function mo2f_get_activated_second_factor($current_user) { if (get_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status', true) == 'MO_2_FACTOR_SUCCESS') { //checking this option for existing users update_user_meta($current_user->ID, 'mo2f_mobile_registration_status', true); $mo2f_second_factor = 'MOBILE AUTHENTICATION'; return $mo2f_second_factor; } else { if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR') { return 'NONE'; } else { //for new users if (get_user_meta($current_user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS' && get_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', true) == 'SUCCESS') { $enduser = new Two_Factor_Setup(); $userinfo = json_decode($enduser->mo2f_get_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true); if (json_last_error() == JSON_ERROR_NONE) { if ($userinfo['status'] == 'ERROR') { update_option('mo2f_message', $userinfo['message']); $mo2f_second_factor = 'NONE'; } else { if ($userinfo['status'] == 'SUCCESS') { $mo2f_second_factor = $userinfo['authType']; } else { if ($userinfo['status'] == 'FAILED') { $mo2f_second_factor = 'NONE'; update_option('mo2f_message', 'Your account has been removed.Please contact your administrator.'); } else { $mo2f_second_factor = 'NONE'; } } } } else { update_option('mo2f_message', 'Invalid Request. Please try again.'); $mo2f_second_factor = 'NONE'; } } else { $mo2f_second_factor = 'NONE'; } return $mo2f_second_factor; } } }
function mo2f_get_qr_code_for_mobile($email, $id) { $registerMobile = new Two_Factor_Setup(); $content = $registerMobile->register_mobile($email); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'ERROR') { update_option('mo2f_message', $response['message']); unset($_SESSION['mo2f_qrCode']); unset($_SESSION['mo2f_transactionId']); unset($_SESSION['mo2f_show_qr_code']); $this->mo_auth_show_error_message(); } else { if ($response['status'] == 'IN_PROGRESS') { update_option('mo2f_message', 'Please scan the QR Code now.'); $_SESSION['mo2f_qrCode'] = $response['qrCode']; $_SESSION['mo2f_transactionId'] = $response['txId']; $_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE'; $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', "An error occured while processing your request. Please Try again."); unset($_SESSION['mo2f_qrCode']); unset($_SESSION['mo2f_transactionId']); unset($_SESSION['mo2f_show_qr_code']); $this->mo_auth_show_error_message(); } } } }
function mo2f_inline_get_qr_code_for_mobile($email, $id) { $registerMobile = new Two_Factor_Setup(); $content = $registerMobile->register_mobile($email); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'ERROR') { $_SESSION['mo2f-login-message'] = $response['message']; unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); unset($_SESSION['mo2f_show_qr_code']); } else { if ($response['status'] == 'IN_PROGRESS') { $_SESSION['mo2f-login-qrCode'] = $response['qrCode']; $_SESSION['mo2f-login-transactionId'] = $response['txId']; $_SESSION['mo2f_show_qr_code'] = 'MO_2_FACTOR_SHOW_QR_CODE'; } else { $_SESSION['mo2f-login-message'] = "An error occured while processing your request. Please Try again."; unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); unset($_SESSION['mo2f_show_qr_code']); } } } }
public function my_login_redirect() { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } if (isset($_POST['miniorange_login_nonce'])) { $nonce = $_POST['miniorange_login_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-login-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request'; $this->mo_auth_show_error_message(); } else { //validation and sanitization $username = ''; if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2fa_username'])) { $_SESSION['mo2f-login-message'] = 'Please enter username to proceed'; $this->mo_auth_show_error_message(); return; } else { $username = sanitize_text_field($_POST['mo2fa_username']); } if (username_exists($username)) { /*if username exists in wp site */ $user = new WP_User($username); if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } $_SESSION['mo2f_current_user'] = $user; $roles = $user->roles; $current_role = array_shift($roles); if (get_option('mo2fa_' . $current_role)) { if (!session_id() || session_id() == '' || !isset($_SESSION)) { session_start(); } if (get_user_meta($user->ID, 'mo_2factor_map_id_with_email', true) && get_user_meta($user->ID, 'mo_2factor_user_registration_status', true) == 'MO_2_FACTOR_PLUGIN_SETTINGS') { //if(MO2f_Utility::check_if_request_is_from_mobile_device($_SERVER['HTTP_USER_AGENT'])){ //$this->mo2f_login_kba_verification($currentuser); //}else{ $mo2f_second_factor = mo2f_get_user_2ndfactor($user); if ($mo2f_second_factor == 'MOBILE AUTHENTICATION') { $this->mo2f_login_mobile_verification($user); } else { if ($mo2f_second_factor == 'PUSH NOTIFICATIONS' || $mo2f_second_factor == 'OUT OF BAND EMAIL') { $this->mo2f_login_push_oobemail_verification($user, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'SOFT TOKEN' || $mo2f_second_factor == 'SMS' || $mo2f_second_factor == 'PHONE VERIFICATION' || $mo2f_second_factor == 'GOOGLE AUTHENTICATOR') { $this->mo2f_login_otp_verification($user, $mo2f_second_factor); } else { if ($mo2f_second_factor == 'KBA') { $this->mo2f_login_kba_verification($user); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Please try again or contact your admin.'; $this->mo_auth_show_success_message(); } } } } //} } else { $_SESSION['mo2f-login-message'] = 'Please login into your account using password.'; $this->mo_auth_show_success_message(); $this->mo2f_redirectto_wp_login(); } } else { $_SESSION['mo2f-login-message'] = 'Please login into your account using password.'; $this->mo_auth_show_success_message(); $this->mo2f_redirectto_wp_login(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid Username.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_kba_nonce'])) { /*check kba validation*/ $nonce = $_POST['miniorange_kba_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-kba-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { if (MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_1']) || MO2f_Utility::mo2f_check_empty_or_null($_POST['mo2f_answer_2'])) { return; } $otpToken = array(); $otpToken[0] = $_SESSION['mo_2_factor_kba_questions'][0]; $otpToken[1] = sanitize_text_field($_POST['mo2f_answer_1']); $otpToken[2] = $_SESSION['mo_2_factor_kba_questions'][1]; $otpToken[3] = sanitize_text_field($_POST['mo2f_answer_2']); $check_trust_device = sanitize_text_field($_POST['mo2f_trust_device']); $kba_validate = new Customer_Setup(); $kba_validate_response = json_decode($kba_validate->validate_otp_token('KBA', null, $_SESSION['mo2f-login-transactionId'], $otpToken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (username_exists($currentuser->user_login)) { // user is a member if (strcasecmp($kba_validate_response['status'], 'SUCCESS') == 0) { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $_SESSION['mo2f-login-message'] = 'The answers you have provided are incorrect.'; } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_mobile_validation_nonce'])) { /*check mobile validation */ $nonce = $_POST['miniorange_mobile_validation_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $currentuser = $_SESSION['mo2f_current_user']; $username = $currentuser->user_login; if (username_exists($username)) { // user is a member $checkMobileStatus = new Two_Factor_Setup(); $content = $checkMobileStatus->check_mobile_status($_SESSION['mo2f-login-transactionId']); $response = json_decode($content, true); if (json_last_error() == JSON_ERROR_NONE) { if ($response['status'] == 'SUCCESS') { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } if (isset($_POST['miniorange_mobile_validation_failed_nonce'])) { /*Back to miniOrange Login Page if mobile validation failed and from back button of mobile challenge, soft token and default login*/ $nonce = $_POST['miniorange_mobile_validation_failed_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-mobile-validation-failed-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $this->remove_current_activity(); } } if (isset($_POST['miniorange_forgotphone'])) { /*Click on the link of forgotphone */ $nonce = $_POST['miniorange_forgotphone']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-forgotphone')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $customer = new Customer_Setup(); $id = $_SESSION['mo2f_current_user']->ID; $content = json_decode($customer->send_otp_token(get_user_meta($id, 'mo_2factor_map_id_with_email', true), 'EMAIL', get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); if (strcasecmp($content['status'], 'SUCCESS') == 0) { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'A one time passcode has been sent to <b>' . MO2f_Utility::mo2f_get_hiden_email(get_user_meta($id, 'mo_2factor_map_id_with_email', true)) . '</b>. Please enter the OTP to verify your identity.'; $_SESSION['mo2f-login-transactionId'] = $content['txId']; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL'; $this->mo_auth_show_success_message(); } else { $_SESSION['mo2f-login-message'] = 'Error:OTP over Email'; $this->mo_auth_show_success_message(); } } } if (isset($_POST['miniorange_softtoken'])) { /*Click on the link of phone is offline */ $nonce = $_POST['miniorange_softtoken']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-softtoken')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { unset($_SESSION['mo2f-login-qrCode']); unset($_SESSION['mo2f-login-transactionId']); $_SESSION['mo2f-login-message'] = 'Please enter the one time passcode shown in the miniOrange authenticator app.'; $_SESSION['mo_2factor_login_status'] = 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN'; } } if (isset($_POST['miniorange_soft_token_nonce'])) { /*Validate Soft Token,OTP over SMS,OTP over EMAIL,Phone verification */ $nonce = $_POST['miniorange_soft_token_nonce']; if (!wp_verify_nonce($nonce, 'miniorange-2-factor-soft-token-nonce')) { $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } else { $softtoken = ''; if (MO2f_utility::mo2f_check_empty_or_null($_POST['mo2fa_softtoken'])) { $_SESSION['mo2f-login-message'] = 'Please enter OTP to proceed'; $this->mo_auth_show_error_message(); return; } else { $softtoken = sanitize_text_field($_POST['mo2fa_softtoken']); if (!MO2f_utility::mo2f_check_number_length($softtoken)) { $_SESSION['mo2f-login-message'] = 'Invalid OTP. Only digits within range 4-8 are allowed. Please try again.'; return; } } $currentuser = isset($_SESSION['mo2f_current_user']) ? $_SESSION['mo2f_current_user'] : null; if (isset($_SESSION['mo2f_current_user'])) { $customer = new Customer_Setup(); $content = ''; if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_EMAIL') { $content = json_decode($customer->validate_otp_token('EMAIL', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_OTP_OVER_SMS') { $content = json_decode($customer->validate_otp_token('SMS', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_PHONE_VERIFICATION') { $content = json_decode($customer->validate_otp_token('PHONE VERIFICATION', null, $_SESSION['mo2f-login-transactionId'], $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN') { $content = json_decode($customer->validate_otp_token('SOFT TOKEN', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { if (isset($_SESSION['mo_2factor_login_status']) && $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_GOOGLE_AUTHENTICATION') { $content = json_decode($customer->validate_otp_token('GOOGLE AUTHENTICATOR', get_user_meta($currentuser->ID, 'mo_2factor_map_id_with_email', true), null, $softtoken, get_option('mo2f_customerKey'), get_option('mo2f_api_key')), true); } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request. Please try again.'; $this->mo_auth_show_error_message(); } } } } } if (username_exists($currentuser->user_login)) { // user is a member if (strcasecmp($content['status'], 'SUCCESS') == 0) { remove_filter('authenticate', 'wp_authenticate_username_password', 10, 3); add_filter('authenticate', array($this, 'mo2fa_login'), 10, 3); } else { $message = $_SESSION['mo_2factor_login_status'] == 'MO_2_FACTOR_CHALLENGE_SOFT_TOKEN' ? 'Invalid OTP ...Possible causes <br />1. You mis-typed the OTP, find the OTP again and type it. <br /> 2. Your phone time is not in sync with miniOrange servers. <br /><b>How to sync?</b> In the app,tap on Settings icon and then press Sync button.' : 'Invalid OTP. Please try again'; $_SESSION['mo2f-login-message'] = $message; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } else { $this->remove_current_activity(); $_SESSION['mo2f-login-message'] = 'Invalid request.'; $this->mo_auth_show_error_message(); } } } }
function mo2f_create_user($current_user, $email) { //creating user in miniOrange of wordpress non-admin $email = strtolower($email); $enduser = new Two_Factor_Setup(); $check_user = json_decode($enduser->mo_check_user_already_exist($email), true); if (json_last_error() == JSON_ERROR_NONE) { if ($check_user['status'] == 'ERROR') { update_option('mo2f_message', $check_user['message']); $this->mo_auth_show_error_message(); } else { if (strcasecmp($check_user['status'], 'USER_FOUND') == 0) { delete_user_meta($current_user->ID, 'mo_2factor_user_email'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', $email); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'); $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, null, null); $message = 'You are registered successfully. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure 2nd factor authentication method.'; update_option('mo2f_message', $message); $this->mo_auth_show_success_message(); } else { if (strcasecmp($check_user['status'], 'USER_NOT_FOUND') == 0) { $content = json_decode($enduser->mo_create_user($current_user, $email), true); if (json_last_error() == JSON_ERROR_NONE) { if ($content['status'] == 'ERROR') { update_option('mo2f_message', $content['message']); } else { if (strcasecmp($content['status'], 'SUCCESS') == 0) { delete_user_meta($current_user->ID, 'mo_2factor_user_email'); update_user_meta($current_user->ID, 'mo_2factor_user_registration_with_miniorange', 'SUCCESS'); update_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', $email); update_user_meta($current_user->ID, 'mo_2factor_user_registration_status', 'MO_2_FACTOR_INITIALIZE_TWO_FACTOR'); $enduser->mo2f_update_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true), 'OUT OF BAND EMAIL', null, null, null); $message = 'You are registered successfully. <a href=\\"admin.php?page=miniOrange_2_factor_settings&mo2f_tab=mobile_configure\\" >Click Here </a>to configure 2nd factor authentication method.'; update_option('mo2f_message', $message); $this->mo_auth_show_success_message(); } else { update_option('mo2f_message', 'Error occurred while registering the user. Please try again.'); $this->mo_auth_show_error_message(); } } } else { update_option('mo2f_message', 'Error occurred while registering the user. Please try again or contact your admin.'); $this->mo_auth_show_error_message(); } } else { update_option('mo2f_message', 'Error occurred while registering the user. Please try again.'); $this->mo_auth_show_error_message(); } } } } else { update_option('mo2f_message', 'Error occurred while registering the user. Please try again.'); $this->mo_auth_show_error_message(); } }
function mo2f_get_user_2ndfactor($current_user) { if (get_user_meta($current_user->ID, 'mo_2factor_mobile_registration_status', true) == 'MO_2_FACTOR_SUCCESS') { $mo2f_second_factor = 'MOBILE AUTHENTICATION'; } else { $enduser = new Two_Factor_Setup(); $userinfo = json_decode($enduser->mo2f_get_userinfo(get_user_meta($current_user->ID, 'mo_2factor_map_id_with_email', true)), true); if (json_last_error() == JSON_ERROR_NONE) { if ($userinfo['status'] == 'ERROR') { $mo2f_second_factor = 'NONE'; } else { if ($userinfo['status'] == 'SUCCESS') { $mo2f_second_factor = $userinfo['authType']; } else { if ($userinfo['status'] == 'FAILED') { $mo2f_second_factor = 'USER_NOT_FOUND'; } else { $mo2f_second_factor = 'NONE'; } } } } else { $mo2f_second_factor = 'NONE'; } } return $mo2f_second_factor; }