function mo2f_check_username_password($user, $username, $password) { if (isset($_POST['miniorange_login_nonce'])) { $nonce = $_POST['miniorange_login_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-login-nonce')) { wp_logout(); $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.')); return $error; } else { $currentuser = mo2f_wp_authenticate_username_password($user, $username, $password); if (is_wp_error($currentuser)) { return $currentuser; } else { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } $_SESSION['mo2f_current_user'] = $currentuser; $_SESSION['mo2f_1stfactor_status'] = 'VALIDATE_SUCCESS'; $roles = $currentuser->roles; $current_role = array_shift($roles); if (get_option('mo2fa_' . $current_role)) { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } $email = get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true); $attributes = isset($_POST['miniorange_rba_attribures']) ? $_POST['miniorange_rba_attribures'] : null; if ($email && get_user_meta($currentuser->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') { //checking if user has configured any 2nd factor method try { $mo2f_rba_status = mo2f_collect_attributes($email, stripslashes($attributes)); // Rba flow } catch (Exception $e) { echo $e->getMessage(); } if ($mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag']) { $this->mo2fa_pass2login(); } else { $_SESSION['mo2f_rba_status'] = $mo2f_rba_status; $mo2f_second_factor = mo2f_get_user_2ndfactor($currentuser); if ($mo2f_second_factor == 'MOBILE AUTHENTICATION') { $this->mo2f_pass2login_mobile_verification($currentuser); } else { if ($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL') { $this->mo2f_pass2login_push_oobemail_verification($currentuser, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR') { $this->mo2f_pass2login_otp_verification($currentuser, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'KBA') { $this->mo2f_pass2login_kba_verification($currentuser); } else { $this->remove_current_activity(); $error = new WP_Error(); $error->add('empty_username', __('<strong>ERROR</strong>: Please try again or contact your admin.')); return $error; } } } } } } else { $_SESSION['mo2f-login-message'] = ''; if (get_user_meta($currentuser->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') { $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS'; } else { $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REGISTRATION'; } } } else { //plugin is not activated for current role then logged him in without asking 2 factor $this->mo2fa_pass2login(); } } } } else { $error = new WP_Error(); return $error; } }
public function my_login_redirect() { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } if (isset($_POST['miniorange_login_nonce'])) { $nonce = $_POST['miniorange_login_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-login-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request'; $this->mo_auth_show_error_message(); } else { //validation and sanitization $username = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2fa_username'])) { $_SESSION['mo2f-login-message'] = 'Please enter username to proceed'; $this->mo_auth_show_error_message(); return; } else { $username = sanitize_text_field($_POST['mo2fa_username']); } if (username_exists($username)) { /*if username exists in wp site */ $user = new WP_User($username); if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } $_SESSION['mo2f_current_user'] = $user; $roles = $user->roles; $current_role = array_shift($roles); if (get_option('mo2fa_' . $current_role)) { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } if (get_user_meta($user->ID, 'mo_2factor_map_id_with_email', true) && get_user_meta($user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') { //if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT'])){ //$this->mo2f_login_kba_verification($currentuser); //}else{ $mo2f_second_factor = mo2f_get_user_2ndfactor($user); if ($mo2f_second_factor == 'MOBILE AUTHENTICATION') { $this->mo2f_login_mobile_verification($user); } else { if ($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL') { $this->mo2f_login_push_oobemail_verification($user, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR') { $this->mo2f_login_otp_verification($user, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'KBA') { $this->mo2f_login_kba_verification($user); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.'; $this->mo_auth_show_success_message(); } } } } //} } else { $_SESSION['mo2f-login-message'] = 'Please login into your account using password.'; $this->mo_auth_show_success_message(); $this->mo2f_redirectto_wp_login(); } } else { $_SESSION['mo2f-login-message'] = 'Please login into your account using password.'; $this->mo_auth_show_success_message(); $this->mo2f_redirectto_wp_login(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid Username.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_kba_nonce'])) { /*check kba validation*/ $nonce = $_POST['miniorange_kba_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-kba-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_2'])) { return; } $otpToken = array(); $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0]; $otpToken[1] = sanitize_text_field($_POST['mo2f_answer_1']); $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1]; $otpToken[3] = sanitize_text_field($_POST['mo2f_answer_2']); $check_trust_device = sanitize_text_field($_POST['mo2f_trust_device']); $kba_validate = new Customer_Setup(); $kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f-login-transactionId'], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (username_exists($currentuser->user_login)) { // user is a member if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $_SESSION['mo2f-login-message'] = 'The answers you have provided are incorrect.'; } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_mobile_validation_nonce'])) { /*check mobile validation */ $nonce = $_POST['miniorange_mobile_validation_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $currentuser = $_SESSION['mo2f_current_user']; $username = $currentuser->user_login; if (username_exists($username)) { // user is a member $checkMobileStatus = new Two_Factor_Setup(); $content = $checkMobileStatus->check_mobile_status($_SESSION['mo2f-login-transactionId']); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'SUCCESS') { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_mobile_validation_failed_nonce'])) { /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/ $nonce = $_POST['miniorange_mobile_validation_failed_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-failed-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $this->remove_current_activity(); } } if (isset($_POST['miniorange_forgotphone'])) { /*Click on the link of forgotphone */ $nonce = $_POST['miniorange_forgotphone']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-forgotphone')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $customer = new Customer_Setup(); $id = $_SESSION['mo2f_current_user']->ID; $content = json_decode($customer->send_otp_token(get_user_meta($id, 'mo_2factor_map_id_with_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id, 'mo_2factor_map_id_with_email', true)) . '</b>. Please enter the OTP to verify your identity.'; $_SESSION['mo2f-login-transactionId'] = $content['txId']; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'; $this->mo_auth_show_success_message(); } else { $_SESSION['mo2f-login-message'] = 'Error:OTP over Email'; $this->mo_auth_show_success_message(); } } } if (isset($_POST['miniorange_softtoken'])) { /*Click on the link of phone is offline */ $nonce = $_POST['miniorange_softtoken']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-softtoken')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.'; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'; } } if (isset($_POST['miniorange_soft_token_nonce'])) { /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */ $nonce = $_POST['miniorange_soft_token_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-soft-token-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $softtoken = ''; if (MO2f_utility::mo2f_check_empty_or_null($_POST['mo2fa_softtoken'])) { $_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed'; $this->mo_auth_show_error_message(); return; } else { $softtoken = sanitize_text_field($_POST['mo2fa_softtoken']); if (!MO2f_utility::mo2f_check_number_length($softtoken)) { $_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.'; return; } } $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { $customer = new Customer_Setup(); $content = ''; if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') { $content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') { $content = json_decode($customer->validate_otp_token('SMS', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION') { $content = json_decode($customer->validate_otp_token('PHONE VERIFICATION', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN') { $content = json_decode($customer->validate_otp_token('SOFT TOKEN', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION') { $content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.'; $this->mo_auth_show_error_message(); } } } } } if (username_exists($currentuser->user_login)) { // user is a member if (strcasecmp($content['status'], 'SUCCESS') == 0) { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $message = $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again'; $_SESSION['mo2f-login-message'] = $message; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } }