function mo2f_check_username_password($user, $username, $password)
{
if (isset($_POST['miniorange_login_nonce'])) {
$nonce = $_POST['miniorange_login_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-login-nonce')) {
wp_logout();
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Invalid Request.'));
return $error;
} else {
$currentuser = mo2f_wp_authenticate_username_password($user, $username, $password);
if (is_wp_error($currentuser)) {
return $currentuser;
} else {
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
$_SESSION['mo2f_current_user'] = $currentuser;
$_SESSION['mo2f_1stfactor_status'] = 'VALIDATE_SUCCESS';
$roles = $currentuser->roles;
$current_role = array_shift($roles);
if (get_option('mo2fa_' . $current_role)) {
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
$email = get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true);
$attributes = isset($_POST['miniorange_rba_attribures']) ? $_POST['miniorange_rba_attribures'] : null;
if ($email && get_user_meta($currentuser->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') {
//checking if user has configured any 2nd factor method
try {
$mo2f_rba_status = mo2f_collect_attributes($email, stripslashes($attributes));
// Rba flow
} catch (Exception $e) {
echo $e->getMessage();
}
if ($mo2f_rba_status['status'] == 'SUCCESS' && $mo2f_rba_status['decision_flag']) {
$this->mo2fa_pass2login();
} else {
$_SESSION['mo2f_rba_status'] = $mo2f_rba_status;
$mo2f_second_factor = mo2f_get_user_2ndfactor($currentuser);
if ($mo2f_second_factor == 'MOBILE AUTHENTICATION') {
$this->mo2f_pass2login_mobile_verification($currentuser);
} else {
if ($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL') {
$this->mo2f_pass2login_push_oobemail_verification($currentuser, $mo2f_second_factor);
} else {
if ($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR') {
$this->mo2f_pass2login_otp_verification($currentuser, $mo2f_second_factor);
} else {
if ($mo2f_second_factor == 'KBA') {
$this->mo2f_pass2login_kba_verification($currentuser);
} else {
$this->remove_current_activity();
$error = new WP_Error();
$error->add('empty_username', __('<strong>ERROR</strong>: Please try again or contact your admin.'));
return $error;
}
}
}
}
}
} else {
$_SESSION['mo2f-login-message'] = '';
if (get_user_meta($currentuser->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_USER_FOR_2FA_METHODS';
} else {
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_PROMPT_FOR_USER_REGISTRATION';
}
}
} else {
//plugin is not activated for current role then logged him in without asking 2 factor
$this->mo2fa_pass2login();
}
}
}
} else {
$error = new WP_Error();
return $error;
}
}
public function my_login_redirect()
{
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
if (isset($_POST['miniorange_login_nonce'])) {
$nonce = $_POST['miniorange_login_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-login-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request';
$this->mo_auth_show_error_message();
} else {
//validation and sanitization
$username = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2fa_username'])) {
$_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
$this->mo_auth_show_error_message();
return;
} else {
$username = sanitize_text_field($_POST['mo2fa_username']);
}
if (username_exists($username)) {
/*if username exists in wp site */
$user = new WP_User($username);
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
$_SESSION['mo2f_current_user'] = $user;
$roles = $user->roles;
$current_role = array_shift($roles);
if (get_option('mo2fa_' . $current_role)) {
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
if (get_user_meta($user->ID, 'mo_2factor_map_id_with_email', true) && get_user_meta($user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') {
//if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT'])){
//$this->mo2f_login_kba_verification($currentuser);
//}else{
$mo2f_second_factor = mo2f_get_user_2ndfactor($user);
if ($mo2f_second_factor == 'MOBILE AUTHENTICATION') {
$this->mo2f_login_mobile_verification($user);
} else {
if ($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL') {
$this->mo2f_login_push_oobemail_verification($user, $mo2f_second_factor);
} else {
if ($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR') {
$this->mo2f_login_otp_verification($user, $mo2f_second_factor);
} else {
if ($mo2f_second_factor == 'KBA') {
$this->mo2f_login_kba_verification($user);
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
$this->mo_auth_show_success_message();
}
}
}
}
//}
} else {
$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
$this->mo_auth_show_success_message();
$this->mo2f_redirectto_wp_login();
}
} else {
$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
$this->mo_auth_show_success_message();
$this->mo2f_redirectto_wp_login();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid Username.';
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['miniorange_kba_nonce'])) {
/*check kba validation*/
$nonce = $_POST['miniorange_kba_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-kba-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null;
if (isset($_SESSION['mo2f_current_user'])) {
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_2'])) {
return;
}
$otpToken = array();
$otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
$otpToken[1] = sanitize_text_field($_POST['mo2f_answer_1']);
$otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
$otpToken[3] = sanitize_text_field($_POST['mo2f_answer_2']);
$check_trust_device = sanitize_text_field($_POST['mo2f_trust_device']);
$kba_validate = new Customer_Setup();
$kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f-login-transactionId'], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (username_exists($currentuser->user_login)) {
// user is a member
if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
} else {
$_SESSION['mo2f-login-message'] = 'The answers you have provided are incorrect.';
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['miniorange_mobile_validation_nonce'])) {
/*check mobile validation */
$nonce = $_POST['miniorange_mobile_validation_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$currentuser = $_SESSION['mo2f_current_user'];
$username = $currentuser->user_login;
if (username_exists($username)) {
// user is a member
$checkMobileStatus = new Two_Factor_Setup();
$content = $checkMobileStatus->check_mobile_status($_SESSION['mo2f-login-transactionId']);
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'SUCCESS') {
remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['miniorange_mobile_validation_failed_nonce'])) {
/*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
$nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-failed-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$this->remove_current_activity();
}
}
if (isset($_POST['miniorange_forgotphone'])) {
/*Click on the link of forgotphone */
$nonce = $_POST['miniorange_forgotphone'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-forgotphone')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$customer = new Customer_Setup();
$id = $_SESSION['mo2f_current_user']->ID;
$content = json_decode($customer->send_otp_token(get_user_meta($id, 'mo_2factor_map_id_with_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
$_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id, 'mo_2factor_map_id_with_email', true)) . '</b>. Please enter the OTP to verify your identity.';
$_SESSION['mo2f-login-transactionId'] = $content['txId'];
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
$this->mo_auth_show_success_message();
} else {
$_SESSION['mo2f-login-message'] = 'Error:OTP over Email';
$this->mo_auth_show_success_message();
}
}
}
if (isset($_POST['miniorange_softtoken'])) {
/*Click on the link of phone is offline */
$nonce = $_POST['miniorange_softtoken'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-softtoken')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
$_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.';
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
}
}
if (isset($_POST['miniorange_soft_token_nonce'])) {
/*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
$nonce = $_POST['miniorange_soft_token_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-soft-token-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$softtoken = '';
if (MO2f_utility::mo2f_check_empty_or_null($_POST['mo2fa_softtoken'])) {
$_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed';
$this->mo_auth_show_error_message();
return;
} else {
$softtoken = sanitize_text_field($_POST['mo2fa_softtoken']);
if (!MO2f_utility::mo2f_check_number_length($softtoken)) {
$_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
return;
}
}
$currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null;
if (isset($_SESSION['mo2f_current_user'])) {
$customer = new Customer_Setup();
$content = '';
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') {
$content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') {
$content = json_decode($customer->validate_otp_token('SMS', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION') {
$content = json_decode($customer->validate_otp_token('PHONE VERIFICATION', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN') {
$content = json_decode($customer->validate_otp_token('SOFT TOKEN', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION') {
$content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.';
$this->mo_auth_show_error_message();
}
}
}
}
}
if (username_exists($currentuser->user_login)) {
// user is a member
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
} else {
$message = $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again';
$_SESSION['mo2f-login-message'] = $message;
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
}
}
}
