function mo2f_pass2login_mobile_verification($user) { $useragent = $_SERVER['HTTP_USER_AGENT']; if (strpos($useragent, 'Mobi') !== false) { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange Authenticator app.'; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'; } else { $challengeMobile = new Customer_Setup(); $content = $challengeMobile->send_otp_token(get_user_meta($user->ID, 'mo_2factor_map_id_with_email', true), 'MOBILE AUTHENTICATION', get_option('mo2f_customerKey'), get_option('mo2f_api_key')); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { /* Generate Qr code */ if ($response['status'] == 'SUCCESS') { $_SESSION['mo2f-login-qrCode'] = $response['qrCode']; $_SESSION['mo2f-login-transactionId'] = $response['txId']; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_MOBILE_AUTHENTICATION'; } else { if ($response['status'] == 'ERROR') { $this->remove_current_activity(); $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.')); return $error; } } } else { $this->remove_current_activity(); $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: An error occured while processing your request. Please Try again.')); return $error; } } }
function mo2f_create_customer($current_user) { delete_user_meta($current_user->ID, 'mo2f_sms_otp_count'); delete_user_meta($current_user->ID, 'mo2f_email_otp_count'); $customer = new Customer_Setup(); $customerKey = json_decode($customer->create_customer(), true); if ($customerKey['status'] == 'ERROR') { update_option('mo2f_message', $customerKey['message']); $this->mo_auth_show_error_message(); } else { if (strcasecmp($customerKey['status'], 'CUSTOMER_USERNAME_ALREADY_EXISTS') == 0) { //admin already exists in miniOrange $content = $customer->get_customer_key(); $customerKey = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if (array_key_exists("status", $customerKey) && $customerKey['status'] == 'ERROR') { update_option('mo2f_message', $customerKey['message']); $this->mo_auth_show_error_message(); } else { update_option('mo2f_customerKey', $customerKey['id']); update_option('mo2f_api_key', $customerKey['apiKey']); update_option('mo2f_customer_token', $customerKey['token']); update_option('mo2f_app_secret', $customerKey['appSecret']); update_option('mo2f_miniorange_admin', $current_user->ID); delete_option('mo2f_password'); update_option('mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', get_option('mo2f_email')); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $enduser = new Two_Factor_Setup(); $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, 'API_2FA', true); update_user_meta($current_user->ID, 'mo2f_email_verification_status', true); update_option('mo2f_message', 'Your account has been retrieved successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure another 2nd factor authentication method.'); $this->mo_auth_show_success_message(); } } else { update_option('mo2f_message', 'Invalid email or password. Please try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_VERIFY_CUSTOMER'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_customerKey', $customerKey['id']); update_option('mo2f_api_key', $customerKey['apiKey']); update_option('mo2f_customer_token', $customerKey['token']); update_option('mo2f_app_secret', $customerKey['appSecret']); update_option('mo2f_miniorange_admin', $current_user->ID); delete_option('mo2f_password'); update_option('mo_2factor_admin_registration_status', 'MO_2_FACTOR_CUSTOMER_REGISTERED_SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', get_option('mo2f_email')); update_option('mo2f_message', 'Your account has been created successfully. '); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_PLUGIN_SETTINGS'); $enduser = new Two_Factor_Setup(); $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, 'API_2FA', true); update_user_meta($current_user->ID, 'mo2f_email_verification_status', true); update_option('mo2f_message', 'Your account has been created successfully. <b>Email Verification</b> has been set as your default 2nd factor method. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure another 2nd factor authentication method.'); $this->mo_auth_show_success_message(); header('Location: admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mo2f_pricing'); } } }
function miniorange_user_save_settings() { global $wpdb; global $current_user; get_currentuserinfo(); if (!current_user_can('manage_options')) { if (isset($_POST['option']) and $_POST['option'] == "mo_2factor_validate_user_otp") { //validate OTP //validation and sanitization $otp_token = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['otp_token'])) { update_option('mo2f_message', 'All the fields are required. Please enter valid entries.'); $this->mo_auth_show_error_message(); return; } else { $otp_token = sanitize_text_field($_POST['otp_token']); } if (!MO2f_Utility::check_if_email_is_already_registered(get_user_meta($current_user->ID, 'mo_2factor_user_email', true))) { $customer = new Customer_Setup(); $transactionId = get_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account', true); $content = json_decode($customer->validate_otp_token('EMAIL', null, $transactionId, $otp_token, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account'); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { //OTP validated and generate QRCode $this->mo2f_create_user($current_user, get_user_meta($current_user->ID, 'mo_2factor_user_email', true)); } else { // OTP Validation failed. update_option('mo2f_message', 'Invalid OTP. Please try again.'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_OTP_DELIVERED_FAILURE'); $this->mo_auth_show_error_message(); } delete_user_meta($current_user->ID, 'mo_2fa_verify_otp_create_account'); } } else { update_option('mo2f_message', 'The email is already used by other user. Please register with other email by clicking on Back button.'); $this->mo_auth_show_error_message(); } } } }