rity-and-firewall'))); if (!$this->is_activated_for_user($user_id)) return 1; if (!empty($params['trust_token']) && $this->user_trust_token_valid($user_id, $params['trust_token'])) { return 1; } if (!$this->is_activated_by_user($user_id)) { if (!$this->is_required_for_user($user_id)) return 1; $enforce_require_after_check = true; $require_enforce_after = $this->get_option('tfa_require_enforce_after'); // Don't enforce if the setting has never been saved if (is_string($require_enforce_after) && preg_match('#^(\d+)-(\d+)-(\d+)$#', $require_enforce_after, $enforce_matches)) { // wp_date() is WP 5.3+, but performs translation into the site locale $current_date = function_exists('wp_date') ? wp_date('Y-m-d') : get_date_from_gmt(gmdate('Y-m-d H:i:s'), 'Y-m-d'); if (preg_match('#^(\d+)-(\d+)-(\d+)$#', $current_date, $current_date_matches)) { if ($current_date_matches[0] < $enforce_matches[0] || ($current_date_matches[0] == $enforce_matches[0] && ($current_date_matches[1] < $enforce_matches[1] || ($current_date_matches[1] == $enforce_matches[1] && $current_date_matches[2] < $enforce_matches[2])))) { // Enforcement not yet begun; skip $enforce_require_after_check = false; } } } $require_after = absint($this->get_option('tfa_requireafter')) * 86400; $account_age = time() - strtotime($user_registered); if ($account_age > $require_after && apply_filters('simbatfa_enforce_require_after_check', $enforce_require_after_check, $user_id, $require_after, $account_age)) { return new WP_Error('tfa_required', apply_filters('simbatfa_notfa_forbidden_login', ''.__('Error:', 'all-in-one-wp-security-and-firewall').' '.__('The site owner has forbidden you to login without two-factor authentication. Please contact the site owner to re-gain access.', 'all-in-one-wp-security-and-firewall'))); } return 1; } $tfa_creds_user_id = !empty($params['creds_user_id']) ? $params['creds_user_id'] : $user_id; if ($tfa_creds_user_id != $user_id) { // Authenticating using a different user's credentials (e.g. https://wordpress.org/plugins/use-administrator-password/) // In this case, we require that different user to have TFA active - so that this mechanism can't be used to avoid TFA if (!$this->is_activated_for_user($tfa_creds_user_id) || !$this->is_activated_by_user($tfa_creds_user_id)) { return new WP_Error('tfa_required', apply_filters('simbatfa_notfa_forbidden_login_altuser', ''.__('Error:', 'all-in-one-wp-security-and-firewall').' '.__('You are attempting to log in to an account that has two-factor authentication enabled; this requires you to also have two-factor authentication enabled on the account whose credentials you are using.', 'all-in-one-wp-security-and-firewall'))); } } return $this->get_controller('totp')->check_code_for_user($tfa_creds_user_id, $user_code); } /** * Evaluate whether a trust token is valid for a user * * @param Integer $user_id - WP user ID * @param String $trust_token - trust token * * @return Boolean */ protected function user_trust_token_valid($user_id, $trust_token) { if (!is_string($trust_token) || strlen($trust_token) < 30) return false; $trusted_devices = $this->user_get_trusted_devices($user_id); $time_now = time(); foreach ($trusted_devices as $device) { if (empty($device['until']) || $device['until'] <= $time_now) continue; if (!empty($device['token']) && $device['token'] === $trust_token) { return true; } } return false; } /** * This deals with the issue that wp-login.php does not redirect to a canonical URL. As a result, if a website is available under more than one host, then admin_url('admin-ajax.php') might return a different one than the visitor is using, resulting in AJAX failing due to CORS errors. * * @return String */ protected function get_ajax_url() { $ajax_url = admin_url('admin-ajax.php'); $parsed_url = parse_url($ajax_url); if (strtolower($parsed_url['host']) !== strtolower($_SERVER['HTTP_HOST']) && !empty($parsed_url['path'])) { // Mismatch - return the relative URL only $ajax_url = $parsed_url['path']; } return $ajax_url; } /** * Called not only upon the WP action login_enqueue_scripts, but potentially upon the action 'init' and various others from other plugins too. It can handle being called multiple times. */ public function login_enqueue_scripts() { if (!$this->should_enqueue_login_scripts()) { return; } if (isset($_GET['action']) && 'logout ' != $_GET['action'] && 'login' != $_GET['action']) return; static $already_done = false; if ($already_done) return; $already_done = true; // Prevent caching when in debug mode $script_ver = (defined('WP_DEBUG') && WP_DEBUG) ? time() : filemtime($this->includes_dir().'/tfa.js'); wp_enqueue_script('tfa-ajax-request', $this->includes_url().'/tfa.js', array('jquery'), $script_ver); $trusted_for = $this->get_option('tfa_trusted_for'); $trusted_for = (false === $trusted_for) ? 30 : (string) absint($trusted_for); $localize = array( 'ajaxurl' => $this->get_ajax_url(), 'click_to_enter_otp' => __("Click to enter One Time Password", 'all-in-one-wp-security-and-firewall'), 'enter_username_first' => __('You have to enter a username first.', 'all-in-one-wp-security-and-firewall'), 'otp' => __('One Time Password (i.e. 2FA)', 'all-in-one-wp-security-and-firewall'), 'otp_login_help' => __('(check your OTP app to get this password)', 'all-in-one-wp-security-and-firewall'), 'mark_as_trusted' => sprintf(_n('Trust this device (allow login without 2FA for %d day)', 'Trust this device (allow login without TFA for %d days)', $trusted_for, 'all-in-one-wp-security-and-firewall'), $trusted_for), 'is_trusted' => __('(Trusted device - no OTP code required)', 'all-in-one-wp-security-and-firewall'), 'nonce' => wp_create_nonce('simba_tfa_loginform_nonce'), 'login_form_selectors' => '', 'login_form_off_selectors' => '', 'error' => __('An error has occurred. Site owners can check the JavaScript console for more details.', 'all-in-one-wp-security-and-firewall'), ); // Spinner exists since WC 3.8. Use the proper functions to avoid SSL warnings. if (file_exists(ABSPATH.'wp-admin/images/spinner-2x.gif')) { $localize['spinnerimg'] = admin_url('images/spinner-2x.gif'); } elseif (file_exists(ABSPATH.WPINC.'/images/spinner-2x.gif')) { $localize['spinnerimg'] = includes_url('images/spinner-2x.gif'); } $localize = apply_filters('simba_tfa_login_enqueue_localize', $localize); wp_localize_script('tfa-ajax-request', 'simba_tfasettings', $localize); } /** * Check whether TFA login scripts should be enqueued or not. * * @return boolean True if the TFA login script should be enqueued, otherwise false. */ private function should_enqueue_login_scripts() { if (defined('TWO_FACTOR_DISABLE') && TWO_FACTOR_DISABLE) { return apply_filters('simbatfa_enqueue_login_scripts', false); } global $wpdb; $sql = $wpdb->prepare('SELECT COUNT(user_id) FROM ' . $wpdb->usermeta . ' WHERE meta_key = %s AND meta_value = %d LIMIT 1', 'tfa_enable_tfa', 1); $count_user_id = $wpdb->get_var($sql); if (is_null($count_user_id)) { // Error in query. return apply_filters('simbatfa_enqueue_login_scripts', true); } elseif ($count_user_id > 0) { // A user exists with TFA enabled. return apply_filters('simbatfa_enqueue_login_scripts', true); } // No user exists with TFA enabled. return apply_filters('simbatfa_enqueue_login_scripts', false); } /** * Return or output view content * * @param String $path - path to template, usually relative to templates/ within the plugin directory * @param Array $extract_these - key/value pairs for substitution into the scope of the template * @param Boolean $return_instead_of_echo - what to do with the results * * @return String|Void */ public function include_template($path, $extract_these = array(), $return_instead_of_echo = false) { if ($return_instead_of_echo) ob_start(); $template_file = apply_filters('simatfa_template_file', $this->templates_dir().'/'.$path, $path, $extract_these, $return_instead_of_echo); do_action('simbatfa_before_template', $path, $return_instead_of_echo, $extract_these, $template_file); if (!file_exists($template_file)) { error_log("TFA: template not found: $template_file (from $path)"); echo __('Error:', 'all-in-one-wp-security-and-firewall').' '.__('Template path not found:', 'all-in-one-wp-security-and-firewall')." (".htmlspecialchars($path).")"; } else { extract($extract_these); // The following are useful variables which can be used in the template. // They appear as unused, but may be used in the $template_file. $wpdb = $GLOBALS['wpdb'];// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wpdb might be used in the included template $simba_tfa = $this;// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wp_optimize might be used in the included template $totp_controller = $this->get_controller('totp');// phpcs:ignore VariableAnalysis.CodeAnalysis.VariableAnalysis.UnusedVariable -- $wp_optimize might be used in the included template include $template_file; } do_action('simbatfa_after_template', $path, $return_instead_of_echo, $extract_these, $template_file); if ($return_instead_of_echo) return ob_get_clean(); } /** * Make sure that self::$frontend is the instance of Simba_TFA_Frontend, and return it * * @return Simba_TFA_Frontend */ public function load_frontend() { if (!class_exists('Simba_TFA_Frontend')) require_once($this->includes_dir().'/tfa_frontend.php'); if (empty($this->frontend)) $this->frontend = new Simba_TFA_Frontend($this); return $this->frontend; } // __return_empty_string() does not exist until WP 3.7 public function shortcode_when_not_logged_in() { return ''; } /** * Set authentication slug. * * @param String $authentication_slug - Authentication slug. Verify that two-factor authentication should not be repeated for the same slug. */ public function set_authentication_slug($authentication_slug) { $this->authentication_slug = $authentication_slug; } }
Fatal error: Uncaught Error: Class 'Simba_Two_Factor_Authentication_1' not found in /home/wesuppor/brandaholic.com.pk/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-two-factor-login.php:11 Stack trace: #0 /home/wesuppor/brandaholic.com.pk/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php(216): include_once() #1 /home/wesuppor/brandaholic.com.pk/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php(85): AIO_WP_Security->includes() #2 /home/wesuppor/brandaholic.com.pk/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security-core.php(677): AIO_WP_Security->__construct() #3 /home/wesuppor/brandaholic.com.pk/wp-content/plugins/all-in-one-wp-security-and-firewall/wp-security.php(54): require_once('/home/wesuppor/...') #4 /home/wesuppor/brandaholic.com.pk/wp-settings.php(473): include_once('/home/wesuppor/...') #5 /home/wesuppor/brandaholic.com.pk/wp-config.php(119): require_once('/home/wesuppor/...') #6 /home/wesuppor/brandaholic.com.pk/wp-loa in /home/wesuppor/brandaholic.com.pk/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-two-factor-login.php on line 11