function miniorange_auth_save_settings()
{
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
global $current_user;
get_currentuserinfo();
if (current_user_can('manage_options')) {
if (isset($_POST['option']) and $_POST['option'] == "mo_auth_register_customer") {
//register the admin to miniOrange
//validate and sanitize
$email = '';
$phone = '';
$password = '';
$confirmPassword = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['email']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['password']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['confirmPassword'])) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
} else {
if (strlen($_POST['password']) < 6 || strlen($_POST['confirmPassword']) < 6) {
update_option('mo2f_message', 'Choose a password with minimum length 8.');
$this->mo_auth_show_error_message();
return;
} else {
$email = sanitize_email($_POST['email']);
$phone = sanitize_text_field($_POST['phone']);
$password = sanitize_text_field($_POST['password']);
$confirmPassword = sanitize_text_field($_POST['confirmPassword']);
}
}
$email = strtolower($email);
update_option('mo2f_email', $email);
update_user_meta($current_user->ID, 'mo2f_user_phone', $phone);
if (strcmp($password, $confirmPassword) == 0) {
update_option('mo2f_password', $password);
$customer = new Customer_Setup();
$customerKey = json_decode($customer->check_customer(), true);
if ($customerKey['status'] == 'ERROR') {
update_option('mo2f_message', $customerKey['message']);
$this->mo_auth_show_error_message();
} else {
if (strcasecmp($customerKey['status'], 'CUSTOMER_NOT_FOUND') == 0) {
//customer not found then send OTP to verify email
$content = json_decode($customer->send_otp_token(get_option('mo2f_email'), 'EMAIL', $this->defaultCustomerKey, $this->defaultApiKey), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
update_option('mo2f_message', 'An OTP has been sent to <b>' . get_option('mo2f_email') . '</b>. Please enter the OTP below to verify your email. ');
update_user_meta($current_user->ID, 'mo2f_email_otp_count', 1);
update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $content['txId']);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'There was an error in sending OTP over email. Please click on Resend OTP to try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$this->mo_auth_show_error_message();
}
} else {
//customer already exists,retrieve its keys
$content = $customer->get_customer_key();
$customerKey = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
/*Admin enter right credentials,if already exist */
if (array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR') {
update_option('mo2f_message', $customerKey['message']);
$this->mo_auth_show_error_message();
} else {
update_option('mo2f_customerKey', $customerKey['id']);
update_option('mo2f_api_key', $customerKey['apiKey']);
update_option('mo2f_customer_token', $customerKey['token']);
update_option('mo2f_app_secret', $customerKey['appSecret']);
update_option('mo2f_miniorange_admin', $current_user->ID);
delete_option('mo2f_password');
update_option('mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', get_option('mo2f_email'));
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$enduser = new Two_Factor_Setup();
$enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, 'API_2FA', true);
update_user_meta($current_user->ID, 'mo2f_email_verification_status', true);
update_option('mo2f_message', 'Your account has been retrieved successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure another 2nd factor authentication method.');
$this->mo_auth_show_success_message();
}
} else {
/*Admin account exist but enter wrong credentials*/
update_option('mo2f_message', 'You already have an account with miniOrange. Please enter a valid password.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_VERIFY_CUSTOMER');
$this->mo_auth_show_success_message();
}
}
}
} else {
update_option('mo2f_message', 'Password and Confirm password do not match.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) and $_POST['option'] == "mo2f_goto_verifycustomer") {
update_option('mo2f_message', 'Please enter your registered email and password.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_VERIFY_CUSTOMER');
$this->mo_auth_show_success_message();
}
if (isset($_POST['option']) and $_POST['option'] == "mo_auth_verify_customer") {
//register the admin to miniOrange if already exist
//validation and sanitization
$email = '';
$password = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['email']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['password'])) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
} else {
$email = sanitize_email($_POST['email']);
$password = sanitize_text_field($_POST['password']);
}
update_option('mo2f_email', $email);
update_option('mo2f_password', $password);
$customer = new Customer_Setup();
$content = $customer->get_customer_key();
$customerKey = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
if (array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR') {
update_option('mo2f_message', $customerKey['message']);
$this->mo_auth_show_error_message();
} else {
update_option('mo2f_customerKey', $customerKey['id']);
update_option('mo2f_api_key', $customerKey['apiKey']);
update_option('mo2f_customer_token', $customerKey['token']);
update_option('mo2f_app_secret', $customerKey['appSecret']);
update_user_meta($current_user->ID, 'mo2f_phone', $customerKey['phone']);
update_option('mo2f_miniorange_admin', $current_user->ID);
delete_option('mo2f_password');
update_option('mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', get_option('mo2f_email'));
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$enduser = new Two_Factor_Setup();
$enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, 'API_2FA', true);
update_user_meta($current_user->ID, 'mo2f_email_verification_status', true);
update_option('mo2f_message', 'Your account has been retrieved successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure another 2nd factor authentication method.');
$this->mo_auth_show_success_message();
}
} else {
update_option('mo2f_message', 'Invalid email or password. Please try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_VERIFY_CUSTOMER');
$this->mo_auth_show_error_message();
}
delete_option('mo2f_password');
}
if (isset($_POST['option']) and $_POST['option'] == 'mo_2factor_phone_verification') {
//at registration time
$phone = sanitize_text_field($_POST['phone_number']);
$phone = str_replace(' ', '', $phone);
$auth_type = 'OTP_OVER_SMS';
$customer = new Customer_Setup();
$send_otp_response = json_decode($customer->send_otp_token($phone, $auth_type, $this->defaultCustomerKey, $this->defaultApiKey), true);
if (strcasecmp($send_otp_response['status'], 'SUCCESS') == 0) {
//Save txId
update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $send_otp_response['txId']);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
if (get_user_meta($current_user->ID, 'mo2f_sms_otp_count', true)) {
update_user_meta($current_user->ID, 'mo2f_sms_otp_count', get_user_meta($current_user->ID, 'mo2f_sms_otp_count', true) + 1);
update_option('mo2f_message', 'Another One Time Passcode has been sent <b>( ' . get_user_meta($current_user->ID, 'mo2f_sms_otp_count', true) . ' )</b> for verification to ' . $phone);
} else {
update_option('mo2f_message', 'One Time Passcode has been sent for verification to ' . $phone);
update_user_meta($current_user->ID, 'mo2f_sms_otp_count', 1);
}
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'There was an error in sending sms. Please click on Resend OTP to try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_otp") {
//resend OTP over email for admin
$customer = new Customer_Setup();
$content = json_decode($customer->send_otp_token(get_option('mo2f_email'), 'EMAIL', $this->defaultCustomerKey, $this->defaultApiKey), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
if (get_user_meta($current_user->ID, 'mo2f_email_otp_count', true)) {
update_user_meta($current_user->ID, 'mo2f_email_otp_count', get_user_meta($current_user->ID, 'mo2f_email_otp_count', true) + 1);
update_option('mo2f_message', 'Another OTP has been sent <b>( ' . get_user_meta($current_user->ID, 'mo2f_email_otp_count', true) . ' )</b> to <b>' . get_option('mo2f_email') . '</b>. Please enter the OTP below to verify your email. ');
} else {
update_option('mo2f_message', 'An OTP has been sent to <b>' . get_option('mo2f_email') . '</b>. Please enter the OTP below to verify your email. ');
update_user_meta($current_user->ID, 'mo2f_email_otp_count', 1);
}
update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $content['txId']);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'There was an error in sending email. Please click on Resend OTP to try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_otp") {
//validate OTP over email for admin
//validation and sanitization
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
$customer = new Customer_Setup();
$transactionId = get_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', true);
$content = json_decode($customer->validate_otp_token('EMAIL', null, $transactionId, $otp_token, $this->defaultCustomerKey, $this->defaultApiKey), true);
if ($content['status'] == 'ERROR') {
update_option('mo2f_message', $content['message']);
delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account');
$this->mo_auth_show_error_message();
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//OTP validated and generate QRCode
$this->mo2f_create_customer($current_user);
delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account');
} else {
// OTP Validation failed.
update_option('mo2f_message', 'Invalid OTP. Please try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_user_otp") {
//validate OTP over email for additional admin
//validation and sanitization
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
if (!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID, 'mo_2factor_user_email', true))) {
$customer = new Customer_Setup();
$content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if ($content['status'] == 'ERROR') {
update_option('mo2f_message', $content['message']);
$this->mo_auth_show_error_message();
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//OTP validated and generate QRCode
$this->mo2f_create_user($current_user, get_user_meta($current_user->ID, 'mo_2factor_user_email', true));
} else {
// OTP Validation failed.
update_option('mo2f_message', 'Invalid OTP. Please try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'The email is already used by other user. Please register with other email by clicking on Back button.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_send_query") {
//Help me or support
$query = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['query_email']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['query'])) {
update_option('mo2f_message', 'Please submit your query with email.');
$this->mo_auth_show_error_message();
return;
} else {
$query = sanitize_text_field($_POST['query']);
$email = sanitize_text_field($_POST['query_email']);
$phone = sanitize_text_field($_POST['query_phone']);
$contact_us = new Customer_Setup();
$submited = json_decode($contact_us->submit_contact_us($email, $phone, $query), true);
if (json_last_error() == JSON_ERROR_NONE) {
if (array_key_exists('status', $submited) && $submited['status'] == 'ERROR') {
update_option('mo2f_message', $submited['message']);
$this->mo_auth_show_error_message();
} else {
if ($submited == false) {
update_option('mo2f_message', 'Your query could not be submitted. Please try again.');
$this->mo_auth_show_error_message();
} else {
update_option('mo2f_message', 'Thanks for getting in touch! We shall get back to you shortly.');
$this->mo_auth_show_success_message();
}
}
}
}
}
if (isset($_POST['option']) and $_POST['option'] == 'mo_auth_advanced_options_save') {
update_option('mo2f_enable_2fa_for_woocommerce', isset($_POST['mo2f_enable_2fa_for_woocommerce']) ? $_POST['mo2f_enable_2fa_for_woocommerce'] : 0);
//plugin customization
update_option('mo2f_disable_poweredby', isset($_POST['mo2f_disable_poweredby']) ? $_POST['mo2f_disable_poweredby'] : 0);
update_option('mo2f_enable_custom_poweredby', isset($_POST['mo2f_enable_custom_poweredby']) ? $_POST['mo2f_enable_custom_poweredby'] : 0);
if (get_option('mo2f_disable_poweredby') == 1) {
update_option('mo2f_enable_custom_poweredby', 0);
}
update_option('mo2f_enable_custom_icon', isset($_POST['mo2f_enable_custom_icon']) ? $_POST['mo2f_enable_custom_icon'] : 0);
update_option('mo2f_custom_plugin_name', isset($_POST['mo2f_custom_plugin_name']) ? $_POST['mo2f_custom_plugin_name'] : 'miniOrange 2-Factor');
update_option('mo2f_message', 'Your login settings are saved successfully.');
$this->mo_auth_show_success_message();
}
if (isset($_POST['option']) and $_POST['option'] == 'mo_auth_login_settings_save') {
if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') {
update_option('mo2f_login_policy', isset($_POST['mo2f_login_policy']) ? $_POST['mo2f_login_policy'] : 0);
update_option('mo2f_enable_forgotphone', isset($_POST['mo2f_forgotphone']) ? $_POST['mo2f_forgotphone'] : 0);
update_option('mo2f_show_loginwith_phone', isset($_POST['mo2f_loginwith_phone']) ? $_POST['mo2f_loginwith_phone'] : 0);
update_option('mo2f_activate_plugin', isset($_POST['mo2f_activate_plugin']) ? $_POST['mo2f_activate_plugin'] : 0);
update_option('mo2f_deviceid_enabled', isset($_POST['mo2f_deviceid_enabled']) ? $_POST['mo2f_deviceid_enabled'] : 0);
update_option('mo2f_inline_registration', isset($_POST['mo2f_inline_registration']) ? $_POST['mo2f_inline_registration'] : 0);
global $wp_roles;
if (!isset($wp_roles)) {
$wp_roles = new WP_Roles();
}
foreach ($wp_roles->role_names as $id => $name) {
update_option('mo2fa_' . $id, isset($_POST['mo2fa_' . $id]) ? $_POST['mo2fa_' . $id] : 0);
}
$authMethods = array();
$authMethod = $_POST['mo2f_authmethods'];
foreach ($authMethod as $arrayvalue) {
$authMethods[$arrayvalue] = $arrayvalue;
}
update_option('mo2f_auth_methods_for_users', $authMethods);
if (get_option('mo2f_activate_plugin')) {
$logouturl = wp_login_url() . '?action=logout';
update_option('mo2f_message', 'Your login settings are saved successfully. Now <a href=\\"' . $logouturl . '\\"><b>Click Here</b></a> to logout and try login with 2-Factor.');
update_option('mo2f_msg_counter', 2);
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'Two-Factor plugin has been disabled.');
update_option('mo2f_msg_counter', 2);
$this->mo_auth_show_error_message();
}
if (get_option('mo2f_deviceid_enabled') && !get_option('mo2f_app_secret')) {
$get_app_secret = new Miniorange_Rba_Attributes();
$rba_response = json_decode($get_app_secret->mo2f_get_app_secret(), true);
//fetch app secret
if (json_last_error() == JSON_ERROR_NONE) {
if ($rba_response['status'] == 'SUCCESS') {
update_option('mo2f_app_secret', $rba_response['appSecret']);
} else {
update_option('mo2f_deviceid_enabled', 0);
update_option('mo2f_message', 'Error occurred while saving the settings.Please try again.');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_deviceid_enabled', 0);
update_option('mo2f_message', 'Error occurred while saving the settings.Please try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Invalid request. Please register with miniOrange and configure 2-Factor to save your login settings.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) and $_POST['option'] == 'mo_2factor_gobackto_registration_page') {
//back to registration page for admin
delete_option('mo2f_email');
delete_option('mo2f_password');
delete_option('mo2f_customerKey');
delete_option('mo2f_app_secret');
unset($_SESSION['mo2f_transactionId']);
delete_user_meta($current_user->ID, 'mo_2factor_map_id_with_email');
delete_user_meta($current_user->ID, 'mo_2factor_user_registration_status');
delete_user_meta($current_user->ID, 'mo2f_sms_otp_count');
delete_user_meta($current_user->ID, 'mo2f_email_otp_count');
}
if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_forgot_password') {
// if admin forgot password
if (isset($_POST['email'])) {
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['email'])) {
update_option('mo2f_message', 'Please enter your registered email below to reset your password.');
$this->mo_auth_show_error_message();
return;
} else {
$email = sanitize_email($_POST['email']);
}
}
$customer = new Customer_Setup();
$content = json_decode($customer->forgot_password($email), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
update_option('mo2f_message', 'You password has been reset successfully. Please enter the new password sent to your registered mail here.');
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'Your password could not be reset. Please enter your correct email in the textbox below and then click on the link.');
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_user_otp") {
//resend OTP over email for additional admin and non-admin user
$customer = new Customer_Setup();
$content = json_decode($customer->send_otp_token(get_user_meta($current_user->ID, 'mo_2factor_user_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
update_option('mo2f_message', 'An OTP has been sent to <b>' . get_user_meta($current_user->ID, 'mo_2factor_user_email', true) . '</b>. Please enter the OTP below to verify your email. ');
update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $content['txId']);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'There was an error in sending email. Please click on Resend OTP to try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) and $_POST['option'] == "mo_auth_mobile_registration_complete" || $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete') {
//mobile registration successfully complete for all users
unset($_SESSION['mo2f_qrCode']);
unset($_SESSION['mo2f_transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate Qr code */
if ($response['status'] == 'ERROR') {
update_option('mo2f_message', $response['message']);
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'SUCCESS') {
$selectedMethod = get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true);
$testmethod = $selectedMethod;
if ($selectedMethod == 'MOBILE AUTHENTICATION') {
$selectedMethod = "QR Code Authentication";
}
$message = '<b>' . $selectedMethod . '</b> is set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"' . $testmethod . '\\">Click Here</a> to test ' . $selectedMethod . ' method.';
update_option('mo2f_message', $message);
update_user_meta($current_user->ID, 'mo2f_mobile_registration_status', true);
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status');
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Invalid request. Please try again');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) and $_POST['option'] == 'mo2f_mobile_authenticate_success') {
// mobile registration for all users(common)
if (current_user_can('manage_options')) {
update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. ');
} else {
update_option('mo2f_message', 'You have successfully completed the test. <a href=' . wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.');
}
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
unset($_SESSION['mo2f_qrCode']);
unset($_SESSION['mo2f_transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
$this->mo_auth_show_success_message();
}
if (isset($_POST['option']) and $_POST['option'] == 'mo2f_mobile_authenticate_error') {
//mobile registration failed for all users(common)
update_option('mo2f_message', 'Authentication failed. Please try again to test the configuration.');
unset($_SESSION['mo2f_show_qr_code']);
$this->mo_auth_show_error_message();
}
if (isset($_POST['option']) and $_POST['option'] == "mo_auth_setting_configuration") {
// redirect to setings page
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
}
if (isset($_POST['option']) and $_POST['option'] == "mo_auth_refresh_mobile_qrcode") {
// refrsh Qrcode for all users
if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' || get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION' || get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') {
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$this->mo2f_get_qr_code_for_mobile($email, $current_user->ID);
} else {
update_option('mo2f_message', 'Invalid request. Please register with miniOrange before configuring your mobile.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['miniorange_get_started']) && isset($_POST['miniorange_user_reg_nonce'])) {
//registration with miniOrange for additional admin and non-admin
$nonce = $_POST['miniorange_user_reg_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-user-reg-nonce')) {
update_option('mo2f_message', 'Invalid request');
} else {
$email = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo_useremail'])) {
update_option('mo2f_message', 'Please enter email-id to register.');
return;
} else {
$email = sanitize_email($_POST['mo_useremail']);
}
if (!MO2f_Utility::check_if_email_is_already_registered($email)) {
update_user_meta($current_user->ID, 'mo_2factor_user_email', $email);
$enduser = new Two_Factor_Setup();
$check_user = json_decode($enduser->mo_check_user_already_exist($email), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($check_user['status'] == 'ERROR') {
update_option('mo2f_message', $check_user['message']);
$this->mo_auth_show_error_message();
return;
} else {
if (strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0) {
update_option('mo2f_message', 'The email you entered is already registered. Please register with another email to set up Two-Factor.');
$this->mo_auth_show_error_message();
return;
} else {
if (strcasecmp($check_user['status'], 'USER_FOUND') == 0 || strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0) {
$enduser = new Customer_Setup();
$content = json_decode($enduser->send_otp_token($email, 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
update_option('mo2f_message', 'An OTP has been sent to <b>' . $email . '</b>. Please enter the OTP below to verify your email. ');
$_SESSION['mo2f_transactionId'] = $content['txId'];
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'There was an error in sending OTP over email. Please click on Resend OTP to try again.');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$this->mo_auth_show_error_message();
}
}
}
}
}
} else {
update_option('mo2f_message', 'The email is already used by other user. Please register with other email.');
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['option']) and $_POST['option'] == 'mo_2factor_backto_user_registration') {
//back to registration page for additional admin and non-admin
delete_user_meta($current_user->ID, 'mo_2factor_user_email');
unset($_SESSION['mo2f_transactionId']);
delete_user_meta($current_user->ID, 'mo_2factor_map_id_with_email');
delete_user_meta($current_user->ID, 'mo_2factor_user_registration_status');
}
if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_mobile_authentication') {
//test QR-Code authentication for all users
$challengeMobile = new Customer_Setup();
$content = $challengeMobile->send_otp_token(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'MOBILE AUTHENTICATION', get_option('mo2f_customerKey'), get_option('mo2f_api_key'));
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate Qr code */
if ($response['status'] == 'ERROR') {
update_option('mo2f_message', $response['message']);
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'SUCCESS') {
$_SESSION['mo2f_qrCode'] = $response['qrCode'];
$_SESSION['mo2f_transactionId'] = $response['txId'];
$_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
update_option('mo2f_message', 'Please scan the QR Code now.');
update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST');
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'MOBILE AUTHENTICATION');
$this->mo_auth_show_success_message();
} else {
unset($_SESSION['mo2f_qrCode']);
unset($_SESSION['mo2f_transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Invalid request. Please try again');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_soft_token') {
// Click on Test Soft Toekn link for all users
update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST');
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'SOFT TOKEN');
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_soft_token') {
// validate Soft Token during test for all users
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
update_option('mo2f_message', 'Please enter a value to test your authentication.');
$this->mo_auth_show_error_message();
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$customer = new Customer_Setup();
$content = json_decode($customer->validate_otp_token('SOFT TOKEN', $email, null, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if ($content['status'] == 'ERROR') {
update_option('mo2f_message', $content['message']);
$this->mo_auth_show_error_message();
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//OTP validated and generate QRCode
if (current_user_can('manage_options')) {
update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. ');
} else {
update_option('mo2f_message', 'You have successfully completed the test. <a href=' . wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.');
}
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
$this->mo_auth_show_success_message();
} else {
// OTP Validation failed.
update_option('mo2f_message', 'Invalid OTP. Please try again.');
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_otp_over_sms') {
//sending otp for sms and phone call during test for all users
update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST');
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']);
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$phone = get_user_meta($current_user->ID, 'mo2f_user_phone', true);
$enduser = new Customer_Setup();
$content = json_decode($enduser->send_otp_token($email, $_POST['mo2f_selected_2factor_method'], get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') {
update_option('mo2f_message', 'An OTP has been sent to <b>' . $phone . '</b>. Please enter the one time passcode below. ');
} else {
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') {
update_option('mo2f_message', 'You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below.');
}
}
$_SESSION['mo2f_transactionId'] = $content['txId'];
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'There was an error in sending one time passcode. Please click on Resend OTP to try again.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_otp_over_sms') {
//validate otp over sms and phone call during test for all users
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
update_option('mo2f_message', 'Please enter a value to test your authentication.');
$this->mo_auth_show_error_message();
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$customer = new Customer_Setup();
$content = json_decode($customer->validate_otp_token(get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), $email, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if ($content['status'] == 'ERROR') {
update_option('mo2f_message', $content['message']);
$this->mo_auth_show_error_message();
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//OTP validated
if (current_user_can('manage_options')) {
update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. ');
} else {
update_option('mo2f_message', 'You have successfully completed the test. <a href=' . wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.');
}
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
$this->mo_auth_show_success_message();
} else {
// OTP Validation failed.
update_option('mo2f_message', 'Invalid OTP. Please try again.');
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_push_notification') {
$challengeMobile = new Customer_Setup();
$content = $challengeMobile->send_otp_token(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'PUSH NOTIFICATIONS', get_option('mo2f_customerKey'), get_option('mo2f_api_key'));
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate Qr code */
if ($response['status'] == 'ERROR') {
update_option('mo2f_message', $response['message']);
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'SUCCESS') {
$_SESSION['mo2f_transactionId'] = $response['txId'];
$_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
update_option('mo2f_message', 'A Push notification has been sent to your miniOrange Authenticator App.');
update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST');
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'PUSH NOTIFICATIONS');
$this->mo_auth_show_success_message();
} else {
unset($_SESSION['mo2f_qrCode']);
unset($_SESSION['mo2f_transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Invalid request. Please try again');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_out_of_band_email') {
$this->miniorange_email_verification_call($current_user);
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_out_of_band_success') {
if (!current_user_can('manage_options') && get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'OUT OF BAND EMAIL') {
if (get_user_meta($current_user->ID, 'mo2f_email_verification_status', true)) {
update_option('mo2f_message', 'You have successfully completed the test.');
} else {
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true);
update_option('mo2f_message', '<b>Email Verification</b> has been set as your 2nd factor method.');
}
} else {
update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. ');
}
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
update_user_meta($current_user->ID, 'mo2f_email_verification_status', true);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$this->mo_auth_show_success_message();
}
if (isset($_POST['option']) and $_POST['option'] == 'mo2f_out_of_band_error') {
//push and out of band email denied
update_option('mo2f_message', 'You have denied the request.');
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
update_user_meta($current_user->ID, 'mo2f_email_verification_status', true);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$this->mo_auth_show_error_message();
}
if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_google_auth') {
update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST');
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'GOOGLE AUTHENTICATOR');
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_google_auth_test') {
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
update_option('mo2f_message', 'Please enter a value to test your authentication.');
$this->mo_auth_show_error_message();
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$customer = new Customer_Setup();
$content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', $email, null, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (json_last_error() == JSON_ERROR_NONE) {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//Google OTP validated
if (current_user_can('manage_options')) {
update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. ');
} else {
update_option('mo2f_message', 'You have successfully completed the test.');
}
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
$this->mo_auth_show_success_message();
} else {
// OTP Validation failed.
update_option('mo2f_message', 'Invalid OTP. Please try again.');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'Error occurred while validating the OTP. Please try again.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_configure_google_auth_phone_type') {
$phone_type = $_POST['mo2f_app_type_radio'];
$google_auth = new Miniorange_Rba_Attributes();
$google_response = json_decode($google_auth->mo2f_google_auth_service(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($google_response['status'] == 'SUCCESS') {
$mo2f_google_auth = array();
$mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
$mo2f_google_auth['ga_secret'] = $google_response['secret'];
$mo2f_google_auth['ga_phone'] = $phone_type;
$_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
} else {
update_option('mo2f_message', 'Error occurred while registering the user. Please try again.');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'Error occurred while registering the user. Please try again.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_google_auth') {
$otpToken = $_POST['google_token'];
$mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
$ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
if (MO2f_Utility::mo2f_check_number_length($otpToken)) {
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$google_auth = new Miniorange_Rba_Attributes();
$google_response = json_decode($google_auth->mo2f_validate_google_auth($email, $otpToken, $ga_secret), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($google_response['status'] == 'SUCCESS') {
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'SUCCESS') {
update_user_meta($current_user->ID, 'mo2f_google_authentication_status', true);
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
unset($_SESSION['mo2f_google_auth']);
$message = '<b>Google Authenticator</b> has been set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"GOOGLE AUTHENTICATOR\\">Click Here</a> to test Google Authenticator method.';
update_option('mo2f_message', $message);
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'Error occurred while validating the OTP. Please try again. Possible causes: <br />1. You have enter invalid OTP.<br />2. You App Time is not sync.Go to seetings and tap on Time correction for codes and tap on Sync now .');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'Error occurred while validating the user. Please try again.');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'Only digits are allowed. Please enter again.');
$this->mo_auth_show_error_message();
}
}
/*if(isset($_POST['option']) && $_POST['option'] == 'mo2f_2factor_mobile_support' ){
if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) {
$_SESSION['mo2f_mobile_support'] = 'MO_2_FACTOR_MOBILE_SUPPORT';
update_option( 'mo2f_message', 'Please select three questions and store their answers.');
$this->mo_auth_show_success_message();
}else{
update_option( 'mo2f_message', 'Invalid request. Please register with miniOrange before accessing mobile support.');
$this->mo_auth_show_error_message();
}
} */
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_save_kba') {
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_3']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans3'])) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
}
$kba_q1 = $_POST['mo2f_kbaquestion_1'];
$kba_a1 = sanitize_text_field($_POST['mo2f_kba_ans1']);
$kba_q2 = $_POST['mo2f_kbaquestion_2'];
$kba_a2 = sanitize_text_field($_POST['mo2f_kba_ans2']);
$kba_q3 = sanitize_text_field($_POST['mo2f_kbaquestion_3']);
$kba_a3 = sanitize_text_field($_POST['mo2f_kba_ans3']);
if (strcasecmp($kba_q1, $kba_q2) == 0 || strcasecmp($kba_q2, $kba_q3) == 0 || strcasecmp($kba_q3, $kba_q1) == 0) {
update_option('mo2f_message', 'The questions you select must be unique.');
$this->mo_auth_show_error_message();
return;
}
$kba_registration = new Two_Factor_Setup();
$kba_reg_reponse = json_decode($kba_registration->register_kba_details(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($kba_reg_reponse['status'] == 'SUCCESS') {
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$enduser = new Two_Factor_Setup();
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'KBA');
$response = json_decode($enduser->mo2f_update_userinfo($email, 'KBA', null, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'ERROR') {
update_option('mo2f_message', $response['message']);
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'SUCCESS') {
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
update_user_meta($current_user->ID, 'mo2f_kba_registration_status', true);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$authType = 'KBA';
$message = '<b>' . $authType . '</b> is set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"' . $authType . '\\">Click Here</a> to test ' . $authType . ' method.';
update_option('mo2f_message', $message);
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Invalid request. Please try again');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'Error occured while saving your kba details. Please try again.');
$this->mo_auth_show_error_message();
return;
}
} else {
update_option('mo2f_message', 'Error occured while saving your kba details. Please try again.');
$this->mo_auth_show_error_message();
return;
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_2factor_test_kba') {
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$challengeKba = new Customer_Setup();
$content = $challengeKba->send_otp_token($email, 'KBA', get_option('mo2f_customerKey'), get_option('mo2f_api_key'));
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate KBA Questions*/
if ($response['status'] == 'SUCCESS') {
update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST');
$_SESSION['mo2f_transactionId'] = $response['txId'];
$questions = array();
$questions[0] = $response['questions'][0]['question'];
$questions[1] = $response['questions'][1]['question'];
$_SESSION['mo_2_factor_kba_questions'] = $questions;
update_option('mo2f_message', 'Please answer the following security questions.');
$this->mo_auth_show_success_message();
} else {
if ($response['status'] == 'ERROR') {
update_option('mo2f_message', 'There was an error fetching security questions. Please try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'There was an error fetching security questions. Please try again.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_kba_details') {
$kba_ans_1 = '';
$kba_ans_2 = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1'])) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
} else {
$kba_ans_1 = sanitize_text_field($_POST['mo2f_answer_1']);
$kba_ans_2 = sanitize_text_field($_POST['mo2f_answer_2']);
}
$kbaAns = array();
$kbaAns[0] = $_SESSION['mo_2_factor_kba_questions'][0];
$kbaAns[1] = $kba_ans_1;
$kbaAns[2] = $_SESSION['mo_2_factor_kba_questions'][1];
$kbaAns[3] = $kba_ans_2;
$kba_validate = new Customer_Setup();
$kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f_transactionId'], $kbaAns, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (json_last_error() == JSON_ERROR_NONE) {
if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. ');
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
$this->mo_auth_show_success_message();
} else {
// KBA Validation failed.
update_option('mo2f_message', 'Invalid Answers. Please try again.');
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_verify_phone') {
// sendin otp for configuring OTP over SMS and Phone Call Verification
$phone = sanitize_text_field($_POST['verify_phone']);
if (MO2f_Utility::mo2f_check_empty_or_null($phone)) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
}
$phone = str_replace(' ', '', $phone);
$_SESSION['mo2f_phone'] = $phone;
$customer = new Customer_Setup();
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') {
$currentMethod = "OTP_OVER_SMS";
} else {
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') {
$currentMethod = "PHONE_VERIFICATION";
}
}
$content = json_decode($customer->send_otp_token($phone, $currentMethod, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate otp token */
if ($content['status'] == 'ERROR') {
update_option('mo2f_message', $response['message']);
$this->mo_auth_show_error_message();
} else {
if ($content['status'] == 'SUCCESS') {
$_SESSION['mo2f_transactionId'] = $content['txId'];
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') {
update_option('mo2f_message', 'The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.');
} else {
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') {
update_option('mo2f_message', 'You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below to verify your number.');
}
}
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Invalid request. Please try again');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_otp') {
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
update_option('mo2f_message', 'All the fields are required. Please enter valid entries.');
$this->mo_auth_show_error_message();
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
$customer = new Customer_Setup();
$content = json_decode($customer->validate_otp_token(get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if ($content['status'] == 'ERROR') {
update_option('mo2f_message', $content['message']);
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//OTP validated
if (get_user_meta($current_user->ID, 'mo2f_user_phone', true) && strlen(get_user_meta($current_user->ID, 'mo2f_user_phone', true)) >= 4) {
if ($_SESSION['mo2f_phone'] != get_user_meta($current_user->ID, 'mo2f_user_phone', true)) {
update_user_meta($current_user->ID, 'mo2f_mobile_registration_status', false);
}
}
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$phone = $_SESSION['mo2f_phone'];
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), $phone, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'ERROR') {
unset($_SESSION['mo2f_phone']);
update_option('mo2f_message', $response['message']);
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'SUCCESS') {
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
update_user_meta($current_user->ID, 'mo2f_otp_registration_status', true);
delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
update_user_meta($current_user->ID, 'mo2f_user_phone', $_SESSION['mo2f_phone']);
unset($_SESSION['mo2f_phone']);
$testmethod = get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true);
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') {
$authType = "OTP Over SMS";
} else {
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') {
$authType = "Phone Call Verification";
}
}
$message = '<b>' . $authType . '</b> is set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"' . $testmethod . '\\">Click Here</a> to test ' . $authType . ' method.';
update_option('mo2f_message', $message);
$this->mo_auth_show_success_message();
} else {
unset($_SESSION['mo2f_phone']);
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
}
} else {
unset($_SESSION['mo2f_phone']);
update_option('mo2f_message', 'Invalid request. Please try again');
$this->mo_auth_show_error_message();
}
} else {
// OTP Validation failed.
update_option('mo2f_message', 'Invalid OTP. Please try again.');
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_save_2factor_method') {
// configure 2nd factor for all users
if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', true) == 'SUCCESS') {
if ($_POST['mo2f_selected_2factor_method'] == 'OUT OF BAND EMAIL' && !current_user_can('manage_options')) {
$this->miniorange_email_verification_call($current_user);
}
update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_CONFIGURE');
//status for configuring the specific 2nd-factor method
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']);
//status for second factor selected by user
} else {
update_option('mo2f_message', 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_update_2factor_method') {
// save 2nd factor method for all users
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$enduser = new Two_Factor_Setup();
update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']);
$response = json_decode($enduser->mo2f_update_userinfo($email, $_POST['mo2f_selected_2factor_method'], null, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'ERROR') {
update_option('mo2f_message', $response['message']);
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'SUCCESS') {
$selectedMethod = get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true);
if ($selectedMethod == 'OUT OF BAND EMAIL') {
$selectedMethod = "Email Verification";
} else {
if ($selectedMethod == 'MOBILE AUTHENTICATION') {
$selectedMethod = "QR Code Authentication";
} else {
if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') {
$authType = "OTP Over SMS";
}
}
}
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status');
update_option('mo2f_message', $selectedMethod . ' is set as your Two-Factor method.');
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'An error occured while processing your request. Please Try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Invalid request. Please try again');
$this->mo_auth_show_error_message();
}
}
if (isset($_POST['option']) && $_POST['option'] == 'mo2f_cancel_configuration') {
unset($_SESSION['mo2f_qrCode']);
unset($_SESSION['mo2f_transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
unset($_SESSION['mo2f_phone']);
unset($_SESSION['mo2f_google_auth']);
unset($_SESSION['mo2f_mobile_support']);
delete_user_meta($current_user->ID, 'mo2f_configure_test_option');
}
}
public function miniorange_pass2login_redirect()
{
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
if (isset($_POST['mo2f_trust_device_confirm_nonce'])) {
/*register device as rba profile */
$nonce = $_POST['mo2f_trust_device_confirm_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-trust-device-confirm-nonce')) {
$this->remove_current_activity();
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
try {
$currentuser = $_SESSION['mo2f_current_user'];
mo2f_register_profile(get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), 'true', $_SESSION['mo2f_rba_status']);
} catch (Exception $e) {
echo $e->getMessage();
}
$this->mo2fa_pass2login();
}
}
if (isset($_POST['mo2f_trust_device_cancel_nonce'])) {
/*do not register device as rba profile */
$nonce = $_POST['mo2f_trust_device_cancel_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-trust-device-cancel-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$this->mo2fa_pass2login();
}
}
if (isset($_POST['miniorange_kba_nonce'])) {
/*check kba validation*/
$nonce = $_POST['miniorange_kba_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-kba-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null;
if (isset($_SESSION['mo2f_current_user'])) {
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_2'])) {
return;
}
$otpToken = array();
$otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
$otpToken[1] = sanitize_text_field($_POST['mo2f_answer_1']);
$otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
$otpToken[3] = sanitize_text_field($_POST['mo2f_answer_2']);
$check_trust_device = sanitize_text_field($_POST['mo2f_trust_device']);
$kba_validate = new Customer_Setup();
$kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f-login-transactionId'], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
if (get_option('mo2f_deviceid_enabled') && $check_trust_device == 'true') {
try {
mo2f_register_profile(get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), 'true', $_SESSION['mo2f_rba_status']);
} catch (Exception $e) {
echo $e->getMessage();
}
$this->mo2fa_pass2login();
} else {
$this->mo2fa_pass2login();
}
} else {
$_SESSION['mo2f-login-message'] = 'The answers you have provided are incorrect.';
}
} else {
$this->remove_current_activity();
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
}
}
}
if (isset($_POST['miniorange_mobile_validation_nonce'])) {
/*check mobile validation */
$nonce = $_POST['miniorange_mobile_validation_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$currentuser = $_SESSION['mo2f_current_user'];
$checkMobileStatus = new Two_Factor_Setup();
$content = $checkMobileStatus->check_mobile_status($_SESSION['mo2f-login-transactionId']);
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'SUCCESS') {
if (get_option('mo2f_deviceid_enabled')) {
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
} else {
$this->mo2fa_pass2login();
}
} else {
$this->remove_current_activity();
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
}
} else {
$this->remove_current_activity();
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.'));
}
}
}
if (isset($_POST['miniorange_mobile_validation_failed_nonce'])) {
/*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
$nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-failed-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$this->remove_current_activity();
}
}
if (isset($_POST['miniorange_forgotphone'])) {
/*Click on the link of forgotphone */
$nonce = $_POST['miniorange_forgotphone'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-forgotphone')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$customer = new Customer_Setup();
$id = $_SESSION['mo2f_current_user']->ID;
$content = json_decode($customer->send_otp_token(get_user_meta($id, 'mo_2factor_map_id_with_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
$_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id, 'mo_2factor_map_id_with_email', true)) . '</b>. Please enter the OTP to verify your identity.';
$_SESSION['mo2f-login-transactionId'] = $content['txId'];
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
} else {
$_SESSION['mo2f-login-message'] = 'Error:OTP over Email';
}
}
}
if (isset($_POST['miniorange_inline_user_reg_nonce'])) {
$nonce = $_POST['miniorange_inline_user_reg_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-user-reg-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$email = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo_useremail'])) {
$_SESSION['mo2f-login-message'] = 'Please enter email-id to register.';
return;
} else {
$email = sanitize_email($_POST['mo_useremail']);
}
if (!MO2f_Utility::check_if_email_is_already_registered($email)) {
$currentUserId = $_SESSION['mo2f_current_user']->ID;
update_user_meta($currentUserId, 'mo_2factor_user_email', $email);
$enduser = new Two_Factor_Setup();
$check_user = json_decode($enduser->mo_check_user_already_exist($email), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($check_user['status'] == 'ERROR') {
$_SESSION['mo2f-login-message'] = $check_user['message'];
return;
} else {
if (strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0) {
$_SESSION['mo2f-login-message'] = 'The email you entered is already registered. Please register with another email to set up Two-Factor.';
return;
} else {
if (strcasecmp($check_user['status'], 'USER_FOUND') == 0 || strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0) {
$enduser = new Customer_Setup();
$content = json_decode($enduser->send_otp_token($email, 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
$_SESSION['mo2f-login-message'] = 'An OTP has been sent to <b>' . $email . '</b>. Please enter the OTP below to verify your email. If you didn\'t get the email, please check your <b>SPAM</b> folder.';
update_user_meta($currentUserId, 'mo_2fa_verify_otp_create_account', $content['txId']);
update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
} else {
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
$_SESSION['mo2f-login-message'] = 'There was an error in sending OTP over email. Please click on Resend OTP to try again.';
update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
}
}
}
}
}
} else {
$_SESSION['mo2f-login-message'] = 'The email is already used by other user. Please register with other email.';
}
}
}
if (isset($_POST['miniorange_inline_two_factor_setup'])) {
$nonce = $_POST['miniorange_inline_two_factor_setup'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-setup-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
unset($_SESSION['mo2f_google_auth']);
$_SESSION['mo2f-login-message'] = '';
delete_user_meta($_SESSION['mo2f_current_user']->ID, 'mo2f_selected_2factor_method');
}
}
if (isset($_POST['miniorange_inline_resend_otp_nonce'])) {
//resend otp during user inline registration
$nonce = $_POST['miniorange_inline_resend_otp_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-resend-otp-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$currentUserId = $_SESSION['mo2f_current_user']->ID;
$userkey = '';
if (get_user_meta($currentUserId, 'mo2f_selected_2factor_method', true) == 'SMS') {
$currentMethod = "OTP_OVER_SMS";
$userkey = $_SESSION['mo2f_phone'];
$_SESSION['mo2f-login-message'] = 'The One Time Passcode has been sent to ' . $userkey . '. Please enter the one time passcode below to verify your number.';
} else {
if (get_user_meta($currentUserId, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') {
$currentMethod = "PHONE_VERIFICATION";
$userkey = $_SESSION['mo2f_phone'];
$_SESSION['mo2f-login-message'] = 'You will receive a phone call on this number ' . $userkey . '. Please enter the one time passcode below to verify your number.';
} else {
$currentMethod = 'EMAIL';
$userkey = get_user_meta($currentUserId, 'mo_2factor_user_email', true);
$_SESSION['mo2f-login-message'] = 'An OTP has been sent to <b>' . $userkey . '</b>. Please enter the OTP below to verify your email.';
}
}
$customer = new Customer_Setup();
$content = json_decode($customer->send_otp_token($userkey, $currentMethod, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
update_user_meta($currentUserId, 'mo_2fa_verify_otp_create_account', $content['txId']);
if ($currentMethod == 'EMAIL') {
update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS');
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
}
} else {
$_SESSION['mo2f-login-message'] = 'There was an error in sending one time passcode. Please click on Resend OTP to try again.';
if ($currentMethod == 'EMAIL') {
update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP';
}
}
}
}
if (isset($_POST['mo2f_inline_ga_phone_type_nonce'])) {
//select google phone type during user inline registration when google authenticator is selected
$nonce = $_POST['mo2f_inline_ga_phone_type_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-ga-phone-type-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$phone_type = $_POST['google_phone_type'];
$current_user = $_SESSION['mo2f_current_user'];
$google_auth = new Miniorange_Rba_Attributes();
$google_response = json_decode($google_auth->mo2f_google_auth_service(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($google_response['status'] == 'SUCCESS') {
$mo2f_google_auth = array();
$mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData'];
$mo2f_google_auth['ga_secret'] = $google_response['secret'];
$mo2f_google_auth['ga_phone'] = $phone_type;
$_SESSION['mo2f_google_auth'] = $mo2f_google_auth;
$_SESSION['mo2f-login-message'] = '';
} else {
$_SESSION['mo2f-login-message'] = 'Error occurred while registering the user for google authenticator. Please try again.';
}
} else {
$_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.';
}
}
}
if (isset($_POST['mo2f_inline_validate_ga_nonce'])) {
$nonce = $_POST['mo2f_inline_validate_ga_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-google-auth-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$otpToken = $_POST['google_auth_code'];
$current_user = $_SESSION['mo2f_current_user'];
$mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null;
$ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null;
if (MO2f_Utility::mo2f_check_number_length($otpToken)) {
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$google_auth = new Miniorange_Rba_Attributes();
$google_response = json_decode($google_auth->mo2f_validate_google_auth($email, $otpToken, $ga_secret), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($google_response['status'] == 'SUCCESS') {
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'SUCCESS') {
update_user_meta($current_user->ID, 'mo2f_google_authentication_status', true);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$this->mo2fa_pass2login();
} else {
$_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
}
} else {
$_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
}
} else {
$_SESSION['mo2f-login-message'] = 'Error occurred while validating the OTP. Please try again. Possible causes: <br />1. You have enter invalid OTP.<br />2. You App Time is not sync.Go to seetings and tap on Time correction for codes and tap on Sync now .';
}
} else {
$_SESSION['mo2f-login-message'] = 'Error occurred while validating the user. Please try again.';
}
} else {
$_SESSION['mo2f-login-message'] = 'Only digits are allowed. Please enter again.';
}
}
}
if (isset($_POST['miniorange_inline_validate_user_otp_nonce'])) {
$nonce = $_POST['miniorange_inline_validate_user_otp_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-validate-user-otp-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
$_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
$id = $_SESSION['mo2f_current_user']->ID;
if (!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($id, 'mo_2factor_user_email', true))) {
$customer = new Customer_Setup();
$transactionId = get_user_meta($id, 'mo_2fa_verify_otp_create_account', true);
$content = json_decode($customer->validate_otp_token('EMAIL', null, $transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if ($content['status'] == 'ERROR') {
$_SESSION['mo2f-login-message'] = $content['message'];
delete_user_meta($id, 'mo_2fa_verify_otp_create_account');
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//OTP validated and generate QRCode
$this->mo2f_register_user_inline(get_user_meta($id, 'mo_2factor_user_email', true));
delete_user_meta($id, 'mo_2fa_verify_otp_create_account');
} else {
// OTP Validation failed.
$_SESSION['mo2f-login-message'] = 'Invalid OTP. Please try again.';
update_user_meta($id, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE');
}
delete_user_meta($id, 'mo_2fa_verify_otp_create_account');
}
} else {
$_SESSION['mo2f-login-message'] = 'The email is already used by other user. Please register with other email by clicking on Back button.';
}
}
}
if (isset($_POST['miniorange_inline_save_2factor_method_nonce'])) {
$nonce = $_POST['miniorange_inline_save_2factor_method_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$currentUserId = $_SESSION['mo2f_current_user']->ID;
if (get_user_meta($currentUserId, 'mo_2factor_user_registration_with_miniorange', true) == 'SUCCESS') {
update_user_meta($currentUserId, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']);
//status for second factor selected by user
} else {
$_SESSION['mo2f-login-message'] = 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.';
}
}
}
if (isset($_POST['miniorange_inline_verify_phone_nonce'])) {
$nonce = $_POST['miniorange_inline_verify_phone_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-verify-phone-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$phone = sanitize_text_field($_POST['verify_phone']);
if (MO2f_Utility::mo2f_check_empty_or_null($phone)) {
$_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
return;
}
$phone = str_replace(' ', '', $phone);
$_SESSION['mo2f_phone'] = $phone;
$current_user = $_SESSION['mo2f_current_user']->ID;
$customer = new Customer_Setup();
if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'SMS') {
$currentMethod = "OTP_OVER_SMS";
} else {
if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') {
$currentMethod = "PHONE_VERIFICATION";
}
}
$content = json_decode($customer->send_otp_token($phone, $currentMethod, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate otp token */
if ($content['status'] == 'ERROR') {
$_SESSION['mo2f-login-message'] = $response['message'];
} else {
if ($content['status'] == 'SUCCESS') {
$_SESSION['mo2f_transactionId'] = $content['txId'];
if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'SMS') {
$_SESSION['mo2f-login-message'] = 'The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.';
} else {
if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') {
$_SESSION['mo2f-login-message'] = 'You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below to verify your number.';
}
}
} else {
$_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
}
}
} else {
$_SESSION['mo2f-login-message'] = 'Invalid request. Please try again';
}
}
}
if (isset($_POST['miniorange_inline_validate_otp_nonce'])) {
$nonce = $_POST['miniorange_inline_validate_otp_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-validate-otp-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$otp_token = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) {
$_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
return;
} else {
$otp_token = sanitize_text_field($_POST['otp_token']);
}
$current_user = $_SESSION['mo2f_current_user']->ID;
$customer = new Customer_Setup();
$content = json_decode($customer->validate_otp_token(get_user_meta($current_user, 'mo2f_selected_2factor_method', true), null, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if ($content['status'] == 'ERROR') {
$_SESSION['mo2f-login-message'] = $content['message'];
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
//OTP validated
if (get_user_meta($current_user, 'mo2f_user_phone', true) && strlen(get_user_meta($current_user, 'mo2f_user_phone', true)) >= 4) {
if ($_SESSION['mo2f_phone'] != get_user_meta($current_user, 'mo2f_user_phone', true)) {
update_user_meta($current_user, 'mo2f_mobile_registration_status', false);
}
}
$email = get_user_meta($current_user, 'mo_2factor_map_id_with_email', true);
$phone = $_SESSION['mo2f_phone'];
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user, 'mo2f_selected_2factor_method', true), $phone, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'ERROR') {
unset($_SESSION['mo2f_phone']);
$_SESSION['mo2f-login-message'] = $response['message'];
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'SUCCESS') {
update_user_meta($current_user, 'mo2f_otp_registration_status', true);
update_user_meta($current_user, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
update_user_meta($current_user, 'mo2f_user_phone', $_SESSION['mo2f_phone']);
unset($_SESSION['mo2f_phone']);
$this->mo2fa_pass2login();
} else {
unset($_SESSION['mo2f_phone']);
$_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
}
}
} else {
unset($_SESSION['mo2f_phone']);
$_SESSION['mo2f-login-message'] = 'Invalid request. Please try again';
}
} else {
// OTP Validation failed.
$_SESSION['mo2f-login-message'] = 'Invalid OTP. Please try again.';
}
}
}
}
if (isset($_POST['miniorange_inline_show_qrcode_nonce'])) {
$nonce = $_POST['miniorange_inline_show_qrcode_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-show-qrcode-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$current_user = $_SESSION['mo2f_current_user'];
if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$this->mo2f_inline_get_qr_code_for_mobile($email, $current_user->ID);
} else {
$_SESSION['mo2f-login-message'] = 'Invalid request. Please register with miniOrange before configuring your mobile.';
}
}
}
if (isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])) {
$nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
$current_user = $_SESSION['mo2f_current_user']->ID;
$email = get_user_meta($current_user, 'mo_2factor_map_id_with_email', true);
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user, 'mo2f_selected_2factor_method', true), null, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate Qr code */
if ($response['status'] == 'ERROR') {
$_SESSION['mo2f-login-message'] = $response['message'];
} else {
if ($response['status'] == 'SUCCESS') {
update_user_meta($current_user, 'mo2f_mobile_registration_status', true);
update_user_meta($current_user, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$this->mo2fa_pass2login();
} else {
$_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.';
}
}
} else {
$_SESSION['mo2f-login-message'] = 'Invalid request. Please try again';
}
}
}
if (isset($_POST['mo2f_inline_save_kba_nonce'])) {
$nonce = $_POST['mo2f_inline_save_kba_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-save-kba-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_3']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans3'])) {
$_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.';
return;
}
$kba_q1 = $_POST['mo2f_kbaquestion_1'];
$kba_a1 = sanitize_text_field($_POST['mo2f_kba_ans1']);
$kba_q2 = $_POST['mo2f_kbaquestion_2'];
$kba_a2 = sanitize_text_field($_POST['mo2f_kba_ans2']);
$kba_q3 = sanitize_text_field($_POST['mo2f_kbaquestion_3']);
$kba_a3 = sanitize_text_field($_POST['mo2f_kba_ans3']);
if (strcasecmp($kba_q1, $kba_q2) == 0 || strcasecmp($kba_q2, $kba_q3) == 0 || strcasecmp($kba_q3, $kba_q1) == 0) {
$_SESSION['mo2f-login-message'] = 'The questions you select must be unique.';
return;
}
$current_user = $_SESSION['mo2f_current_user'];
$email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true);
$kba_registration = new Two_Factor_Setup();
$kba_reg_reponse = json_decode($kba_registration->register_kba_details($email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($kba_reg_reponse['status'] == 'SUCCESS') {
$enduser = new Two_Factor_Setup();
$response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true);
if (json_last_error() == JSON_ERROR_NONE) {
/* Generate Qr code */
if ($response['status'] == 'ERROR') {
$_SESSION['mo2f-login-message'] = $response['message'];
} else {
if ($response['status'] == 'SUCCESS') {
update_user_meta($current_user->ID, 'mo2f_kba_registration_status', true);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
$this->mo2fa_pass2login();
}
}
} else {
$_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.';
}
} else {
$_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.';
}
} else {
$_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.';
}
}
}
if (isset($_POST['mo2f_inline_email_setup'])) {
$nonce = $_POST['mo2f_inline_email_setup'];
if (!wp_verify_nonce($nonce, 'miniorange-2fa-inline-email-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$current_user = $_SESSION['mo2f_current_user'];
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS');
update_user_meta($current_user->ID, 'mo2f_email_verification_status', true);
$this->mo2fa_pass2login();
}
}
if (isset($_POST['miniorange_softtoken'])) {
/*Click on the link of phone is offline */
$nonce = $_POST['miniorange_softtoken'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-softtoken')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
$_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.';
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
}
}
if (isset($_POST['miniorange_soft_token_nonce'])) {
/*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
$nonce = $_POST['miniorange_soft_token_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-soft-token-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$softtoken = '';
if (MO2f_utility::mo2f_check_empty_or_null($_POST['mo2fa_softtoken'])) {
$_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed.';
return;
} else {
$softtoken = sanitize_text_field($_POST['mo2fa_softtoken']);
if (!MO2f_utility::mo2f_check_number_length($softtoken)) {
$_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
return;
}
}
$currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null;
if (isset($_SESSION['mo2f_current_user'])) {
$customer = new Customer_Setup();
$content = '';
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') {
$content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') {
$content = json_decode($customer->validate_otp_token('SMS', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION') {
$content = json_decode($customer->validate_otp_token('PHONE VERIFICATION', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN') {
$content = json_decode($customer->validate_otp_token('SOFT TOKEN', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION') {
$content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
$this->remove_current_activity();
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.'));
}
}
}
}
}
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
if (get_option('mo2f_deviceid_enabled')) {
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE';
} else {
$this->mo2fa_pass2login();
}
} else {
$message = $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again';
$_SESSION['mo2f-login-message'] = $message;
}
} else {
$this->remove_current_activity();
return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..'));
}
}
}
if (isset($_POST['miniorange_inline_skip_registration_nonce'])) {
/*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
$nonce = $_POST['miniorange_inline_skip_registration_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-skip-registration-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$this->mo2fa_pass2login();
}
}
if (isset($_POST['miniorange_inline_goto_user_registration_nonce'])) {
/*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
$nonce = $_POST['miniorange_inline_goto_user_registration_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-goto-user-registration-nonce')) {
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$current_user = $_SESSION['mo2f_current_user'];
delete_user_meta($current_user->ID, 'mo_2factor_user_email');
delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account');
delete_user_meta($current_user->ID, 'mo_2factor_user_registration_status');
$_SESSION['mo2f-login-message'] = '';
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REGISTRATION';
}
}
}