menu_tools_twoFactor.php — Wordfence Security – Firewall, Malware Scan, and Login Security 8.0.5

wordfence / lib / menu_tools_twoFactor.php

wordfence / lib Last commit date

menu_tools_twoFactor.php

430 lines

1	<?php
2	if (!defined('WORDFENCE_VERSION')) { exit; }
3
4	$helpLink = wfSupportController::supportURL(wfSupportController::ITEM_TOOLS_TWO_FACTOR);
5
6	if (function_exists('network_admin_url') && is_multisite()) {
7	$lsModuleURL = network_admin_url('admin.php?page=WFLS');
8	}
9	else {
10	$lsModuleURL = admin_url('admin.php?page=WFLS');
11	}
12
13	echo wfView::create('common/section-title', array(
14	'title' => __('Two-Factor Authentication', 'wordfence'),
15	'helpLink' => $helpLink,
16	'helpLabelHTML' => wp_kses(__('Learn more<span class="wf-hidden-xs"> about Two-Factor Authentication</span>', 'wordfence'), array('span'=>array('class'=>array()))),
17	))->render();
18	?>
19
20	<script type="application/javascript">
21	(function($) {
22	$(function() {
23	document.title = "<?php esc_attr_e('Two-Factor Authentication', 'wordfence'); ?>" + " \u2039 " + WFAD.basePageName;
24	});
25	})(jQuery);
26	</script>
27
28	<div id="wordfenceMode_twoFactor"></div>
29
30	<div id="wf-tools-two-factor">
31	<?php if (wfCredentialsController::useLegacy2FA()): ?>
32	<div class="wf-row">
33	<div class="wf-col-xs-12">
34	<div id="wordfenceTwoFactorLegacy">
35	<p><strong><?php esc_html_e('2FA Mode: Legacy', 'wordfence') ?>.</strong> <?php esc_html_e('Two-factor authentication is using legacy support, which enables SMS-based codes but is less compatible. An improved interface and use by non-administrators is available by activating the new login security module.', 'wordfence'); ?></p>
36	<p><a id="wf-migrate2fanew-start" class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" role="button"><?php esc_html_e('Switch to New 2FA', 'wordfence'); ?></a></p>
37	</div>
38	</div>
39	</div>
40	<?php if (!wfConfig::get('isPaid')): ?>
41	<div class="wf-premium-callout wf-add-bottom">
42	<h3><?php esc_html_e("Take Login Security to the next level with Two-Factor Authentication", 'wordfence') ?></h3>
43	<p><?php echo wp_kses(__('Used by banks, government agencies, and military worldwide, two-factor authentication is one of the most secure forms of remote system authentication available. With it enabled, an attacker needs to know your username, password, <em>and</em> have control of your phone to log into your site. Upgrade to Premium now to enable this powerful feature.', 'wordfence'), array('em'=>array())) ?></p>
44
45	<p class="wf-nowrap">
46	<img id="wf-two-factor-img1" src="<?php echo wfUtils::getBaseURL() . 'images/2fa1.svg' ?>" alt="">
47	<img id="wf-two-factor-img2" src="<?php echo wfUtils::getBaseURL() . 'images/2fa2.svg' ?>" alt="">
48	</p>
49
50	<p class="center">
51	<a class="wf-btn wf-btn-primary wf-btn-callout" href="https://www.wordfence.com/gnl1twoFac1/wordfence-signup/" target="_blank" rel="noopener noreferrer"><?php esc_html_e('Upgrade to Premium', 'wordfence') ?><span class="screen-reader-text"> (<?php esc_html_e('opens in new tab', 'wordfence') ?>)</span></a>
52	</p>
53	</div>
54
55	<?php else: ?>
56	<div class="wf-row">
57	<div class="wf-col-xs-12 wf-flex-row">
58	<div class="wf-flex-row-1">
59	<p><?php echo wp_kses(__('With Two-Factor Authentication enabled, an attacker needs to know your username, password <em>and</em> have control of your phone to log in to your site. We recommend you enable Two-Factor Authentication for all Administrator level accounts.', 'wordfence'), array('em'=>array())) ?></p>
60	</div>
61	<div class="wf-flex-row-0 wf-padding-add-left">
62	<?php
63	echo wfView::create('options/block-controls', array(
64	'suppressLogo' => true,
65	'restoreDefaultsSection' => wfConfig::OPTIONS_TYPE_TWO_FACTOR,
66	'restoreDefaultsMessage' => __('Are you sure you want to restore the default Two-Factor Authentication settings? This will undo any custom changes you have made to the options on this page. If you have configured any users to use two-factor authentication, they will not be changed.', 'wordfence'),
67	))->render();
68	?>
69	</div>
70	</div>
71	</div>
72
73	<div class="wf-row">
74	<div class="wf-col-xs-12">
75	<div class="wf-block wf-active">
76	<?php if (!wfConfig::get('loginSecurityEnabled')): ?>
77	<ul class="wf-block-banner">
78	<li><?php echo wp_kses(__('<strong>Note:</strong> Two-Factor Authentication is disabled when the option "Enable Brute Force Protection" is off.', 'wordfence'), array('strong'=>array())); ?></li>
79	<li><a href="#" class="wf-btn wf-btn-default" id="wf-2fa-enable" role="button"><?php esc_html_e('Turn On', 'wordfence'); ?></a></li>
80	</ul>
81	<?php endif; ?>
82	<div class="wf-block-header">
83	<div class="wf-block-header-content">
84	<div class="wf-block-title">
85	<strong><?php esc_html_e('Enable Two-Factor Authentication', 'wordfence') ?></strong>
86	</div>
87	</div>
88	</div>
89	<div class="wf-block-content">
90	<ul class="wf-block-list">
91	<li>
92	<ul class="wf-form-field">
93	<li style="width: 450px;" class="wf-option-text">
94	<input placeholder="<?php echo esc_attr(__('Enter username to enable Two-Factor Authentication for', 'wordfence')) ?>" type="text" id="wfUsername" class="wf-form-control" value="">
95	</li>
96	</ul>
97	</li>
98	<li>
99	<ul class="wf-form-field">
100	<li>
101	<input class="wf-option-radio" type="radio" name="wf2faMode" id="wf2faMode-authenticator" value="authenticator" checked>
102	<label for="wf2faMode-authenticator">  </label>
103	</li>
104	<li class="wf-option-title"><?php esc_html_e('Use authenticator app', 'wordfence') ?></li>
105	</ul>
106	</li>
107	<li>
108	<ul class="wf-form-field">
109	<li>
110	<input class="wf-option-radio" type="radio" name="wf2faMode" id="wf2faMode-phone" value="phone">
111	<label for="wf2faMode-phone">  </label>
112	</li>
113	<li class="wf-option-title"><?php esc_html_e('Send code to a phone number:', 'wordfence') ?>  </li>
114	<li class="wf-option-text">
115	<input class="wf-form-control" type="text" value="" id="wfPhone" placeholder="<?php echo esc_attr(__('+1 (000) 000 0000', 'wordfence')) ?>">
116	</li>
117	</ul>
118
119	</li>
120	<li>
121	<p>
122	<input type="button" class="wf-btn wf-btn-primary pull-right" value="Enable User" onclick="WFAD.addTwoFactor(jQuery('#wfUsername').val(), jQuery('#wfPhone').val(), jQuery('input[name=wf2faMode]:checked').val());">
123	</p>
124	</li>
125
126	</ul>
127
128	</div>
129	</div>
130	</div>
131	</div>
132	<div class="wf-row">
133	<div class="wf-col-xs-12">
134	<h2><?php esc_html_e('Two-Factor Authentication Users', 'wordfence') ?></h2>
135
136	<div id="wfTwoFacUsers"></div>
137	</div>
138	</div>
139	<?php
140	echo wfView::create('tools/options-group-2fa', array(
141	'stateKey' => 'wf-2fa-options',
142	))->render();
143	?>
144
145	<script type="text/javascript">
146	jQuery('.twoFactorOption').on('click', function() {
147	WFAD.updateConfig(jQuery(this).attr('name'), jQuery(this).is(':checked') ? 1 : 0, function() {
148
149	});
150	});
151
152	jQuery('input[name=wf2faMode]').on('change', function() {
153	var selectedMode = jQuery('input[name=wf2faMode]:checked').val();
154	jQuery('#wfPhone').prop('disabled', selectedMode != 'phone');
155	}).triggerHandler('change');
156
157	(function($) {
158	$(function() {
159	$('#wf-2fa-enable').on('click', function(e) {
160	e.preventDefault();
161	e.stopPropagation();
162
163	WFAD.setOption('loginSecurityEnabled', 1, function() {
164	window.location.reload(true);
165	});
166	});
167	});
168	})(jQuery);
169	</script>
170
171	<script type="text/x-jquery-template" id="wfTwoFacUserTmpl">
172	<table class="wf-striped-table wf-table-twofactor">
173	<thead>
174	<tr>
175	<th><?php esc_html_e('User', 'wordfence') ?></th>
176	<th><?php esc_html_e('Mode', 'wordfence') ?></th>
177	<th><?php esc_html_e('Status', 'wordfence') ?></th>
178	<th class="wf-center"><?php esc_html_e('Delete', 'wordfence') ?></th>
179	</tr>
180	</thead>
181	<tbody>
182	{{each(idx, user) users}}
183	<tr id="twoFactorUser-${user.userID}">
184	<td style="white-space: nowrap;">${user.username}</td>
185	{{if user.mode == 'phone'}}
186	<td style="white-space: nowrap;"><?php echo esc_html(sprintf(/* translators: Phone number. */ __('Phone (%s)', 'wordfence'), '${user.phone}')) ?></td>
187	{{else}}
188	<td style="white-space: nowrap;"><?php esc_html_e('Authenticator', 'wordfence') ?></td>
189	{{/if}}
190	<td style="white-space: nowrap;">
191	{{if user.status == 'activated'}}
192	<span style="color: #0A0;"><?php esc_html_e('Cellphone Sign-in Enabled', 'wordfence') ?></span>
193	{{else}}
194	<div class="wf-form-inline">
195	<div class="wf-form-group">
196	<label class="wf-plain wf-hidden-xs" style="margin: 0;" for="wfActivate-${user.userID}"><?php esc_html_e('Enter activation code:', 'wordfence') ?></label>
197	<input class="wf-form-control" type="text" id="wfActivate-${user.userID}" size="6" placeholder="<?php esc_attr_e('Code', 'wordfence') ?>">
198	</div>
199	<input class="wf-btn wf-btn-default" type="button" value="<?php esc_attr_e('Activate', 'wordfence') ?>" onclick="WFAD.twoFacActivate('${user.userID}', jQuery('#wfActivate-${user.userID}').val());">
200	</div>
201	{{/if}}
202	</td>
203	<td style="white-space: nowrap; text-align: center;" class="wf-twofactor-delete">
204	<a href="#" onclick="WFAD.delTwoFac('${user.userID}'); return false;" role="button"><i class="wf-ion-ios-trash-outline"></i></a>
205	</td>
206	</tr>
207	{{/each}}
208	{{if (users.length == 0)}}
209	<tr id="twoFactorUser-none">
210	<td colspan="4"><?php esc_html_e('No users currently have cellphone sign-in enabled.', 'wordfence') ?></td>
211	</tr>
212	{{/if}}
213	</tbody>
214	</table>
215	</script>
216	<?php endif; ?>
217	<?php else: ?>
218	<div class="wf-row">
219	<div class="wf-col-xs-12">
220	<div id="wordfenceTwoFactorModern">
221	<p><strong><?php esc_html_e('2FA Mode: Normal', 'wordfence') ?>.</strong> <?php esc_html_e('Legacy support for SMS-based two-factor authentication is being phased out, as it is less secure than using a modern authenticator app.', 'wordfence') ?></p>
222	<p><?php esc_html_e('If you have a conflict with the new 2FA method, you can temporarily switch back to the Legacy version.', 'wordfence'); ?></p>
223	<p><a id="wf-migrate2faold-start" class="wf-btn wf-btn-default wf-btn-sm wf-dismiss-link" href="#" role="button"><?php esc_html_e('Revert to Legacy 2FA', 'wordfence'); ?></a></p>
224	</div>
225	</div>
226	</div>
227	<?php endif; ?>
228	</div>
229	<script type="text/x-jquery-template" id="wfTmpl_migrate2FANew">
230	<?php
231	echo wfView::create('common/modal-prompt', array(
232	'title' => __('Migrate or switch to new two-factor authentication?', 'wordfence'),
233	'message' => __('Use the buttons below to migrate to the new two-factor authentication system or switch without migration. Migration will copy all existing authenticator-based user activations over to the new system while switching will use only users already set up in the new system. Existing SMS-based two-factor authentication activations must be disabled prior to migration.', 'wordfence'),
234	'primaryButton' => array('id' => 'wf-migrate2fanew-prompt-confirm', 'label' => __('Migrate', 'wordfence'), 'link' => '#'),
235	'secondaryButtons' => array(array('id' => 'wf-migrate2fanew-prompt-switch', 'label' => __('Switch', 'wordfence'), 'link' => '#'), array('id' => 'wf-migrate2fanew-prompt-cancel', 'label' => __('Cancel', 'wordfence'), 'link' => '#')),
236	'progressIndicator' => 'wf-migrate2fanew-progress',
237	))->render();
238	?>
239	</script>
240	<script type="text/x-jquery-template" id="wfTmpl_migrate2FANewComplete">
241	<?php
242	echo wfView::create('common/modal-prompt', array(
243	'title' => __('New Two-Factor Authentication Active', 'wordfence'),
244	'message' => __('Your site is now using the new login security module and two-factor authentication. Before logging out, we recommend testing your login in a different browser or a private/incognito window. If any plugins or your theme cause conflicts with logging in, you can revert to the old 2FA method.', 'wordfence'),
245	'primaryButton' => array('id' => 'wf-migrate2fanewcomplete-prompt-navigate', 'label' => __('Go To New 2FA', 'wordfence'), 'link' => $lsModuleURL),
246	'secondaryButtons' => array(array('id' => 'wf-migrate2fanewcomplete-prompt-close', 'label' => __('Close', 'wordfence'), 'link' => '#')),
247	))->render();
248	?>
249	</script>
250	<script type="text/x-jquery-template" id="wfTmpl_migrate2FASMSActive">
251	<?php
252	echo wfView::create('common/modal-prompt', array(
253	'title' => __('Migration Cannot Proceed', 'wordfence'),
254	'message' => __('One or more users with two-factor authentication active are using SMS, which is unsupported in the new login security module. Please either deactivate two-factor authentication for those users or change them to use an authenticator app prior to migration.', 'wordfence'),
255	'primaryButton' => array('id' => 'wf-migrate2fasmsactive-prompt-close', 'label' => __('Close', 'wordfence'), 'link' => '#'),
256	))->render();
257	?>
258	</script>
259	<script type="text/x-jquery-template" id="wfTmpl_migrate2FANewFail">
260	<?php
261	echo wfView::create('common/modal-prompt', array(
262	'title' => __('Migration Failed', 'wordfence'),
263	'message' => __('Automatic migration of the 2FA-enabled accounts failed. Please verify that your server is reachable via the internet and try again.', 'wordfence'),
264	'primaryButton' => array('id' => 'wf-migrate2fanewfail-prompt-close', 'label' => __('Close', 'wordfence'), 'link' => '#'),
265	))->render();
266	?>
267	</script>
268	<script type="text/x-jquery-template" id="wfTmpl_migrate2FAOld">
269	<?php
270	echo wfView::create('common/modal-prompt', array(
271	'title' => __('Revert back to legacy two-factor authentication?', 'wordfence'),
272	'message' => __('All two-factor authentication settings and users\' codes will revert to your older settings. If any users had set up two-factor authentication after the update, they will no longer have 2FA enabled until you switch to the new version again.', 'wordfence'),
273	'primaryButton' => array('id' => 'wf-migrate2faold-prompt-cancel', 'label' => __('Cancel', 'wordfence'), 'link' => '#'),
274	'secondaryButtons' => array(array('id' => 'wf-migrate2faold-prompt-switch', 'label' => __('Revert', 'wordfence'), 'link' => '#')),
275	'progressIndicator' => 'wf-migrate2faold-progress',
276	))->render();
277	?>
278	</script>
279	<script type="text/x-jquery-template" id="wfTmpl_migrate2FAOldComplete">
280	<?php
281	echo wfView::create('common/modal-prompt', array(
282	'title' => __('Legacy Two-Factor Authentication Active', 'wordfence'),
283	'message' => __('Your site is now using the legacy two-factor authentication system.', 'wordfence'),
284	'primaryButton' => array('id' => 'wf-migrate2faoldcomplete-prompt-close', 'label' => __('Close', 'wordfence'), 'link' => '#'),
285	))->render();
286	?>
287	</script>
288	<script type="application/javascript">
289	(function($) {
290	$(function() {
291	$('#wf-migrate2fanew-start').on('click', function(e) {
292	e.preventDefault();
293	e.stopPropagation();
294
295	var prompt = $('#wfTmpl_migrate2FANew').tmpl();
296	var promptHTML = $("<div />").append(prompt).html();
297	WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '500px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
298	$('#wf-migrate2fanew-prompt-cancel').on('click', function(e) {
299	e.preventDefault();
300	e.stopPropagation();
301
302	WFAD.colorboxClose();
303	});
304
305	$('#wf-migrate2fanew-prompt-switch').on('click', function(e) {
306	e.preventDefault();
307	e.stopPropagation();
308
309	$('#wf-migrate2fanew-progress').show();
310	$('#wf-migrate2fanew-prompt-cancel, #wf-migrate2fanew-prompt-confirm').addClass('wf-disabled');
311
312	WFAD.ajax('wordfence_switchTo2FANew', {migrate: false}, function(res) {
313	var prompt = $('#wfTmpl_migrate2FANewComplete').tmpl();
314	var promptHTML = $("<div />").append(prompt).html();
315	WFAD.colorboxClose();
316	setTimeout(function() {
317	WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '500px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
318	$('#wf-migrate2fanewcomplete-prompt-close').on('click', function(e) {
319	e.preventDefault();
320	e.stopPropagation();
321
322	window.location.reload();
323	WFAD.colorboxClose();
324	});
325	}});
326	}, 500);
327	});
328	});
329
330	$('#wf-migrate2fanew-prompt-confirm').on('click', function(e) {
331	e.preventDefault();
332	e.stopPropagation();
333
334	$('#wf-migrate2fanew-progress').show();
335	$('#wf-migrate2fanew-prompt-cancel, #wf-migrate2fanew-prompt-confirm').addClass('wf-disabled');
336
337	WFAD.ajax('wordfence_switchTo2FANew', {migrate: true}, function(res) {
338	if (res.ok) {
339	var prompt = $('#wfTmpl_migrate2FANewComplete').tmpl(res);
340	var promptHTML = $("<div />").append(prompt).html();
341	WFAD.colorboxClose();
342	setTimeout(function() {
343	WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '500px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
344	$('#wf-migrate2fanewcomplete-prompt-close').on('click', function(e) {
345	e.preventDefault();
346	e.stopPropagation();
347
348	WFAD.colorboxClose();
349	});
350	}});
351	}, 500);
352	}
353	else if (res.smsActive) {
354	var prompt = $('#wfTmpl_migrate2FASMSActive').tmpl();
355	var promptHTML = $("<div />").append(prompt).html();
356	WFAD.colorboxClose();
357	setTimeout(function() {
358	WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '500px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
359	$('#wf-migrate2fasmsactive-prompt-close').on('click', function(e) {
360	e.preventDefault();
361	e.stopPropagation();
362
363	WFAD.colorboxClose();
364	});
365	}});
366	}, 500);
367	}
368	else {
369	var prompt = $('#wfTmpl_migrate2FANewFail').tmpl();
370	var promptHTML = $("<div />").append(prompt).html();
371	WFAD.colorboxClose();
372	setTimeout(function() {
373	WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '500px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
374	$('#wf-migrate2fanewfail-prompt-close').on('click', function(e) {
375	e.preventDefault();
376	e.stopPropagation();
377
378	WFAD.colorboxClose();
379	});
380	}});
381	}, 500);
382	}
383	});
384	});
385	}});
386	});
387
388	$('#wf-migrate2faold-start').on('click', function(e) {
389	e.preventDefault();
390	e.stopPropagation();
391
392	var prompt = $('#wfTmpl_migrate2FAOld').tmpl();
393	var promptHTML = $("<div />").append(prompt).html();
394	WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '500px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
395	$('#wf-migrate2faold-prompt-cancel').on('click', function(e) {
396	e.preventDefault();
397	e.stopPropagation();
398
399	WFAD.colorboxClose();
400	});
401
402	$('#wf-migrate2faold-prompt-switch').on('click', function(e) {
403	e.preventDefault();
404	e.stopPropagation();
405
406	$('#wf-migrate2faold-progress').show();
407	$('#wf-migrate2faold-prompt-cancel, #wf-migrate2faold-prompt-switch').addClass('wf-disabled');
408
409	WFAD.ajax('wordfence_switchTo2FAOld', {migrate: false}, function(res) {
410	var prompt = $('#wfTmpl_migrate2FAOldComplete').tmpl();
411	var promptHTML = $("<div />").append(prompt).html();
412	WFAD.colorboxClose();
413	setTimeout(function() {
414	WFAD.colorboxHTML((WFAD.isSmallScreen ? '300px' : '500px'), promptHTML, {overlayClose: false, closeButton: false, className: 'wf-modal', onComplete: function() {
415	$('#wf-migrate2faoldcomplete-prompt-close').on('click', function(e) {
416	e.preventDefault();
417	e.stopPropagation();
418
419	window.location.reload();
420	WFAD.colorboxClose();
421	});
422	}});
423	}, 500);
424	});
425	});
426	}});
427	});
428	});
429	})(jQuery);
430	</script>