function miniorange_auth_save_settings() { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } global $current_user; get_currentuserinfo(); if (current_user_can('manage_options')) { if (isset($_POST['option']) and $_POST['option'] == "mo_auth_register_customer") { //register the admin to miniOrange //validate and sanitize $email = ''; $phone = ''; $password = ''; $confirmPassword = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['email']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['password']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['confirmPassword'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { if (strlen($_POST['password']) < 6 || strlen($_POST['confirmPassword']) < 6) { update_option('mo2f_message', 'Choose a password with minimum length 8.'); $this->mo_auth_show_error_message(); return; } else { $email = sanitize_email($_POST['email']); $phone = sanitize_text_field($_POST['phone']); $password = sanitize_text_field($_POST['password']); $confirmPassword = sanitize_text_field($_POST['confirmPassword']); } } $email = strtolower($email); update_option('mo2f_email', $email); update_user_meta($current_user->ID, 'mo2f_user_phone', $phone); if (strcmp($password, $confirmPassword) == 0) { update_option('mo2f_password', $password); $customer = new Customer_Setup(); $customerKey = json_decode($customer->check_customer(), true); if ($customerKey['status'] == 'ERROR') { update_option('mo2f_message', $customerKey['message']); $this->mo_auth_show_error_message(); } else { if (strcasecmp($customerKey['status'], 'CUSTOMER_NOT_FOUND') == 0) { //customer not found then send OTP to verify email $content = json_decode($customer->send_otp_token(get_option('mo2f_email'), 'EMAIL', $this->defaultCustomerKey, $this->defaultApiKey), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { update_option('mo2f_message', 'An OTP has been sent to <b>' . get_option('mo2f_email') . '</b>. Please enter the OTP below to verify your email. '); update_user_meta($current_user->ID, 'mo2f_email_otp_count', 1); update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $content['txId']); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS'); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'There was an error in sending OTP over email. Please click on Resend OTP to try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } } else { //customer already exists,retrieve its keys $content = $customer->get_customer_key(); $customerKey = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { /*Admin enter right credentials,if already exist */ if (array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR') { update_option('mo2f_message', $customerKey['message']); $this->mo_auth_show_error_message(); } else { update_option('mo2f_customerKey', $customerKey['id']); update_option('mo2f_api_key', $customerKey['apiKey']); update_option('mo2f_customer_token', $customerKey['token']); update_option('mo2f_app_secret', $customerKey['appSecret']); update_option('mo2f_miniorange_admin', $current_user->ID); delete_option('mo2f_password'); update_option('mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', get_option('mo2f_email')); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $enduser = new Two_Factor_Setup(); $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, 'API_2FA', true); update_user_meta($current_user->ID, 'mo2f_email_verification_status', true); update_option('mo2f_message', 'Your account has been retrieved successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure another 2nd factor authentication method.'); $this->mo_auth_show_success_message(); } } else { /*Admin account exist but enter wrong credentials*/ update_option('mo2f_message', 'You already have an account with miniOrange. Please enter a valid password.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_VERIFY_CUSTOMER'); $this->mo_auth_show_success_message(); } } } } else { update_option('mo2f_message', 'Password and Confirm password do not match.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) and $_POST['option'] == "mo2f_goto_verifycustomer") { update_option('mo2f_message', 'Please enter your registered email and password.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_VERIFY_CUSTOMER'); $this->mo_auth_show_success_message(); } if (isset($_POST['option']) and $_POST['option'] == "mo_auth_verify_customer") { //register the admin to miniOrange if already exist //validation and sanitization $email = ''; $password = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['email']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['password'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { $email = sanitize_email($_POST['email']); $password = sanitize_text_field($_POST['password']); } update_option('mo2f_email', $email); update_option('mo2f_password', $password); $customer = new Customer_Setup(); $content = $customer->get_customer_key(); $customerKey = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if (array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR') { update_option('mo2f_message', $customerKey['message']); $this->mo_auth_show_error_message(); } else { update_option('mo2f_customerKey', $customerKey['id']); update_option('mo2f_api_key', $customerKey['apiKey']); update_option('mo2f_customer_token', $customerKey['token']); update_option('mo2f_app_secret', $customerKey['appSecret']); update_user_meta($current_user->ID, 'mo2f_phone', $customerKey['phone']); update_option('mo2f_miniorange_admin', $current_user->ID); delete_option('mo2f_password'); update_option('mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', get_option('mo2f_email')); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $enduser = new Two_Factor_Setup(); $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, 'API_2FA', true); update_user_meta($current_user->ID, 'mo2f_email_verification_status', true); update_option('mo2f_message', 'Your account has been retrieved successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure another 2nd factor authentication method.'); $this->mo_auth_show_success_message(); } } else { update_option('mo2f_message', 'Invalid email or password. Please try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_VERIFY_CUSTOMER'); $this->mo_auth_show_error_message(); } delete_option('mo2f_password'); } if (isset($_POST['option']) and $_POST['option'] == 'mo_2factor_phone_verification') { //at registration time $phone = sanitize_text_field($_POST['phone_number']); $phone = str_replace(' ', '', $phone); $auth_type = 'OTP_OVER_SMS'; $customer = new Customer_Setup(); $send_otp_response = json_decode($customer->send_otp_token($phone, $auth_type, $this->defaultCustomerKey, $this->defaultApiKey), true); if (strcasecmp($send_otp_response['status'], 'SUCCESS') == 0) { //Save txId update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $send_otp_response['txId']); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS'); if (get_user_meta($current_user->ID, 'mo2f_sms_otp_count', true)) { update_user_meta($current_user->ID, 'mo2f_sms_otp_count', get_user_meta($current_user->ID, 'mo2f_sms_otp_count', true) + 1); update_option('mo2f_message', 'Another One Time Passcode has been sent <b>( ' . get_user_meta($current_user->ID, 'mo2f_sms_otp_count', true) . ' )</b> for verification to ' . $phone); } else { update_option('mo2f_message', 'One Time Passcode has been sent for verification to ' . $phone); update_user_meta($current_user->ID, 'mo2f_sms_otp_count', 1); } $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'There was an error in sending sms. Please click on Resend OTP to try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_otp") { //resend OTP over email for admin $customer = new Customer_Setup(); $content = json_decode($customer->send_otp_token(get_option('mo2f_email'), 'EMAIL', $this->defaultCustomerKey, $this->defaultApiKey), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { if (get_user_meta($current_user->ID, 'mo2f_email_otp_count', true)) { update_user_meta($current_user->ID, 'mo2f_email_otp_count', get_user_meta($current_user->ID, 'mo2f_email_otp_count', true) + 1); update_option('mo2f_message', 'Another OTP has been sent <b>( ' . get_user_meta($current_user->ID, 'mo2f_email_otp_count', true) . ' )</b> to <b>' . get_option('mo2f_email') . '</b>. Please enter the OTP below to verify your email. '); } else { update_option('mo2f_message', 'An OTP has been sent to <b>' . get_option('mo2f_email') . '</b>. Please enter the OTP below to verify your email. '); update_user_meta($current_user->ID, 'mo2f_email_otp_count', 1); } update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $content['txId']); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS'); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'There was an error in sending email. Please click on Resend OTP to try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_otp") { //validate OTP over email for admin //validation and sanitization $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } $customer = new Customer_Setup(); $transactionId = get_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', true); $content = json_decode($customer->validate_otp_token('EMAIL', null, $transactionId, $otp_token, $this->defaultCustomerKey, $this->defaultApiKey), true); if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account'); $this->mo_auth_show_error_message(); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode $this->mo2f_create_customer($current_user); delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account'); } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } } } if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_user_otp") { //validate OTP over email for additional admin //validation and sanitization $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } if (!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID, 'mo_2factor_user_email', true))) { $customer = new Customer_Setup(); $content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); $this->mo_auth_show_error_message(); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode $this->mo2f_create_user($current_user, get_user_meta($current_user->ID, 'mo_2factor_user_email', true)); } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'The email is already used by other user. Please register with other email by clicking on Back button.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_send_query") { //Help me or support $query = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['query_email']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['query'])) { update_option('mo2f_message', 'Please submit your query with email.'); $this->mo_auth_show_error_message(); return; } else { $query = sanitize_text_field($_POST['query']); $email = sanitize_text_field($_POST['query_email']); $phone = sanitize_text_field($_POST['query_phone']); $contact_us = new Customer_Setup(); $submited = json_decode($contact_us->submit_contact_us($email, $phone, $query), true); if (json_last_error() == JSON_ERROR_NONE) { if (array_key_exists('status', $submited) && $submited['status'] == 'ERROR') { update_option('mo2f_message', $submited['message']); $this->mo_auth_show_error_message(); } else { if ($submited == false) { update_option('mo2f_message', 'Your query could not be submitted. Please try again.'); $this->mo_auth_show_error_message(); } else { update_option('mo2f_message', 'Thanks for getting in touch! We shall get back to you shortly.'); $this->mo_auth_show_success_message(); } } } } } if (isset($_POST['option']) and $_POST['option'] == 'mo_auth_advanced_options_save') { update_option('mo2f_enable_2fa_for_woocommerce', isset($_POST['mo2f_enable_2fa_for_woocommerce']) ? $_POST['mo2f_enable_2fa_for_woocommerce'] : 0); //plugin customization update_option('mo2f_disable_poweredby', isset($_POST['mo2f_disable_poweredby']) ? $_POST['mo2f_disable_poweredby'] : 0); update_option('mo2f_enable_custom_poweredby', isset($_POST['mo2f_enable_custom_poweredby']) ? $_POST['mo2f_enable_custom_poweredby'] : 0); if (get_option('mo2f_disable_poweredby') == 1) { update_option('mo2f_enable_custom_poweredby', 0); } update_option('mo2f_enable_custom_icon', isset($_POST['mo2f_enable_custom_icon']) ? $_POST['mo2f_enable_custom_icon'] : 0); update_option('mo2f_custom_plugin_name', isset($_POST['mo2f_custom_plugin_name']) ? $_POST['mo2f_custom_plugin_name'] : 'miniOrange 2-Factor'); update_option('mo2f_message', 'Your login settings are saved successfully.'); $this->mo_auth_show_success_message(); } if (isset($_POST['option']) and $_POST['option'] == 'mo_auth_login_settings_save') { if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') { update_option('mo2f_login_policy', isset($_POST['mo2f_login_policy']) ? $_POST['mo2f_login_policy'] : 0); update_option('mo2f_enable_forgotphone', isset($_POST['mo2f_forgotphone']) ? $_POST['mo2f_forgotphone'] : 0); update_option('mo2f_show_loginwith_phone', isset($_POST['mo2f_loginwith_phone']) ? $_POST['mo2f_loginwith_phone'] : 0); update_option('mo2f_activate_plugin', isset($_POST['mo2f_activate_plugin']) ? $_POST['mo2f_activate_plugin'] : 0); update_option('mo2f_deviceid_enabled', isset($_POST['mo2f_deviceid_enabled']) ? $_POST['mo2f_deviceid_enabled'] : 0); update_option('mo2f_inline_registration', isset($_POST['mo2f_inline_registration']) ? $_POST['mo2f_inline_registration'] : 0); global $wp_roles; if (!isset($wp_roles)) { $wp_roles = new WP_Roles(); } foreach ($wp_roles->role_names as $id => $name) { update_option('mo2fa_' . $id, isset($_POST['mo2fa_' . $id]) ? $_POST['mo2fa_' . $id] : 0); } $authMethods = array(); $authMethod = $_POST['mo2f_authmethods']; foreach ($authMethod as $arrayvalue) { $authMethods[$arrayvalue] = $arrayvalue; } update_option('mo2f_auth_methods_for_users', $authMethods); if (get_option('mo2f_activate_plugin')) { $logouturl = wp_login_url() . '?action=logout'; update_option('mo2f_message', 'Your login settings are saved successfully. Now <a href=\\"' . $logouturl . '\\"><b>Click Here</b></a> to logout and try login with 2-Factor.'); update_option('mo2f_msg_counter', 2); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'Two-Factor plugin has been disabled.'); update_option('mo2f_msg_counter', 2); $this->mo_auth_show_error_message(); } if (get_option('mo2f_deviceid_enabled') && !get_option('mo2f_app_secret')) { $get_app_secret = new Miniorange_Rba_Attributes(); $rba_response = json_decode($get_app_secret->mo2f_get_app_secret(), true); //fetch app secret if (json_last_error() == JSON_ERROR_NONE) { if ($rba_response['status'] == 'SUCCESS') { update_option('mo2f_app_secret', $rba_response['appSecret']); } else { update_option('mo2f_deviceid_enabled', 0); update_option('mo2f_message', 'Error occurred while saving the settings.Please try again.'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_deviceid_enabled', 0); update_option('mo2f_message', 'Error occurred while saving the settings.Please try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Invalid request. Please register with miniOrange and configure 2-Factor to save your login settings.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) and $_POST['option'] == 'mo_2factor_gobackto_registration_page') { //back to registration page for admin delete_option('mo2f_email'); delete_option('mo2f_password'); delete_option('mo2f_customerKey'); delete_option('mo2f_app_secret'); unset($_SESSION['mo2f_transactionId']); delete_user_meta($current_user->ID, 'mo_2factor_map_id_with_email'); delete_user_meta($current_user->ID, 'mo_2factor_user_registration_status'); delete_user_meta($current_user->ID, 'mo2f_sms_otp_count'); delete_user_meta($current_user->ID, 'mo2f_email_otp_count'); } if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_forgot_password') { // if admin forgot password if (isset($_POST['email'])) { if (MO2f_Utility::mo2f_check_empty_or_null($_POST['email'])) { update_option('mo2f_message', 'Please enter your registered email below to reset your password.'); $this->mo_auth_show_error_message(); return; } else { $email = sanitize_email($_POST['email']); } } $customer = new Customer_Setup(); $content = json_decode($customer->forgot_password($email), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { update_option('mo2f_message', 'You password has been reset successfully. Please enter the new password sent to your registered mail here.'); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'Your password could not be reset. Please enter your correct email in the textbox below and then click on the link.'); $this->mo_auth_show_error_message(); } } } if (isset($_POST['option']) and trim($_POST['option']) == "mo_2factor_resend_user_otp") { //resend OTP over email for additional admin and non-admin user $customer = new Customer_Setup(); $content = json_decode($customer->send_otp_token(get_user_meta($current_user->ID, 'mo_2factor_user_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { update_option('mo2f_message', 'An OTP has been sent to <b>' . get_user_meta($current_user->ID, 'mo_2factor_user_email', true) . '</b>. Please enter the OTP below to verify your email. '); update_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', $content['txId']); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS'); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'There was an error in sending email. Please click on Resend OTP to try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) and $_POST['option'] == "mo_auth_mobile_registration_complete" || $_POST['option'] == 'mo_auth_mobile_reconfiguration_complete') { //mobile registration successfully complete for all users unset($_SESSION['mo2f_qrCode']); unset($_SESSION['mo2f_transactionId']); unset($_SESSION['mo2f_show_qr_code']); $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */ if ($response['status'] == 'ERROR') { update_option('mo2f_message', $response['message']); $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'SUCCESS') { $selectedMethod = get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true); $testmethod = $selectedMethod; if ($selectedMethod == 'MOBILE AUTHENTICATION') { $selectedMethod = "QR Code Authentication"; } $message = '<b>' . $selectedMethod . '</b> is set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"' . $testmethod . '\\">Click Here</a> to test ' . $selectedMethod . ' method.'; update_option('mo2f_message', $message); update_user_meta($current_user->ID, 'mo2f_mobile_registration_status', true); delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status'); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Invalid request. Please try again'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) and $_POST['option'] == 'mo2f_mobile_authenticate_success') { // mobile registration for all users(common) if (current_user_can('manage_options')) { update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. '); } else { update_option('mo2f_message', 'You have successfully completed the test. <a href=' . wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.'); } delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); unset($_SESSION['mo2f_qrCode']); unset($_SESSION['mo2f_transactionId']); unset($_SESSION['mo2f_show_qr_code']); $this->mo_auth_show_success_message(); } if (isset($_POST['option']) and $_POST['option'] == 'mo2f_mobile_authenticate_error') { //mobile registration failed for all users(common) update_option('mo2f_message', 'Authentication failed. Please try again to test the configuration.'); unset($_SESSION['mo2f_show_qr_code']); $this->mo_auth_show_error_message(); } if (isset($_POST['option']) and $_POST['option'] == "mo_auth_setting_configuration") { // redirect to setings page update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); } if (isset($_POST['option']) and $_POST['option'] == "mo_auth_refresh_mobile_qrcode") { // refrsh Qrcode for all users if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR' || get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_MOBILE_REGISTRATION' || get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') { $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $this->mo2f_get_qr_code_for_mobile($email, $current_user->ID); } else { update_option('mo2f_message', 'Invalid request. Please register with miniOrange before configuring your mobile.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['miniorange_get_started']) && isset($_POST['miniorange_user_reg_nonce'])) { //registration with miniOrange for additional admin and non-admin $nonce = $_POST['miniorange_user_reg_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-user-reg-nonce')) { update_option('mo2f_message', 'Invalid request'); } else { $email = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo_useremail'])) { update_option('mo2f_message', 'Please enter email-id to register.'); return; } else { $email = sanitize_email($_POST['mo_useremail']); } if (!MO2f_Utility::check_if_email_is_already_registered($email)) { update_user_meta($current_user->ID, 'mo_2factor_user_email', $email); $enduser = new Two_Factor_Setup(); $check_user = json_decode($enduser->mo_check_user_already_exist($email), true); if (json_last_error() == JSON_ERROR_NONE) { if ($check_user['status'] == 'ERROR') { update_option('mo2f_message', $check_user['message']); $this->mo_auth_show_error_message(); return; } else { if (strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0) { update_option('mo2f_message', 'The email you entered is already registered. Please register with another email to set up Two-Factor.'); $this->mo_auth_show_error_message(); return; } else { if (strcasecmp($check_user['status'], 'USER_FOUND') == 0 || strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0) { $enduser = new Customer_Setup(); $content = json_decode($enduser->send_otp_token($email, 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { update_option('mo2f_message', 'An OTP has been sent to <b>' . $email . '</b>. Please enter the OTP below to verify your email. '); $_SESSION['mo2f_transactionId'] = $content['txId']; update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS'); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'There was an error in sending OTP over email. Please click on Resend OTP to try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } } } } } } else { update_option('mo2f_message', 'The email is already used by other user. Please register with other email.'); $this->mo_auth_show_error_message(); } } } if (isset($_POST['option']) and $_POST['option'] == 'mo_2factor_backto_user_registration') { //back to registration page for additional admin and non-admin delete_user_meta($current_user->ID, 'mo_2factor_user_email'); unset($_SESSION['mo2f_transactionId']); delete_user_meta($current_user->ID, 'mo_2factor_map_id_with_email'); delete_user_meta($current_user->ID, 'mo_2factor_user_registration_status'); } if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_mobile_authentication') { //test QR-Code authentication for all users $challengeMobile = new Customer_Setup(); $content = $challengeMobile->send_otp_token(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'MOBILE AUTHENTICATION', get_option('mo2f_customerKey'), get_option('mo2f_api_key')); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */ if ($response['status'] == 'ERROR') { update_option('mo2f_message', $response['message']); $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'SUCCESS') { $_SESSION['mo2f_qrCode'] = $response['qrCode']; $_SESSION['mo2f_transactionId'] = $response['txId']; $_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE'; update_option('mo2f_message', 'Please scan the QR Code now.'); update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST'); update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'MOBILE AUTHENTICATION'); $this->mo_auth_show_success_message(); } else { unset($_SESSION['mo2f_qrCode']); unset($_SESSION['mo2f_transactionId']); unset($_SESSION['mo2f_show_qr_code']); update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Invalid request. Please try again'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_soft_token') { // Click on Test Soft Toekn link for all users update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST'); update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'SOFT TOKEN'); } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_soft_token') { // validate Soft Token during test for all users $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'Please enter a value to test your authentication.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $customer = new Customer_Setup(); $content = json_decode($customer->validate_otp_token('SOFT TOKEN', $email, null, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); $this->mo_auth_show_error_message(); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode if (current_user_can('manage_options')) { update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. '); } else { update_option('mo2f_message', 'You have successfully completed the test. <a href=' . wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.'); } delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); $this->mo_auth_show_success_message(); } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); $this->mo_auth_show_error_message(); } } } if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_otp_over_sms') { //sending otp for sms and phone call during test for all users update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST'); update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']); $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $phone = get_user_meta($current_user->ID, 'mo2f_user_phone', true); $enduser = new Customer_Setup(); $content = json_decode($enduser->send_otp_token($email, $_POST['mo2f_selected_2factor_method'], get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') { update_option('mo2f_message', 'An OTP has been sent to <b>' . $phone . '</b>. Please enter the one time passcode below. '); } else { if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') { update_option('mo2f_message', 'You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below.'); } } $_SESSION['mo2f_transactionId'] = $content['txId']; $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'There was an error in sending one time passcode. Please click on Resend OTP to try again.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_otp_over_sms') { //validate otp over sms and phone call during test for all users $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'Please enter a value to test your authentication.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $customer = new Customer_Setup(); $content = json_decode($customer->validate_otp_token(get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), $email, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); $this->mo_auth_show_error_message(); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated if (current_user_can('manage_options')) { update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. '); } else { update_option('mo2f_message', 'You have successfully completed the test. <a href=' . wp_login_url() . '?action=logout><b>Click Here</b></a> to logout and try login with 2-Factor.'); } delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); $this->mo_auth_show_success_message(); } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); $this->mo_auth_show_error_message(); } } } if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_push_notification') { $challengeMobile = new Customer_Setup(); $content = $challengeMobile->send_otp_token(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'PUSH NOTIFICATIONS', get_option('mo2f_customerKey'), get_option('mo2f_api_key')); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */ if ($response['status'] == 'ERROR') { update_option('mo2f_message', $response['message']); $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'SUCCESS') { $_SESSION['mo2f_transactionId'] = $response['txId']; $_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE'; update_option('mo2f_message', 'A Push notification has been sent to your miniOrange Authenticator App.'); update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST'); update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'PUSH NOTIFICATIONS'); $this->mo_auth_show_success_message(); } else { unset($_SESSION['mo2f_qrCode']); unset($_SESSION['mo2f_transactionId']); unset($_SESSION['mo2f_show_qr_code']); update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Invalid request. Please try again'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_out_of_band_email') { $this->miniorange_email_verification_call($current_user); } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_out_of_band_success') { if (!current_user_can('manage_options') && get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'OUT OF BAND EMAIL') { if (get_user_meta($current_user->ID, 'mo2f_email_verification_status', true)) { update_option('mo2f_message', 'You have successfully completed the test.'); } else { $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true); update_option('mo2f_message', '<b>Email Verification</b> has been set as your 2nd factor method.'); } } else { update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. '); } delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); update_user_meta($current_user->ID, 'mo2f_email_verification_status', true); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $this->mo_auth_show_success_message(); } if (isset($_POST['option']) and $_POST['option'] == 'mo2f_out_of_band_error') { //push and out of band email denied update_option('mo2f_message', 'You have denied the request.'); delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); update_user_meta($current_user->ID, 'mo2f_email_verification_status', true); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $this->mo_auth_show_error_message(); } if (isset($_POST['option']) && $_POST['option'] == 'mo_2factor_test_google_auth') { update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST'); update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'GOOGLE AUTHENTICATOR'); } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_google_auth_test') { $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'Please enter a value to test your authentication.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $customer = new Customer_Setup(); $content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', $email, null, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (json_last_error() == JSON_ERROR_NONE) { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //Google OTP validated if (current_user_can('manage_options')) { update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. '); } else { update_option('mo2f_message', 'You have successfully completed the test.'); } delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); $this->mo_auth_show_success_message(); } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'Error occurred while validating the OTP. Please try again.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_configure_google_auth_phone_type') { $phone_type = $_POST['mo2f_app_type_radio']; $google_auth = new Miniorange_Rba_Attributes(); $google_response = json_decode($google_auth->mo2f_google_auth_service(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true); if (json_last_error() == JSON_ERROR_NONE) { if ($google_response['status'] == 'SUCCESS') { $mo2f_google_auth = array(); $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData']; $mo2f_google_auth['ga_secret'] = $google_response['secret']; $mo2f_google_auth['ga_phone'] = $phone_type; $_SESSION['mo2f_google_auth'] = $mo2f_google_auth; } else { update_option('mo2f_message', 'Error occurred while registering the user. Please try again.'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'Error occurred while registering the user. Please try again.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_google_auth') { $otpToken = $_POST['google_token']; $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null; $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null; if (MO2f_Utility::mo2f_check_number_length($otpToken)) { $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $google_auth = new Miniorange_Rba_Attributes(); $google_response = json_decode($google_auth->mo2f_validate_google_auth($email, $otpToken, $ga_secret), true); if (json_last_error() == JSON_ERROR_NONE) { if ($google_response['status'] == 'SUCCESS') { $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'SUCCESS') { update_user_meta($current_user->ID, 'mo2f_google_authentication_status', true); delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); unset($_SESSION['mo2f_google_auth']); $message = '<b>Google Authenticator</b> has been set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"GOOGLE AUTHENTICATOR\\">Click Here</a> to test Google Authenticator method.'; update_option('mo2f_message', $message); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'Error occurred while validating the OTP. Please try again. Possible causes: <br />1. You have enter invalid OTP.<br />2. You App Time is not sync.Go to seetings and tap on Time correction for codes and tap on Sync now .'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'Error occurred while validating the user. Please try again.'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'Only digits are allowed. Please enter again.'); $this->mo_auth_show_error_message(); } } /*if(isset($_POST['option']) && $_POST['option'] == 'mo2f_2factor_mobile_support' ){ if(get_user_meta($current_user->ID,'mo_2factor_user_registration_status',true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' ) { $_SESSION['mo2f_mobile_support'] = 'MO_2_FACTOR_MOBILE_SUPPORT'; update_option( 'mo2f_message', 'Please select three questions and store their answers.'); $this->mo_auth_show_success_message(); }else{ update_option( 'mo2f_message', 'Invalid request. Please register with miniOrange before accessing mobile support.'); $this->mo_auth_show_error_message(); } } */ if (isset($_POST['option']) && $_POST['option'] == 'mo2f_save_kba') { if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_3']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans3'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } $kba_q1 = $_POST['mo2f_kbaquestion_1']; $kba_a1 = sanitize_text_field($_POST['mo2f_kba_ans1']); $kba_q2 = $_POST['mo2f_kbaquestion_2']; $kba_a2 = sanitize_text_field($_POST['mo2f_kba_ans2']); $kba_q3 = sanitize_text_field($_POST['mo2f_kbaquestion_3']); $kba_a3 = sanitize_text_field($_POST['mo2f_kba_ans3']); if (strcasecmp($kba_q1, $kba_q2) == 0 || strcasecmp($kba_q2, $kba_q3) == 0 || strcasecmp($kba_q3, $kba_q1) == 0) { update_option('mo2f_message', 'The questions you select must be unique.'); $this->mo_auth_show_error_message(); return; } $kba_registration = new Two_Factor_Setup(); $kba_reg_reponse = json_decode($kba_registration->register_kba_details(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3), true); if (json_last_error() == JSON_ERROR_NONE) { if ($kba_reg_reponse['status'] == 'SUCCESS') { $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $enduser = new Two_Factor_Setup(); update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', 'KBA'); $response = json_decode($enduser->mo2f_update_userinfo($email, 'KBA', null, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'ERROR') { update_option('mo2f_message', $response['message']); $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'SUCCESS') { delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); update_user_meta($current_user->ID, 'mo2f_kba_registration_status', true); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $authType = 'KBA'; $message = '<b>' . $authType . '</b> is set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"' . $authType . '\\">Click Here</a> to test ' . $authType . ' method.'; update_option('mo2f_message', $message); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Invalid request. Please try again'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'Error occured while saving your kba details. Please try again.'); $this->mo_auth_show_error_message(); return; } } else { update_option('mo2f_message', 'Error occured while saving your kba details. Please try again.'); $this->mo_auth_show_error_message(); return; } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_2factor_test_kba') { $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $challengeKba = new Customer_Setup(); $content = $challengeKba->send_otp_token($email, 'KBA', get_option('mo2f_customerKey'), get_option('mo2f_api_key')); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate KBA Questions*/ if ($response['status'] == 'SUCCESS') { update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_TEST'); $_SESSION['mo2f_transactionId'] = $response['txId']; $questions = array(); $questions[0] = $response['questions'][0]['question']; $questions[1] = $response['questions'][1]['question']; $_SESSION['mo_2_factor_kba_questions'] = $questions; update_option('mo2f_message', 'Please answer the following security questions.'); $this->mo_auth_show_success_message(); } else { if ($response['status'] == 'ERROR') { update_option('mo2f_message', 'There was an error fetching security questions. Please try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'There was an error fetching security questions. Please try again.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_kba_details') { $kba_ans_1 = ''; $kba_ans_2 = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { $kba_ans_1 = sanitize_text_field($_POST['mo2f_answer_1']); $kba_ans_2 = sanitize_text_field($_POST['mo2f_answer_2']); } $kbaAns = array(); $kbaAns[0] = $_SESSION['mo_2_factor_kba_questions'][0]; $kbaAns[1] = $kba_ans_1; $kbaAns[2] = $_SESSION['mo_2_factor_kba_questions'][1]; $kbaAns[3] = $kba_ans_2; $kba_validate = new Customer_Setup(); $kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f_transactionId'], $kbaAns, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (json_last_error() == JSON_ERROR_NONE) { if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) { update_option('mo2f_message', 'You have successfully completed the test. Now <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_login&true\\"><b>Click Here</b></a> to go to Login Settings. '); delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); $this->mo_auth_show_success_message(); } else { // KBA Validation failed. update_option('mo2f_message', 'Invalid Answers. Please try again.'); $this->mo_auth_show_error_message(); } } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_verify_phone') { // sendin otp for configuring OTP over SMS and Phone Call Verification $phone = sanitize_text_field($_POST['verify_phone']); if (MO2f_Utility::mo2f_check_empty_or_null($phone)) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } $phone = str_replace(' ', '', $phone); $_SESSION['mo2f_phone'] = $phone; $customer = new Customer_Setup(); if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') { $currentMethod = "OTP_OVER_SMS"; } else { if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') { $currentMethod = "PHONE_VERIFICATION"; } } $content = json_decode($customer->send_otp_token($phone, $currentMethod, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */ if ($content['status'] == 'ERROR') { update_option('mo2f_message', $response['message']); $this->mo_auth_show_error_message(); } else { if ($content['status'] == 'SUCCESS') { $_SESSION['mo2f_transactionId'] = $content['txId']; if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') { update_option('mo2f_message', 'The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.'); } else { if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') { update_option('mo2f_message', 'You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below to verify your number.'); } } $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Invalid request. Please try again'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_validate_otp') { $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } $customer = new Customer_Setup(); $content = json_decode($customer->validate_otp_token(get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated if (get_user_meta($current_user->ID, 'mo2f_user_phone', true) && strlen(get_user_meta($current_user->ID, 'mo2f_user_phone', true)) >= 4) { if ($_SESSION['mo2f_phone'] != get_user_meta($current_user->ID, 'mo2f_user_phone', true)) { update_user_meta($current_user->ID, 'mo2f_mobile_registration_status', false); } } $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $phone = $_SESSION['mo2f_phone']; $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), $phone, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'ERROR') { unset($_SESSION['mo2f_phone']); update_option('mo2f_message', $response['message']); $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'SUCCESS') { delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); update_user_meta($current_user->ID, 'mo2f_otp_registration_status', true); delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); update_user_meta($current_user->ID, 'mo2f_user_phone', $_SESSION['mo2f_phone']); unset($_SESSION['mo2f_phone']); $testmethod = get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true); if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') { $authType = "OTP Over SMS"; } else { if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') { $authType = "Phone Call Verification"; } } $message = '<b>' . $authType . '</b> is set as your 2nd factor method. <a href=\\"#test\\" data-method=\\"' . $testmethod . '\\">Click Here</a> to test ' . $authType . ' method.'; update_option('mo2f_message', $message); $this->mo_auth_show_success_message(); } else { unset($_SESSION['mo2f_phone']); update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } } else { unset($_SESSION['mo2f_phone']); update_option('mo2f_message', 'Invalid request. Please try again'); $this->mo_auth_show_error_message(); } } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); $this->mo_auth_show_error_message(); } } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_save_2factor_method') { // configure 2nd factor for all users if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', true) == 'SUCCESS') { if ($_POST['mo2f_selected_2factor_method'] == 'OUT OF BAND EMAIL' && !current_user_can('manage_options')) { $this->miniorange_email_verification_call($current_user); } update_user_meta($current_user->ID, 'mo2f_configure_test_option', 'MO2F_CONFIGURE'); //status for configuring the specific 2nd-factor method update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']); //status for second factor selected by user } else { update_option('mo2f_message', 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_update_2factor_method') { // save 2nd factor method for all users $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $enduser = new Two_Factor_Setup(); update_user_meta($current_user->ID, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']); $response = json_decode($enduser->mo2f_update_userinfo($email, $_POST['mo2f_selected_2factor_method'], null, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'ERROR') { update_option('mo2f_message', $response['message']); $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'SUCCESS') { $selectedMethod = get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true); if ($selectedMethod == 'OUT OF BAND EMAIL') { $selectedMethod = "Email Verification"; } else { if ($selectedMethod == 'MOBILE AUTHENTICATION') { $selectedMethod = "QR Code Authentication"; } else { if (get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true) == 'SMS') { $authType = "OTP Over SMS"; } } } update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); delete_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status'); update_option('mo2f_message', $selectedMethod . ' is set as your Two-Factor method.'); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'An error occured while processing your request. Please Try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Invalid request. Please try again'); $this->mo_auth_show_error_message(); } } if (isset($_POST['option']) && $_POST['option'] == 'mo2f_cancel_configuration') { unset($_SESSION['mo2f_qrCode']); unset($_SESSION['mo2f_transactionId']); unset($_SESSION['mo2f_show_qr_code']); unset($_SESSION['mo2f_phone']); unset($_SESSION['mo2f_google_auth']); unset($_SESSION['mo2f_mobile_support']); delete_user_meta($current_user->ID, 'mo2f_configure_test_option'); } }
public function my_login_redirect() { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } if (isset($_POST['miniorange_login_nonce'])) { $nonce = $_POST['miniorange_login_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-login-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request'; $this->mo_auth_show_error_message(); } else { //validation and sanitization $username = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2fa_username'])) { $_SESSION['mo2f-login-message'] = 'Please enter username to proceed'; $this->mo_auth_show_error_message(); return; } else { $username = sanitize_text_field($_POST['mo2fa_username']); } if (username_exists($username)) { /*if username exists in wp site */ $user = new WP_User($username); if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } $_SESSION['mo2f_current_user'] = $user; $roles = $user->roles; $current_role = array_shift($roles); if (get_option('mo2fa_' . $current_role)) { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } if (get_user_meta($user->ID, 'mo_2factor_map_id_with_email', true) && get_user_meta($user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') { //if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT'])){ //$this->mo2f_login_kba_verification($currentuser); //}else{ $mo2f_second_factor = mo2f_get_user_2ndfactor($user); if ($mo2f_second_factor == 'MOBILE AUTHENTICATION') { $this->mo2f_login_mobile_verification($user); } else { if ($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL') { $this->mo2f_login_push_oobemail_verification($user, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR') { $this->mo2f_login_otp_verification($user, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'KBA') { $this->mo2f_login_kba_verification($user); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.'; $this->mo_auth_show_success_message(); } } } } //} } else { $_SESSION['mo2f-login-message'] = 'Please login into your account using password.'; $this->mo_auth_show_success_message(); $this->mo2f_redirectto_wp_login(); } } else { $_SESSION['mo2f-login-message'] = 'Please login into your account using password.'; $this->mo_auth_show_success_message(); $this->mo2f_redirectto_wp_login(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid Username.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_kba_nonce'])) { /*check kba validation*/ $nonce = $_POST['miniorange_kba_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-kba-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_2'])) { return; } $otpToken = array(); $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0]; $otpToken[1] = sanitize_text_field($_POST['mo2f_answer_1']); $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1]; $otpToken[3] = sanitize_text_field($_POST['mo2f_answer_2']); $check_trust_device = sanitize_text_field($_POST['mo2f_trust_device']); $kba_validate = new Customer_Setup(); $kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f-login-transactionId'], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (username_exists($currentuser->user_login)) { // user is a member if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $_SESSION['mo2f-login-message'] = 'The answers you have provided are incorrect.'; } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_mobile_validation_nonce'])) { /*check mobile validation */ $nonce = $_POST['miniorange_mobile_validation_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $currentuser = $_SESSION['mo2f_current_user']; $username = $currentuser->user_login; if (username_exists($username)) { // user is a member $checkMobileStatus = new Two_Factor_Setup(); $content = $checkMobileStatus->check_mobile_status($_SESSION['mo2f-login-transactionId']); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'SUCCESS') { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_mobile_validation_failed_nonce'])) { /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/ $nonce = $_POST['miniorange_mobile_validation_failed_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-failed-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $this->remove_current_activity(); } } if (isset($_POST['miniorange_forgotphone'])) { /*Click on the link of forgotphone */ $nonce = $_POST['miniorange_forgotphone']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-forgotphone')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $customer = new Customer_Setup(); $id = $_SESSION['mo2f_current_user']->ID; $content = json_decode($customer->send_otp_token(get_user_meta($id, 'mo_2factor_map_id_with_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id, 'mo_2factor_map_id_with_email', true)) . '</b>. Please enter the OTP to verify your identity.'; $_SESSION['mo2f-login-transactionId'] = $content['txId']; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'; $this->mo_auth_show_success_message(); } else { $_SESSION['mo2f-login-message'] = 'Error:OTP over Email'; $this->mo_auth_show_success_message(); } } } if (isset($_POST['miniorange_softtoken'])) { /*Click on the link of phone is offline */ $nonce = $_POST['miniorange_softtoken']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-softtoken')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.'; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'; } } if (isset($_POST['miniorange_soft_token_nonce'])) { /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */ $nonce = $_POST['miniorange_soft_token_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-soft-token-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $softtoken = ''; if (MO2f_utility::mo2f_check_empty_or_null($_POST['mo2fa_softtoken'])) { $_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed'; $this->mo_auth_show_error_message(); return; } else { $softtoken = sanitize_text_field($_POST['mo2fa_softtoken']); if (!MO2f_utility::mo2f_check_number_length($softtoken)) { $_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.'; return; } } $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { $customer = new Customer_Setup(); $content = ''; if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') { $content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') { $content = json_decode($customer->validate_otp_token('SMS', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION') { $content = json_decode($customer->validate_otp_token('PHONE VERIFICATION', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN') { $content = json_decode($customer->validate_otp_token('SOFT TOKEN', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION') { $content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.'; $this->mo_auth_show_error_message(); } } } } } if (username_exists($currentuser->user_login)) { // user is a member if (strcasecmp($content['status'], 'SUCCESS') == 0) { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $message = $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again'; $_SESSION['mo2f-login-message'] = $message; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } }
public function miniorange_pass2login_redirect() { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } if (isset($_POST['mo2f_trust_device_confirm_nonce'])) { /*register device as rba profile */ $nonce = $_POST['mo2f_trust_device_confirm_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-trust-device-confirm-nonce')) { $this->remove_current_activity(); $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { try { $currentuser = $_SESSION['mo2f_current_user']; mo2f_register_profile(get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), 'true', $_SESSION['mo2f_rba_status']); } catch (Exception $e) { echo $e->getMessage(); } $this->mo2fa_pass2login(); } } if (isset($_POST['mo2f_trust_device_cancel_nonce'])) { /*do not register device as rba profile */ $nonce = $_POST['mo2f_trust_device_cancel_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-trust-device-cancel-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $this->mo2fa_pass2login(); } } if (isset($_POST['miniorange_kba_nonce'])) { /*check kba validation*/ $nonce = $_POST['miniorange_kba_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-kba-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_2'])) { return; } $otpToken = array(); $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0]; $otpToken[1] = sanitize_text_field($_POST['mo2f_answer_1']); $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1]; $otpToken[3] = sanitize_text_field($_POST['mo2f_answer_2']); $check_trust_device = sanitize_text_field($_POST['mo2f_trust_device']); $kba_validate = new Customer_Setup(); $kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f-login-transactionId'], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) { if (get_option('mo2f_deviceid_enabled') && $check_trust_device == 'true') { try { mo2f_register_profile(get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), 'true', $_SESSION['mo2f_rba_status']); } catch (Exception $e) { echo $e->getMessage(); } $this->mo2fa_pass2login(); } else { $this->mo2fa_pass2login(); } } else { $_SESSION['mo2f-login-message'] = 'The answers you have provided are incorrect.'; } } else { $this->remove_current_activity(); return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..')); } } } if (isset($_POST['miniorange_mobile_validation_nonce'])) { /*check mobile validation */ $nonce = $_POST['miniorange_mobile_validation_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $currentuser = $_SESSION['mo2f_current_user']; $checkMobileStatus = new Two_Factor_Setup(); $content = $checkMobileStatus->check_mobile_status($_SESSION['mo2f-login-transactionId']); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'SUCCESS') { if (get_option('mo2f_deviceid_enabled')) { $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE'; } else { $this->mo2fa_pass2login(); } } else { $this->remove_current_activity(); return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.')); } } else { $this->remove_current_activity(); return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again.')); } } } if (isset($_POST['miniorange_mobile_validation_failed_nonce'])) { /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/ $nonce = $_POST['miniorange_mobile_validation_failed_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-failed-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $this->remove_current_activity(); } } if (isset($_POST['miniorange_forgotphone'])) { /*Click on the link of forgotphone */ $nonce = $_POST['miniorange_forgotphone']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-forgotphone')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $customer = new Customer_Setup(); $id = $_SESSION['mo2f_current_user']->ID; $content = json_decode($customer->send_otp_token(get_user_meta($id, 'mo_2factor_map_id_with_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id, 'mo_2factor_map_id_with_email', true)) . '</b>. Please enter the OTP to verify your identity.'; $_SESSION['mo2f-login-transactionId'] = $content['txId']; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'; } else { $_SESSION['mo2f-login-message'] = 'Error:OTP over Email'; } } } if (isset($_POST['miniorange_inline_user_reg_nonce'])) { $nonce = $_POST['miniorange_inline_user_reg_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-user-reg-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $email = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo_useremail'])) { $_SESSION['mo2f-login-message'] = 'Please enter email-id to register.'; return; } else { $email = sanitize_email($_POST['mo_useremail']); } if (!MO2f_Utility::check_if_email_is_already_registered($email)) { $currentUserId = $_SESSION['mo2f_current_user']->ID; update_user_meta($currentUserId, 'mo_2factor_user_email', $email); $enduser = new Two_Factor_Setup(); $check_user = json_decode($enduser->mo_check_user_already_exist($email), true); if (json_last_error() == JSON_ERROR_NONE) { if ($check_user['status'] == 'ERROR') { $_SESSION['mo2f-login-message'] = $check_user['message']; return; } else { if (strcasecmp($check_user['status'], 'USER_FOUND_UNDER_DIFFERENT_CUSTOMER') == 0) { $_SESSION['mo2f-login-message'] = 'The email you entered is already registered. Please register with another email to set up Two-Factor.'; return; } else { if (strcasecmp($check_user['status'], 'USER_FOUND') == 0 || strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0) { $enduser = new Customer_Setup(); $content = json_decode($enduser->send_otp_token($email, 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP'; $_SESSION['mo2f-login-message'] = 'An OTP has been sent to <b>' . $email . '</b>. Please enter the OTP below to verify your email. If you didn\'t get the email, please check your <b>SPAM</b> folder.'; update_user_meta($currentUserId, 'mo_2fa_verify_otp_create_account', $content['txId']); update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS'); } else { $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP'; $_SESSION['mo2f-login-message'] = 'There was an error in sending OTP over email. Please click on Resend OTP to try again.'; update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); } } } } } } else { $_SESSION['mo2f-login-message'] = 'The email is already used by other user. Please register with other email.'; } } } if (isset($_POST['miniorange_inline_two_factor_setup'])) { $nonce = $_POST['miniorange_inline_two_factor_setup']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-setup-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS'; unset($_SESSION['mo2f_google_auth']); $_SESSION['mo2f-login-message'] = ''; delete_user_meta($_SESSION['mo2f_current_user']->ID, 'mo2f_selected_2factor_method'); } } if (isset($_POST['miniorange_inline_resend_otp_nonce'])) { //resend otp during user inline registration $nonce = $_POST['miniorange_inline_resend_otp_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-resend-otp-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $currentUserId = $_SESSION['mo2f_current_user']->ID; $userkey = ''; if (get_user_meta($currentUserId, 'mo2f_selected_2factor_method', true) == 'SMS') { $currentMethod = "OTP_OVER_SMS"; $userkey = $_SESSION['mo2f_phone']; $_SESSION['mo2f-login-message'] = 'The One Time Passcode has been sent to ' . $userkey . '. Please enter the one time passcode below to verify your number.'; } else { if (get_user_meta($currentUserId, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') { $currentMethod = "PHONE_VERIFICATION"; $userkey = $_SESSION['mo2f_phone']; $_SESSION['mo2f-login-message'] = 'You will receive a phone call on this number ' . $userkey . '. Please enter the one time passcode below to verify your number.'; } else { $currentMethod = 'EMAIL'; $userkey = get_user_meta($currentUserId, 'mo_2factor_user_email', true); $_SESSION['mo2f-login-message'] = 'An OTP has been sent to <b>' . $userkey . '</b>. Please enter the OTP below to verify your email.'; } } $customer = new Customer_Setup(); $content = json_decode($customer->send_otp_token($userkey, $currentMethod, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { update_user_meta($currentUserId, 'mo_2fa_verify_otp_create_account', $content['txId']); if ($currentMethod == 'EMAIL') { update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_SUCCESS'); $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP'; } } else { $_SESSION['mo2f-login-message'] = 'There was an error in sending one time passcode. Please click on Resend OTP to try again.'; if ($currentMethod == 'EMAIL') { update_user_meta($currentUserId, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REG_OTP'; } } } } if (isset($_POST['mo2f_inline_ga_phone_type_nonce'])) { //select google phone type during user inline registration when google authenticator is selected $nonce = $_POST['mo2f_inline_ga_phone_type_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-ga-phone-type-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $phone_type = $_POST['google_phone_type']; $current_user = $_SESSION['mo2f_current_user']; $google_auth = new Miniorange_Rba_Attributes(); $google_response = json_decode($google_auth->mo2f_google_auth_service(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true); if (json_last_error() == JSON_ERROR_NONE) { if ($google_response['status'] == 'SUCCESS') { $mo2f_google_auth = array(); $mo2f_google_auth['ga_qrCode'] = $google_response['qrCodeData']; $mo2f_google_auth['ga_secret'] = $google_response['secret']; $mo2f_google_auth['ga_phone'] = $phone_type; $_SESSION['mo2f_google_auth'] = $mo2f_google_auth; $_SESSION['mo2f-login-message'] = ''; } else { $_SESSION['mo2f-login-message'] = 'Error occurred while registering the user for google authenticator. Please try again.'; } } else { $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.'; } } } if (isset($_POST['mo2f_inline_validate_ga_nonce'])) { $nonce = $_POST['mo2f_inline_validate_ga_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-google-auth-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $otpToken = $_POST['google_auth_code']; $current_user = $_SESSION['mo2f_current_user']; $mo2f_google_auth = isset($_SESSION['mo2f_google_auth']) ? $_SESSION['mo2f_google_auth'] : null; $ga_secret = $mo2f_google_auth != null ? $mo2f_google_auth['ga_secret'] : null; if (MO2f_Utility::mo2f_check_number_length($otpToken)) { $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $google_auth = new Miniorange_Rba_Attributes(); $google_response = json_decode($google_auth->mo2f_validate_google_auth($email, $otpToken, $ga_secret), true); if (json_last_error() == JSON_ERROR_NONE) { if ($google_response['status'] == 'SUCCESS') { $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'SUCCESS') { update_user_meta($current_user->ID, 'mo2f_google_authentication_status', true); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $this->mo2fa_pass2login(); } else { $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.'; } } else { $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.'; } } else { $_SESSION['mo2f-login-message'] = 'Error occurred while validating the OTP. Please try again. Possible causes: <br />1. You have enter invalid OTP.<br />2. You App Time is not sync.Go to seetings and tap on Time correction for codes and tap on Sync now .'; } } else { $_SESSION['mo2f-login-message'] = 'Error occurred while validating the user. Please try again.'; } } else { $_SESSION['mo2f-login-message'] = 'Only digits are allowed. Please enter again.'; } } } if (isset($_POST['miniorange_inline_validate_user_otp_nonce'])) { $nonce = $_POST['miniorange_inline_validate_user_otp_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-validate-user-otp-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.'; return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } $id = $_SESSION['mo2f_current_user']->ID; if (!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($id, 'mo_2factor_user_email', true))) { $customer = new Customer_Setup(); $transactionId = get_user_meta($id, 'mo_2fa_verify_otp_create_account', true); $content = json_decode($customer->validate_otp_token('EMAIL', null, $transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { $_SESSION['mo2f-login-message'] = $content['message']; delete_user_meta($id, 'mo_2fa_verify_otp_create_account'); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode $this->mo2f_register_user_inline(get_user_meta($id, 'mo_2factor_user_email', true)); delete_user_meta($id, 'mo_2fa_verify_otp_create_account'); } else { // OTP Validation failed. $_SESSION['mo2f-login-message'] = 'Invalid OTP. Please try again.'; update_user_meta($id, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); } delete_user_meta($id, 'mo_2fa_verify_otp_create_account'); } } else { $_SESSION['mo2f-login-message'] = 'The email is already used by other user. Please register with other email by clicking on Back button.'; } } } if (isset($_POST['miniorange_inline_save_2factor_method_nonce'])) { $nonce = $_POST['miniorange_inline_save_2factor_method_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-save-2factor-method-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $currentUserId = $_SESSION['mo2f_current_user']->ID; if (get_user_meta($currentUserId, 'mo_2factor_user_registration_with_miniorange', true) == 'SUCCESS') { update_user_meta($currentUserId, 'mo2f_selected_2factor_method', $_POST['mo2f_selected_2factor_method']); //status for second factor selected by user } else { $_SESSION['mo2f-login-message'] = 'Invalid request. Please register with miniOrange to configure 2 Factor plugin.'; } } } if (isset($_POST['miniorange_inline_verify_phone_nonce'])) { $nonce = $_POST['miniorange_inline_verify_phone_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-verify-phone-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $phone = sanitize_text_field($_POST['verify_phone']); if (MO2f_Utility::mo2f_check_empty_or_null($phone)) { $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.'; return; } $phone = str_replace(' ', '', $phone); $_SESSION['mo2f_phone'] = $phone; $current_user = $_SESSION['mo2f_current_user']->ID; $customer = new Customer_Setup(); if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'SMS') { $currentMethod = "OTP_OVER_SMS"; } else { if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') { $currentMethod = "PHONE_VERIFICATION"; } } $content = json_decode($customer->send_otp_token($phone, $currentMethod, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate otp token */ if ($content['status'] == 'ERROR') { $_SESSION['mo2f-login-message'] = $response['message']; } else { if ($content['status'] == 'SUCCESS') { $_SESSION['mo2f_transactionId'] = $content['txId']; if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'SMS') { $_SESSION['mo2f-login-message'] = 'The One Time Passcode has been sent to ' . $phone . '. Please enter the one time passcode below to verify your number.'; } else { if (get_user_meta($current_user, 'mo2f_selected_2factor_method', true) == 'PHONE VERIFICATION') { $_SESSION['mo2f-login-message'] = 'You will receive a phone call on this number ' . $phone . '. Please enter the one time passcode below to verify your number.'; } } } else { $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.'; } } } else { $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again'; } } } if (isset($_POST['miniorange_inline_validate_otp_nonce'])) { $nonce = $_POST['miniorange_inline_validate_otp_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-validate-otp-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.'; return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } $current_user = $_SESSION['mo2f_current_user']->ID; $customer = new Customer_Setup(); $content = json_decode($customer->validate_otp_token(get_user_meta($current_user, 'mo2f_selected_2factor_method', true), null, $_SESSION['mo2f_transactionId'], $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { $_SESSION['mo2f-login-message'] = $content['message']; } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated if (get_user_meta($current_user, 'mo2f_user_phone', true) && strlen(get_user_meta($current_user, 'mo2f_user_phone', true)) >= 4) { if ($_SESSION['mo2f_phone'] != get_user_meta($current_user, 'mo2f_user_phone', true)) { update_user_meta($current_user, 'mo2f_mobile_registration_status', false); } } $email = get_user_meta($current_user, 'mo_2factor_map_id_with_email', true); $phone = $_SESSION['mo2f_phone']; $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user, 'mo2f_selected_2factor_method', true), $phone, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'ERROR') { unset($_SESSION['mo2f_phone']); $_SESSION['mo2f-login-message'] = $response['message']; $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'SUCCESS') { update_user_meta($current_user, 'mo2f_otp_registration_status', true); update_user_meta($current_user, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); update_user_meta($current_user, 'mo2f_user_phone', $_SESSION['mo2f_phone']); unset($_SESSION['mo2f_phone']); $this->mo2fa_pass2login(); } else { unset($_SESSION['mo2f_phone']); $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.'; } } } else { unset($_SESSION['mo2f_phone']); $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again'; } } else { // OTP Validation failed. $_SESSION['mo2f-login-message'] = 'Invalid OTP. Please try again.'; } } } } if (isset($_POST['miniorange_inline_show_qrcode_nonce'])) { $nonce = $_POST['miniorange_inline_show_qrcode_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-show-qrcode-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $current_user = $_SESSION['mo2f_current_user']; if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') { $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $this->mo2f_inline_get_qr_code_for_mobile($email, $current_user->ID); } else { $_SESSION['mo2f-login-message'] = 'Invalid request. Please register with miniOrange before configuring your mobile.'; } } } if (isset($_POST['mo_auth_inline_mobile_registration_complete_nonce'])) { $nonce = $_POST['mo_auth_inline_mobile_registration_complete_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-mobile-registration-complete-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); unset($_SESSION['mo2f_show_qr_code']); $current_user = $_SESSION['mo2f_current_user']->ID; $email = get_user_meta($current_user, 'mo_2factor_map_id_with_email', true); $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user, 'mo2f_selected_2factor_method', true), null, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */ if ($response['status'] == 'ERROR') { $_SESSION['mo2f-login-message'] = $response['message']; } else { if ($response['status'] == 'SUCCESS') { update_user_meta($current_user, 'mo2f_mobile_registration_status', true); update_user_meta($current_user, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $this->mo2fa_pass2login(); } else { $_SESSION['mo2f-login-message'] = 'An error occured while processing your request. Please Try again.'; } } } else { $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again'; } } } if (isset($_POST['mo2f_inline_save_kba_nonce'])) { $nonce = $_POST['mo2f_inline_save_kba_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-save-kba-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans2']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kbaquestion_3']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_kba_ans3'])) { $_SESSION['mo2f-login-message'] = 'All the fields are required. Please enter valid entries.'; return; } $kba_q1 = $_POST['mo2f_kbaquestion_1']; $kba_a1 = sanitize_text_field($_POST['mo2f_kba_ans1']); $kba_q2 = $_POST['mo2f_kbaquestion_2']; $kba_a2 = sanitize_text_field($_POST['mo2f_kba_ans2']); $kba_q3 = sanitize_text_field($_POST['mo2f_kbaquestion_3']); $kba_a3 = sanitize_text_field($_POST['mo2f_kba_ans3']); if (strcasecmp($kba_q1, $kba_q2) == 0 || strcasecmp($kba_q2, $kba_q3) == 0 || strcasecmp($kba_q3, $kba_q1) == 0) { $_SESSION['mo2f-login-message'] = 'The questions you select must be unique.'; return; } $current_user = $_SESSION['mo2f_current_user']; $email = get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true); $kba_registration = new Two_Factor_Setup(); $kba_reg_reponse = json_decode($kba_registration->register_kba_details($email, $kba_q1, $kba_a1, $kba_q2, $kba_a2, $kba_q3, $kba_a3), true); if (json_last_error() == JSON_ERROR_NONE) { if ($kba_reg_reponse['status'] == 'SUCCESS') { $enduser = new Two_Factor_Setup(); $response = json_decode($enduser->mo2f_update_userinfo($email, get_user_meta($current_user->ID, 'mo2f_selected_2factor_method', true), null, null, null), true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */ if ($response['status'] == 'ERROR') { $_SESSION['mo2f-login-message'] = $response['message']; } else { if ($response['status'] == 'SUCCESS') { update_user_meta($current_user->ID, 'mo2f_kba_registration_status', true); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $this->mo2fa_pass2login(); } } } else { $_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.'; } } else { $_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.'; } } else { $_SESSION['mo2f-login-message'] = 'Error occured while saving your kba details. Please try again.'; } } } if (isset($_POST['mo2f_inline_email_setup'])) { $nonce = $_POST['mo2f_inline_email_setup']; if (!wp_verify_nonce($nonce, 'miniorange-2fa-inline-email-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $current_user = $_SESSION['mo2f_current_user']; update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); update_user_meta($current_user->ID, 'mo2f_email_verification_status', true); $this->mo2fa_pass2login(); } } if (isset($_POST['miniorange_softtoken'])) { /*Click on the link of phone is offline */ $nonce = $_POST['miniorange_softtoken']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-softtoken')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.'; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'; } } if (isset($_POST['miniorange_soft_token_nonce'])) { /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */ $nonce = $_POST['miniorange_soft_token_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-soft-token-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $softtoken = ''; if (MO2f_utility::mo2f_check_empty_or_null($_POST['mo2fa_softtoken'])) { $_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed.'; return; } else { $softtoken = sanitize_text_field($_POST['mo2fa_softtoken']); if (!MO2f_utility::mo2f_check_number_length($softtoken)) { $_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.'; return; } } $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { $customer = new Customer_Setup(); $content = ''; if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') { $content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') { $content = json_decode($customer->validate_otp_token('SMS', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION') { $content = json_decode($customer->validate_otp_token('PHONE VERIFICATION', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN') { $content = json_decode($customer->validate_otp_token('SOFT TOKEN', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION') { $content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { $this->remove_current_activity(); return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid Request. Please try again.')); } } } } } if (strcasecmp($content['status'], 'SUCCESS') == 0) { if (get_option('mo2f_deviceid_enabled')) { $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_REMEMBER_TRUSTED_DEVICE'; } else { $this->mo2fa_pass2login(); } } else { $message = $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again'; $_SESSION['mo2f-login-message'] = $message; } } else { $this->remove_current_activity(); return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Please try again..')); } } } if (isset($_POST['miniorange_inline_skip_registration_nonce'])) { /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */ $nonce = $_POST['miniorange_inline_skip_registration_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-skip-registration-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $this->mo2fa_pass2login(); } } if (isset($_POST['miniorange_inline_goto_user_registration_nonce'])) { /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */ $nonce = $_POST['miniorange_inline_goto_user_registration_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-inline-goto-user-registration-nonce')) { $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $current_user = $_SESSION['mo2f_current_user']; delete_user_meta($current_user->ID, 'mo_2factor_user_email'); delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account'); delete_user_meta($current_user->ID, 'mo_2factor_user_registration_status'); $_SESSION['mo2f-login-message'] = ''; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REGISTRATION'; } } }
function miniorange_user_save_settings() { global $wpdb; global $current_user; get_currentuserinfo(); if (!current_user_can('manage_options')) { if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_user_otp") { //validate OTP //validation and sanitization $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } if (!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID, 'mo_2factor_user_email', true))) { $customer = new Customer_Setup(); $transactionId = get_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', true); $content = json_decode($customer->validate_otp_token('EMAIL', null, $transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account'); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode $this->mo2f_create_user($current_user, get_user_meta($current_user->ID, 'mo_2factor_user_email', true)); } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account'); } } else { update_option('mo2f_message', 'The email is already used by other user. Please register with other email by clicking on Back button.'); $this->mo_auth_show_error_message(); } } } }