function mo2f_get_activated_second_factor($current_user)
{
if (get_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status', true) == 'MO_2_FACTOR_SUCCESS') {
//checking this option for existing users
update_user_meta($current_user->ID, 'mo2f_mobile_registration_status', true);
$mo2f_second_factor = 'MOBILE AUTHENTICATION';
return $mo2f_second_factor;
} else {
if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') {
return 'NONE';
} else {
//for new users
if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', true) == 'SUCCESS') {
$enduser = new Two_Factor_Setup();
$userinfo = json_decode($enduser->mo2f_get_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($userinfo['status'] == 'ERROR') {
update_option('mo2f_message', $userinfo['message']);
$mo2f_second_factor = 'NONE';
} else {
if ($userinfo['status'] == 'SUCCESS') {
$mo2f_second_factor = $userinfo['authType'];
} else {
if ($userinfo['status'] == 'FAILED') {
$mo2f_second_factor = 'NONE';
update_option('mo2f_message', 'Your account has been removed.Please contact your administrator.');
} else {
$mo2f_second_factor = 'NONE';
}
}
}
} else {
update_option('mo2f_message', 'Invalid Request. Please try again.');
$mo2f_second_factor = 'NONE';
}
} else {
$mo2f_second_factor = 'NONE';
}
return $mo2f_second_factor;
}
}
}
function mo2f_get_qr_code_for_mobile($email, $id)
{
$registerMobile = new Two_Factor_Setup();
$content = $registerMobile->register_mobile($email);
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'ERROR') {
update_option('mo2f_message', $response['message']);
unset($_SESSION['mo2f_qrCode']);
unset($_SESSION['mo2f_transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
$this->mo_auth_show_error_message();
} else {
if ($response['status'] == 'IN_PROGRESS') {
update_option('mo2f_message', 'Please scan the QR Code now.');
$_SESSION['mo2f_qrCode'] = $response['qrCode'];
$_SESSION['mo2f_transactionId'] = $response['txId'];
$_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', "An error occured while processing your request. Please Try again.");
unset($_SESSION['mo2f_qrCode']);
unset($_SESSION['mo2f_transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
$this->mo_auth_show_error_message();
}
}
}
}
function mo2f_inline_get_qr_code_for_mobile($email, $id)
{
$registerMobile = new Two_Factor_Setup();
$content = $registerMobile->register_mobile($email);
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'ERROR') {
$_SESSION['mo2f-login-message'] = $response['message'];
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
} else {
if ($response['status'] == 'IN_PROGRESS') {
$_SESSION['mo2f-login-qrCode'] = $response['qrCode'];
$_SESSION['mo2f-login-transactionId'] = $response['txId'];
$_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE';
} else {
$_SESSION['mo2f-login-message'] = "An error occured while processing your request. Please Try again.";
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
unset($_SESSION['mo2f_show_qr_code']);
}
}
}
}
public function my_login_redirect()
{
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
if (isset($_POST['miniorange_login_nonce'])) {
$nonce = $_POST['miniorange_login_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-login-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request';
$this->mo_auth_show_error_message();
} else {
//validation and sanitization
$username = '';
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2fa_username'])) {
$_SESSION['mo2f-login-message'] = 'Please enter username to proceed';
$this->mo_auth_show_error_message();
return;
} else {
$username = sanitize_text_field($_POST['mo2fa_username']);
}
if (username_exists($username)) {
/*if username exists in wp site */
$user = new WP_User($username);
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
$_SESSION['mo2f_current_user'] = $user;
$roles = $user->roles;
$current_role = array_shift($roles);
if (get_option('mo2fa_' . $current_role)) {
if (!session_id() || session_id() == '' || !isset($_SESSION)) {
session_start();
}
if (get_user_meta($user->ID, 'mo_2factor_map_id_with_email', true) && get_user_meta($user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') {
//if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT'])){
//$this->mo2f_login_kba_verification($currentuser);
//}else{
$mo2f_second_factor = mo2f_get_user_2ndfactor($user);
if ($mo2f_second_factor == 'MOBILE AUTHENTICATION') {
$this->mo2f_login_mobile_verification($user);
} else {
if ($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL') {
$this->mo2f_login_push_oobemail_verification($user, $mo2f_second_factor);
} else {
if ($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR') {
$this->mo2f_login_otp_verification($user, $mo2f_second_factor);
} else {
if ($mo2f_second_factor == 'KBA') {
$this->mo2f_login_kba_verification($user);
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.';
$this->mo_auth_show_success_message();
}
}
}
}
//}
} else {
$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
$this->mo_auth_show_success_message();
$this->mo2f_redirectto_wp_login();
}
} else {
$_SESSION['mo2f-login-message'] = 'Please login into your account using password.';
$this->mo_auth_show_success_message();
$this->mo2f_redirectto_wp_login();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid Username.';
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['miniorange_kba_nonce'])) {
/*check kba validation*/
$nonce = $_POST['miniorange_kba_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-kba-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null;
if (isset($_SESSION['mo2f_current_user'])) {
if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_2'])) {
return;
}
$otpToken = array();
$otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0];
$otpToken[1] = sanitize_text_field($_POST['mo2f_answer_1']);
$otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1];
$otpToken[3] = sanitize_text_field($_POST['mo2f_answer_2']);
$check_trust_device = sanitize_text_field($_POST['mo2f_trust_device']);
$kba_validate = new Customer_Setup();
$kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f-login-transactionId'], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (username_exists($currentuser->user_login)) {
// user is a member
if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) {
remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
} else {
$_SESSION['mo2f-login-message'] = 'The answers you have provided are incorrect.';
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['miniorange_mobile_validation_nonce'])) {
/*check mobile validation */
$nonce = $_POST['miniorange_mobile_validation_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$currentuser = $_SESSION['mo2f_current_user'];
$username = $currentuser->user_login;
if (username_exists($username)) {
// user is a member
$checkMobileStatus = new Two_Factor_Setup();
$content = $checkMobileStatus->check_mobile_status($_SESSION['mo2f-login-transactionId']);
$response = json_decode($content, true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($response['status'] == 'SUCCESS') {
remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
}
}
if (isset($_POST['miniorange_mobile_validation_failed_nonce'])) {
/*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/
$nonce = $_POST['miniorange_mobile_validation_failed_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-failed-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$this->remove_current_activity();
}
}
if (isset($_POST['miniorange_forgotphone'])) {
/*Click on the link of forgotphone */
$nonce = $_POST['miniorange_forgotphone'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-forgotphone')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$customer = new Customer_Setup();
$id = $_SESSION['mo2f_current_user']->ID;
$content = json_decode($customer->send_otp_token(get_user_meta($id, 'mo_2factor_map_id_with_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
$_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id, 'mo_2factor_map_id_with_email', true)) . '</b>. Please enter the OTP to verify your identity.';
$_SESSION['mo2f-login-transactionId'] = $content['txId'];
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL';
$this->mo_auth_show_success_message();
} else {
$_SESSION['mo2f-login-message'] = 'Error:OTP over Email';
$this->mo_auth_show_success_message();
}
}
}
if (isset($_POST['miniorange_softtoken'])) {
/*Click on the link of phone is offline */
$nonce = $_POST['miniorange_softtoken'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-softtoken')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
unset($_SESSION['mo2f-login-qrCode']);
unset($_SESSION['mo2f-login-transactionId']);
$_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.';
$_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN';
}
}
if (isset($_POST['miniorange_soft_token_nonce'])) {
/*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */
$nonce = $_POST['miniorange_soft_token_nonce'];
if (!wp_verify_nonce($nonce, 'miniorange-2-factor-soft-token-nonce')) {
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
} else {
$softtoken = '';
if (MO2f_utility::mo2f_check_empty_or_null($_POST['mo2fa_softtoken'])) {
$_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed';
$this->mo_auth_show_error_message();
return;
} else {
$softtoken = sanitize_text_field($_POST['mo2fa_softtoken']);
if (!MO2f_utility::mo2f_check_number_length($softtoken)) {
$_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.';
return;
}
}
$currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null;
if (isset($_SESSION['mo2f_current_user'])) {
$customer = new Customer_Setup();
$content = '';
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') {
$content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') {
$content = json_decode($customer->validate_otp_token('SMS', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION') {
$content = json_decode($customer->validate_otp_token('PHONE VERIFICATION', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN') {
$content = json_decode($customer->validate_otp_token('SOFT TOKEN', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION') {
$content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true);
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.';
$this->mo_auth_show_error_message();
}
}
}
}
}
if (username_exists($currentuser->user_login)) {
// user is a member
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3);
add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3);
} else {
$message = $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again';
$_SESSION['mo2f-login-message'] = $message;
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
} else {
$this->remove_current_activity();
$_SESSION['mo2f-login-message'] = 'Invalid request.';
$this->mo_auth_show_error_message();
}
}
}
}
function mo2f_create_user($current_user, $email)
{
//creating user in miniOrange of wordpress non-admin
$email = strtolower($email);
$enduser = new Two_Factor_Setup();
$check_user = json_decode($enduser->mo_check_user_already_exist($email), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($check_user['status'] == 'ERROR') {
update_option('mo2f_message', $check_user['message']);
$this->mo_auth_show_error_message();
} else {
if (strcasecmp($check_user['status'], 'USER_FOUND') == 0) {
delete_user_meta($current_user->ID, 'mo_2factor_user_email');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', $email);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
$enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, null, null);
$message = 'You are registered successfully. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure 2nd factor authentication method.';
update_option('mo2f_message', $message);
$this->mo_auth_show_success_message();
} else {
if (strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0) {
$content = json_decode($enduser->mo_create_user($current_user, $email), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($content['status'] == 'ERROR') {
update_option('mo2f_message', $content['message']);
} else {
if (strcasecmp($content['status'], 'SUCCESS') == 0) {
delete_user_meta($current_user->ID, 'mo_2factor_user_email');
update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS');
update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', $email);
update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR');
$enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, null, null);
$message = 'You are registered successfully. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure 2nd factor authentication method.';
update_option('mo2f_message', $message);
$this->mo_auth_show_success_message();
} else {
update_option('mo2f_message', 'Error occurred while registering the user. Please try again.');
$this->mo_auth_show_error_message();
}
}
} else {
update_option('mo2f_message', 'Error occurred while registering the user. Please try again or contact your admin.');
$this->mo_auth_show_error_message();
}
} else {
update_option('mo2f_message', 'Error occurred while registering the user. Please try again.');
$this->mo_auth_show_error_message();
}
}
}
} else {
update_option('mo2f_message', 'Error occurred while registering the user. Please try again.');
$this->mo_auth_show_error_message();
}
}
function mo2f_get_user_2ndfactor($current_user)
{
if (get_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status', true) == 'MO_2_FACTOR_SUCCESS') {
$mo2f_second_factor = 'MOBILE AUTHENTICATION';
} else {
$enduser = new Two_Factor_Setup();
$userinfo = json_decode($enduser->mo2f_get_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true);
if (json_last_error() == JSON_ERROR_NONE) {
if ($userinfo['status'] == 'ERROR') {
$mo2f_second_factor = 'NONE';
} else {
if ($userinfo['status'] == 'SUCCESS') {
$mo2f_second_factor = $userinfo['authType'];
} else {
if ($userinfo['status'] == 'FAILED') {
$mo2f_second_factor = 'USER_NOT_FOUND';
} else {
$mo2f_second_factor = 'NONE';
}
}
}
} else {
$mo2f_second_factor = 'NONE';
}
}
return $mo2f_second_factor;
}
