trust token
*
* @return Boolean
*/
protected function user_trust_token_valid($user_id, $trust_token) {
if (!is_string($trust_token) || strlen($trust_token) < 30) return false;
$trusted_devices = $this->user_get_trusted_devices($user_id);
$time_now = time();
foreach ($trusted_devices as $device) {
if (empty($device['until']) || $device['until'] <= $time_now) continue;
if (!empty($device['token']) && $device['token'] === $trust_token) {
return true;
}
}
return false;
}
/**
* This deals with the issue that wp-login.php does not redirect to a canonical URL. As a result, if a website is available under more than one host, then admin_url('admin-ajax.php') might return a different one than the visitor is using, resulting in AJAX failing due to CORS errors.
*
* @return String
*/
protected function get_ajax_url() {
$ajax_url = admin_url('admin-ajax.php');
$parsed_url = parse_url($ajax_url);
if (strtolower($parsed_url['host']) !== strtolower($_SERVER['HTTP_HOST']) && !empty($parsed_url['path'])) {
// Mismatch - return the relative URL only
$ajax_url = $parsed_url['path'];
}
return $ajax_url;
}
/**
* Called not only upon the WP action login_enqueue_scripts, but potentially upon the action 'init' and various others from other plugins too. It can handle being called multiple times.
*/
public function login_enqueue_scripts() {
if (!$this->should_enqueue_login_scripts()) {
return;
}
if (isset($_GET['action']) && 'logout ' != $_GET['action'] && 'login' != $_GET['action']) return;
static $already_done = false;
if ($already_done) return;
$already_done = true;
// Prevent caching when in debug mode
$script_ver = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime($this->includes_dir().'/tfa.js');
wp_enqueue_script('tfa-ajax-request', $this->includes_url().'/tfa.js', array('jquery'), $script_ver);
$trusted_for = $this->get_option('tfa_trusted_for');
$trusted_for = (false === $trusted_for) ? 30 : (string) absint($trusted_for);
$localize = array(
'ajaxurl' => $this->get_ajax_url(),
'click_to_enter_otp' => __("Click to enter One Time Password", 'all-in-one-wp-security-and-firewall'),
'enter_username_first' => __('You have to enter a username first.', 'all-in-one-wp-security-and-firewall'),
'otp' => __('One Time Password (i.e. 2FA)', 'all-in-one-wp-security-and-firewall'),
'otp_login_help' => __('(check your OTP app to get this password)', 'all-in-one-wp-security-and-firewall'),
'mark_as_trusted' => sprintf(_n('Trust this device (allow login without 2FA for %d day)', 'Trust this device (allow login without TFA for %d days)', $trusted_for, 'all-in-one-wp-security-and-firewall'), $trusted_for),
'is_trusted' => __('(Trusted device - no OTP code required)', 'all-in-one-wp-security-and-firewall'),
'nonce' => wp_create_nonce('simba_tfa_loginform_nonce'),
'login_form_selectors' => '',
'login_form_off_selectors' => '',
'error' => __('An error has occurred. Site owners can check the JavaScript console for more details.', 'all-in-one-wp-security-and-firewall'),
);
// Spinner exists since WC 3.8. Use the proper functions to avoid SSL warnings.
if (file_exists(ABSPATH.'wp-admin/images/spinner-2x.gif')) {
$localize['spinnerimg'] = admin_url('images/spinner-2x.gif');
} elseif (file_exists(ABSPATH.WPINC.'/images/spinner-2x.gif')) {
$localize['spinnerimg'] = includes_url('images/spinner-2x.gif');
}
$localize = apply_filters('simba_tfa_login_enqueue_localize', $localize);
wp_localize_script('tfa-ajax-request', 'simba_tfasettings', $localize);
}
/**
* Check whether TFA login scripts should be enqueued or not.
*
* @return boolean True if the TFA login script should be enqueued, otherwise false.
*/
private function should_enqueue_login_scripts() {
if (defined('TWO_FACTOR_DISABLE') && TWO_FACTOR_DISABLE) {
return apply_filters('simbatfa_enqueue_login_scripts', false);
}
global $wpdb;
$sql = $wpdb->prepare('SELECT COUNT(user_id) FROM ' . $wpdb->usermeta . ' WHERE meta_key = %s AND meta_value = %d LIMIT 1', 'tfa_enable_tfa', 1);
$count_user_id = $wpdb->get_var($sql);
if (is_null($count_user_id)) { // Error in query.
return apply_filters('simbatfa_enqueue_login_scripts', true);
} elseif ($count_user_id > 0) { // A user exists with TFA enabled.
return apply_filters('simbatfa_enqueue_login_scripts', true);
}
// No user exists with TFA enabled.
return apply_filters('simbatfa_enqueue_login_scripts', false);
}
/**
* Return or output view content
*
* @param String $path - path to template, usually relative to templates/ within the plugin directory
* @param Array $extract_these - key/value pairs for substitution into the scope of the template
* @param Boolean $return_instead_of_echo - what to do with the results
*
* @return String|Void
*/
public function include_template($path, $extract_these = array(), $return_instead_of_echo = false) {
if ($return_instead_of_echo) ob_start();
$template_file = apply_filters('simatfa_template_file', $this->templates_dir().'/'.$path, $path, $extract_these, $return_instead_of_echo);
do_action('simbatfa_before_template', $path, $return_instead_of_echo, $extract_these, $template_file);
if (!file_exists($template_file)) {
error_log("TFA: template not found: $template_file (from $path)");
echo __('Error:', 'all-in-one-wp-security-and-firewall').' '.__('Template path not found:', 'all-in-one-wp-security-and-firewall')." (".htmlspecialchars($path).")";
} else {
extract($extract_these);
// The following are useful variables which can be used in the template.
// They appear as unused, but may be used in the $template_file.
$wpdb = $GLOBALS['wpdb'];// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wpdb might be used in the included template
$simba_tfa = $this;// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wp_optimize might be used in the included template
$totp_controller = $this->get_controller('totp');// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wp_optimize might be used in the included template
include $template_file;
}
do_action('simbatfa_after_template', $path, $return_instead_of_echo, $extract_these, $template_file);
if ($return_instead_of_echo) return ob_get_clean();
}
/**
* Make sure that self::$frontend is the instance of Simba_TFA_Frontend, and return it
*
* @return Simba_TFA_Frontend
*/
public function load_frontend() {
if (!class_exists('Simba_TFA_Frontend')) require_once($this->includes_dir().'/tfa_frontend.php');
if (empty($this->frontend)) $this->frontend = new Simba_TFA_Frontend($this);
return $this->frontend;
}
// __return_empty_string() does not exist until WP 3.7
public function shortcode_when_not_logged_in() {
return '';
}
/**
* Set authentication slug.
*
* @param String $authentication_slug - Authentication slug. Verify that two-factor authentication should not be repeated for the same slug.
*/
public function set_authentication_slug($authentication_slug) {
$this->authentication_slug = $authentication_slug;
}
}
Fatal error: Uncaught Error: Class 'Simba_Two_Factor_Authentication_1' not found in /var/www/html/dportilho.com.br/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-two-factor-login.php:11
Stack trace:
#0 /var/www/html/dportilho.com.br/web/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php(221): include_once()
#1 /var/www/html/dportilho.com.br/web/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php(85): AIO_WP_Security->includes()
#2 /var/www/html/dportilho.com.br/web/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php(684): AIO_WP_Security->__construct()
#3 /var/www/html/dportilho.com.br/web/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security.php(54): require_once('/var/www/html/d...')
#4 /var/www/html/dportilho.com.br/web/wp-settings.php(526): include_once('/var/www/html/d...')
#5 /var/www/html/dportilho.com.br/web/wp-config.php(126): require_once('/var/www/html/d...')
#6 /var/www/html/dportilho.com.br/we in /var/www/html/dportilho.com.br/web/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-two-factor-login.php on line 11