wp_verify_nonce( $nonce, 'mo2f-google-appname-nonce' ) ) {
3187
- $error = new WP_Error();
3188
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3189
-
3190
- return $error;
3191
- } else {
3192
-
3193
- update_option('mo2f_google_appname',((isset($_POST['mo2f_google_auth_appname']) && $_POST['mo2f_google_auth_appname']!='') ? sanitize_text_field($_POST['mo2f_google_auth_appname']) : 'miniOrangeAu'));
3194
- }
3195
-
3196
- }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_configure_google_authenticator_validate' ) {
3197
- $nonce = sanitize_text_field($_POST['mo2f_configure_google_authenticator_validate_nonce']);
3198
-
3199
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-google-authenticator-validate-nonce' ) ) {
3200
- $error = new WP_Error();
3201
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3202
-
3203
- return $error;
3204
- } else {
3205
- $otpToken = sanitize_text_field($_POST['google_token']);
3206
- $ga_secret = isset( $_POST['google_auth_secret'] ) ? sanitize_text_field($_POST['google_auth_secret']) : null;
3207
-
3208
- if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
3209
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3210
- $twofactor_transactions = new Mo2fDB;
3211
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3212
-
3213
- if($exceeded){
3214
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3215
- $this->mo_auth_show_error_message();
3216
- return;
3217
- }
3218
- $google_auth = new Miniorange_Rba_Attributes();
3219
- $google_response = json_decode( $google_auth->mo2f_validate_google_auth( $email, $otpToken, $ga_secret ), true );
3220
-
3221
- if ( json_last_error() == JSON_ERROR_NONE ) {
3222
- if ( $google_response['status'] == 'SUCCESS' ) {
3223
- $enduser = new Two_Factor_Setup();
3224
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, "GOOGLE AUTHENTICATOR", null, null, null ), true );
3225
- if ( json_last_error() == JSON_ERROR_NONE ) {
3226
-
3227
- if ( $response['status'] == 'SUCCESS' ) {
3228
-
3229
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3230
-
3231
- delete_user_meta( $user->ID, 'configure_2FA' );
3232
-
3233
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3234
- 'mo2f_GoogleAuthenticator_config_status' => true,
3235
- 'mo2f_AuthyAuthenticator_config_status' => false,
3236
- 'mo2f_configured_2FA_method' => "Google Authenticator",
3237
- 'user_registration_with_miniorange' => 'SUCCESS',
3238
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3239
- ) );
3240
-
3241
- update_user_meta( $user->ID, 'mo2f_external_app_type', "Google Authenticator" );
3242
- mo2f_display_test_2fa_notification($user);
3243
- delete_user_meta($user->ID, 'mo2f_google_auth');
3244
-
3245
- } else {
3246
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3247
- $this->mo_auth_show_error_message();
3248
-
3249
- }
3250
- } else {
3251
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3252
- $this->mo_auth_show_error_message();
3253
-
3254
- }
3255
- } else {
3256
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) . '<br>3.' . Mo2fConstants::langTranslate( "SERVER_TIME_SYNC" ));
3257
- $this->mo_auth_show_error_message();
3258
-
3259
- }
3260
- } else {
3261
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_USER" ) );
3262
- $this->mo_auth_show_error_message();
3263
-
3264
- }
3265
- } else {
3266
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
3267
- $this->mo_auth_show_error_message();
3268
-
3269
- }
3270
- }
3271
- }else if(isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_configure_duo_authenticator_validate_nonce'){
3272
-
3273
- $nonce = sanitize_text_field($_POST['mo2f_configure_duo_authenticator_validate_nonce']);
3274
-
3275
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator-validate-nonce' ) ) {
3276
- $error = new WP_Error();
3277
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3278
-
3279
- return $error;
3280
- }else{
3281
-
3282
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3283
-
3284
- delete_user_meta( $user->ID, 'configure_2FA' );
3285
- delete_user_meta($user->ID,'user_not_enroll');
3286
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3287
- 'mo2f_DuoAuthenticator_config_status' => true,
3288
-
3289
- 'mo2f_configured_2FA_method' => "Duo Authenticator",
3290
- 'user_registration_with_miniorange' => 'SUCCESS',
3291
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3292
- ) );
3293
-
3294
- update_user_meta( $user->ID, 'mo2f_external_app_type', "Duo Authenticator" );
3295
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "VALIDATE_DUO" ) );
3296
- $this->mo_auth_show_success_message();
3297
- }
3298
-
3299
- }
3300
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator' ) {
3301
- $nonce = $_POST['mo2f_configure_authy_authenticator_nonce'];
3302
-
3303
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-nonce' ) ) {
3304
- $error = new WP_Error();
3305
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3306
-
3307
- return $error;
3308
- } else {
3309
- $authy = new Miniorange_Rba_Attributes();
3310
- $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3311
- $authy_response = json_decode( $authy->mo2f_google_auth_service( $user_email ), true );
3312
- if ( json_last_error() == JSON_ERROR_NONE ) {
3313
- if ( $authy_response['status'] == 'SUCCESS' ) {
3314
- $mo2f_authy_keys = array();
3315
- $mo2f_authy_keys['authy_qrCode'] = $authy_response['qrCodeData'];
3316
- $mo2f_authy_keys['mo2f_authy_secret'] = $authy_response['secret'];
3317
- $_SESSION['mo2f_authy_keys'] = $mo2f_authy_keys;
3318
- } else {
3319
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
3320
- $this->mo_auth_show_error_message();
3321
- }
3322
- } else {
3323
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
3324
- $this->mo_auth_show_error_message();
3325
- }
3326
- }
3327
- }else if( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_authy_authenticator_validate' ) {
3328
- $nonce = $_POST['mo2f_configure_authy_authenticator_validate_nonce'];
3329
-
3330
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-authy-authenticator-validate-nonce' ) ) {
3331
- $error = new WP_Error();
3332
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3333
-
3334
- return $error;
3335
- } else {
3336
- $otpToken = $_POST['mo2f_authy_token'];
3337
- $authy_secret = isset( $_POST['mo2f_authy_secret'] ) ? $_POST['mo2f_authy_secret'] : null;
3338
- if ( MO2f_Utility::mo2f_check_number_length( $otpToken ) ) {
3339
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3340
- $authy_auth = new Miniorange_Rba_Attributes();
3341
- $authy_response = json_decode( $authy_auth->mo2f_validate_google_auth( $email, $otpToken, $authy_secret ), true );
3342
- if ( json_last_error() == JSON_ERROR_NONE ) {
3343
- if ( $authy_response['status'] == 'SUCCESS' ) {
3344
- $enduser = new Two_Factor_Setup();
3345
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, 'GOOGLE AUTHENTICATOR', null, null, null ), true );
3346
- if ( json_last_error() == JSON_ERROR_NONE ) {
3347
-
3348
- if ( $response['status'] == 'SUCCESS' ) {
3349
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3350
- 'mo2f_GoogleAuthenticator_config_status' => false,
3351
- 'mo2f_AuthyAuthenticator_config_status' => true,
3352
- 'mo2f_configured_2FA_method' => "Authy Authenticator",
3353
- 'user_registration_with_miniorange' => 'SUCCESS',
3354
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3355
- ) );
3356
- update_user_meta( $user->ID, 'mo2f_external_app_type', "Authy Authenticator" );
3357
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3358
- delete_user_meta( $user->ID, 'configure_2FA' );
3359
-
3360
- mo2f_display_test_2fa_notification($user);
3361
-
3362
- } else {
3363
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3364
- $this->mo_auth_show_error_message();
3365
- }
3366
- } else {
3367
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3368
- $this->mo_auth_show_error_message();
3369
- }
3370
- } else {
3371
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_CAUSES" ) . '<br>1. ' . Mo2fConstants:: langTranslate( "INVALID_OTP" ) . '<br>2. ' . Mo2fConstants:: langTranslate( "APP_TIME_SYNC" ) );
3372
- $this->mo_auth_show_error_message();
3373
- }
3374
- } else {
3375
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_VALIDATING_USER" ) );
3376
- $this->mo_auth_show_error_message();
3377
- }
3378
- } else {
3379
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ONLY_DIGITS_ALLOWED" ) );
3380
- $this->mo_auth_show_error_message();
3381
- }
3382
- }
3383
- }
3384
- else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_kba' ) {
3385
- $nonce = sanitize_text_field($_POST['mo2f_save_kba_nonce']);
3386
- if ( ! wp_verify_nonce( $nonce, 'mo2f-save-kba-nonce' ) ) {
3387
- $error = new WP_Error();
3388
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3389
-
3390
- return $error;
3391
- }
3392
- $twofactor_transactions = new Mo2fDB;
3393
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3394
- if($exceeded){
3395
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3396
- $this->mo_auth_show_error_message();
3397
- return;
3398
- }
3399
-
3400
- $kba_q1 = sanitize_text_field($_POST['mo2f_kbaquestion_1']);
3401
- $kba_a1 = sanitize_text_field( $_POST['mo2f_kba_ans1'] );
3402
- $kba_q2 = sanitize_text_field($_POST['mo2f_kbaquestion_2']);
3403
- $kba_a2 = sanitize_text_field( $_POST['mo2f_kba_ans2'] );
3404
- $kba_q3 = sanitize_text_field( $_POST['mo2f_kbaquestion_3'] );
3405
- $kba_a3 = sanitize_text_field( $_POST['mo2f_kba_ans3'] );
3406
-
3407
- if ( MO2f_Utility::mo2f_check_empty_or_null( $kba_q1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a1 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q2 ) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a2) || MO2f_Utility::mo2f_check_empty_or_null( $kba_q3) || MO2f_Utility::mo2f_check_empty_or_null( $kba_a3) ) {
3408
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3409
- $this->mo_auth_show_error_message();
3410
- return;
3411
- }
3412
-
3413
- if ( strcasecmp( $kba_q1, $kba_q2 ) == 0 || strcasecmp( $kba_q2, $kba_q3 ) == 0 || strcasecmp( $kba_q3, $kba_q1 ) == 0 ) {
3414
- update_option( 'mo2f_message', 'The questions you select must be unique.' );
3415
- $this->mo_auth_show_error_message();
3416
- return;
3417
- }
3418
- $kba_q1 = addcslashes( stripslashes( $kba_q1 ), '"\\' );
3419
- $kba_q2 = addcslashes( stripslashes( $kba_q2 ), '"\\' );
3420
- $kba_q3 = addcslashes( stripslashes( $kba_q3 ), '"\\' );
3421
-
3422
- $kba_a1 = addcslashes( stripslashes( $kba_a1 ), '"\\' );
3423
- $kba_a2 = addcslashes( stripslashes( $kba_a2 ), '"\\' );
3424
- $kba_a3 = addcslashes( stripslashes( $kba_a3 ), '"\\' );
3425
-
3426
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3427
- $kba_registration = new Two_Factor_Setup();
3428
- $kba_reg_reponse = json_decode( $kba_registration->register_kba_details( $email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3, $user->ID ), true );
3429
- if ( json_last_error() == JSON_ERROR_NONE ) {
3430
- if ( $kba_reg_reponse['status'] == 'SUCCESS' ) {
3431
- if ( isset( $_POST['mobile_kba_option'] ) && $_POST['mobile_kba_option'] == 'mo2f_request_for_kba_as_emailbackup' ) {
3432
- MO2f_Utility::unset_session_variables( 'mo2f_mobile_support' );
3433
-
3434
- delete_user_meta( $user->ID, 'configure_2FA' );
3435
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3436
-
3437
- $message = mo2f_lt( 'Your KBA as alternate 2 factor is configured successfully.' );
3438
- update_option( 'mo2f_message', $message );
3439
- $this->mo_auth_show_success_message();
3440
-
3441
- } else {
3442
- $enduser = new Two_Factor_Setup();
3443
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, 'KBA', null, null, null ), true );
3444
- if ( json_last_error() == JSON_ERROR_NONE ) {
3445
- if ( $response['status'] == 'ERROR' ) {
3446
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
3447
- $this->mo_auth_show_error_message();
3448
-
3449
- } else if ( $response['status'] == 'SUCCESS' ) {
3450
- delete_user_meta( $user->ID, 'configure_2FA' );
3451
-
3452
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3453
- 'mo2f_SecurityQuestions_config_status' => true,
3454
- 'mo2f_configured_2FA_method' => "Security Questions",
3455
- 'mo_2factor_user_registration_status' => "MO_2_FACTOR_PLUGIN_SETTINGS"
3456
- ) );
3457
- // $this->mo_auth_show_success_message();
3458
- mo2f_display_test_2fa_notification($user);
3459
-
3460
- }else {
3461
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3462
- $this->mo_auth_show_error_message();
3463
-
3464
- }
3465
- } else {
3466
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3467
- $this->mo_auth_show_error_message();
3468
-
3469
- }
3470
- }
3471
- } else {
3472
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
3473
- $this->mo_auth_show_error_message();
3474
-
3475
-
3476
- return;
3477
- }
3478
- } else {
3479
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_WHILE_SAVING_KBA" ) );
3480
- $this->mo_auth_show_error_message();
3481
-
3482
-
3483
- return;
3484
- }
3485
-
3486
-
3487
- }else if ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_validate_kba_details' ) {
3488
- $nonce = sanitize_text_field($_POST['mo2f_validate_kba_details_nonce']);
3489
-
3490
- if ( ! wp_verify_nonce( $nonce, 'mo2f-validate-kba-details-nonce' ) ) {
3491
- $error = new WP_Error();
3492
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3493
-
3494
- return $error;
3495
- } else {
3496
- $kba_ans_1 = '';
3497
- $kba_ans_2 = '';
3498
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['mo2f_answer_1'] ) ) {
3499
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3500
- $this->mo_auth_show_error_message();
3501
-
3502
- return;
3503
- } else {
3504
- $kba_ans_1 = sanitize_text_field( $_POST['mo2f_answer_1'] );
3505
- $kba_ans_2 = sanitize_text_field( $_POST['mo2f_answer_2'] );
3506
- }
3507
- //if the php session folder has insufficient permissions, temporary options to be used
3508
- $kba_questions = get_user_meta($user->ID, 'mo_2_factor_kba_questions', true);
3509
-
3510
- $kbaAns = array();
3511
- if(!MO2F_IS_ONPREM){
3512
- $kbaAns[0] = $kba_questions[0]['question'];
3513
- $kbaAns[1] = $kba_ans_1;
3514
- $kbaAns[2] = $kba_questions[1]['question'];
3515
- $kbaAns[3] = $kba_ans_2;
3516
- }
3517
- //if the php session folder has insufficient permissions, temporary options to be used
3518
- $mo2f_transactionId = get_option('mo2f_transactionId');
3519
- $kba_validate = new Customer_Setup();
3520
- $kba_validate_response = json_decode( $kba_validate->validate_otp_token( 'KBA', null, $mo2f_transactionId, $kbaAns, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3521
- if ( json_last_error() == JSON_ERROR_NONE ) {
3522
- if ( strcasecmp( $kba_validate_response['status'], 'SUCCESS' ) == 0 ) {
3523
- delete_option('mo2f_transactionId');
3524
- delete_option('kba_questions');
3525
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "COMPLETED_TEST" ) );
3526
- delete_user_meta( $user->ID, 'test_2FA' );
3527
- $this->mo_auth_show_success_message();
3528
- } else { // KBA Validation failed.
3529
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ANSWERS" ) );
3530
- $this->mo_auth_show_error_message();
3531
-
3532
- }
3533
- }
3534
- }
3535
- }
3536
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_send_otp' ) { // sendin otp for configuring OTP over Telegram
3537
-
3538
- $nonce = $_POST['mo2f_configure_otp_over_Telegram_send_otp_nonce'];
3539
-
3540
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-send-otp-nonce' ) ) {
3541
- $error = new WP_Error();
3542
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3543
-
3544
- return $error;
3545
- } else {
3546
- $chatID = sanitize_text_field( $_POST['verify_chatID'] );
3547
-
3548
- if ( MO2f_Utility::mo2f_check_empty_or_null( $chatID ) ) {
3549
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3550
- $this->mo_auth_show_error_message();
3551
-
3552
- return;
3553
- }
3554
-
3555
- $chatID = str_replace( ' ', '', $chatID );
3556
- $user = wp_get_current_user();
3557
-
3558
- update_user_meta($user->ID, 'mo2f_temp_chatID', $chatID );
3559
- $customer = new Customer_Setup();
3560
- $currentMethod = "OTP Over Telegram";
3561
-
3562
- $otpToken = '';
3563
- for($i=1;$i<7;$i++)
3564
- {
3565
- $otpToken .= rand(0,9);
3566
- }
3567
- update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
3568
- update_user_meta($user->ID,'mo2f_telegram_time',time());
3569
-
3570
- $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
3571
- $postdata = array( 'mo2f_otp_token' => $otpToken,
3572
- 'mo2f_chatid' => $chatID
3573
- );
3574
-
3575
- $args = array(
3576
- 'method' => 'POST',
3577
- 'timeout' => 10,
3578
- 'sslverify' => false,
3579
- 'headers' => array(),
3580
- 'body' => $postdata,
3581
- );
3582
-
3583
- $mo2f_api=new Mo2f_Api();
3584
- $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
3585
-
3586
- if($data == 'SUCCESS')
3587
- {
3588
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . 'your telegram number.' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
3589
- $this->mo_auth_show_success_message();
3590
- }
3591
- else
3592
- {
3593
- update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
3594
- $this->mo_auth_show_error_message();
3595
-
3596
- }
3597
-
3598
- }
3599
- }
3600
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_send_otp' ) { // sendin otp for configuring OTP over SMS
3601
-
3602
- $nonce = $_POST['mo2f_configure_otp_over_sms_send_otp_nonce'];
3603
-
3604
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-send-otp-nonce' ) ) {
3605
- $error = new WP_Error();
3606
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3607
-
3608
- return $error;
3609
- } else {
3610
- $phone = sanitize_text_field( $_POST['verify_phone'] );
3611
-
3612
- if ( MO2f_Utility::mo2f_check_empty_or_null( $phone ) ) {
3613
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3614
- $this->mo_auth_show_error_message();
3615
-
3616
- return;
3617
- }
3618
-
3619
- $phone = str_replace( ' ', '', $phone );
3620
- $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
3621
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'user_phone', $phone);
3622
- update_option( 'user_phone_temp', $phone );
3623
- $customer = new Customer_Setup();
3624
- $currentMethod = "SMS";
3625
-
3626
- $content = json_decode( $customer->send_otp_token( $phone, $currentMethod, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3627
-
3628
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate otp token */
3629
- if ( $content['status'] == 'ERROR' ) {
3630
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
3631
- $this->mo_auth_show_error_message();
3632
- } else if ( $content['status'] == 'SUCCESS' ) {
3633
- MO2f_Utility::mo2f_set_transient($session_id_encrypt, 'mo2f_transactionId', $content['txId']);
3634
-
3635
-
3636
- update_option( 'mo2f_transactionId', $content['txId'] );
3637
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' ' . $phone . ' .' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
3638
- update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
3639
- $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
3640
- if($mo2f_sms>0)
3641
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
3642
-
3643
- $this->mo_auth_show_success_message();
3644
- } else {
3645
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( $content['message'] ) );
3646
- $this->mo_auth_show_error_message();
3647
- }
3648
-
3649
- } else {
3650
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3651
- $this->mo_auth_show_error_message();
3652
- }
3653
- }
3654
- }
3655
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_Telegram_validate' ) {
3656
- $nonce = $_POST['mo2f_configure_otp_over_Telegram_validate_nonce'];
3657
-
3658
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-Telegram-validate-nonce' ) ) {
3659
- $error = new WP_Error();
3660
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3661
-
3662
- return $error;
3663
- } else {
3664
-
3665
- $twofactor_transactions = new Mo2fDB;
3666
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3667
-
3668
- if($exceeded){
3669
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3670
- $this->mo_auth_show_error_message();
3671
- return;
3672
- }
3673
- $otp_token = '';
3674
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3675
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3676
- $this->mo_auth_show_error_message();
3677
-
3678
- return;
3679
- } else {
3680
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3681
- }
3682
-
3683
- $otp = get_user_meta($user->ID,'mo2f_otp_token',true);
3684
- $time = get_user_meta($user->ID,'mo2f_telegram_time',true);
3685
- $accepted_time = time()-300;
3686
- $time = (int)$time;
3687
- global $Mo2fdbQueries;
3688
- if($otp == $otp_token)
3689
- {
3690
- if($accepted_time<$time){
3691
- if(MO2F_IS_ONPREM)
3692
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
3693
- 'mo2f_OTPOverTelegram_config_status' => true,
3694
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
3695
- ) );
3696
- else
3697
- { $Mo2fdbQueries->update_user_details( $user->ID, array(
3698
- 'mo2f_configured_2FA_method' => 'OTP Over Telegram',
3699
- 'mo2f_OTPOverTelegram_config_status' => true,
3700
- 'user_registration_with_miniorange' => 'SUCCESS',
3701
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3702
- ) );
3703
- }
3704
- delete_user_meta( $user->ID, 'configure_2FA' );
3705
- update_user_meta( $user->ID, 'mo2f_chat_id',get_user_meta($user->ID,'mo2f_temp_chatID',true));
3706
-
3707
- delete_user_meta( $user->ID, 'mo2f_temp_chatID' );
3708
-
3709
- delete_user_meta( $user->ID, 'mo2f_otp_token');
3710
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3711
- mo2f_display_test_2fa_notification($user);
3712
- update_option( 'mo2f_message','OTP Over Telegram is set as the second-factor. Enjoy the unlimited service.');
3713
- $this->mo_auth_show_success_message();
3714
- delete_user_meta($user->ID,'mo2f_telegram_time');
3715
- }
3716
- else
3717
- {
3718
- update_option( 'mo2f_message','OTP has been expired please reinitiate another transaction.');
3719
- $this->mo_auth_show_error_message();
3720
- delete_user_meta($user->ID,'mo2f_telegram_time');
3721
- }
3722
- }
3723
- else
3724
- {
3725
- update_option( 'mo2f_message','Invalid OTP. Please try again.');
3726
- $this->mo_auth_show_error_message();
3727
- }
3728
-
3729
- }}
3730
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_otp_over_sms_validate' ) {
3731
- $nonce = $_POST['mo2f_configure_otp_over_sms_validate_nonce'];
3732
-
3733
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-otp-over-sms-validate-nonce' ) ) {
3734
- $error = new WP_Error();
3735
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3736
-
3737
- return $error;
3738
- } else {
3739
-
3740
- $twofactor_transactions = new Mo2fDB;
3741
- $exceeded = $twofactor_transactions->check_alluser_limit_exceeded($user_id);
3742
-
3743
- if($exceeded){
3744
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3745
- $this->mo_auth_show_error_message();
3746
- return;
3747
- }
3748
- $otp_token = '';
3749
- if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['otp_token'] ) ) {
3750
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
3751
- $this->mo_auth_show_error_message();
3752
-
3753
- return;
3754
- } else {
3755
- $otp_token = sanitize_text_field( $_POST['otp_token'] );
3756
- $session_id_encrypt = sanitize_text_field($_POST['mo2f_session_id']);
3757
- }
3758
- $mo2f_transactionId = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'mo2f_transactionId' );
3759
-
3760
- $user_phone = MO2f_Utility::mo2f_get_transient( $session_id_encrypt, 'user_phone' );
3761
- $mo2f_configured_2FA_method = get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', true );
3762
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
3763
- $customer = new Customer_Setup();
3764
- $content = json_decode( $customer->validate_otp_token( $mo2f_configured_2FA_method, null, $mo2f_transactionId, $otp_token, get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ) ), true );
3765
-
3766
- if ( $content['status'] == 'ERROR' ) {
3767
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
3768
-
3769
- } else if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) { //OTP validated
3770
- if ( $phone && strlen( $phone ) >= 4 ) {
3771
- if ( $user_phone != $phone ) {
3772
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mobile_registration_status' => false ) );
3773
-
3774
- }
3775
- }
3776
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3777
-
3778
- $enduser = new Two_Factor_Setup();
3779
- $TwoFA_method_to_configure = get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', true );
3780
- $current_method = MO2f_Utility::mo2f_decode_2_factor( $TwoFA_method_to_configure, "server" );
3781
- $response = array();
3782
- if(MO2F_IS_ONPREM) {
3783
- $response['status'] = 'SUCCESS';
3784
- if ( $current_method == 'SMS' ) {
3785
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => 'OTP Over SMS' ) );
3786
- // update_user_meta($user->ID,'currentMethod','OTP Over SMS');
3787
- } else {
3788
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $current_method ) );//why is this needed?
3789
- // update_user_meta( $user->ID, 'currentMethod', $current_method );
3790
-
3791
- }
3792
- }
3793
- else
3794
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $user_phone, null, null ), true );
3795
-
3796
- if ( json_last_error() == JSON_ERROR_NONE ) {
3797
-
3798
- if ( $response['status'] == 'ERROR' ) {
3799
- MO2f_Utility::unset_session_variables( 'user_phone' );
3800
- delete_option( 'user_phone_temp' );
3801
-
3802
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
3803
- $this->mo_auth_show_error_message();
3804
- } else if ( $response['status'] == 'SUCCESS' ) {
3805
-
3806
- $Mo2fdbQueries->update_user_details( $user->ID, array(
3807
- 'mo2f_configured_2FA_method' => 'OTP Over SMS',
3808
- 'mo2f_OTPOverSMS_config_status' => true,
3809
- 'user_registration_with_miniorange' => 'SUCCESS',
3810
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
3811
- 'mo2f_user_phone' => $user_phone
3812
- ) );
3813
-
3814
- delete_user_meta( $user->ID, 'configure_2FA' );
3815
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
3816
-
3817
-
3818
- MO2f_Utility::unset_session_variables( 'user_phone' );
3819
- delete_option( 'user_phone_temp' );
3820
-
3821
- mo2f_display_test_2fa_notification($user);
3822
- } else {
3823
- MO2f_Utility::unset_session_variables( 'user_phone' );
3824
- delete_option( 'user_phone_temp' );
3825
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
3826
- $this->mo_auth_show_error_message();
3827
- }
3828
- } else {
3829
- MO2f_Utility::unset_session_variables( 'user_phone' );
3830
- delete_option( 'user_phone_temp' );
3831
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
3832
- $this->mo_auth_show_error_message();
3833
- }
3834
-
3835
- } else { // OTP Validation failed.
3836
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_OTP" ) );
3837
- $this->mo_auth_show_error_message();
3838
- }
3839
- }
3840
-
3841
- }else if(isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_duo_authenticator'){
3842
-
3843
- $nonce = $_POST['mo2f_configure_duo_authenticator_nonce'];
3844
-
3845
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator' ) ) {
3846
- $error = new WP_Error();
3847
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3848
-
3849
- return $error;
3850
- } else {
3851
- if($_POST['ikey'] == '' || $_POST['skey'] == '' || $_POST['apihostname'] == '' ){
3852
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Some field is missing, please fill all required details." ) );
3853
- $this->mo_auth_show_error_message();
3854
- return;
3855
- }else{
3856
- update_site_option('mo2f_d_integration_key',isset($_POST['ikey'])? sanitize_text_field($_POST['ikey']):'');
3857
- update_site_option('mo2f_d_secret_key',isset($_POST['skey'])? sanitize_text_field($_POST['skey']):'');
3858
- update_site_option('mo2f_d_api_hostname',isset($_POST['apihostname'])? sanitize_text_field($_POST['apihostname']):'');
3859
-
3860
- $ikey = sanitize_text_field($_POST['ikey']);
3861
- $skey = sanitize_text_field($_POST['skey']);
3862
- $host = sanitize_text_field($_POST['apihostname']);
3863
-
3864
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
3865
-
3866
-
3867
- $duo_up_response = ping($skey,$ikey,$host);
3868
-
3869
- if($duo_up_response['response']['stat'] == 'OK'){
3870
-
3871
- $duo_check_credentials = check($skey, $ikey, $host);
3872
-
3873
- if($duo_check_credentials['response']['stat'] == 'OK'){
3874
-
3875
-
3876
- }else{
3877
-
3878
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Not the valid credential, please enter valid keys" ) );
3879
- $this->mo_auth_show_error_message();
3880
- return;
3881
- }
3882
-
3883
- }else{
3884
-
3885
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Duo server is not responding right now, please try after some time" ) );
3886
- $this->mo_auth_show_error_message();
3887
- return;
3888
- }
3889
- update_site_option('duo_credentials_save_successfully',1);
3890
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Setting saved successfully." ) );
3891
- $this->mo_auth_show_success_message();
3892
- return;
3893
- }
3894
- }
3895
- }else if(isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_configure_duo_authenticator_abc'){
3896
-
3897
- $nonce = $_POST['mo2f_configure_duo_authenticator_nonce'];
3898
-
3899
- if ( ! wp_verify_nonce( $nonce, 'mo2f-configure-duo-authenticator-nonce' ) ) {
3900
- $error = new WP_Error();
3901
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3902
-
3903
- return $error;
3904
- }else{
3905
- include_once dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'handler'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_duo_handler.php';
3906
- $ikey = get_site_option('mo2f_d_integration_key');
3907
- $skey = get_site_option('mo2f_d_secret_key');
3908
- $host = get_site_option('mo2f_d_api_hostname');
3909
-
3910
- $user_email = $user->user_email;
3911
-
3912
- $duo_preauth = preauth( $user_email ,true, $skey, $ikey, $host);
3913
-
3914
-
3915
- if($duo_preauth['response']['stat'] == 'OK'){
3916
-
3917
- if(isset($duo_preauth['response']['response']['status_msg']) && $duo_preauth['response']['response']['status_msg'] == 'Account is active'){
3918
- update_user_meta( $user->ID , 'user_not_enroll', true );
3919
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "This user is already available on duo, please send push notification to setup push notification as two factor." ) );
3920
- $this->mo_auth_show_success_message();
3921
- return;
3922
- }else if(isset($duo_preauth['response']['response']['enroll_portal_url'])){
3923
-
3924
- $duo_enroll_url = $duo_preauth['response']['response']['enroll_portal_url'];
3925
- update_user_meta( $user->ID , 'user_not_enroll_on_duo_before', $duo_enroll_url );
3926
- update_user_meta( $user->ID , 'user_not_enroll', true );
3927
- }else{
3928
-
3929
-
3930
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Your account is inactive from duo side, please contact to your administrator." ) );
3931
- $this->mo_auth_show_error_message();
3932
- return;
3933
- }
3934
-
3935
- }else{
3936
-
3937
-
3938
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Invalid or missing parameters, or a user with this name already exists." ) );
3939
- $this->mo_auth_show_error_message();
3940
- return;
3941
-
3942
- }
3943
- }
3944
- }else if(isset( $_POST['option'] ) && $_POST['option'] == 'duo_mobile_send_push_notification_inside_plugin'){
3945
-
3946
- $nonce = $_POST['duo_mobile_send_push_notification_inside_plugin_nonce'];
3947
-
3948
- if ( ! wp_verify_nonce( $nonce, 'mo2f-send-duo-push-notification-inside-plugin-nonce' ) ) {
3949
- $error = new WP_Error();
3950
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3951
-
3952
- return $error;
3953
- }else{
3954
-
3955
- }
3956
-
3957
- }else if ( ( isset( $_POST['option'] ) && sanitize_text_field($_POST['option']) == 'mo2f_save_free_plan_auth_methods' ) ) {// user clicks on Set 2-Factor method
3958
-
3959
- $nonce = sanitize_text_field($_POST['miniorange_save_form_auth_methods_nonce']);
3960
- if ( ! wp_verify_nonce( $nonce, 'miniorange-save-form-auth-methods-nonce' ) ) {
3961
- $error = new WP_Error();
3962
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
3963
- return $error;
3964
- } else {
3965
- $configuredMethod = sanitize_text_field($_POST['mo2f_configured_2FA_method_free_plan']);
3966
- $selectedAction = sanitize_text_field($_POST['mo2f_selected_action_free_plan']);
3967
-
3968
- $cloud_methods = array('OTPOverSMS','miniOrangeQRCodeAuthentication','miniOrangePushNotification','miniOrangeSoftToken');
3969
-
3970
- if($configuredMethod == 'OTPOverSMS')
3971
- $configuredMethod = 'OTP Over SMS';
3972
-
3973
- //limit exceed check
3974
- $exceeded = $Mo2fdbQueries->check_alluser_limit_exceeded($user_id);
3975
-
3976
- if($exceeded){
3977
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "USER_LIMIT_EXCEEDED" ) );
3978
- $this->mo_auth_show_error_message();
3979
- return;
3980
- }
3981
- $selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
3982
- $selected_2FA_method = sanitize_text_field($selected_2FA_method);
3983
- $onprem_methods = array('Google Authenticator','Security Questions','OTPOverTelegram','DuoAuthenticator');
3984
- $Mo2fdbQueries->insert_user( $user->ID );
3985
- if(MO2F_IS_ONPREM && ! in_array($selected_2FA_method, $onprem_methods) ){
3986
- foreach ($cloud_methods as $cloud_method) {
3987
- $is_end_user_registered = $Mo2fdbQueries->get_user_detail( 'mo2f_' . $cloud_method. '_config_status', $user->ID );
3988
- if(!is_null($is_end_user_registered) && $is_end_user_registered == 1)
3989
- break;
3990
- }
3991
- }else{
3992
- $is_end_user_registered = $Mo2fdbQueries->get_user_detail('user_registration_with_miniorange', $user->ID ) ;
3993
- }
3994
- $is_customer_registered= false;
3995
-
3996
- if(!MO2F_IS_ONPREM or $configuredMethod == 'miniOrangeSoftToken' or $configuredMethod == 'miniOrangeQRCodeAuthentication' or $configuredMethod == 'miniOrangePushNotification' or $configuredMethod == 'OTPOverSMS' or $configuredMethod == 'OTP Over SMS')
3997
- $is_customer_registered = get_option('mo2f_api_key') ? true : false;
3998
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
3999
- if(!isset($email) or is_null($email) or $email == '')
4000
- {
4001
- $email = $user->user_email;
4002
- }
4003
- $is_end_user_registered = $is_end_user_registered ? $is_end_user_registered : false;
4004
- $allowed = false;
4005
- if(get_option('mo2f_miniorange_admin'))
4006
- $allowed = wp_get_current_user()->ID == get_option('mo2f_miniorange_admin');
4007
-
4008
- if($is_customer_registered && !$is_end_user_registered and !$allowed){
4009
- $enduser = new Two_Factor_Setup();
4010
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
4011
- if(json_last_error() == JSON_ERROR_NONE){
4012
- if($check_user['status'] == 'ERROR'){
4013
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
4014
- $this->mo_auth_show_error_message();
4015
- return;
4016
- }
4017
- else if(strcasecmp($check_user['status' ], 'USER_FOUND') == 0){
4018
-
4019
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4020
- 'user_registration_with_miniorange' =>'SUCCESS',
4021
- 'mo2f_user_email' =>$email
4022
- ) );
4023
- update_site_option(base64_encode("totalUsersCloud"), intval(get_site_option(base64_encode("totalUsersCloud"))) +1);
4024
-
4025
- }
4026
- else if(strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0){
4027
-
4028
- $content = json_decode($enduser->mo_create_user($user,$email), true);
4029
- if(json_last_error() == JSON_ERROR_NONE) {
4030
- if(strcasecmp($content['status'], 'SUCCESS') == 0) {
4031
- update_site_option(base64_encode("totalUsersCloud"), intval(get_site_option(base64_encode("totalUsersCloud"))) +1);
4032
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4033
- 'user_registration_with_miniorange' =>'SUCCESS',
4034
- 'mo2f_user_email' =>$email
4035
- ) );
4036
-
4037
- }
4038
- }
4039
-
4040
-
4041
- }
4042
- else if(strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0){
4043
- $mo2fa_login_message = __('The email associated with your account is already registered in miniOrange. Please Choose another email or contact miniOrange.','miniorange-2-factor-authentication');
4044
- update_option('mo2f_message',$mo2fa_login_message);
4045
- $this->mo_auth_show_error_message();
4046
- }
4047
-
4048
- }
4049
-
4050
- }
4051
-
4052
- update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
4053
- if(MO2F_IS_ONPREM)
4054
- {
4055
- if($selected_2FA_method == 'EmailVerification')
4056
- $selected_2FA_method = 'Email Verification';
4057
- if($selected_2FA_method == 'OTPOverEmail')
4058
- $selected_2FA_method = 'OTP Over Email';
4059
- if($selected_2FA_method == 'OTPOverSMS')
4060
- $selected_2FA_method = 'OTP Over SMS';
4061
- if($selected_2FA_method == 'OTPOverTelegram')
4062
- $selected_2FA_method = 'OTP Over Telegram';
4063
- if($selected_2FA_method == 'DuoAuthenticator')
4064
- $selected_2FA_method = 'Duo Authenticator';
4065
- }
4066
- if(MO2F_IS_ONPREM and ($selected_2FA_method =='Google Authenticator' or $selected_2FA_method == 'Security Questions' or $selected_2FA_method =='OTP Over Email' or $selected_2FA_method == 'Email Verification' or $selected_2FA_method == 'OTP Over Telegram' or $selected_2FA_method == 'Duo Authenticator' ))
4067
- $is_customer_registered = 1;
4068
-
4069
- if ( $is_customer_registered ) {
4070
- $selected_2FA_method = MO2f_Utility::mo2f_decode_2_factor( isset( $_POST['mo2f_configured_2FA_method_free_plan'] ) ? $_POST['mo2f_configured_2FA_method_free_plan'] : $_POST['mo2f_selected_action_standard_plan'], "wpdb" );
4071
- $selected_2FA_method = sanitize_text_field($selected_2FA_method);
4072
- $selected_action = isset( $_POST['mo2f_selected_action_free_plan'] ) ? $_POST['mo2f_selected_action_free_plan'] : $_POST['mo2f_selected_action_standard_plan'];
4073
- $selected_action = sanitize_text_field($selected_action);
4074
- $user_phone = '';
4075
- if ( isset( $_SESSION['user_phone'] ) ) {
4076
- $user_phone = $_SESSION['user_phone'] != 'false' ? $_SESSION['user_phone'] : $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
4077
- }
4078
-
4079
- // set it as his 2-factor in the WP database and server
4080
- $enduser = new Customer_Setup();
4081
- if($selected_2FA_method == 'OTPOverTelegram')
4082
- $selected_2FA_method = 'OTP Over Telegram';
4083
- if($selected_2FA_method == 'DuoAuthenticator')
4084
- $selected_2FA_method = 'Duo Authenticator';
4085
- if ( $selected_action == "select2factor" ) {
4086
-
4087
- if ( $selected_2FA_method == 'OTP Over SMS' && $user_phone == 'false' ) {
4088
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PHONE_NOT_CONFIGURED" ) );
4089
- $this->mo_auth_show_error_message();
4090
- } else {
4091
- // update in the Wordpress DB
4092
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4093
- $customer_key = get_option( 'mo2f_customerKey' );
4094
- $api_key = get_option( 'mo2f_api_key' );
4095
- $customer = new Customer_Setup();
4096
- $cloud_method1 = array('miniOrange QR Code Authentication','miniOrange Push Notification','miniOrange Soft Token');
4097
-
4098
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_configured_2FA_method' => $selected_2FA_method ) );
4099
-
4100
- // update the server
4101
- if(!MO2F_IS_ONPREM)
4102
- $this->mo2f_save_2_factor_method( $user, $selected_2FA_method );
4103
- if ( in_array( $selected_2FA_method, array(
4104
- "miniOrange QR Code Authentication",
4105
- "miniOrange Soft Token",
4106
- "miniOrange Push Notification",
4107
- "Google Authenticator",
4108
- "Security Questions",
4109
- "Authy Authenticator",
4110
- "Email Verification",
4111
- "OTP Over SMS",
4112
- "OTP Over Email",
4113
- "OTP Over SMS and Email",
4114
- "Hardware Token"
4115
- ) ) ) {
4116
-
4117
- } else {
4118
- update_site_option('mo2f_enable_2fa_prompt_on_login_page', 0 );
4119
- }
4120
-
4121
- }
4122
- } else if ( $selected_action == "configure2factor" ) {
4123
-
4124
- //show configuration form of respective Two Factor method
4125
- update_user_meta( $user->ID, 'configure_2FA', 1 );
4126
- update_user_meta( $user->ID, 'mo2f_2FA_method_to_configure', $selected_2FA_method );
4127
- }
4128
-
4129
- } else {
4130
- update_option("mo_2factor_user_registration_status","REGISTRATION_STARTED" );
4131
- update_user_meta( $user->ID, 'register_account_popup', 1 );
4132
- update_option( 'mo2f_message', '' );
4133
-
4134
- }
4135
- }
4136
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_for_users_option' ) {
4137
- $nonce = $_POST['mo2f_enable_2FA_for_users_option_nonce'];
4138
-
4139
- if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-for-users-option-nonce' ) ) {
4140
- $error = new WP_Error();
4141
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4142
-
4143
- return $error;
4144
- } else {
4145
- update_option( 'mo2f_enable_2fa_for_users', isset( $_POST['mo2f_enable_2fa_for_users'] ) ? $_POST['mo2f_enable_2fa_for_users'] : 0 );
4146
- }
4147
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_disable_proxy_setup_option' ) {
4148
- $nonce = $_POST['mo2f_disable_proxy_setup_option_nonce'];
4149
-
4150
- if ( ! wp_verify_nonce( $nonce, 'mo2f-disable-proxy-setup-option-nonce' ) ) {
4151
- $error = new WP_Error();
4152
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4153
-
4154
- return $error;
4155
- } else {
4156
- delete_option( 'mo2f_proxy_host' );
4157
- delete_option( 'mo2f_port_number' );
4158
- delete_option( 'mo2f_proxy_username' );
4159
- delete_option( 'mo2f_proxy_password' );
4160
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "Proxy Configurations Reset." ) );
4161
- $this->mo_auth_show_success_message();
4162
- }
4163
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_enable_2FA_option' ) {
4164
- $nonce = $_POST['mo2f_enable_2FA_option_nonce'];
4165
-
4166
- if ( ! wp_verify_nonce( $nonce, 'mo2f-enable-2FA-option-nonce' ) ) {
4167
- $error = new WP_Error();
4168
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4169
-
4170
- return $error;
4171
- } else {
4172
- update_option( 'mo2f_enable_2fa', isset( $_POST['mo2f_enable_2fa'] ) ? $_POST['mo2f_enable_2fa'] : 0 );
4173
- }
4174
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo_2factor_test_authentication_method' ) {
4175
- //network security feature
4176
- $nonce = $_POST['mo_2factor_test_authentication_method_nonce'];
4177
-
4178
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-test-authentication-method-nonce' ) ) {
4179
- $error = new WP_Error();
4180
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4181
-
4182
- return $error;
4183
- } else {
4184
- update_user_meta( $user->ID, 'test_2FA', 1 );
4185
-
4186
-
4187
- $selected_2FA_method = $_POST['mo2f_configured_2FA_method_test'];
4188
- $selected_2FA_method_server = MO2f_Utility::mo2f_decode_2_factor( $selected_2FA_method, "server" );
4189
- $customer = new Customer_Setup();
4190
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4191
- $customer_key = get_option( 'mo2f_customerKey' );
4192
- $api_key = get_option( 'mo2f_api_key' );
4193
-
4194
- if ( $selected_2FA_method == 'Security Questions' ) {
4195
-
4196
-
4197
- $response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method_server, $customer_key, $api_key ), true );
4198
-
4199
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate KBA Questions*/
4200
- if ( $response['status'] == 'SUCCESS' ) {
4201
- update_option( 'mo2f_transactionId', $response['txId'] );
4202
- $questions = array();
4203
-
4204
- $questions[0] = $response['questions'][0];
4205
- $questions[1] = $response['questions'][1];
4206
- update_user_meta($user->ID, 'mo_2_factor_kba_questions', $questions);
4207
-
4208
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ANSWER_SECURITY_QUESTIONS" ) );
4209
- $this->mo_auth_show_success_message();
4210
-
4211
- } else if ( $response['status'] == 'ERROR' ) {
4212
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_FETCHING_QUESTIONS" ) );
4213
- $this->mo_auth_show_error_message();
4214
-
4215
- }
4216
- } else {
4217
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_FETCHING_QUESTIONS" ) );
4218
- $this->mo_auth_show_error_message();
4219
-
4220
- }
4221
-
4222
-
4223
- } else if ( $selected_2FA_method == 'miniOrange Push Notification' ) {
4224
- $response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method_server, $customer_key, $api_key ), true );
4225
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
4226
- if ( $response['status'] == 'ERROR' ) {
4227
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4228
- $this->mo_auth_show_error_message();
4229
-
4230
- } else {
4231
- if ( $response['status'] == 'SUCCESS' ) {
4232
- update_user_meta($user->ID, 'mo2f_transactionId', $response['txId']);
4233
- update_user_meta($user->ID, 'mo2f_show_qr_code', 'MO_2_FACTOR_SHOW_QR_CODE');
4234
-
4235
-
4236
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PUSH_NOTIFICATION_SENT" ) );
4237
- $this->mo_auth_show_success_message();
4238
-
4239
- } else {
4240
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
4241
- MO2f_Utility::unset_session_variables( $session_variables );
4242
-
4243
- delete_option( 'mo2f_transactionId' );
4244
- update_option( 'mo2f_message', 'An error occurred while processing your request. Please Try again.' );
4245
- $this->mo_auth_show_error_message();
4246
-
4247
- }
4248
- }
4249
- } else {
4250
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4251
- $this->mo_auth_show_error_message();
4252
-
4253
- }
4254
- }
4255
- else if($selected_2FA_method =='OTP Over Telegram')
4256
- {
4257
-
4258
- $user = wp_get_current_user();
4259
- $chatID = get_user_meta($user->ID,'mo2f_chat_id',true);
4260
- $otpToken = '';
4261
- for($i=1;$i<7;$i++)
4262
- {
4263
- $otpToken .= rand(0,9);
4264
- }
4265
-
4266
- update_user_meta($user->ID,'mo2f_otp_token',$otpToken);
4267
- update_user_meta($user->ID,'mo2f_telegram_time',time());
4268
-
4269
- $url = 'https://sitestats.xecurify.com/teleTest/send_otp.php';
4270
- $postdata = array( 'mo2f_otp_token' => $otpToken,
4271
- 'mo2f_chatid' => $chatID
4272
- );
4273
-
4274
- $args = array(
4275
- 'method' => 'POST',
4276
- 'timeout' => 10,
4277
- 'sslverify' => false,
4278
- 'headers' => array(),
4279
- 'body' => $postdata,
4280
- );
4281
-
4282
- $mo2f_api=new Mo2f_Api();
4283
- $data=$mo2f_api->mo2f_wp_remote_post($url,$args);
4284
-
4285
- if($data == 'SUCCESS')
4286
- {
4287
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . 'your telegram number.' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
4288
- $this->mo_auth_show_success_message();
4289
- }
4290
- else
4291
- {
4292
- update_option( 'mo2f_message', 'An Error has occured while sending the OTP. Please verify your chat ID.');
4293
- $this->mo_auth_show_error_message();
4294
-
4295
- }
4296
- }
4297
- else if ( $selected_2FA_method == 'OTP Over SMS' || $selected_2FA_method == 'OTP Over Email') {
4298
-
4299
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
4300
- $check = 1;
4301
- if($selected_2FA_method == 'OTP Over Email')
4302
- {
4303
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4304
- if(MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option')<=0)
4305
- {
4306
- update_site_option("bGltaXRSZWFjaGVk",1);
4307
- $check = 0;
4308
-
4309
- }
4310
-
4311
- }
4312
-
4313
- if($check == 1)
4314
- $response = json_decode( $customer->send_otp_token( $phone, $selected_2FA_method_server, $customer_key, $api_key ), true );
4315
- else
4316
- $response['status'] = 'FAILED';
4317
- if ( strcasecmp( $response['status'], 'SUCCESS' ) == 0 ) {
4318
- if($selected_2FA_method == 'OTP Over Email')
4319
- {
4320
- $cmVtYWluaW5nT1RQ = MoWpnsUtility::get_mo2f_db_option('cmVtYWluaW5nT1RQ', 'site_option');
4321
- if($cmVtYWluaW5nT1RQ>0)
4322
- update_site_option("cmVtYWluaW5nT1RQ",$cmVtYWluaW5nT1RQ-1);
4323
- }
4324
- else if($selected_2FA_method == 'OTP Over SMS')
4325
- {
4326
- $mo2f_sms = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z');
4327
- if($mo2f_sms>0)
4328
- update_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z',$mo2f_sms-1);
4329
-
4330
- }
4331
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "OTP_SENT" ) . ' <b>' . ( $phone ) . '</b>. ' . Mo2fConstants:: langTranslate( "ENTER_OTP" ) );
4332
- update_option( 'mo2f_number_of_transactions', MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option') - 1 );
4333
- update_user_meta($user->ID, 'mo2f_transactionId', $response['txId']);
4334
- update_option( 'mo2f_transactionId', $response['txId'] );
4335
- $this->mo_auth_show_success_message();
4336
-
4337
- } else {
4338
- if(!MO2F_IS_ONPREM or $selected_2FA_method == 'OTP Over SMS')
4339
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP" ) );
4340
- else
4341
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_IN_SENDING_OTP_ONPREM" ) );
4342
-
4343
- $this->mo_auth_show_error_message();
4344
-
4345
- }
4346
- } else if ( $selected_2FA_method == 'miniOrange QR Code Authentication' ) {
4347
- $response = json_decode( $customer->send_otp_token( $email, $selected_2FA_method_server, $customer_key, $api_key ), true );
4348
-
4349
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate Qr code */
4350
-
4351
- if ( $response['status'] == 'ERROR' ) {
4352
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4353
- $this->mo_auth_show_error_message();
4354
-
4355
- } else {
4356
- if ( $response['status'] == 'SUCCESS' ) {
4357
- update_user_meta($user->ID, 'mo2f_qrCode', $response['qrCode']);
4358
- update_user_meta($user->ID, 'mo2f_transactionId', $response['txId']);
4359
- update_user_meta($user->ID, 'mo2f_show_qr_code', 'MO_2_FACTOR_SHOW_QR_CODE');
4360
-
4361
-
4362
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "SCAN_QR_CODE" ) );
4363
- $this->mo_auth_show_success_message();
4364
-
4365
- } else {
4366
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4367
- $this->mo_auth_show_error_message();
4368
-
4369
- }
4370
- }
4371
- } else {
4372
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4373
- $this->mo_auth_show_error_message();
4374
-
4375
- }
4376
- } else if ( $selected_2FA_method == 'Email Verification' ) {
4377
- $this->miniorange_email_verification_call( $user );
4378
- }
4379
- else if($selected_2FA_method == 'Duo Authenticator'){
4380
-
4381
- }
4382
-
4383
-
4384
- update_user_meta( $user->ID, 'mo2f_2FA_method_to_test', $selected_2FA_method );
4385
- }
4386
-
4387
- }else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_go_back' ) {
4388
- $nonce = $_POST['mo2f_go_back_nonce'];
4389
-
4390
- if ( ! wp_verify_nonce( $nonce, 'mo2f-go-back-nonce' ) ) {
4391
- $error = new WP_Error();
4392
- $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
4393
-
4394
- return $error;
4395
- } else {
4396
- $session_variables = array(
4397
- 'mo2f_qrCode',
4398
- 'mo2f_transactionId',
4399
- 'mo2f_show_qr_code',
4400
- 'user_phone',
4401
- 'mo2f_google_auth',
4402
- 'mo2f_mobile_support',
4403
- 'mo2f_authy_keys'
4404
- );
4405
- MO2f_Utility::unset_session_variables( $session_variables );
4406
- delete_option( 'mo2f_transactionId' );
4407
- delete_option( 'user_phone_temp' );
4408
-
4409
- delete_user_meta( $user->ID, 'test_2FA' );
4410
- delete_user_meta( $user->ID, 'configure_2FA' );
4411
-
4412
- }
4413
- }
4414
- else if(isset($_POST['option']) && $_POST['option'] == 'mo2f_reset_duo_configuration'){
4415
- $nonce = sanitize_text_field($_POST['mo2f_duo_reset_configuration_nonce']);
4416
- if ( ! wp_verify_nonce( $nonce, 'mo2f-duo-reset-configuration-nonce' ) ) {
4417
- $error = new WP_Error();
4418
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
4419
- return $error;
4420
- }else{
4421
- delete_site_option('duo_credentials_save_successfully');
4422
- delete_user_meta($user->ID,'user_not_enroll');
4423
- delete_site_option('mo2f_d_integration_key');
4424
- delete_site_option('mo2f_d_secret_key');
4425
- delete_site_option('mo2f_d_api_hostname');
4426
- update_option( 'mo2f_message', Mo2fConstants::langTranslate("RESET_DUO_CONFIGURATON"));
4427
- $this->mo_auth_show_success_message();
4428
- }
4429
- }
4430
-
4431
- else if ( isset( $_POST['option'] ) && $_POST['option'] == 'mo2f_2factor_generate_backup_codes' ) {
4432
- $nonce = sanitize_text_field($_POST['mo_2factor_generate_backup_codes_nonce']);
4433
- if ( ! wp_verify_nonce( $nonce, 'mo-2factor-generate-backup-codes-nonce' ) ) {
4434
- $error = new WP_Error();
4435
- $error->add('empty_username', '<strong>'. __('ERROR','miniorange-2-factor-authentication') .'</strong>: '. __('Invalid Request.', 'miniorange-2-factor-authentication'));
4436
- return $error;
4437
- }else {
4438
- $codes = MO2f_Utility::mo2f_mail_and_download_codes();
4439
-
4440
- if($codes == 'LimitReached' || $codes == 'UserLimitReached' || $codes == 'AllUsed' || $codes == 'invalid_request'){
4441
- $id = get_current_user_id();
4442
- update_user_meta($id, 'mo_backup_code_generated', 1);
4443
- update_user_meta($id, 'mo_backup_code_downloaded', 1);
4444
- if($codes == 'AllUsed'){
4445
- update_option( 'mo2f_message', Mo2fConstants::langTranslate("USED_ALL_BACKUP_CODES"));
4446
- }else if($codes == 'LimitReached'){
4447
- update_option( 'mo2f_message', Mo2fConstants::langTranslate("BACKUP_CODE_LIMIT_REACH"));
4448
- }else if($codes == 'UserLimitReached'){
4449
- update_option( 'mo2f_message', Mo2fConstants::langTranslate("BACKUP_CODE_DOMAIN_LIMIT_REACH"));
4450
- }else if($codes == 'invalid_request'){
4451
- update_user_meta($id, 'mo_backup_code_generated', 0);
4452
- update_user_meta($id, 'mo_backup_code_downloaded', 0);
4453
- update_option( 'mo2f_message', Mo2fConstants::langTranslate("BACKUP_CODE_INVALID_REQUEST"));
4454
- }
4455
- $this->mo_auth_show_error_message();
4456
- }
4457
- }
4458
- }
4459
-
4460
- }
4461
-
4462
- function mo_auth_deactivate() {
4463
- global $Mo2fdbQueries;
4464
- $mo2f_register_with_another_email = get_option( 'mo2f_register_with_another_email' );
4465
- $is_EC = ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ? 1 : 0;
4466
- $is_NNC = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') && MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option') ? 1 : 0;
4467
-
4468
- if ( $mo2f_register_with_another_email || $is_EC || $is_NNC ) {
4469
- update_option( 'mo2f_register_with_another_email', 0 );
4470
- $users = get_users( array() );
4471
- $this->mo2f_delete_user_details( $users );
4472
- $url = admin_url( 'plugins.php' );
4473
- wp_redirect( $url );
4474
- }
4475
- }
4476
-
4477
- function mo2f_delete_user_details( $users ) {
4478
- global $Mo2fdbQueries;
4479
- foreach ( $users as $user ) {
4480
- $Mo2fdbQueries->delete_user_details( $user->ID );
4481
- delete_user_meta( $user->ID, 'phone_verification_status' );
4482
- delete_user_meta( $user->ID, 'test_2FA' );
4483
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_configure' );
4484
- delete_user_meta( $user->ID, 'configure_2FA' );
4485
- delete_user_meta( $user->ID, 'mo2f_2FA_method_to_test' );
4486
- delete_user_meta( $user->ID, 'mo2f_phone' );
4487
- delete_user_meta( $user->ID, 'register_account_popup' );
4488
- }
4489
-
4490
- }
4491
- function mo2f_show_email_page($email )
4492
- {
4493
- ?>
4494
- <div id="EnterEmailCloudVerification" class="modal">
4495
- <!-- Modal content -->
4496
- <div class="modal-content">
4497
- <div class="modal-header">
4498
- <h3 class="modal-title" style="text-align: center; font-size: 20px; color: #2271b1">Email Address for miniOrange</h3><span id="closeEnterEmailCloud" class="modal-span-close">X</span>
4499
- </div>
4500
- <div class="modal-body" style="height: auto">
4501
- <h2><i>Enter your Email:&nbsp;&nbsp;&nbsp; <input type ='email' id='emailEnteredCloud' name='emailEnteredCloud' size= '40' required value="<?php echo $email;?>"/></i></h2>
4502
- </div>
4503
- <div class="modal-footer">
4504
- <button type="button" class="button button-primary button-large modal-button" id="save_entered_email_cloud">Save</button>
4505
- </div>
4506
- </div>
4507
- </div>
4508
-
4509
-
4510
- <script type="text/javascript">
4511
-
4512
- jQuery('#EnterEmailCloudVerification').css('display', 'block');
4513
-
4514
- jQuery('#closeEnterEmailCloud').click(function(){
4515
- jQuery('#EnterEmailCloudVerification').css('display', 'none');
4516
-
4517
- });
4518
-
4519
-
4520
- </script>
4521
-
4522
- <?php
4523
-
4524
-
4525
- }
4526
-
4527
- function mo2f_delete_mo_options() {
4528
- delete_option( 'mo2f_email' );
4529
- delete_option( 'mo2f_dbversion' );
4530
- delete_option( 'mo2f_host_name' );
4531
- delete_option( 'user_phone' );
4532
- delete_option( 'mo2f_miniorange_admin');
4533
- //delete_option( 'mo2f_customerKey' );
4534
- delete_option( 'mo2f_api_key' );
4535
- delete_option( 'mo2f_customer_token' );
4536
- delete_option( 'mo_2factor_admin_registration_status' );
4537
- delete_option( 'mo2f_number_of_transactions' );
4538
- delete_option( 'mo2f_set_transactions' );
4539
- delete_option( 'mo2f_show_sms_transaction_message' );
4540
- delete_option( 'mo_app_password' );
4541
- delete_option( 'mo2f_login_option' );
4542
- delete_option( 'mo2f_remember_device' );
4543
- delete_option( 'mo2f_enable_forgotphone' );
4544
- delete_option( 'mo2f_enable_login_with_2nd_factor' );
4545
- delete_option( 'mo2f_enable_xmlrpc' );
4546
- delete_option( 'mo2f_register_with_another_email' );
4547
- delete_option( 'mo2f_proxy_host' );
4548
- delete_option( 'mo2f_port_number' );
4549
- delete_option( 'mo2f_proxy_username' );
4550
- delete_option( 'mo2f_proxy_password' );
4551
- delete_option( 'mo2f_customer_selected_plan' );
4552
- delete_option( 'mo2f_ns_whitelist_ip' );
4553
- delete_option( 'mo2f_enable_brute_force' );
4554
- delete_option( 'mo2f_show_remaining_attempts' );
4555
- delete_option( 'mo2f_ns_blocked_ip' );
4556
- delete_option( 'mo2f_allwed_login_attempts' );
4557
- delete_option( 'mo2f_time_of_blocking_type' );
4558
- delete_option( 'mo2f_network_features' );
4559
-
4560
- }
4561
-
4562
- function mo_auth_show_success_message() {
4563
- do_action('wpns_show_message', get_option( 'mo2f_message' ), 'SUCCESS');
4564
- }
4565
-
4566
- function mo2f_create_customer( $user ) {
4567
- global $Mo2fdbQueries;
4568
- delete_user_meta( $user->ID, 'mo2f_sms_otp_count' );
4569
- delete_user_meta( $user->ID, 'mo2f_email_otp_count' );
4570
- $customer = new Customer_Setup();
4571
- $customerKey = json_decode( $customer->create_customer(), true );
4572
-
4573
- if ( $customerKey['status'] == 'ERROR' ) {
4574
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $customerKey['message'] ) );
4575
- $this->mo_auth_show_error_message();
4576
- } else {
4577
- if ( strcasecmp( $customerKey['status'], 'CUSTOMER_USERNAME_ALREADY_EXISTS' ) == 0 ) { //admin already exists in miniOrange
4578
- $content = $customer->get_customer_key();
4579
- $customerKey = json_decode( $content, true );
4580
-
4581
- if ( json_last_error() == JSON_ERROR_NONE ) {
4582
- if ( array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
4583
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
4584
- $this->mo_auth_show_error_message();
4585
- } else {
4586
- if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
4587
- update_option( 'mo2f_customerKey', $customerKey['id'] );
4588
- update_option( 'mo2f_api_key', $customerKey['apiKey'] );
4589
- update_option( 'mo2f_customer_token', $customerKey['token'] );
4590
- update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
4591
- update_option( 'mo2f_miniorange_admin', $user->ID );
4592
- delete_option( 'mo2f_password' );
4593
- $email = get_option( 'mo2f_email' );
4594
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4595
- 'mo2f_EmailVerification_config_status' => true,
4596
- 'user_registration_with_miniorange' => 'SUCCESS',
4597
- 'mo2f_user_email' => $email,
4598
- 'mo_2factor_user_registration_status' =>'MO_2_FACTOR_PLUGIN_SETTINGS'
4599
- ) );
4600
-
4601
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
4602
- $enduser = new Two_Factor_Setup();
4603
- $enduser->mo2f_update_userinfo( $email, 'OUT OF BAND EMAIL', null, 'API_2FA', true );
4604
-
4605
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_RETRIEVED_SUCCESSFULLY" ) . ' <b>' . Mo2fConstants:: langTranslate( "EMAIL_VERFI" ) . '</b> ' . Mo2fConstants:: langTranslate( "DEFAULT_2ND_FACTOR" ) . ' <a href=\"admin.php?page=miniOrange_2_factor_settings&amp;mo2f_tab=mobile_configure\" >' . Mo2fConstants:: langTranslate( "CLICK_HERE" ) . '</a> ' . Mo2fConstants:: langTranslate( "CONFIGURE_2FA" ) );
4606
- $this->mo_auth_show_success_message();
4607
- } else {
4608
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_CREATE_ACC_OTP" ) );
4609
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
4610
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
4611
- $this->mo_auth_show_error_message();
4612
- }
4613
-
4614
- }
4615
-
4616
- } else {
4617
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_EMAIL_OR_PASSWORD" ) );
4618
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_VERIFY_CUSTOMER';
4619
- update_option('mo_2factor_user_registration_status',$mo_2factor_user_registration_status);
4620
- $this->mo_auth_show_error_message();
4621
- }
4622
-
4623
-
4624
- } else {
4625
- if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
4626
- update_option( 'mo2f_customerKey', $customerKey['id'] );
4627
- update_option( 'mo2f_api_key', $customerKey['apiKey'] );
4628
- update_option( 'mo2f_customer_token', $customerKey['token'] );
4629
- update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
4630
- update_option( 'mo2f_miniorange_admin', $user->ID );
4631
- delete_option( 'mo2f_password' );
4632
-
4633
- $email = get_option( 'mo2f_email' );
4634
-
4635
- update_option( 'mo2f_is_NC', 1 );
4636
- update_option( 'mo2f_is_NNC', 1 );
4637
-
4638
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_CREATED" ) );
4639
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
4640
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4641
- 'mo2f_2factor_enable_2fa_byusers' => 1,
4642
- 'user_registration_with_miniorange' => 'SUCCESS',
4643
- 'mo2f_configured_2FA_method' => 'NONE',
4644
- 'mo2f_user_email' => $email,
4645
- 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status
4646
- ) );
4647
-
4648
- update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
4649
-
4650
- $enduser = new Two_Factor_Setup();
4651
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, 'API_2FA', true );
4652
-
4653
- $this->mo_auth_show_success_message();
4654
-
4655
- $mo2f_customer_selected_plan = get_option( 'mo2f_customer_selected_plan' );
4656
- if ( ! empty( $mo2f_customer_selected_plan ) ) {
4657
- delete_option( 'mo2f_customer_selected_plan' );
4658
- header( 'Location: admin.php?page=mo_2fa_upgrade' );
4659
- } else {
4660
- header( 'Location: admin.php?page=mo_2fa_two_fa' );
4661
- }
4662
-
4663
- } else {
4664
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_CREATE_ACC_OTP" ) );
4665
- $mo_2factor_user_registration_status = 'MO_2_FACTOR_OTP_DELIVERED_FAILURE';
4666
- $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
4667
- $this->mo_auth_show_error_message();
4668
- }
4669
-
4670
-
4671
- }
4672
- }
4673
- }
4674
-
4675
- public static function mo2f_get_GA_parameters($user){
4676
- global $Mo2fdbQueries;
4677
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4678
- $google_auth = new Miniorange_Rba_Attributes();
4679
- $gauth_name= get_option('mo2f_google_appname');
4680
- $gauth_name = $gauth_name ? $gauth_name : 'miniOrangeAu';
4681
- $google_response = json_decode( $google_auth->mo2f_google_auth_service( $email,$gauth_name ), true );
4682
- if ( json_last_error() == JSON_ERROR_NONE ) {
4683
- if ( $google_response['status'] == 'SUCCESS' ) {
4684
- $mo2f_google_auth = array();
4685
- $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
4686
- $mo2f_google_auth['ga_secret'] = $google_response['secret'];
4687
- update_user_meta($user->ID, 'mo2f_google_auth', $mo2f_google_auth);
4688
- }else {
4689
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4690
- do_action('mo_auth_show_error_message');
4691
- }
4692
- }else {
4693
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4694
- do_action('mo_auth_show_error_message');
4695
-
4696
- }
4697
- }
4698
-
4699
- function mo_auth_show_error_message() {
4700
- do_action('wpns_show_message', get_option( 'mo2f_message' ), 'ERROR');
4701
- }
4702
-
4703
- function mo2f_create_user( $user, $email ) {
4704
- global $Mo2fdbQueries;
4705
- $email = strtolower( $email );
4706
- $enduser = new Two_Factor_Setup();
4707
- $check_user = json_decode( $enduser->mo_check_user_already_exist( $email ), true );
4708
-
4709
- if ( json_last_error() == JSON_ERROR_NONE ) {
4710
- if ( $check_user['status'] == 'ERROR' ) {
4711
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $check_user['message'] ) );
4712
- $this->mo_auth_show_error_message();
4713
- } else {
4714
- if ( strcasecmp( $check_user['status'], 'USER_FOUND' ) == 0 ) {
4715
-
4716
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4717
- 'user_registration_with_miniorange' => 'SUCCESS',
4718
- 'mo2f_user_email' => $email,
4719
- 'mo2f_configured_2FA_method' => 'NONE',
4720
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
4721
- ) );
4722
-
4723
-
4724
- delete_user_meta( $user->ID, 'user_email' );
4725
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, 'API_2FA', true );
4726
- $message = Mo2fConstants:: langTranslate( "REGISTRATION_SUCCESS" );
4727
- update_option( 'mo2f_message', $message );
4728
- $this->mo_auth_show_success_message();
4729
- header( 'Location: admin.php?page=mo_2fa_two_fa' );
4730
-
4731
- } else if ( strcasecmp( $check_user['status'], 'USER_NOT_FOUND' ) == 0 ) {
4732
- $content = json_decode( $enduser->mo_create_user( $user, $email ), true );
4733
- if ( json_last_error() == JSON_ERROR_NONE ) {
4734
- if ( $content['status'] == 'ERROR' ) {
4735
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $content['message'] ) );
4736
- $this->mo_auth_show_error_message();
4737
- } else {
4738
- if ( strcasecmp( $content['status'], 'SUCCESS' ) == 0 ) {
4739
- delete_user_meta( $user->ID, 'user_email' );
4740
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4741
- 'user_registration_with_miniorange' => 'SUCCESS',
4742
- 'mo2f_user_email' => $email,
4743
- 'mo2f_configured_2FA_method' => 'NONE',
4744
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
4745
- ) );
4746
- $enduser->mo2f_update_userinfo( $email, 'NONE', null, 'API_2FA', true );
4747
- $message = Mo2fConstants:: langTranslate( "REGISTRATION_SUCCESS" );
4748
- update_option( 'mo2f_message', $message );
4749
- $this->mo_auth_show_success_message();
4750
- header( 'Location: admin.php?page=mo_2fa_two_fa' );
4751
-
4752
- } else {
4753
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4754
- $this->mo_auth_show_error_message();
4755
- }
4756
- }
4757
- } else {
4758
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4759
- $this->mo_auth_show_error_message();
4760
- }
4761
- } else {
4762
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4763
- $this->mo_auth_show_error_message();
4764
- }
4765
- }
4766
- } else {
4767
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_USER_REGISTRATION" ) );
4768
- $this->mo_auth_show_error_message();
4769
- }
4770
- }
4771
-
4772
- function mo2f_get_qr_code_for_mobile( $email, $id, $session_id = null ) {
4773
-
4774
- $registerMobile = new Two_Factor_Setup();
4775
- $content = $registerMobile->register_mobile( $email );
4776
-
4777
- $response = json_decode( $content, true );
4778
- if ( json_last_error() == JSON_ERROR_NONE ) {
4779
- if ( $response['status'] == 'ERROR' ) {
4780
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4781
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
4782
- MO2f_Utility::unset_session_variables( $session_variables );
4783
- delete_option( 'mo2f_transactionId' );
4784
- $this->mo_auth_show_error_message();
4785
-
4786
- } else {
4787
- if ( $response['status'] == 'IN_PROGRESS' ) {
4788
- update_option( 'mo2f_message', Mo2fConstants::langTranslate( "SCAN_QR_CODE" ) );
4789
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_qrCode', $response['qrCode']);
4790
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_transactionId', $response['txId']);
4791
- update_user_meta($id, 'mo2f_transactionId', $response['txId']);
4792
- MO2f_Utility::mo2f_set_transient($session_id, 'mo2f_show_qr_code', 'MO_2_FACTOR_SHOW_QR_CODE');
4793
-
4794
-
4795
- $this->mo_auth_show_success_message();
4796
- } else {
4797
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4798
- $session_variables = array( 'mo2f_qrCode', 'mo2f_transactionId', 'mo2f_show_qr_code' );
4799
- MO2f_Utility::unset_session_variables( $session_variables );
4800
- delete_option( 'mo2f_transactionId' );
4801
- $this->mo_auth_show_error_message();
4802
- }
4803
- }
4804
- }
4805
- }
4806
-
4807
- function mo2f_save_2_factor_method( $user, $mo2f_configured_2FA_method ) {
4808
- global $Mo2fdbQueries;
4809
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
4810
- $enduser = new Two_Factor_Setup();
4811
- $phone = $Mo2fdbQueries->get_user_detail( 'mo2f_user_phone', $user->ID );
4812
- $current_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_configured_2FA_method, "server" );
4813
-
4814
- $response = json_decode( $enduser->mo2f_update_userinfo( $email, $current_method, $phone, null, null ), true );
4815
- if ( json_last_error() == JSON_ERROR_NONE ) {
4816
- if ( $response['status'] == 'ERROR' ) {
4817
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4818
- $this->mo_auth_show_error_message();
4819
- } else if ( $response['status'] == 'SUCCESS' ) {
4820
- $configured_2fa_method = '';
4821
- if($mo2f_configured_2FA_method =='')
4822
- $configured_2fa_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
4823
- else
4824
- $configured_2fa_method = $mo2f_configured_2FA_method;
4825
- if ( in_array( $configured_2fa_method, array( "Google Authenticator", "Authy Authenticator" ) ) ) {
4826
- update_user_meta( $user->ID, 'mo2f_external_app_type', $configured_2fa_method );
4827
- }
4828
-
4829
- $Mo2fdbQueries->update_user_details( $user->ID, array(
4830
- 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS'
4831
- ) );
4832
- delete_user_meta( $user->ID, 'configure_2FA' );
4833
-
4834
- if($configured_2fa_method == 'OTP Over Email' or $configured_2fa_method=='OTP Over SMS')
4835
- {
4836
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA_otp" ) );
4837
- }
4838
- else
4839
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $configured_2fa_method ) . ' ' . Mo2fConstants:: langTranslate( "SET_2FA" ) );
4840
-
4841
-
4842
- $this->mo_auth_show_success_message();
4843
- } else {
4844
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4845
- $this->mo_auth_show_error_message();
4846
- }
4847
- } else {
4848
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4849
- $this->mo_auth_show_error_message();
4850
- }
4851
- }
4852
-
4853
- function miniorange_email_verification_call( $current_user ) {
4854
- global $Mo2fdbQueries,$imagePath;
4855
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
4856
-
4857
- if(MO2F_IS_ONPREM)
4858
- {
4859
-
4860
- $challengeMobile = new Customer_Setup();
4861
- $is_flow_driven_setup = ! ( get_user_meta( $current_user->ID, 'current_modal', true ) ) ? 0 : 1;
4862
-
4863
- $subject = '2-Factor Authentication(Email verification)';
4864
- $headers = array('Content-Type: text/html; charset=UTF-8');
4865
- $txid = '';
4866
- $otpToken = '';
4867
- $otpTokenD = '';
4868
- for($i=1;$i<7;$i++)
4869
- {
4870
- $otpToken .= rand(0,9);
4871
- $txid .= rand(100,999);
4872
- $otpTokenD .= rand(0,9);
4873
- }
4874
- $otpTokenH = hash('sha512',$otpToken);
4875
- $otpTokenDH = hash('sha512', $otpTokenD);
4876
-
4877
-
4878
- update_user_meta($current_user->ID, 'mo2f_transactionId', $txid);
4879
- update_user_meta($current_user->ID, 'otpToken', $otpToken);
4880
-
4881
-
4882
- $userID = hash('sha512',$current_user->ID);
4883
- update_site_option($userID,$otpTokenH);
4884
- update_site_option($txid,3);
4885
- $userIDd = $userID . 'D';
4886
- update_site_option($userIDd,$otpTokenDH);
4887
- $url = get_site_option('siteurl').'/wp-login.php?'; //login page can change
4888
- $message = '<table cellpadding="25" style="margin:0px auto">
4889
- <tbody>
4890
- <td>
4891
- <td>
4892
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
4893
- <tbody>
4894
- <td>
4895
- <td><img src="'.$imagePath.'includes/images/xecurify-logo.png" alt="Xecurify" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
4896
- </tr>
4897
- </tbody>
4898
- </table>
4899
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
4900
- <tbody>
4901
- <td>
4902
- <td>
4903
- <p style="margin-top:0;margin-bottom:20px">Dear Customers,</p>
4904
- <p style="margin-top:0;margin-bottom:10px">You initiated a transaction <b>WordPress 2 Factor Authentication Plugin</b>:</p>
4905
- <p style="margin-top:0;margin-bottom:10px">To accept, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Accept Transaction</a></p>
4906
- <p style="margin-top:0;margin-bottom:10px">To deny, <a href="'.$url.'userID='.$userID.'&amp;accessToken='.$otpTokenDH.'&amp;secondFactorAuthType=OUT+OF+BAND+EMAIL&amp;Txid='.$txid.'&amp;user='.$email.'" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://login.xecurify.com/moas/rest/validate-otp?customerKey%3D182589%26otpToken%3D735705%26secondFactorAuthType%3DOUT%2BOF%2BBAND%2BEMAIL%26user%3D'.$email.'&amp;source=gmail&amp;ust=1569905139580000&amp;usg=AFQjCNExKCcqZucdgRm9-0m360FdYAIioA">Deny Transaction</a></p><div><div class="adm"><div id="q_31" class="ajR h4" data-tooltip="Hide expanded content" aria-label="Hide expanded content" aria-expanded="true"><div class="ajT"></div></div></div><div class="im">
4907
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
4908
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
4909
- </div></div></td>
4910
- </tr>
4911
- </tbody>
4912
- </table>
4913
- </td>
4914
- </tr>
4915
- </tbody>
4916
- </table>';
4917
- $result = wp_mail($email,$subject,$message,$headers);
4918
- if($result){
4919
- $time = "time".$txid;
4920
- $currentTimeInMillis = round(microtime(true) * 1000);
4921
- update_site_option($time,$currentTimeInMillis);
4922
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
4923
-
4924
- }else{
4925
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("ERROR_DURING_PROCESS_EMAIL"));
4926
- $this->mo_auth_show_error_message();
4927
- }
4928
-
4929
- }
4930
- else
4931
- {
4932
- global $Mo2fdbQueries;
4933
- $challengeMobile = new Customer_Setup();
4934
- $email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $current_user->ID );
4935
- $content = $challengeMobile->send_otp_token( $email, 'OUT OF BAND EMAIL', $this->defaultCustomerKey, $this->defaultApiKey );
4936
- $response = json_decode( $content, true );
4937
- if ( json_last_error() == JSON_ERROR_NONE ) { /* Generate out of band email */
4938
- if ( $response['status'] == 'ERROR' ) {
4939
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $response['message'] ) );
4940
- $this->mo_auth_show_error_message();
4941
- } else {
4942
- if ( $response['status'] == 'SUCCESS' ) {
4943
- update_user_meta($current_user->ID, 'mo2f_transactionId', $response['txId']);
4944
-
4945
-
4946
- update_option( 'mo2f_transactionId', $response['txId'] );
4947
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "VERIFICATION_EMAIL_SENT" ) . '<b> ' . $email . '</b>. ' . Mo2fConstants:: langTranslate( "ACCEPT_LINK_TO_VERIFY_EMAIL" ) );
4948
- $this->mo_auth_show_success_message();
4949
- } else {
4950
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ERROR_DURING_PROCESS" ) );
4951
- $this->mo_auth_show_error_message();
4952
- }
4953
- }
4954
- } else {
4955
- update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_REQ" ) );
4956
- $this->mo_auth_show_error_message();
4957
- }
4958
- }
4959
- }
4960
- static function low_otp_alert( $auth_type) {
4961
- global $Mo2fdbQueries,$imagePath;
4962
- $email = get_option('mo2f_email')?get_option('mo2f_email'):get_option('admin_email');
4963
- if(MO2F_IS_ONPREM)
4964
- {
4965
- $count=0;
4966
- if($auth_type =="email"){
4967
- $subject = 'Two Factor Authentication(Low Email Alert)';
4968
- $count = get_site_option('cmVtYWluaW5nT1RQ')-1; //database value is updated after function call
4969
- $string = 'Email';
4970
- }
4971
- else if($auth_type =="sms"){
4972
- $subject = 'Two Factor Authentication(Low SMS Alert)';
4973
- $count = get_site_option('cmVtYWluaW5nT1RQVHJhbnNhY3Rpb25z')-1; //database value is updated after function call
4974
- $string = 'SMS';
4975
- }
4976
- $admin_url = network_site_url();
4977
- $url = explode('/wp-admin/admin.php?page=mo_2fa_upgrade', $admin_url);
4978
- $headers = array('Content-Type: text/html; charset=UTF-8');
4979
- $headers[] = 'Cc: 2fasupport <2fasupport@xecurify.com>';
4980
- $message = '<table cellpadding="25" style="margin:0px auto">
4981
- <tbody>
4982
- <td>
4983
- <td>
4984
- <table cellpadding="24" width="584px" style="margin:0 auto;max-width:584px;background-color:#f6f4f4;border:1px solid #a8adad">
4985
- <tbody>
4986
- <td>
4987
- <td><img src="'.$imagePath.'includes/images/xecurify-logo.png" alt="Xecurify" style="color:#5fb336;text-decoration:none;display:block;width:auto;height:auto;max-height:35px" class="CToWUd"></td>
4988
- </tr>
4989
- </tbody>
4990
- </table>
4991
- <table cellpadding="24" style="background:#fff;border:1px solid #a8adad;width:584px;border-top:none;color:#4d4b48;font-family:Arial,Helvetica,sans-serif;font-size:13px;line-height:18px">
4992
- <tbody>
4993
- <td>
4994
- <td>
4995
- <p style="margin-top:0;margin-bottom:20px">Dear Customer,</p>
4996
- <p style="margin-top:0;margin-bottom:20px"> You are going to exhaust all your '.$string.'. You have only <b>'.$count.'</b> '.$string.' remaining. You can recharge or add '.$string.' to your account: <a href='.MoWpnsConstants::rechargeLink.'>Recharge</a></p>
4997
- <p style="margin-top:0;margin-bottom:10px">After Recharge you can continue using your current plan. To know more about our plans you can also visit our site: <a href='.$url[0].'/wp-admin/admin.php?page=mo_2fa_upgrade>2FA Plans</a>.</p>
4998
- <p style="margin-top:0;margin-bottom:10px">If you do not wish to recharge, we advise you to <a href='.$url[0].'/wp-admin/admin.php?page=mo_2fa_two_fa>change the 2FA method</a> before you have no '.$string.' left. In case you get locked out, please use this guide to gain access: <a href='.MoWpnsConstants::OnPremiseLockedOut.'>Guide link</a></p>
4999
- <p style="margin-top:0;margin-bottom:20px">For more information, you can contact us directly at 2fasupport@xecurify.com.</p>
5000
- <p style="margin-top:0;margin-bottom:15px">Thank you,<br>miniOrange Team</p>
5001
- <p style="margin-top:0;margin-bottom:0px;font-size:11px">Disclaimer: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.</p>
5002
- </div></div></td>
5003
- </tr>
5004
- </tbody>
5005
- </table>
5006
- </td>
5007
- </tr>
5008
- </tbody>
5009
- </table>';
5010
- $result = wp_mail($email,$subject,$message,$headers);
5011
- if($result){
5012
- $currentTimeInMillis = round(microtime(true) * 1000);
5013
- update_site_option( 'mo2f_message', Mo2fConstants::langTranslate("VERIFICATION_EMAIL_SENT") .'<b> ' . $email . '</b>. ' . Mo2fConstants::langTranslate("ACCEPT_LINK_TO_VERIFY_EMAIL"));
5014
-
5015
- }
5016
-
5017
- }
5018
-
5019
- }
5020
- function mo_auth_activate() {
5021
- error_log(' miniOrange Two Factor Plugin Activated');
5022
-
5023
- $get_encryption_key = MO2f_Utility::random_str(16);
5024
- update_option('mo2f_encryption_key',$get_encryption_key);
5025
-
5026
- if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
5027
- update_option( 'mo2f_is_NC', 0 );
5028
- } else {
5029
- update_option( 'mo2f_is_NC', 1 );
5030
- update_option( 'mo2f_is_NNC', 1 );
5031
- }
5032
-
5033
- do_action('mo2f_network_create_db');
5034
-
5035
- update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
5036
- update_option('mo2f_data_storage',null);
5037
- global $Mo2fdbQueries;
5038
- $Mo2fdbQueries->mo_plugin_activate();
5039
-
5040
-
5041
- }
5042
-
5043
- function mo_get_2fa_shorcode( $atts ) {
5044
- if ( ! is_user_logged_in() && mo2f_is_customer_registered() ) {
5045
- $mo2f_shorcode = new MO2F_ShortCode();
5046
- $html = $mo2f_shorcode->mo2FAFormShortCode( $atts );
5047
-
5048
- return $html;
5049
- }
5050
- }
5051
-
5052
- function mo_get_login_form_shortcode( $atts ) {
5053
- if ( ! is_user_logged_in() && mo2f_is_customer_registered() ) {
5054
- $mo2f_shorcode = new MO2F_ShortCode();
5055
- $html = $mo2f_shorcode->mo2FALoginFormShortCode( $atts );
5056
-
5057
- return $html;
5058
- }
5059
- }
5060
- }
5061
-
5062
- function mo2f_is_customer_registered() {
5063
- $email = get_option( 'mo2f_email' );
5064
- $customerKey = get_option( 'mo2f_customerKey' );
5065
- if ( ! $email || ! $customerKey || ! is_numeric( trim( $customerKey ) ) ) {
5066
- return 0;
5067
- } else {
5068
- return 1;
5069
- }
5070
- }
5071
- new Miniorange_Authentication;
1
+ <?php
2
+ include 'two_fa_pass2login.php';
3
+ include_once 'two_fa_get_details.php';
4
+ include dirname(dirname(dirname(__FILE__))).DIRECTORY_SEPARATOR.'views'.DIRECTORY_SEPARATOR.'twofa'.DIRECTORY_SEPARATOR.'two_fa_setup_notification.php';
5
+ include 'class_miniorange_2fa_strong_password.php';
6
+
7
+ class Miniorange_Authentication {
8
+
9
+ private $defaultCustomerKey = "16555";
10
+ private $defaultApiKey = "fFd2XcvTGDemZvbw1bcUesNJWEqKbbUq";
11
+
12
+ function __construct() {
13
+ add_action( 'admin_init', array( $this, 'miniorange_auth_save_settings' ) );
14
+ add_action( 'plugins_loaded', array( $this, 'mo2f_update_db_check' ) );
15
+
16
+ global $wp_roles;
17
+ if ( ! isset( $wp_roles ) ) {
18
+ $wp_roles = new WP_Roles();
19
+ }
20
+
21
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option') == 1 ) {
22
+ $mo2f_rba_attributes = new Miniorange_Rba_Attributes();
23
+ $pass2fa_login = new Miniorange_Password_2Factor_Login();
24
+ $mo2f_2factor_setup = new Two_Factor_Setup();
25
+ add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
26
+ //for shortcode addon
27
+ $mo2f_ns_config = new MoWpnsUtility();
28
+ add_action( 'login_form', array( $pass2fa_login, 'mo_2_factor_pass2login_show_wp_login_form' ),10 );
29
+
30
+ //strong password file
31
+ $mo2f_strong_password = new class_miniorange_2fa_strong_password();
32
+
33
+ if($mo2f_ns_config->hasLoginCookie())
34
+ {
35
+ add_action('user_profile_update_errors', array( $mo2f_strong_password, 'validatePassword'), 0, 3 );
36
+ add_action( 'woocommerce_save_account_details_errors', array( $mo2f_strong_password, 'woocommerce_password_edit_account' ),1,2 );
37
+ }
38
+ add_filter( 'woocommerce_process_registration_errors', array($mo2f_strong_password,'woocommerce_password_protection'),1,4);
39
+ add_filter( 'woocommerce_registration_errors', array($mo2f_strong_password,'woocommerce_password_registration_protection'),1,3);
40
+ add_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', [ $this, 'disable_admin_bar' ] );
41
+
42
+ add_filter( 'mo2f_shortcode_rba_gauth', array( $mo2f_rba_attributes, 'mo2f_validate_google_auth' ), 10, 3 );
43
+ add_filter( 'mo2f_shortcode_kba', array( $mo2f_2factor_setup, 'register_kba_details' ), 10, 7 );
44
+ add_filter( 'mo2f_update_info', array( $mo2f_2factor_setup, 'mo2f_update_userinfo' ), 10, 5 );
45
+ add_action( 'mo2f_shortcode_form_fields', array(
46
+ $pass2fa_login,
47
+ 'miniorange_pass2login_form_fields'
48
+ ), 10, 5 );
49
+
50
+ add_action( 'delete_user', array( $this, 'mo2f_delete_user' ) );
51
+
52
+ add_filter( 'mo2f_gauth_service', array( $mo2f_rba_attributes, 'mo2f_google_auth_service' ), 10, 1 );
53
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_login_option', 'get_option') ) { //password + 2nd factor enabled
54
+ if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
55
+
56
+ remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
57
+
58
+ add_filter( 'authenticate', array( $pass2fa_login, 'mo2f_check_username_password' ), 99999, 4 );
59
+ add_action( 'init', array( $pass2fa_login, 'miniorange_pass2login_redirect' ) );
60
+ add_action( 'login_form', array(
61
+ $pass2fa_login,
62
+ 'mo_2_factor_pass2login_show_wp_login_form'
63
+ ), 10 );
64
+
65
+ if ( get_option( 'mo2f_remember_device' ) ) {
66
+ add_action( 'login_footer', array( $pass2fa_login, 'miniorange_pass2login_footer_form' ) );
67
+ add_action( 'woocommerce_before_customer_login_form', array(
68
+ $pass2fa_login,
69
+ 'miniorange_pass2login_footer_form'
70
+ ) );
71
+ }
72
+ add_action( 'login_enqueue_scripts', array(
73
+ $pass2fa_login,
74
+ 'mo_2_factor_enable_jquery_default_login'
75
+ ) );
76
+
77
+ if(get_site_option('mo2f_woocommerce_login_prompt')){
78
+ add_action( 'woocommerce_login_form', array(
79
+ $pass2fa_login,
80
+ 'mo_2_factor_pass2login_show_wp_login_form'
81
+ ) );
82
+ }
83
+ else if(!get_site_option('mo2f_woocommerce_login_prompt') && MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_prompt_on_login_page', 'site_option') ) {
84
+ add_action('woocommerce_login_form_end' ,array(
85
+ $pass2fa_login,
86
+ 'mo_2_factor_pass2login_woocommerce'
87
+ ) );
88
+ }
89
+ add_action( 'wp_enqueue_scripts', array(
90
+ $pass2fa_login,
91
+ 'mo_2_factor_enable_jquery_default_login'
92
+ ) );
93
+
94
+ //Actions for other plugins to use miniOrange 2FA plugin
95
+ add_action( 'miniorange_pre_authenticate_user_login', array(
96
+ $pass2fa_login,
97
+ 'mo2f_check_username_password'
98
+ ), 1, 4 );
99
+ add_action( 'miniorange_post_authenticate_user_login', array(
100
+ $pass2fa_login,
101
+ 'miniorange_initiate_2nd_factor'
102
+ ), 1, 3 );
103
+ add_action( 'miniorange_collect_attributes_for_authenticated_user', array(
104
+ $pass2fa_login,
105
+ 'mo2f_collect_device_attributes_for_authenticated_user'
106
+ ), 1, 2 );
107
+
108
+ }
109
+
110
+ } else { //login with phone enabled
111
+
112
+ if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' or MO2F_IS_ONPREM) {
113
+
114
+ $mobile_login = new Miniorange_Mobile_Login();
115
+ add_action( 'login_form', array( $mobile_login, 'miniorange_login_form_fields' ), 99999,10 );
116
+ add_action( 'login_footer', array( $mobile_login, 'miniorange_login_footer_form' ) );
117
+
118
+ remove_filter( 'authenticate', 'wp_authenticate_username_password', 20 );
119
+ add_filter( 'authenticate', array( $mobile_login, 'mo2fa_default_login' ), 99999, 3 );
120
+ add_action( 'login_enqueue_scripts', array( $mobile_login, 'custom_login_enqueue_scripts' ) );
121
+ }
122
+ }
123
+ }
124
+ }
125
+
126
+ function define_global() {
127
+ global $Mo2fdbQueries;
128
+ $Mo2fdbQueries = new Mo2fDB();
129
+ }
130
+
131
+ function mo2f_delete_user($user_id){
132
+ global $Mo2fdbQueries;
133
+ delete_user_meta($user_id,'mo2f_kba_challenge');
134
+ delete_user_meta($user_id,'mo2f_2FA_method_to_configure');
135
+ delete_user_meta($user_id,'Security Questions');
136
+ delete_user_meta($user_id,'mo2f_chat_id');
137
+ $Mo2fdbQueries->delete_user_details( $user_id);
138
+ delete_user_meta($user_id,'mo2f_2FA_method_to_test');
139
+ }
140
+
141
+ function mo2f_update_db_check() {
142
+
143
+ $userid = wp_get_current_user()->ID;
144
+ add_option('mo2f_onprem_admin' , $userid );
145
+ if(is_multisite()){
146
+ add_site_option('mo2fa_superadmin',1);
147
+ }
148
+ // Deciding on On-Premise solution
149
+ $is_NC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option');
150
+ $is_NNC=MoWpnsUtility::get_mo2f_db_option('mo2f_is_NNC', 'get_option');
151
+ // Old users
152
+ if ( get_option( 'mo2f_customerKey' ) && ! $is_NC )
153
+ add_option( 'is_onprem', 0 );
154
+
155
+ //new users using cloud
156
+ if(get_option( 'mo2f_customerKey' ) && $is_NC && $is_NNC)
157
+ add_option( 'is_onprem', 0 );
158
+
159
+ if(get_option( 'mo2f_app_secret' ) && $is_NC && $is_NNC){
160
+ add_option( 'is_onprem', 0 );
161
+ }else{
162
+ add_option( 'is_onprem', 1 );
163
+
164
+ }
165
+ if(get_option('mo2f_network_features',"not_exits")=="not_exits"){
166
+ do_action('mo2f_network_create_db');
167
+ update_option('mo2f_network_features',1);
168
+ }
169
+ if(get_option('mo2f_encryption_key',"not_exits")=="not_exits"){
170
+ $get_encryption_key = MO2f_Utility::random_str(16);
171
+ update_option('mo2f_encryption_key',$get_encryption_key);
172
+
173
+ }
174
+ global $Mo2fdbQueries;
175
+ $user_id = get_option( 'mo2f_miniorange_admin' );
176
+ $current_db_version = get_option( 'mo2f_dbversion' );
177
+
178
+ if ( $current_db_version < MoWpnsConstants::DB_VERSION ) {
179
+ update_option( 'mo2f_dbversion', MoWpnsConstants::DB_VERSION );
180
+ $Mo2fdbQueries->generate_tables();
181
+
182
+ }
183
+ if(MO2F_IS_ONPREM){
184
+ $twofactordb = new Mo2fDB;
185
+ $userSync = get_site_option('mo2f_user_sync');
186
+ if($userSync<1){
187
+ update_site_option('mo2f_user_sync',1);
188
+ $twofactordb->get_all_onprem_userids();
189
+ }
190
+ }
191
+
192
+ if ( ! get_option( 'mo2f_existing_user_values_updated' ) ) {
193
+
194
+ if ( get_option( 'mo2f_customerKey' ) && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option')) {
195
+ update_option( 'mo2f_is_NC', 0 );
196
+ }
197
+
198
+ $check_if_user_column_exists = false;
199
+
200
+ if ( $user_id && ! MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') ) {
201
+ $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
202
+ if ( $does_table_exist ) {
203
+ $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
204
+ }
205
+ if ( ! $check_if_user_column_exists ) {
206
+ $Mo2fdbQueries->generate_tables();
207
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
208
+
209
+ add_option( 'mo2f_phone', get_option( 'user_phone' ) );
210
+ add_option( 'mo2f_enable_login_with_2nd_factor', get_option( 'mo2f_show_loginwith_phone' ) );
211
+ add_option( 'mo2f_remember_device', get_option( 'mo2f_deviceid_enabled' ) );
212
+ add_option( 'mo2f_transactionId', get_option( 'mo2f-login-transactionId' ) );
213
+ add_option( 'mo2f_is_NC', 0 );
214
+ $phone = get_user_meta( $user_id, 'mo2f_user_phone', true );
215
+ $user_phone = $phone ? $phone : get_user_meta( $user_id, 'mo2f_phone', true );
216
+
217
+ $Mo2fdbQueries->update_user_details( $user_id,
218
+ array(
219
+ 'mo2f_GoogleAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_google_authentication_status', true ),
220
+ 'mo2f_SecurityQuestions_config_status' => get_user_meta( $user_id, 'mo2f_kba_registration_status', true ),
221
+ 'mo2f_EmailVerification_config_status' => true,
222
+ 'mo2f_AuthyAuthenticator_config_status' => get_user_meta( $user_id, 'mo2f_authy_authentication_status', true ),
223
+ 'mo2f_user_email' => get_user_meta( $user_id, 'mo_2factor_map_id_with_email', true ),
224
+ 'mo2f_user_phone' => $user_phone,
225
+ 'user_registration_with_miniorange' => get_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange', true ),
226
+ 'mobile_registration_status' => get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ),
227
+ 'mo2f_configured_2FA_method' => get_user_meta( $user_id, 'mo2f_selected_2factor_method', true ),
228
+ 'mo_2factor_user_registration_status' => get_user_meta( $user_id, 'mo_2factor_user_registration_status', true )
229
+ ) );
230
+
231
+ if ( get_user_meta( $user_id, 'mo2f_mobile_registration_status', true ) ) {
232
+ $Mo2fdbQueries->update_user_details( $user_id,
233
+ array(
234
+ 'mo2f_miniOrangeSoftToken_config_status' => true,
235
+ 'mo2f_miniOrangeQRCodeAuthentication_config_status' => true,
236
+ 'mo2f_miniOrangePushNotification_config_status' => true
237
+ ) );
238
+ }
239
+
240
+ if ( get_user_meta( $user_id, 'mo2f_otp_registration_status', true ) ) {
241
+ $Mo2fdbQueries->update_user_details( $user_id,
242
+ array(
243
+ 'mo2f_OTPOverSMS_config_status' => true
244
+ ) );
245
+ }
246
+
247
+ $mo2f_external_app_type = get_user_meta( $user_id, 'mo2f_external_app_type', true ) == 'AUTHY 2-FACTOR AUTHENTICATION' ?
248
+ 'Authy Authenticator' : 'Google Authenticator';
249
+
250
+ update_user_meta( $user_id, 'mo2f_external_app_type', $mo2f_external_app_type );
251
+
252
+ delete_option( 'mo2f_show_loginwith_phone' );
253
+ delete_option( 'mo2f_deviceid_enabled' );
254
+ delete_option( 'mo2f-login-transactionId' );
255
+ delete_user_meta( $user_id, 'mo2f_google_authentication_status' );
256
+ delete_user_meta( $user_id, 'mo2f_kba_registration_status' );
257
+ delete_user_meta( $user_id, 'mo2f_email_verification_status' );
258
+ delete_user_meta( $user_id, 'mo2f_authy_authentication_status' );
259
+ delete_user_meta( $user_id, 'mo_2factor_map_id_with_email' );
260
+ delete_user_meta( $user_id, 'mo_2factor_user_registration_with_miniorange' );
261
+ delete_user_meta( $user_id, 'mo2f_mobile_registration_status' );
262
+ delete_user_meta( $user_id, 'mo2f_otp_registration_status' );
263
+ delete_user_meta( $user_id, 'mo2f_selected_2factor_method' );
264
+ delete_user_meta( $user_id, 'mo2f_configure_test_option' );
265
+ delete_user_meta( $user_id, 'mo_2factor_user_registration_status' );
266
+
267
+ update_option( 'mo2f_existing_user_values_updated', 1 );
268
+
269
+ }
270
+ }
271
+ }
272
+
273
+ if ( $user_id && ! get_option( 'mo2f_login_option_updated' ) ) {
274
+
275
+ $does_table_exist = $Mo2fdbQueries->check_if_table_exists();
276
+ if ( $does_table_exist ) {
277
+ $check_if_user_column_exists = $Mo2fdbQueries->check_if_user_column_exists( $user_id );
278
+ if ( $check_if_user_column_exists ) {
279
+ $selected_2FA_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user_id );
280
+
281
+ update_option( 'mo2f_login_option_updated', 1 );
282
+ }
283
+ }
284
+
285
+ }
286
+
287
+
288
+ }
289
+
290
+
291
+ function feedback_request() {
292
+ display_feedback_form();
293
+ }
294
+ public function disable_admin_bar() {
295
+
296
+ global $wp_admin_bar;
297
+ $wp_admin_bar = ''; // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
298
+ }
299
+ function get_customer_SMS_transactions() {
300
+
301
+ if ( get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' && MoWpnsUtility::get_mo2f_db_option('mo2f_show_sms_transaction_message', 'get_option') ) {
302
+ if ( ! MoWpnsUtility::get_mo2f_db_option('mo2f_set_transactions', 'get_option') ) {
303
+ $customer = new Customer_Setup();
304
+
305
+ $content = json_decode( $customer->get_customer_transactions( get_option( 'mo2f_customerKey' ), get_option( 'mo2f_api_key' ),get_site_option('mo2f_license_type') ), true );
306
+
307
+ update_option( 'mo2f_set_transactions', 1 );
308
+ if ( ! array_key_exists( 'smsRemaining', $content ) ) {
309
+ $smsRemaining = 0;
310
+ } else {
311
+ $smsRemaining = $content['smsRemaining'];
312
+
313
+ if ( $smsRemaining == null ) {
314
+ $smsRemaining = 0;
315
+ }
316
+ }
317
+ update_option( 'mo2f_number_of_transactions', $smsRemaining );
318
+ } else {
319
+ $smsRemaining = MoWpnsUtility::get_mo2f_db_option('mo2f_number_of_transactions', 'get_option');
320
+ }
321
+
322
+ $this->display_customer_transactions( $smsRemaining );
323
+ }
324
+ }
325
+
326
+ function display_customer_transactions( $content ) {
327
+ echo '<div class="is-dismissible notice notice-warning"> <form name="f" method="post" action=""><input type="hidden" name="option" value="mo_auth_sync_sms_transactions" /><p><b>' . mo2f_lt( 'miniOrange 2-Factor Plugin:' ) . '</b> ' . mo2f_lt( 'You have' ) . ' <b style="color:red">' . esc_html($content) . ' ' . mo2f_lt( 'SMS transactions' ) . ' </b>' . mo2f_lt( 'remaining' ) . '<input type="submit" name="submit" value="' . mo2f_lt( 'Check Transactions' ) . ' " class="button button-primary button-large" /></form><button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
328
+ }
329
+
330
+ function prompt_user_to_setup_two_factor() {
331
+ global $Mo2fdbQueries;
332
+ $user = wp_get_current_user();
333
+ $selected_2_Factor_method = $Mo2fdbQueries->get_user_detail( 'mo2f_configured_2FA_method', $user->ID );
334
+ if ( $selected_2_Factor_method == 'NONE' ) {
335
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option') || ( current_user_can( 'manage_options' ) && get_option( 'mo2f_miniorange_admin' ) == $user->ID ) ) {
336
+ echo '<div class="is-dismissible notice notice-warning"><p><b>' . mo2f_lt( "miniOrange 2-Factor Plugin: " ) . '</b>' . mo2f_lt( 'You have not configured your 2-factor authentication method yet.' ) .
337
+ '<a href="admin.php?page=mo_2fa_two_fa">' . mo2f_lt( ' Click here' ) . '</a>' . mo2f_lt( ' to set it up.' ) .
338
+ '<button type="button" class="notice-dismiss"><span class="screen-reader-text">' . mo2f_lt( 'Dismiss this notice.' ) . '</span></button></div>';
339
+ }
340
+ }
341
+ }
342
+
343
+
344
+ function mo_auth_success_message() {
345
+ $message = get_option( 'mo2f_message' ); ?>
346
+ <script>
347
+ jQuery(document).ready(function () {
348
+ var message = "<?php echo esc_html($message); ?>";
349
+ jQuery('#messages').append("<div style='padding:5px;'><div class='error notice is-dismissible mo2f_error_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 99999;background-color: bisque;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
350
+ });
351
+ </script>
352
+ <?php
353
+ }
354
+
355
+ function mo_auth_error_message() {
356
+ $message = get_option( 'mo2f_message' ); ?>
357
+
358
+ <script>
359
+ jQuery(document).ready(function () {
360
+ var message = "<?php echo esc_html($message); ?>";
361
+ jQuery('#messages').append("<div style='padding:5px;'><div class='updated notice is-dismissible mo2f_success_container' style='position: fixed;left: 60.4%;top: 6%;width: 37%;z-index: 9999;background-color: #bcffb4;font-weight: bold;'> <p class='mo2f_msgs'>" + message + "</p></div></div>");
362
+ });
363
+ </script>
364
+ <?php
365
+
366
+ }
367
+
368
+ function miniorange_auth_menu() {
369
+ global $user;
370
+ $user = wp_get_current_user();
371
+ $roles = $user->roles;
372
+ $miniorange_role = array_shift( $roles );
373
+
374
+ $is_plugin_activated = MoWpnsUtility::get_mo2f_db_option('mo2f_activate_plugin', 'get_option');
375
+ $is_customer_admin = get_option( 'mo2f_miniorange_admin' ) == $user->ID ? true : false;
376
+ $is_2fa_enabled_for_users = MoWpnsUtility::get_mo2f_db_option('mo2f_enable_2fa_for_users', 'get_option');
377
+ $can_current_user_manage_options = current_user_can( 'manage_options' );
378
+ $admin_registration_status = get_option( 'mo_2factor_admin_registration_status' ) == 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'
379
+ ? true : false;
380
+
381
+ if(MO2F_IS_ONPREM)
382
+ {
383
+ $can_current_user_manage_options = true; // changes by prdp
384
+ $is_customer_admin = true;
385
+ }
386
+ if ( $admin_registration_status ) {
387
+ if ( $can_current_user_manage_options && $is_customer_admin ) {
388
+ $mo2fa_hook_page = $this->hookpages();
389
+ }
390
+ } else if ( $can_current_user_manage_options ) {
391
+ $mo2fa_hook_page = $this->hookpages();
392
+ }
393
+
394
+
395
+ }
396
+
397
+ function hookpages() {
398
+ $url = explode('handler',plugin_dir_url(__FILE__));
399
+ if(get_site_option('mo2f_enable_custom_icon')!=1)
400
+ $iconurl = $url[0] . '/includes/images/miniorange_icon.png';
401
+ else
402
+ $iconurl = site_url(). '/wp-content/uploads/miniorange/plugin_icon.png';
403
+ $menu_slug = 'miniOrange_2_factor_settings';
404
+ add_menu_page( 'miniOrange 2 Factor Auth', MoWpnsUtility::get_mo2f_db_option('mo2f_custom_plugin_name', 'get_option'), 'read', $menu_slug, array($this,'mo_auth_login_options'), $iconurl );
405
+ }
406
+
407
+ function mo_auth_login_options() {
408
+ global $user;
409
+ $user = wp_get_current_user();
410
+ update_option( 'mo2f_host_name', 'https://login.xecurify.com' );
411
+ mo_2_factor_register( $user );
412
+ }
413
+
414
+ function mo_2_factor_enable_frontend_style() {
415
+ wp_enqueue_style( 'mo2f_frontend_login_style', plugins_url( 'includes/css/front_end_login.css?version='.MO2F_VERSION.'', __FILE__ ) );
416
+ wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
417
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
418
+ wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
419
+ wp_enqueue_style( 'mo2f_login_popup_style', plugins_url( "includes/css/mo2f_login_popup_ui.css?version=".MO2F_VERSION."", __FILE__ ) );
420
+ }
421
+
422
+ function plugin_settings_style( $mo2fa_hook_page ) {
423
+
424
+ if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
425
+ return;
426
+ }
427
+
428
+ wp_enqueue_style( 'mo_2_factor_admin_settings_style', plugins_url( 'includes/css/style_settings.css?version='.MO2F_VERSION.'', __FILE__ ) );
429
+ wp_enqueue_style( 'mo_2_factor_admin_settings_phone_style', plugins_url( 'includes/css/phone.css?version='.MO2F_VERSION.'', __FILE__ ) );
430
+ wp_enqueue_style( 'bootstrap_style', plugins_url( 'includes/css/bootstrap.min.css?version='.MO2F_VERSION.'', __FILE__ ) );
431
+ wp_enqueue_style( 'bootstrap_style_ass', plugins_url( 'includes/css/bootstrap-tour-standalone.css?version='.MO2F_VERSION.'', __FILE__ ) );
432
+ wp_enqueue_style( 'mo_2_factor_wpb-fa', plugins_url( 'includes/css/font-awesome.min.css', __FILE__ ) );
433
+ wp_enqueue_style( 'mo2f_ns_admin_settings_datatable_style', plugins_url('includes/css/jquery.dataTables.min.css', __FILE__));
434
+ }
435
+
436
+ function plugin_settings_script( $mo2fa_hook_page ) {
437
+ if ( 'toplevel_page_miniOrange_2_factor_settings' != $mo2fa_hook_page ) {
438
+ return;
439
+ }
440
+ wp_enqueue_script( 'jquery' );
441
+ wp_enqueue_script( 'mo_2_factor_admin_settings_phone_script', plugins_url( 'includes/js/phone.js', __FILE__ ) );
442
+ wp_enqueue_script( 'bootstrap_script', plugins_url( 'includes/js/bootstrap.min.js', __FILE__ ) );
443
+ wp_enqueue_script( 'bootstrap_script_hehe', plugins_url( 'includes/js/bootstrap-tour-standalone.min.js', __FILE__ ) );
444
+ wp_enqueue_script( 'mo2f_ns_admin_datatable_script', plugins_url('includes/js/jquery.dataTables.min.js', __FILE__ ), array('jquery'));
445
+
446
+ }
447
+ public function setup_wizard_header() {
448
+ ?>
449
+ <!DOCTYPE html>
450
+ <html <?php language_attributes(); ?>>
451
+ <head>
452
+ <meta name="viewport" content="width=device-width"/>
453
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
454
+ <title><?php esc_html_e( 'miniOrange 2-factor Setup Wizard', 'miniorange 2-factor-authentication' ); ?></title>
455
+ <?php do_action( 'admin_print_styles' ); ?>
456
+ <?php do_action( 'admin_print_scripts' ); ?>
457
+ <?php do_action( 'admin_head' ); ?>
458
+ </head>
459
+ <body class="mo2f-setup-setup-wizard">
460
+ <?php
461
+ }
462
+
463
+ /**
464
+ * Outputs the content of the current step.
465
+ *
466
+ * @since 2.6.0
467
+ */
468
+
469
+ private function settings_error_page( $id = 'mo2f-setup-vue-site-settings', $footer = '' ) {
470
+
471
+ wp_register_script('mo2f_qr_code_js',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.js", dirname(dirname(__FILE__ ))));
472
+ wp_register_script('mo2f_qr_code_minjs',plugins_url( "/includes/jquery-qrcode/jquery-qrcode.min.js", dirname(dirname(__FILE__ ))));
473
+ wp_register_script('mo2f_phone_js',plugins_url( "/includes/js/phone.js", dirname(dirname(__FILE__ ))));
474
+
475
+ wp_register_style('mo2f_phone_css',plugins_url('includes/css/phone.css', dirname(dirname(__FILE__))));
476
+ $contact_url = 'https://wordpress.org/plugins/miniorange-2-factor-authentication/';
477
+ echo '<head>';
478
+ wp_print_scripts( 'mo2f_qr_code_js' );
479
+ wp_print_scripts( 'mo2f_qr_code_minjs' );
480
+ wp_print_scripts( 'mo2f_phone_js' );
481
+ wp_print_styles( 'mo2f_phone_css' );
482
+ echo '</head>';
483
+
484
+ ?>
485
+ <style type="text/css">
486
+ #mo2f-setup-wizard-settings-area {
487
+ visibility: hidden;
488
+ animation: loadWpMOTFASettingsNoJSView 0s 2s forwards;
489
+ }
490
+
491
+ @keyframes loadWpMOTFASettingsNoJSView{
492
+ to { visibility: visible; }
493
+ }
494
+
495
+ body {
496
+ background: #F1F1F1;
497
+ font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif;
498
+ margin: 0;
499
+ }
500
+
501
+ #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header {
502
+ text-align: center;
503
+ border-top: 4px solid #E27730;
504
+ }
505
+
506
+ #mo2f-setup-wizard-settings-area .mo2f-setup-wizard-header h1 {
507
+ margin: 0;
508
+ }
509
+
510
+ #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
511
+ display: inline-block;
512
+ width: 320px;
513
+ margin-top: 10px;
514
+ padding: 0 10px;
515
+ }
516
+
517
+
518
+ #mo2f-setup-wizard-settings-area .mo2f-setup-logo img {
519
+ width: 100%;
520
+ height: 100%;
521
+ }
522
+
523
+ #mo2f-setup-settings-error-loading-area {
524
+ box-sizing: border-box;
525
+ max-width: 90%;
526
+ width: auto;
527
+ margin: 0 auto;
528
+ background: #fff;
529
+ border: 1px solid #DDDDDD;
530
+ border-radius: 6px;
531
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
532
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
533
+ padding: 20px 30px;
534
+ }
535
+ #mo2f-setup-settings-error-loading-area2 {
536
+ box-sizing: border-box;
537
+ max-width: 90%;
538
+ width: auto;
539
+ margin: 0 auto;
540
+ background: #fff;
541
+ border: 1px solid #DDDDDD;
542
+ border-radius: 6px;
543
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
544
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
545
+ padding: 20px 30px;
546
+ }
547
+ #mo2f-setup-settings-error-loading-area3 {
548
+ box-sizing: border-box;
549
+ max-width: 90%;
550
+ width: auto;
551
+ margin: 0 auto;
552
+ background: #fff;
553
+ border: 1px solid #DDDDDD;
554
+ border-radius: 6px;
555
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
556
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
557
+ padding: 20px 30px;
558
+ }
559
+ #mo2f-setup-settings-error-loading-area4 {
560
+ box-sizing: border-box;
561
+ max-width: 90%;
562
+ width: auto;
563
+ margin: 0 auto;
564
+ background: #fff;
565
+ border: 1px solid #DDDDDD;
566
+ border-radius: 6px;
567
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
568
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
569
+ padding: 20px 30px;
570
+ }
571
+ #mo2f-setup-settings-error-loading-area1 {
572
+ box-sizing: border-box;
573
+ max-width: 90%;
574
+ width: auto;
575
+ margin: 0 auto;
576
+ background: #fff;
577
+ border: 1px solid #DDDDDD;
578
+ border-radius: 6px;
579
+ webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
580
+ box-shadow: 0px 2px 5px rgba(0, 0, 0, 0.05);
581
+ padding: 20px 30px;
582
+ }
583
+ #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
584
+ text-align: center;
585
+ margin-top: 20px;
586
+ font-size: 14px;
587
+ }
588
+
589
+ #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer a {
590
+ color: #999999;
591
+ }
592
+
593
+ #mo2f-setup-error-js h3 {
594
+ font-size: 24px;
595
+ font-weight: 500;
596
+ line-height: 23px;
597
+ margin: 0 0 15px;
598
+ color: #444444;
599
+ }
600
+
601
+ #mo2f-setup-error-js p.info,
602
+ #mo2f-setup-error-js ul.info {
603
+ color: #777777;
604
+ font-size: 16px;
605
+ line-height: 23px;
606
+ margin: 0 0 10px;
607
+ }
608
+
609
+ #mo2f-setup-error-js ul.info {
610
+ margin: -10px 0 20px;
611
+ }
612
+ .mo2f-input-radios-with-icons label {
613
+ width: 90%;
614
+ height: 40px;
615
+ color: #444;
616
+ border: 1px solid #ddd;
617
+ background: #fff;
618
+ border-radius: 3px;
619
+ font-size: 16px;
620
+ display: block;
621
+ margin-bottom: 20px;
622
+ padding: 24px 9px 9px 9px;
623
+ cursor: pointer
624
+ }
625
+
626
+ .mo2f-input-radios-with-icons label:hover {
627
+ border: 1px solid #999;
628
+ -webkit-box-shadow: 0 0 0 1px #999;
629
+ box-shadow: 0 0 0 1px #999
630
+ }
631
+
632
+ .mo2f-styled-radio {
633
+ width: 32px;
634
+ height: 32px;
635
+ position: relative;
636
+ display: inline-block;
637
+ border-radius: 50%;
638
+ background-color: #e6e6e6
639
+ float: left;
640
+ margin-top: -4px;
641
+ }
642
+ .mo_wpns_table_textbox {
643
+ width:100%;
644
+ height:30px;
645
+ }
646
+
647
+ #mo2f-setup-error-js a.button {
648
+ display: inline-block;
649
+ background-color: #E27730;
650
+ color: #ffffff;
651
+ line-height: 22px;
652
+ font-size: 16px;
653
+ padding: 14px 30px;
654
+ font-weight: 500;
655
+ border-radius: 3px;
656
+ border: none;
657
+ cursor: pointer;
658
+ text-decoration: none;
659
+ margin-top: 7px;
660
+ }
661
+
662
+ #mo2f-setup-error-js a.button:hover {
663
+ background-color: #c45e1b;
664
+ }
665
+
666
+ #mo2f-setup-error-js .medium-bold {
667
+ font-weight: 500;
668
+ }
669
+
670
+ #mo2f-setup-nojs-error-message > div {
671
+ border: 1px solid #DDDDDD;
672
+ border-left: 4px solid #DC3232;
673
+ color: #777777;
674
+ font-size: 14px;
675
+ padding: 18px 18px 18px 21px;
676
+ font-weight: 300;
677
+ text-align: left;
678
+ }
679
+ table {
680
+ table-layout: fixed ;
681
+ width: 100% ;
682
+ }
683
+ td {
684
+ width: 48% ;
685
+ }
686
+ @media (min-width: 782px) {
687
+ #mo2f-setup-wizard-settings-area .mo2f-setup-logo {
688
+ margin-top: 50px;
689
+ padding: 0;
690
+ }
691
+
692
+ #mo2f-setup-settings-error-loading-area {
693
+ width: 650px;
694
+ margin-top: 40px;
695
+ padding: 52px 67px 49px;
696
+ }
697
+ #mo2f-setup-settings-error-loading-area1 {
698
+ width: 650px;
699
+ margin-top: 40px;
700
+ padding: 52px 67px 49px;
701
+ }
702
+ #mo2f-setup-settings-error-loading-area2 {
703
+ width: 650px;
704
+ margin-top: 40px;
705
+ padding: 52px 67px 49px;
706
+ }
707
+ #mo2f-setup-settings-error-loading-area3 {
708
+ width: 650px;
709
+ margin-top: 40px;
710
+ padding: 52px 67px 49px;
711
+ }
712
+ #mo2f-setup-settings-error-loading-area4 {
713
+ width: 650px;
714
+ margin-top: 40px;
715
+ padding: 52px 67px 49px;
716
+ }
717
+ .mo2f-styled-radio {
718
+ width: 32px;
719
+ height: 32px;
720
+ position: relative;
721
+ display: inline-block;
722
+ border-radius: 50%;
723
+ background-color: #e6e6e6;
724
+ float: left;
725
+ margin-top: -4px;
726
+ }
727
+
728
+ #mo2f-setup-wizard-settings-area .mo2f-setup-error-footer {
729
+ margin-top: 50px;
730
+ }
731
+
732
+ #mo2f-setup-error-js p.info {
733
+ margin: 0 0 20px;
734
+ }
735
+ .mo2f-setup-button.mo2f-setup-button-large {
736
+ line-height: 22px;
737
+ font-size: 18px;
738
+ padding: 19px 39px
739
+ }
740
+ .mo2f-setup-button.mo2f-setup-button-large {
741
+ line-height: 22px;
742
+ font-size: 18px;
743
+ padding: 19px 39px;
744
+ }
745
+ .mo2f-styled-radio-text {
746
+ margin-left: 10px
747
+ }
748
+ .mo2f-setup-button.mo2f-setup-button-main:hover {
749
+ background-color: #c45e1b;
750
+ }
751
+ .mo2f-setup-button.mo2f-setup-button-main {
752
+ background-color: #e27730;
753
+ color: #fff;
754
+ font-weight: 500;
755
+ }
756
+ .mo2f-setup-wizard-timeline {
757
+ -webkit-box-align: center;
758
+ -ms-flex-align: center;
759
+ align-items: center;
760
+ display: -webkit-box;
761
+ display: -ms-flexbox;
762
+ display: flex;
763
+ margin: 41px auto 0;
764
+ max-width: 650px;
765
+ padding: 0 20px
766
+ }
767
+
768
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line {
769
+ background: #ddd;
770
+ height: 2px;
771
+ margin: 0 6px;
772
+ width: 100%
773
+ }
774
+
775
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step-line.mo2f-setup-wizard-timeline-line-active {
776
+ background: #6aa08b
777
+ }
778
+
779
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step {
780
+ border: none;
781
+ background-color: #b6b6b6;
782
+ border-radius: 50%;
783
+ -ms-flex-negative: 0;
784
+ flex-shrink: 0;
785
+ height: 16px;
786
+ width: 16px
787
+ }
788
+
789
+ .mo2f-setup-wizard-step-footer {
790
+ display: block;
791
+ text-align: center;
792
+ min-height: 110px;
793
+ padding: 0 20px;
794
+ margin-top: 30px
795
+ }
796
+ .popup_text
797
+ {
798
+ color:black;
799
+ margin-top: 2%;
800
+ font-weight: 600;
801
+ font-size: 12px !important;
802
+ }
803
+ .overlay{
804
+ position: fixed;
805
+ top: 0;
806
+ left: 0;
807
+ right: 0;
808
+ bottom: 0;
809
+ width: 100%;
810
+ height: 100%;
811
+ background: #000;
812
+ opacity: .5;
813
+ z-index: 0;
814
+ }
815
+ .overlay_success {
816
+ width: min-content;
817
+ height: 40px;
818
+ float: left;
819
+ z-index: 1;
820
+ top: 0;
821
+ right: 0;
822
+ text-align: center;
823
+ margin-bottom: 4%
824
+ background-color:#bcffb4 !important ;
825
+ /* overflow-x: hidden; */
826
+ background: #b1ffb1;
827
+ border-left: 4px solid #46b450;
828
+ }
829
+ .overlay_error {
830
+ width: min-content;
831
+ height: min-content;
832
+ padding-bottom: 1%;
833
+ float: left;
834
+ z-index: 1;
835
+ top: 0;
836
+ right: 0;
837
+ margin-bottom: 4%;
838
+ text-align: center;
839
+ background-color:bisque !important ;
840
+ /* overflow-x: hidden; */
841
+ border-left: 4px solid red;
842
+ }
843
+
844
+ .mo2f-setup-wizard-step-footer a {
845
+ font-size: 14px;
846
+ display: block;
847
+ color: #999;
848
+ margin: 20px 0
849
+ }
850
+
851
+ .mo2f-setup-wizard-step-footer a:active,
852
+ .mo2f-setup-wizard-step-footer a:hover {
853
+ color: #777;
854
+ text-decoration: underline
855
+ }
856
+
857
+
858
+ .mo2f-button.mo2f-button-main {
859
+ background-color: #e27730;
860
+ color: #fff;
861
+ font-weight: 500;
862
+ -webkit-box-flex: 11;
863
+ -ms-flex: 11;
864
+ flex: 11;
865
+ padding: 12px 25px;
866
+ font-size: 16px;
867
+ }
868
+
869
+ .mo2f-button.mo2f-button-main:focus,
870
+ .mo2f-button.mo2f-button-main:hover {
871
+ background-color: #c45e1b
872
+ }
873
+
874
+ .mo2f-button.mo2f-button-main:disabled {
875
+ opacity: .65;
876
+ cursor: not-allowed;
877
+ background-color: #e27730;
878
+ -webkit-box-flex: 11;
879
+ -ms-flex: 11;
880
+ flex: 11;
881
+ margin-right: 30px
882
+ }
883
+
884
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step .icon {
885
+ display: none
886
+ }
887
+
888
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-active,
889
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed {
890
+ background-color: #6aa08b;
891
+ position: relative
892
+ }
893
+
894
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed {
895
+ background-color: #d83638;
896
+ position: relative
897
+ }
898
+
899
+ .mo2f-step-show{
900
+ margin: 0 0 16px;
901
+ font-size: 14px;
902
+ line-height: 18px;
903
+ color: #b6b6b6;
904
+ }
905
+ .mo2f_table_textbox {
906
+ width: 200px;
907
+ height: 20px !important;
908
+ font-size: 14px !important;
909
+ }
910
+ .mo2f_table_textbox_phone {
911
+ width: 200px;
912
+ height: 40px !important;
913
+ font-size: 14px !important;
914
+ }
915
+ .mo2f_kba_ques {
916
+ width: 394px !important;
917
+ border-radius: 4px !important;
918
+ height: 40px !important;
919
+ font-size: 14px !important;
920
+ }
921
+
922
+ .mo2f_kba_tb_data {
923
+ padding-left: 15px;
924
+ }
925
+
926
+ .mo2f_kba_table {
927
+ padding: 0 10px;
928
+ width: 100%;
929
+ }
930
+ .mo2f_kba_body {
931
+ border: hidden !important;
932
+ }
933
+
934
+
935
+ .mo2f_table_textbox_KBA {
936
+ width: 200px;
937
+ height: 40px !important;
938
+ font-size: 14px !important;
939
+ }
940
+
941
+
942
+ .mo2f_kba_header {
943
+ font-weight: bold;
944
+ }
945
+
946
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-completed .icon-success,
947
+ .mo2f-setup-wizard-timeline .mo2f-setup-wizard-timeline-step.mo2f-setup-wizard-timeline-step-failed .icon-failed {
948
+ color: #fff;
949
+ display: block;
950
+ position: absolute;
951
+ left: 3px;
952
+ top: 3px
953
+ }
954
+ .mo2f-setup-wizard-step-footer {
955
+ display: -webkit-box;
956
+ display: -ms-flexbox;
957
+ display: flex;
958
+ -webkit-box-pack: justify;
959
+ -ms-flex-pack: justify;
960
+ justify-content: space-between;
961
+ -webkit-box-align: center;
962
+ -ms-flex-align: center;
963
+ align-items: center;
964
+ padding: 0;
965
+ margin-top: 0
966
+ }
967
+ .mo2f_blur {
968
+ filter: blur(5px);
969
+ -webkit-filter: blur(5px);
970
+ -moz-filter: blur(5px);
971
+ -o-filter: blur(5px);
972
+ -ms-filter: blur(5px);
973
+ }
974
+ .mo2f_loader {
975
+ border: 16px solid #b9acac;
976
+ border-radius: 50%;
977
+ border-top: 16px solid #fb540b;
978
+ width: 50px;
979
+ height: 50px;
980
+ -webkit-animation: spin 2s linear infinite; /* Safari */
981
+ animation: spin 2s linear infinite;
982
+ position: fixed;
983
+ left: 50%;
984
+ top: 50%;
985
+ z-index: 100;
986
+ }
987
+
988
+ /* Safari */
989
+ @-webkit-keyframes spin {
990
+ 0% { -webkit-transform: rotate(0deg); }
991
+ 100% { -webkit-transform: rotate(360deg); }
992
+ }
993
+
994
+ @keyframes spin {
995
+ 0% { transform: rotate(0deg); }
996
+ 100% { transform: rotate(360deg); }
997
+ }
998
+ .mo2f-setup-wizard-step-footer-buttons {
999
+ margin-bottom: 0;
1000
+ }
1001
+ .mo2f-setup-wizard-step-footer-buttons button {
1002
+ margin-bottom: 0;
1003
+ margin-right: 15px;
1004
+ width: inherit
1005
+ }
1006
+ .miniorange_button
1007
+ {
1008
+ background:#00A0D2!important;
1009
+ border-color:#0073AA!important;
1010
+ box-shadow:0 1px 0 rgba(120,200,230,.5) inset,0 1px 0 rgba(0,0,0,.15)!important;
1011
+ color:#FFF!important;
1012
+ text-decoration:none!important;
1013
+ cursor:pointer!important;
1014
+ border-width:1px!important;
1015
+ border-style:solid!important;
1016
+ border-radius:3px!important;
1017
+ white-space:nowrap!important;
1018
+ box-sizing:border-box!important;
1019
+ line-height:28px!important;
1020
+ padding:0 12px!important;
1021
+ font-size:13px!important;
1022
+ }
1023
+
1024
+
1025
+ .mo2f_IR_phone_OTP{
1026
+ font-size:15px;
1027
+ width:150px !important;
1028
+ color:#212F3C;
1029
+ border:none;
1030
+ display:block;
1031
+ border-bottom-style: solid;
1032
+ border-width: 2px;
1033
+ border-color:#D0D3D4;
1034
+ border-radius:0px;
1035
+ outline:none;
1036
+ padding:5px;
1037
+
1038
+ }
1039
+ .mo2f-setup-wizard-step-footer-buttons button:last-child {
1040
+ margin-right: 0
1041
+ }
1042
+ a .text-with-arrow-left .icon {
1043
+ margin-right: 10px
1044
+ }
1045
+
1046
+ a .text-with-arrow {
1047
+ display: -webkit-box;
1048
+ display: -ms-flexbox;
1049
+ display: flex;
1050
+ -webkit-box-pack: center;
1051
+ -ms-flex-pack: center;
1052
+ justify-content: center
1053
+ }
1054
+
1055
+ }
1056
+ </style>
1057
+ <!--[if IE]>
1058
+ <style>
1059
+ #mo2f-setup-wizard-settings-area{
1060
+ visibility: visible !important;
1061
+ }
1062
+ </style>
1063
+
1064
+ <![endif]-->
1065
+ <div class="mo2f_loader" id="mo2f_loader" style="display: none;"></div>
1066
+
1067
+ <div id="mo2f-setup-wizard-settings-area" class="mo2f-setup-wizard-settings-area wpms-container">
1068
+ <header class="mo2f-setup-wizard-header">
1069
+ <h1 >
1070
+ <div>
1071
+ <img width="70px" height="auto" src="<?php echo plugin_dir_url(dirname(dirname(__FILE__))) . 'includes/images/miniorange_logo.png'; ?>" alt="<?php esc_attr_e( 'miniOrange 2-factor Logo', 'miniorange-2-factor-authentication' ); ?>" >
1072
+ <p> miniOrange 2-factor authentication Setup</p>
1073
+ </div>
1074
+ </h1>
1075
+ </header>
1076
+ <div id="mo2f-setup-settings-error-loading-area-container">
1077
+ <div id="mo2f-setup-settings-error-loading-area">
1078
+ <div>
1079
+ <div id="mo2f-setup-error-js">
1080
+ <p class="subtitle" style="text-align:center;" > This setup guide will take you through all the steps you need to follow to enable the two-factor authentication for your website.</p>
1081
+
1082
+ <br><br>
1083
+ <button type="button" style="text-align:center;display: flex;margin: auto;" class="mo2f-setup-button mo2f-setup-button-main mo2f-setup-button-large" id ='mo2f_get_started' target="_blank" class="button" rel="noopener noreferrer"> <?php esc_html_e("Let's Get Started", 'mo2f-setup'); ?></button>
1084
+
1085
+ <br><br>
1086
+ <div style="text-align:center;display: flex;margin: auto;flex-direction: column;">
1087
+ <a href="<?php echo esc_url( $contact_url ); ?>" target="_blank" rel="noopener noreferrer">
1088
+ <?php esc_html_e( 'Facing issues? Contact Us', 'mo2f-setup' ); ?>
1089
+ </a>
1090
+ </div>
1091
+ </div>
1092
+ </div>
1093
+ </div>
1094
+ <div class="mo2f-setup-error-footer">
1095
+ <?php echo wp_kses_post( $footer ); ?>
1096
+ </div>
1097
+ </div>
1098
+ <div id = "mo2f_methods_setup_wizard">
1099
+ <div class="mo2f-setup-wizard-timeline">
1100
+
1101
+ <div class="mo2f-setup-wizard-timeline-step mo2f-setup-wizard-timeline-step-active" id="mo2f-setup-wizard-step1"></div>
1102
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line1"></div>
1103
+ <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step2"> </div>
1104
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line2"></div>
1105
+ <div class="mo2f-setup-wizard-timeline-step"id="mo2f-setup-wizard-step3"> </div>
1106
+ <div class="mo2f-setup-wizard-timeline-step-line" id="mo2f-setup-wizard-line3"></div>
1107
+ <div class="mo2f-setup-wizard-timeline-step" id="mo2f-setup-wizard-step4"> </div>
1108
+
1109
+ </div>
1110
+ <div id="mo2f-setup-settings-error-loading-area1" style="width: 900px">
1111
+
1112
+ <p class="mo2f-step-show"> Step 1 of 4</p>
1113
+ <h3 style="text-align:center;font-size:xx-large;"> Select the Authentication method you want to configure </h3>
1114
+ <br>
1115
+ <div class="mo2f-input-radios-with-icons">
1116
+ <table>
1117
+ <tr>
1118
+ <td>
1119
+ <label title="<?php echo __('You have to enter 6 digits code generated by google Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1120
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1121
+ <span class="mo2f-styled-radio-text"> Google Authenticator</span>
1122
+ </label>
1123
+ </td>
1124
+ <td>
1125
+ <label title="<?php echo __('You will receive a one time passcode via SMS on your phone. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>">
1126
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over SMS" />
1127
+ <span class="mo2f-styled-radio-text">
1128
+ <?php echo __('OTP Over SMS (Registration required)', 'miniorange-2-factor-authentication'); ?>
1129
+ </span>
1130
+ </label></td>
1131
+ </tr>
1132
+ <tr>
1133
+ <td>
1134
+
1135
+ <label title="<?php echo __('You will receive a one time passcode on your email. You have to enter the otp on your screen to login. Supported in Smartphones, Feature Phones.', 'miniorange-2-factor-authentication'); ?>" >
1136
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Email" />
1137
+ <span class="mo2f-styled-radio-text">
1138
+ <?php echo __('OTP Over Email', 'miniorange-2-factor-authentication'); ?>
1139
+ </span>
1140
+ </label>
1141
+ </td>
1142
+
1143
+ <td>
1144
+ <label title="<?php echo __('You have to answers some knowledge based security questions which are only known to you to authenticate yourself. Supported in Desktops,Laptops,Smartphones.', 'miniorange-2-factor-authentication'); ?>" >
1145
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Security Questions" />
1146
+ <span class="mo2f-styled-radio-text">
1147
+ <?php echo __('Security Questions ( KBA )', 'miniorange-2-factor-authentication'); ?>
1148
+ </span>
1149
+ </label>
1150
+ </td>
1151
+ </tr>
1152
+ <tr>
1153
+ <td>
1154
+
1155
+ <label title="<?php echo __('You have to enter 6 digits code generated by Microsoft Authenticator App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1156
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1157
+ <span class="mo2f-styled-radio-text">
1158
+ <?php echo __('Microsoft Authenticator', 'miniorange-2-factor-authentication'); ?>
1159
+ </span>
1160
+ </label>
1161
+ </td>
1162
+ <td>
1163
+ <label title="<?php echo __('You have to enter 6 digits code generated by Authy 2-Factor Authentication App to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1164
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Google Authenticator" />
1165
+ <span class="mo2f-styled-radio-text">
1166
+ <?php echo __('Authy 2-Factor Authentication', 'miniorange-2-factor-authentication'); ?>
1167
+ </span>
1168
+ </label>
1169
+ </td></tr>
1170
+ <tr><td>
1171
+
1172
+ <label title="<?php echo __('You will receive a push notification on your phone. You have to ACCEPT or DENY it to login. Supported in Smartphones only.', 'miniorange-2-factor-authentication'); ?>">
1173
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="Duo Authenticator" />
1174
+ <span class="mo2f-styled-radio-text">
1175
+ <?php echo __('Duo Push Notification', 'miniorange-2-factor-authentication'); ?>
1176
+ </span>
1177
+ </label>
1178
+ </td>
1179
+ <td>
1180
+ <label title="<?php echo __('You will get an OTP on your TELEGRAM app from miniOrange Bot.', 'miniorange-2-factor-authentication'); ?>" >
1181
+ <input type="radio" name="mo2f_selected_2factor_method" class="mo2f-styled-radio" value="OTP Over Telegram" />
1182
+ <span class="mo2f-styled-radio-text">
1183
+ <?php echo __('OTP Over Telegram', 'miniorange-2-factor-authentication'); ?>
1184
+ </span>
1185
+ </label>
1186
+ </td>
1187
+ </table>
1188
+ </div>
1189
+
1190
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1191
+ <br />
1192
+
1193
+
1194
+ <div class="mo2f-setup-wizard-step-footer">
1195
+ <a href="#previousStep1"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1196
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1197
+ <input type="button" name="mo2f_next_step1" id="mo2f_next_step1" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1198
+
1199
+ </div>
1200
+ </div>
1201
+ </div>
1202
+
1203
+
1204
+
1205
+
1206
+
1207
+ <div id="mo2f-setup-settings-error-loading-area2" style="width: 900px; display: none;">
1208
+ <p class="mo2f-step-show"> Step 2 of 4</p>
1209
+
1210
+ <h4 style="text-align:center;font-size: xx-large;"> Register with miniOrange </h4>
1211
+
1212
+ <form name="f" id="mo2f_registration_form" method="post" action="">
1213
+ <input type="hidden" name="option" value="mo_wpns_register_customer" />
1214
+ <div class="mo2f_table_layout">
1215
+ <div style="margin-bottom:30px;">
1216
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1217
+ <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Seems like email is already registered. Please click on 'Already have an account'</p></div>
1218
+ <p> Please enter a valid email id that you have access to and select a password</p>
1219
+ <table class="mo_wpns_settings_table">
1220
+ <tr>
1221
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1222
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" type="email" id="mo2f_email" name="email"
1223
+ required placeholder="person@example.com" /></td>
1224
+ </tr>
1225
+
1226
+ <tr>
1227
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1228
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" required id= "mo2f_password" type="password"
1229
+ name="password" placeholder="Choose your password (Min. length 6)" /></td>
1230
+ </tr>
1231
+ <tr>
1232
+ <td><b><font color="#FF0000">*</font>Confirm Password:</b></td>
1233
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" id= "mo2f_confirmPassword" required type="password"
1234
+ name="confirmPassword" placeholder="Confirm your password" /></td>
1235
+ </tr>
1236
+ <tr>
1237
+ <td>&nbsp;</td>
1238
+ <td><br>
1239
+ <a href="#mo2f_account_exist">Already have an account?</a>
1240
+
1241
+ </tr>
1242
+ </table>
1243
+ </div>
1244
+ </div>
1245
+ </form>
1246
+ <form name="f" id="mo2f_login_form" style="display: none;" method="post" action="">
1247
+ <input type="hidden" name="option" value="mo_wpns_verify_customer" />
1248
+ <div class="mo2f_table_layout">
1249
+ <div style="margin-bottom:30px;">
1250
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block">
1251
+ <p class ="popup_text" id="mo2f_Error_message" style="color: red;" >Invalid Credentials</p></div>
1252
+
1253
+ <p>Please enter your miniOrange email and password. <a target="_blank" href="https://login.xecurify.com/moas/idp/resetpassword"> Click here if you forgot your password?</a></p>
1254
+ <table class="mo_wpns_settings_table">
1255
+ <tr>
1256
+ <td><b><font color="#FF0000">*</font>Email:</b></td>
1257
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" type="email" id="mo2f_email_login" name="email"
1258
+ required placeholder="person@example.com" /></td>
1259
+ </tr>
1260
+ <tr>
1261
+ <td><b><font color="#FF0000">*</font>Password:</b></td>
1262
+ <td><input style="padding: 5px;" class="mo_wpns_table_textbox" required id= "mo2f_password_login" type="password"
1263
+ name="password" placeholder="Enter your miniOrange password" /></td>
1264
+ </tr>
1265
+ <tr>
1266
+ <td>&nbsp;</td>
1267
+ <td><br>
1268
+ <a href="#mo2f_register_new_account">Go Back to Registration Page</a>
1269
+
1270
+ </tr>
1271
+
1272
+ </table>
1273
+ </div>
1274
+ </div>
1275
+ </form>
1276
+
1277
+
1278
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1279
+ <br/>
1280
+
1281
+
1282
+ <div class="mo2f-setup-wizard-step-footer">
1283
+ <a href="#previousStep2"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1284
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1285
+ <input type="button" name="mo2f_next_step2" id="mo2f_next_step2" class="mo2f-button mo2f-button-main" value="Create Account and continue" />
1286
+
1287
+ </div>
1288
+ </div>
1289
+
1290
+
1291
+ </div>
1292
+
1293
+ <div id="mo2f-setup-settings-error-loading-area3" style="width: 900px; display: none;">
1294
+ <p class="mo2f-step-show"> Step 3 of 4</p>
1295
+
1296
+ <h3 style="text-align:center;font-size: xx-large;" id="mo2f_setup_method_title"> Configure 2-factor authentication </h3>
1297
+
1298
+ <div class="overlay_success" style="width:760px; display: none;" id= "mo2f_success_block_configuration">
1299
+ <p class ="popup_text" id="mo2f_configure_success_message" >An OTP has been sent to the below email.</p>
1300
+ <br><br></div>
1301
+
1302
+ <div class="overlay_error" style="width:760px; display: none;" id= "mo2f_Error_block_configuration">
1303
+ <p class ="popup_text" id="mo2f_configure_Error_message" style="color: red;" >Invalid OTP</p>
1304
+ </div>
1305
+ <div id="mo2f_main_content"> </div>
1306
+
1307
+ <br><a href="#skiptwofactor" style="color:#F4D03F ;font-weight:bold;margin-left:45%;"><?php echo __('Skip Setup', 'miniorange-2-factor-authentication'); ?></a>
1308
+ <br/>
1309
+
1310
+
1311
+
1312
+ <div class="mo2f-setup-wizard-step-footer">
1313
+ <a href="#previousStep3"><span class="text-with-arrow text-with-arrow-left"><svg viewBox="0 0 448 512" role="img" class="icon" data-icon="long-arrow-alt-left" data-prefix="far" focusable="false" aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="16" height="18"><path xmlns="http://www.w3.org/2000/svg" fill="currentColor" d="M107.515 150.971L8.485 250c-4.686 4.686-4.686 12.284 0 16.971L107.515 366c7.56 7.56 20.485 2.206 20.485-8.485v-71.03h308c6.627 0 12-5.373 12-12v-32c0-6.627-5.373-12-12-12H128v-71.03c0-10.69-12.926-16.044-20.485-8.484z"></path></svg> Previous Step </span></a>
1314
+ <div class="mo2f-setup-wizard-step-footer-buttons">
1315
+ <input type="button" name="mo2f_next_step3" id="mo2f_next_step3" class="mo2f-button mo2f-button-main" value="Save and Continue" />
1316
+
1317
+ </div>
1318
+ </div>
1319
+
1320
+
1321
+ </div>
1322
+
1323
+ <div id="mo2f-setup-settings-error-loading-area4" style="width: 900px; display: none;">
1324
+ <p class="mo2f-step-show"> Step 4 of 4</p>
1325
+ <div style="text-align: center;">
1326
+ <h3 style="text-align:center;font-size: xx-large;"> Congratulations! </h3>
1327
+ <br>
1328
+ You have successfully configured the two-factor authentication.
1329
+ <br><br><br>
1330
+ <input type="button" name="mo2f_next_step4" id="mo2f_next_step4" class="mo2f-button mo2f-button-main" value="Advance Settings" />
1331
+
1332
+ </div>
1333
+ </div>
1334
+
1335
+ </div>
1336
+
1337
+
1338
+ </div>
1339
+ </div>
1340
+
1341
+
1342
+
1343
+ <script type="text/javascript">
1344
+
1345
+ var selected_2FA_method = '';
1346
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1347
+ for(i = 0; i < ele.length; i++) {
1348
+ if(ele[i].checked)
1349
+ selected_2FA_method = ele[i].value;
1350
+ }
1351
+ jQuery("#mo2f_setup_method_title").text(selected_2FA_method);
1352
+
1353
+ jQuery('#mo2f_next_step4').click(function(e){
1354
+ localStorage.setItem("last_tab", 'unlimittedUser_2fa');
1355
+ window.location.href = '<?php echo (admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1356
+
1357
+ });
1358
+
1359
+
1360
+ jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1361
+ jQuery("#mo2f_get_started").click(function(e){
1362
+ jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'none');
1363
+ jQuery('#mo2f_methods_setup_wizard').css('display', 'block');
1364
+
1365
+ });
1366
+
1367
+ jQuery('a[href="#previousStep3"]').click(function(e){
1368
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1369
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1370
+
1371
+ var selected_2FA_method = '';
1372
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1373
+ for(i = 0; i < ele.length; i++) {
1374
+ if(ele[i].checked)
1375
+ selected_2FA_method = ele[i].value;
1376
+ }
1377
+ if(selected_2FA_method =='OTP Over SMS')
1378
+ {
1379
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1380
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "block";
1381
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1382
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1383
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1384
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1385
+ }
1386
+ else
1387
+ {
1388
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1389
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1390
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1391
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1392
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1393
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1394
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1395
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1396
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1397
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1398
+
1399
+ }
1400
+ });
1401
+
1402
+ jQuery('a[href="#previousStep2"]').click(function(e){
1403
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1404
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "block";
1405
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1406
+ lineElement.classList.remove("mo2f-setup-wizard-timeline-line-active");
1407
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1408
+ stepElement.classList.remove("mo2f-setup-wizard-timeline-step-active");
1409
+
1410
+ });
1411
+
1412
+ jQuery('a[href="#previousStep1"]').click(function(e){
1413
+ jQuery('#mo2f-setup-settings-error-loading-area-container').css('display', 'block');
1414
+ jQuery('#mo2f_methods_setup_wizard').css('display', 'none');
1415
+
1416
+ });
1417
+
1418
+ jQuery('a[href=\"#mo2f_account_exist\"]').click(function (e) {
1419
+ document.getElementById('mo2f_registration_form').style.display = "none";
1420
+ document.getElementById('mo2f_login_form').style.display = "block";
1421
+ document.getElementById('mo2f_next_step2').value = 'Login and Continue';
1422
+ });
1423
+
1424
+ jQuery('a[href=\"#mo2f_register_new_account\"]').click(function (e) {
1425
+ document.getElementById('mo2f_registration_form').style.display = "block";
1426
+ document.getElementById('mo2f_login_form').style.display = "none";
1427
+ document.getElementById('mo2f_next_step2').value = 'Create Account and Continue';
1428
+ });
1429
+
1430
+ jQuery('#mo2f_next_step3').click(function(e){
1431
+ document.getElementById('mo2f_loader').style.display = "block";
1432
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1433
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1434
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1435
+
1436
+ var selected_2FA_method = '';
1437
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1438
+ for(i = 0; i < ele.length; i++) {
1439
+ if(ele[i].checked)
1440
+ selected_2FA_method = ele[i].value;
1441
+ }
1442
+ var data ='';
1443
+ if(selected_2FA_method == 'Google Authenticator')
1444
+ {
1445
+ data= { 'action':'mo_two_factor_ajax',
1446
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_GA_setup_wizard',
1447
+ 'mo2f_google_auth_code' : jQuery('#mo2f_google_auth_code').val(),
1448
+ 'mo2f_session_id' : jQuery('#mo2f_session_id').val()
1449
+ };
1450
+
1451
+ }
1452
+ else if (selected_2FA_method =='OTP Over SMS')
1453
+ {
1454
+ data= { 'action':'mo_two_factor_ajax',
1455
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverSMS_setup_wizard',
1456
+ 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1457
+ };
1458
+
1459
+ }
1460
+ else if(selected_2FA_method == 'OTP Over Email')
1461
+ {
1462
+ data= { 'action':'mo_two_factor_ajax',
1463
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_OTPOverEmail_setup_wizard',
1464
+ 'mo2f_otp_token' : jQuery('#mo2f_otp_token').val()
1465
+ };
1466
+
1467
+ }
1468
+ else if(selected_2FA_method == 'Security Questions')
1469
+ {
1470
+ data= { 'action':'mo_two_factor_ajax',
1471
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_verify_KBA_setup_wizard',
1472
+ 'mo2f_kbaquestion_1' : jQuery('#mo2f_kbaquestion_1').val(),
1473
+ 'mo2f_kbaquestion_2' : jQuery('#mo2f_kbaquestion_2').val(),
1474
+ 'mo2f_kbaquestion_3' : jQuery('#mo2f_kbaquestion_3').val(),
1475
+ 'mo2f_kba_ans1' : jQuery('#mo2f_kba_ans1').val(),
1476
+ 'mo2f_kba_ans2' : jQuery('#mo2f_kba_ans2').val(),
1477
+ 'mo2f_kba_ans3' : jQuery('#mo2f_kba_ans3').val()
1478
+ };
1479
+
1480
+ }
1481
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1482
+ jQuery.post(ajax_url, data, function(response){
1483
+ document.getElementById('mo2f_loader').style.display = "none";
1484
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1485
+
1486
+ if(response =='SUCCESS')
1487
+ {
1488
+ var lineElement = document.getElementById("mo2f-setup-wizard-line3");
1489
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1490
+ var stepElement = document.getElementById("mo2f-setup-wizard-step4");
1491
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1492
+ document.getElementById('mo2f-setup-settings-error-loading-area3').style.display = "none";
1493
+ jQuery('#mo2f-setup-settings-error-loading-area4').css('display','block');
1494
+
1495
+ }
1496
+ else
1497
+ {
1498
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1499
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1500
+ }
1501
+ });
1502
+
1503
+ });
1504
+
1505
+ jQuery("#mo2f_next_step2").click(function(e){
1506
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1507
+ document.getElementById('mo2f_loader').style.display = "block";
1508
+ document.getElementById('mo2f_Error_block').style.display = "none";
1509
+ document.getElementById('mo2f_next_step2').disabled = true;
1510
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1511
+ var email = jQuery("#mo2f_email").val();
1512
+ var password = jQuery("#mo2f_password").val();
1513
+ if(jQuery("#mo2f_next_step2").val() == 'Login and Continue')
1514
+ {
1515
+ email = jQuery("#mo2f_email_login").val();
1516
+ password = jQuery("#mo2f_password_login").val();
1517
+ }
1518
+ var data= { 'action':'mo_two_factor_ajax',
1519
+ 'mo_2f_two_factor_ajax' : 'mo_wpns_register_verify_customer',
1520
+ 'email': email,
1521
+ 'password':password,
1522
+ 'confirmPassword' : jQuery("#mo2f_confirmPassword").val(),
1523
+ 'Login and Continue' : jQuery("#mo2f_next_step2").val()
1524
+ };
1525
+
1526
+ jQuery.post(ajax_url, data, function(response){
1527
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1528
+
1529
+ document.getElementById('mo2f_next_step2').disabled = false;
1530
+ if(response == 'SUCCESS')
1531
+ {
1532
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1533
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1534
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1535
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1536
+ document.getElementById('mo2f-setup-settings-error-loading-area2').style.display = "none";
1537
+ jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1538
+
1539
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1540
+ var data= { 'action':'mo_two_factor_ajax',
1541
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_configure_OTPOverSMS_setup_wizard'
1542
+ };
1543
+ jQuery.post(ajax_url, data, function(response){
1544
+
1545
+ document.getElementById('mo2f_loader').style.display = "none";
1546
+ document.getElementById('mo2f_main_content').innerHTML = response;
1547
+ jQuery("#phone").intlTelInput();
1548
+
1549
+ jQuery('#mo2f_send_otp').click(function(e){
1550
+ document.getElementById('mo2f_loader').style.display = "block";
1551
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1552
+
1553
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1554
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1555
+
1556
+ var data = { 'action':'mo_two_factor_ajax',
1557
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1558
+ 'phone' : jQuery('#phone').val(),
1559
+ 'selected_2FA_method' : 'SMS'
1560
+ };
1561
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1562
+ jQuery.post(ajax_url, data, function(response){
1563
+ document.getElementById('mo2f_loader').style.display = "none";
1564
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1565
+
1566
+ if(response == 'SUCCESS')
1567
+ {
1568
+ $message = 'An OTP has been sent to the below phone number. Please enter the OTP to set the 2FA';
1569
+ document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1570
+ document.getElementById('mo2f_success_block_configuration').style.display = "block";
1571
+
1572
+ }
1573
+ else
1574
+ {
1575
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1576
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1577
+
1578
+ }
1579
+ });
1580
+
1581
+ });
1582
+
1583
+ });
1584
+ }
1585
+ else
1586
+ {
1587
+ document.getElementById('mo2f_loader').style.display = "none";
1588
+ document.getElementById('mo2f_Error_message').innerHTML = response;
1589
+ document.getElementById('mo2f_Error_block').style.display = "block";
1590
+ }
1591
+
1592
+ });
1593
+
1594
+ });
1595
+
1596
+ jQuery("#mo2f_next_step1").click(function(e){
1597
+ var ele = document.getElementsByName('mo2f_selected_2factor_method');
1598
+ var selected_2FA_method = '';
1599
+ for(i = 0; i < ele.length; i++) {
1600
+ if(ele[i].checked)
1601
+ selected_2FA_method = ele[i].value;
1602
+ }
1603
+ var configMessage = 'Configure '+selected_2FA_method;
1604
+ jQuery("#mo2f_setup_method_title").text(configMessage);
1605
+
1606
+ if(selected_2FA_method == '')
1607
+ {
1608
+ return '';
1609
+ }
1610
+
1611
+ document.getElementById('mo2f-setup-settings-error-loading-area1').style.display = "none";
1612
+ var lineElement = document.getElementById("mo2f-setup-wizard-line1");
1613
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1614
+ var stepElement = document.getElementById("mo2f-setup-wizard-step2");
1615
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1616
+
1617
+ if(selected_2FA_method !="OTP Over SMS" && selected_2FA_method != '')
1618
+ {
1619
+ var lineElement = document.getElementById("mo2f-setup-wizard-line2");
1620
+ lineElement.className += " mo2f-setup-wizard-timeline-line-active";
1621
+ var stepElement = document.getElementById("mo2f-setup-wizard-step3");
1622
+ stepElement.className += " mo2f-setup-wizard-timeline-step-active";
1623
+ jQuery('#mo2f-setup-settings-error-loading-area3').css('display','block');
1624
+
1625
+ document.getElementById('mo2f_loader').style.display = "block";
1626
+
1627
+ var mo2f_setup_call = "";
1628
+ if(selected_2FA_method == "Google Authenticator")
1629
+ {
1630
+ mo2f_setup_call = "mo_2fa_configure_GA_setup_wizard";
1631
+ }
1632
+ else if(selected_2FA_method =="OTP Over Email")
1633
+ {
1634
+ mo2f_setup_call ="mo_2fa_configure_OTPOverEmail_setup_wizard";
1635
+ }
1636
+ else if (selected_2FA_method == "Security Questions")
1637
+ {
1638
+ mo2f_setup_call = "mo_2fa_configure_KBA_setup_wizard";
1639
+ }
1640
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1641
+ var data= { 'action' : 'mo_two_factor_ajax',
1642
+ 'mo_2f_two_factor_ajax' : mo2f_setup_call
1643
+ };
1644
+ jQuery.post(ajax_url, data, function(response){
1645
+ document.getElementById('mo2f_loader').style.display = "none";
1646
+ document.getElementById('mo2f_main_content').innerHTML = response;
1647
+
1648
+ if(selected_2FA_method == 'Google Authenticator')
1649
+ {
1650
+ jQuery('.mo2f_gauth').qrcode({
1651
+ 'render': 'image',
1652
+ size: 175,
1653
+ 'text': jQuery('.mo2f_gauth').data('qrcode')
1654
+ });
1655
+ jQuery('a[href="#mo2f_scanbarcode_a"]').click(function(e){
1656
+ var element = document.getElementById('mo2f_scanbarcode_a');
1657
+ if(element.style.display === 'none')
1658
+ element.style.display = 'block';
1659
+
1660
+ else
1661
+ element.style.display = "none";
1662
+ });
1663
+
1664
+ }
1665
+ else if(selected_2FA_method =='OTP Over Email')
1666
+ {
1667
+ jQuery('#mo2f_send_otp').click(function(e){
1668
+ document.getElementById('mo2f_loader').style.display = "block";
1669
+ document.getElementById('mo2f-setup-wizard-settings-area').className = ' overlay';
1670
+
1671
+ document.getElementById('mo2f_success_block_configuration').style.display = "none";
1672
+ document.getElementById('mo2f_Error_block_configuration').style.display = "none";
1673
+
1674
+ var data = { 'action':'mo_two_factor_ajax',
1675
+ 'mo_2f_two_factor_ajax' : 'mo_2fa_send_otp_token',
1676
+ 'phone' : jQuery('#phone').val(),
1677
+ 'mo2f_session_id' : jQuery('#mo2f_session_id').val(),
1678
+ 'selected_2FA_method' : 'OTP Over Email'
1679
+ };
1680
+ var ajax_url = "<?php echo admin_url('admin-ajax.php'); ?>";
1681
+ jQuery.post(ajax_url, data, function(response){
1682
+ document.getElementById('mo2f_loader').style.display = "none";
1683
+ document.getElementById('mo2f-setup-wizard-settings-area').classList.remove('overlay');
1684
+
1685
+ if(response == 'SUCCESS')
1686
+ {
1687
+ $message = 'An OTP has been sent to the below email please enter the OTP to set the 2FA';
1688
+ document.getElementById('mo2f_configure_success_message').innerHTML = $message;
1689
+ document.getElementById('mo2f_success_block_configuration').style.display = "block";
1690
+
1691
+ }
1692
+ else
1693
+ {
1694
+ document.getElementById('mo2f_configure_Error_message').innerHTML = response;
1695
+ document.getElementById('mo2f_Error_block_configuration').style.display = "block";
1696
+
1697
+ }
1698
+ });
1699
+
1700
+ });
1701
+ }
1702
+ else if (selected_2FA_method =='Security Questions')
1703
+ {
1704
+
1705
+ var mo_option_to_hide1;
1706
+ //hidden element in dropdown list 2
1707
+ var mo_option_to_hide2;
1708
+
1709
+ jQuery('#mo2f_kbaquestion_1').change(function(){
1710
+ list = 1;
1711
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1712
+ //if an element is currently hidden, unhide it
1713
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1714
+ mo_option_to_hide1.style.display = 'block';
1715
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1716
+ mo_option_to_hide2.style.display = 'block';
1717
+ }
1718
+ //select the element to hide and then hide it
1719
+ if (list == 1) {
1720
+ if (list_selected != 0) {
1721
+ mo_option_to_hide2 = document.getElementById("mq" + list_selected + "_2");
1722
+ mo_option_to_hide2.style.display = 'none';
1723
+ }
1724
+ }
1725
+ });
1726
+ jQuery('#mo2f_kbaquestion_2').change(function(){
1727
+ list = 2;
1728
+ var list_selected = document.getElementById("mo2f_kbaquestion_" + list).selectedIndex;
1729
+ //if an element is currently hidden, unhide it
1730
+ if (typeof (mo_option_to_hide1) != "undefined" && mo_option_to_hide1 !== null && list == 2) {
1731
+ mo_option_to_hide1.style.display = 'block';
1732
+ } else if (typeof (mo_option_to_hide2) != "undefined" && mo_option_to_hide2 !== null && list == 1) {
1733
+ mo_option_to_hide2.style.display = 'block';
1734
+ }
1735
+ //select the element to hide and then hide it
1736
+ if (list == 2) {
1737
+ if (list_selected != 0) {
1738
+ mo_option_to_hide1 = document.getElementById("mq" + list_selected + "_1");
1739
+ mo_option_to_hide1.style.display = 'none';
1740
+ }
1741
+ }
1742
+ });
1743
+
1744
+ }
1745
+ });
1746
+
1747
+
1748
+ }
1749
+ else if(selected_2FA_method == 'OTP Over SMS')
1750
+ {
1751
+ jQuery('#mo2f-setup-settings-error-loading-area2').css('display','block');
1752
+ }
1753
+
1754
+
1755
+ });
1756
+ jQuery('input:radio[name=mo2f_selected_2factor_method]').click(function() {
1757
+
1758
+
1759
+ localStorage.setItem("last_tab", 'setup_2fa');
1760
+ var selectedMethod = jQuery(this).val();
1761
+ var ajax_url = "<?php echo esc_url(admin_url('admin-ajax.php')); ?>";
1762
+ var nonce = "<?php echo esc_html(wp_create_nonce( 'miniorange-select-method-setup-wizard' )); ?>";
1763
+
1764
+ if(selectedMethod == 'Duo Authenticator' || selectedMethod =='OTP Over Telegram')
1765
+ {
1766
+ var data= { 'action':'mo_two_factor_ajax',
1767
+ 'mo_2f_two_factor_ajax' : 'select_method_setup_wizard',
1768
+ 'mo2f_method': selectedMethod,
1769
+ 'nonce': nonce };
1770
+
1771
+ jQuery.post(ajax_url, data, function(response){
1772
+ window.location.href = '<?php echo esc_url(admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1773
+ });
1774
+ }
1775
+
1776
+ });
1777
+
1778
+ jQuery('a[href="#skiptwofactor"]').click(function(e){
1779
+ localStorage.setItem("last_tab", 'setup_2fa');
1780
+ window.location.href = '<?php echo esc_url(admin_url()."admin.php?page=mo_2fa_two_fa"); ?>';
1781
+ });
1782
+
1783
+
1784
+ </script>
1785
+ <?php
1786
+ }
1787
+
1788
+ /**
1789
+ * Attempt to catch the js error preventing the Vue app from loading and displaying that message for better support.
1790
+ *
1791
+ * @since 2.6.0
1792
+ */
1793
+ private function settings_inline_js() {
1794
+ ?>
1795
+ <script type="text/javascript">
1796
+ window.onerror = function myErrorHandler( errorMsg, url, lineNumber ) {
1797
+ /* Don't try to put error in container that no longer exists post-vue loading */
1798
+ var message_container = document.getElementById( 'mo2f-setup-nojs-error-message' );
1799
+ if ( ! message_container ) {
1800
+ return false;
1801
+ }
1802
+ var message = document.getElementById( 'mo2f-setup-alert-message' );
1803
+ message.innerHTML = errorMsg;
1804
+ message_container.style.display = 'block';
1805
+ return false;
1806
+ }
1807
+ </script>
1808
+ <?php
1809
+ }
1810
+
1811
+
1812
+ public function setup_wizard_content() {
1813
+ $admin_url = is_network_admin() ? network_admin_url() : admin_url();
1814
+
1815
+ $this->settings_error_page( 'mo2f-setup-vue-setup-wizard', '<a href="' . esc_url($admin_url).'admin.php?page=mo_2fa_two_fa">' . esc_html__( 'Go back to the Dashboard', 'mo2f-setup' ) . '</a>' );
1816
+ $this->settings_inline_js();
1817
+ }
1818
+
1819
+ /**
1820
+ * Outputs the simplified footer used for the Setup Wizard.
1821
+ *
1822
+ * @since 2.6.0
1823
+ */
1824
+ public function setup_wizard_footer() {
1825
+ ?>
1826
+ <?php wp_print_scripts( 'mo2f-setup-vue-script' ); ?>
1827
+ </body>
1828
+ </html>
1829
+ <?php
1830
+ }
1831
+
1832
+
1833
+ function miniorange_auth_save_settings() {
1834
+ if (get_site_option('mo2f_plugin_redirect')) {
1835
+ delete_site_option('mo2f_plugin_redirect');
1836
+
1837
+ do_action( 'mo2f_admin_setup_wizard_load_setup_wizard_before', $this );
1838
+ wp_enqueue_script('jquery');
1839
+ wp_enqueue_script('wp-mo2f-setup-wizard',plugins_url( 'includes/js/setup-wizard-2fa.js', dirname(dirname(__FILE__))));
1840
+
1841
+ wp_localize_script(
1842
+ 'wp-mo2f-setup-wizard',
1843
+ 'mo2f_setup_wizard',[
1844
+ 'ajax_url' => admin_url( 'admin-ajax.php' ),
1845
+ 'plugin_url' => get_site_option('siteurl'),
1846
+ 'nonce' => wp_create_nonce( 'mo2f-setup-wizard-nonce' )]
1847
+ );
1848
+ $this->setup_wizard_header();
1849
+ $this->setup_wizard_content();
1850
+ $this->setup_wizard_footer();
1851
+ exit;
1852
+ }
1853
+ if ( array_key_exists( 'page', $_REQUEST ) && sanitize_text_field($_REQUEST['page']) == 'mo_2fa_two_fa' ) {
1854
+ if ( ! session_id() || session_id() == '' || ! isset( $_SESSION ) ) {
1855
+ if(session_status() != PHP_SESSION_DISABLED )
1856
+ session_start();
1857
+ }
1858
+ }
1859
+
1860
+ global $user;
1861
+ global $Mo2fdbQueries;
1862
+ $defaultCustomerKey = $this->defaultCustomerKey;
1863
+ $defaultApiKey = $this->defaultApiKey;
1864
+
1865
+ $user = wp_get_current_user();
1866
+ $user_id = $user->ID;
1867
+
1868
+ if ( current_user_can( 'manage_options' ) ) {
1869
+
1870
+ if(strlen(get_option('mo2f_encryption_key'))>17){
1871
+ $get_encryption_key = MO2f_Utility::random_str(16);
1872
+ update_option('mo2f_encryption_key',$get_encryption_key);
1873
+ }
1874
+
1875
+ if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_deactivate_account" ) {
1876
+ $nonce = sanitize_text_field($_POST['mo_auth_deactivate_account_nonce']);
1877
+ if ( ! wp_verify_nonce( $nonce, 'mo-auth-deactivate-account-nonce' ) ) {
1878
+ $error = new WP_Error();
1879
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1880
+
1881
+ return $error;
1882
+ } else {
1883
+ $url = admin_url( 'plugins.php' );
1884
+ wp_redirect( $url );
1885
+ }
1886
+ }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_remove_account" ) {
1887
+ $nonce = sanitize_text_field($_POST['mo_auth_remove_account_nonce']);
1888
+ if ( ! wp_verify_nonce( $nonce, 'mo-auth-remove-account-nonce' ) ) {
1889
+ $error = new WP_Error();
1890
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1891
+ return $error;
1892
+ } else {
1893
+ update_option( 'mo2f_register_with_another_email', 1 );
1894
+ $this->mo_auth_deactivate();
1895
+ }
1896
+ }else if(isset($_POST['option']) and sanitize_text_field($_POST['option']) == 'mo2f_skiplogin'){
1897
+ $nonce = sanitize_text_field($_POST['mo2f_skiplogin_nonce']);
1898
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-skiplogin-failed-nonce' ) ) {
1899
+ $error = new WP_Error();
1900
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1901
+ return $error;
1902
+ } else {
1903
+ update_option('mo2f_tour_started',2);
1904
+ }
1905
+ }else if(isset($_POST['option']) and sanitize_text_field($_POST['option']) == 'mo2f_userlogout'){
1906
+ $nonce = sanitize_text_field($_POST['mo2f_userlogout_nonce']);
1907
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-2-factor-userlogout-failed-nonce' ) ) {
1908
+ $error = new WP_Error();
1909
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1910
+ return $error;
1911
+ } else {
1912
+ update_option('mo2f_tour_started',2);
1913
+ wp_logout();
1914
+ wp_redirect(admin_url());
1915
+ }
1916
+ }else if(isset($_POST['option']) and sanitize_text_field($_POST['option']) == 'restart_plugin_tour'){
1917
+ $nonce = sanitize_text_field($_POST['_wpnonce']);
1918
+ if ( ! wp_verify_nonce( $nonce, 'restart_plugin_tour' ) ) {
1919
+ $error = new WP_Error();
1920
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1921
+ return $error;
1922
+ } else {
1923
+ $page = isset($_POST['page'])? sanitize_text_field($_POST['page']) : '';
1924
+ $page = sanitize_text_field($page);
1925
+ update_option('mo2f_two_factor_tour',0);
1926
+ update_option('mo2f_tour_firewall',0);
1927
+ update_option('mo2f_tour_loginSpam',0);
1928
+ update_option('mo2f_tour_backup',0);
1929
+ update_option('mo2f_tour_malware_scan',0);
1930
+ update_option('mo2f_tour_advance_blocking',0);
1931
+ switch (sanitize_text_field($_REQUEST['page'])) {
1932
+ case 'mo_2fa_two_fa':
1933
+ update_option('mo2f_two_factor_tour',1);
1934
+ break;
1935
+ case 'mo_2fa_waf':
1936
+ update_option('mo2f_tour_firewall',1);
1937
+ break;
1938
+ case 'mo_2fa_login_and_spam':
1939
+ update_option('mo2f_tour_loginSpam',1);
1940
+ break;
1941
+ case 'mo_2fa_backup':
1942
+ update_option('mo2f_tour_backup',1);
1943
+ break;
1944
+ case 'mo_2fa_malwarescan':
1945
+ update_option('mo2f_tour_malware_scan',1);
1946
+ break;
1947
+ case 'mo_2fa_advancedblocking':
1948
+ update_option('mo2f_tour_advance_blocking',1);
1949
+ break;
1950
+ }
1951
+ if($page != '')
1952
+ {
1953
+ $url = get_option('siteurl').'/wp-admin/admin.php?page='.$page;
1954
+ wp_redirect($url);
1955
+ exit;
1956
+ }
1957
+ $redirect=explode('&',htmlentities($_SERVER['REQUEST_URI']))[0];
1958
+ header("Location: ".$redirect);
1959
+ return;
1960
+ }
1961
+ }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo2f_save_proxy_settings" ) {
1962
+ $nonce = sanitize_text_field($_POST['mo2f_save_proxy_settings_nonce']);
1963
+ if ( ! wp_verify_nonce( $nonce, 'mo2f-save-proxy-settings-nonce' ) ) {
1964
+ $error = new WP_Error();
1965
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1966
+ return $error;
1967
+ } else {
1968
+ $proxyHost = sanitize_text_field($_POST['proxyHost']);
1969
+ $portNumber = sanitize_text_field($_POST['portNumber']);
1970
+ $proxyUsername = sanitize_text_field($_POST['proxyUsername']);
1971
+ $proxyPassword = sanitize_text_field($_POST['proxyPass']);
1972
+
1973
+ update_option( 'mo2f_proxy_host', $proxyHost );
1974
+ update_option( 'mo2f_port_number', $portNumber );
1975
+ update_option( 'mo2f_proxy_username', $proxyUsername );
1976
+ update_option( 'mo2f_proxy_password', $proxyPassword );
1977
+ update_option( 'mo2f_message', 'Proxy settings saved successfully.' );
1978
+ $this->mo_auth_show_success_message();
1979
+ }
1980
+
1981
+ }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_register_customer" ) { //register the admin to miniOrange
1982
+ //miniorange_register_customer_nonce
1983
+ $nonce = sanitize_text_field($_POST['miniorange_register_customer_nonce']);
1984
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-register-customer-nonce' ) ) {
1985
+ $error = new WP_Error();
1986
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
1987
+
1988
+ return $error;
1989
+ } else {
1990
+ //validate and sanitize
1991
+ $email = '';
1992
+ $password = '';
1993
+ $confirmPassword = '';
1994
+ $is_registration = get_user_meta( $user->ID, 'mo2f_email_otp_count', true );
1995
+
1996
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['confirmPassword'] ) ) {
1997
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
1998
+
1999
+ return;
2000
+ } else if ( strlen( $_POST['password'] ) < 6 || strlen( $_POST['confirmPassword'] ) < 6 ) {
2001
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "MIN_PASS_LENGTH" ) );
2002
+
2003
+ } else {
2004
+ $email = sanitize_email( $_POST['email'] );
2005
+ $password = sanitize_text_field( $_POST['password'] );
2006
+ $confirmPassword = sanitize_text_field( $_POST['confirmPassword'] );
2007
+
2008
+ $email = strtolower( $email );
2009
+
2010
+ $pattern = '/^[(\w)*(\!\@\#\$\%\^\&\*\.\-\_)*]+$/';
2011
+
2012
+ if(preg_match($pattern,$password)){
2013
+ if ( strcmp( $password, $confirmPassword ) == 0 ) {
2014
+ update_option( 'mo2f_email', $email );
2015
+
2016
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2017
+ update_option( 'mo2f_password', stripslashes( $password ) );
2018
+ $customer = new Customer_Setup();
2019
+ $customerKey = json_decode( $customer->check_customer(), true );
2020
+
2021
+ if ( strcasecmp( $customerKey['status'], 'CUSTOMER_NOT_FOUND' ) == 0 ) {
2022
+ if ( $customerKey['status'] == 'ERROR' ) {
2023
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( $customerKey['message'] ) );
2024
+ } else {
2025
+ $this->mo2f_create_customer( $user );
2026
+ delete_user_meta( $user->ID, 'mo_2fa_verify_otp_create_account' );
2027
+ delete_user_meta( $user->ID, 'register_account_popup' );
2028
+ if(get_user_meta( $user->ID, 'mo2f_2FA_method_to_configure'))
2029
+ update_user_meta( $user->ID, 'configure_2FA', 1 );
2030
+
2031
+ }
2032
+ } else { //customer already exists, redirect him to login page
2033
+
2034
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "ACCOUNT_ALREADY_EXISTS" ) );
2035
+ update_option('mo_2factor_user_registration_status','MO_2_FACTOR_VERIFY_CUSTOMER');
2036
+
2037
+ }
2038
+
2039
+ } else {
2040
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "PASSWORDS_MISMATCH" ) );
2041
+ $this->mo_auth_show_error_message();
2042
+ }
2043
+ }
2044
+ else{
2045
+ update_option( 'mo2f_message', "Password length between 6 - 15 characters. Only following symbols (!@#.$%^&*-_) should be present." );
2046
+ $this->mo_auth_show_error_message();
2047
+ }
2048
+ }
2049
+ }
2050
+ }else if ( isset( $_POST['option'] ) and sanitize_text_field($_POST['option']) == "mo_auth_verify_customer" ) { //register the admin to miniOrange if already exist
2051
+
2052
+ $nonce = sanitize_text_field($_POST['miniorange_verify_customer_nonce']);
2053
+
2054
+ if ( ! wp_verify_nonce( $nonce, 'miniorange-verify-customer-nonce' ) ) {
2055
+ $error = new WP_Error();
2056
+ $error->add( 'empty_username', '<strong>' . mo2f_lt( 'ERROR' ) . '</strong>: ' . mo2f_lt( 'Invalid Request.' ) );
2057
+
2058
+ return $error;
2059
+ } else {
2060
+
2061
+ //validation and sanitization
2062
+ $email = '';
2063
+ $password = '';
2064
+ $Mo2fdbQueries->insert_user( $user_id, array( 'user_id' => $user_id ) );
2065
+
2066
+
2067
+ if ( MO2f_Utility::mo2f_check_empty_or_null( $_POST['email'] ) || MO2f_Utility::mo2f_check_empty_or_null( $_POST['password'] ) ) {
2068
+ update_option( 'mo2f_message', Mo2fConstants:: langTranslate( "INVALID_ENTRY" ) );
2069
+ $this->mo_auth_show_error_message();
2070
+
2071
+ return;
2072
+ } else {
2073
+ $email = sanitize_email( $_POST['email'] );
2074
+ $password = sanitize_text_field( $_POST['password'] );
2075
+ }
2076
+
2077
+ update_option( 'mo2f_email', $email );
2078
+ update_option( 'mo2f_password', stripslashes( $password ) );
2079
+ $customer = new Customer_Setup();
2080
+ $content = $customer->get_customer_key();
2081
+ $customerKey = json_decode( $content, true );
2082
+
2083
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2084
+ if ( is_array( $customerKey ) && array_key_exists( "status", $customerKey ) && $customerKey['status'] == 'ERROR' ) {
2085
+ update_option( 'mo2f_message', Mo2fConstants::langTranslate( $customerKey['message'] ) );
2086
+ $this->mo_auth_show_error_message();
2087
+ } else if ( is_array( $customerKey ) ) {
2088
+ if ( isset( $customerKey['id'] ) && ! empty( $customerKey['id'] ) ) {
2089
+ update_option( 'mo2f_customerKey', $customerKey['id'] );
2090
+ update_option( 'mo2f_api_key', $customerKey['apiKey'] );
2091
+ update_option( 'mo2f_customer_token', $customerKey['token'] );
2092
+ update_option( 'mo2f_app_secret', $customerKey['appSecret'] );
2093
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo2f_user_phone' => $customerKey['phone'] ) );
2094
+ update_option( 'mo2f_miniorange_admin', $user->ID );
2095
+
2096
+ $mo2f_emailVerification_config_status = MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ? true : false;
2097
+
2098
+ delete_option( 'mo2f_password' );
2099
+ update_option( 'mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS' );
2100
+
2101
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
2102
+ 'mo2f_EmailVerification_config_status' => $mo2f_emailVerification_config_status,
2103
+ 'mo2f_user_email' => get_option( 'mo2f_email' ),
2104
+ 'user_registration_with_miniorange' => 'SUCCESS',
2105
+ 'mo_2factor_user_registration_status' => 'MO_2_FACTOR_PLUGIN_SETTINGS',
2106
+ 'mo2f_2factor_enable_2fa_byusers' => 1,
2107
+ ) );
2108
+ $mo_2factor_user_registration_status = 'MO_2_FACTOR_PLUGIN_SETTINGS';
2109
+ $Mo2fdbQueries->update_user_details( $user->ID, array( 'mo_2factor_user_registration_status' => $mo_2factor_user_registration_status ) );
2110
+ $configured_2FA_method = 'NONE';
2111
+ $user_email = $Mo2fdbQueries->get_user_detail( 'mo2f_user_email', $user->ID );
2112
+ $enduser = new Two_Factor_Setup();
2113
+ $userinfo = json_decode( $enduser->mo2f_get_userinfo( $user_email ), true );
2114
+
2115
+ $mo2f_second_factor = 'NONE';
2116
+ if ( json_last_error() == JSON_ERROR_NONE ) {
2117
+ if ( $userinfo['status'] == 'SUCCESS' ) {
2118
+ $mo2f_second_factor = mo2f_update_and_sync_user_two_factor( $user->ID, $userinfo );
2119
+
2120
+ }
2121
+ }
2122
+ if ( $mo2f_second_factor != 'NONE' ) {
2123
+ $configured_2FA_method = MO2f_Utility::mo2f_decode_2_factor( $mo2f_second_factor, "servertowpdb" );
2124
+
2125
+ if ( MoWpnsUtility::get_mo2f_db_option('mo2f_is_NC', 'get_option') == 0 ) {
2126
+
2127
+ $auth_method_abr = str_replace( ' ', '', $configured_2FA_method );
2128
+ $Mo2fdbQueries->update_user_details( $user->ID, array(
2129
+ 'mo2f_configured_2FA_method' => $configured_2FA_method,
2130
+ 'mo2f