Changeset 3247763
- Timestamp:
- 02/27/2025 10:29:30 AM (13 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
two-step-factor-by-se/trunk/class-two-step-factor-core.php
r3247588 r3247763 43 43 self::destroy_current_session_for_user( $user ); 44 44 wp_clear_auth_cookie(); 45 self::show_twoStB_factor_login( $user ); 45 $login_nonce = wp_create_nonce('two_stb_factor_login_action'); 46 self::show_twoStB_factor_login( $user, $login_nonce ); 46 47 exit; 47 48 } … … 359 360 } 360 361 361 public static function show_twoStB_factor_login( $user ) {362 public static function show_twoStB_factor_login( $user, $nonce_req ) { 362 363 if ( ! $user ) { 363 364 $user = wp_get_current_user(); 364 365 } 365 366 366 if ( isset( $ _REQUEST['_wpnonce']) ) {367 if ( isset( $nonce_req ) && !empty($nonce_req) ) { 367 368 // Remove slashes and sanitize the nonce value 368 $nonce = sanitize_text_field( wp_unslash( $ _REQUEST['_wpnonce']) );369 $nonce = sanitize_text_field( wp_unslash( $nonce_req ) ); 369 370 if ( ! wp_verify_nonce( $nonce, 'two_stb_factor_login_action' ) ) { 370 371 wp_die( esc_html__( 'Nonce verification failed.', 'two-step-factor-by-se' ) ); … … 373 374 $login_nonce = wp_create_nonce('wp-auth-nonce'); 374 375 if ( ! $login_nonce ) { 375 wp_die( esc_html__( 'Failed to create a login nonce.', 'two-step-factor-by-se' ) );376 wp_die( esc_html__( 'Failed to create a login nonce.', 'two-step-factor-by-se' ) ); 376 377 } 377 378 … … 454 455 } 455 456 } 456 public static function rememberme( ) {457 public static function rememberme( $login_nonce ) { 457 458 $rememberme = false; 458 459 459 if ( isset( $ _REQUEST['_wpnonce']) ) {460 if ( isset( $login_nonce ) && !empty($login_nonce) ) { 460 461 // Remove slashes and sanitize the nonce value 461 $nonce = sanitize_text_field( wp_unslash( $ _REQUEST['_wpnonce']) );462 if ( ! wp_verify_nonce( $nonce, ' two_stb_factor_login_action' ) ) {462 $nonce = sanitize_text_field( wp_unslash( $login_nonce ) ); 463 if ( ! wp_verify_nonce( $nonce, 'wp-auth-nonce' ) ) { 463 464 wp_die( esc_html__( 'Nonce verification failed.', 'two-step-factor-by-se' ) ); 464 465 } … … 489 490 $interim_login = isset( $_REQUEST['interim-login'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended 490 491 491 $rememberme = intval( self::rememberme( ) );492 $rememberme = intval( self::rememberme( $login_nonce ) ); 492 493 493 494 add_filter( 'login_display_language_dropdown', '__return_false' ); … … 596 597 opacity: 0.5; 597 598 } 599 #login_error{ 600 border: 1px solid #ff0000; 601 padding: 10px; 602 color: #ff0000; 603 background: #fff; 604 text-align: center; 605 } 598 606 </style> 599 607 <script> … … 610 618 function() { 611 619 let value = this.value.replace(/\s/g, ''); 612 613 620 if ( ! spaceInserted && expectedLength && value.length === Math.floor( expectedLength / 2 ) ) { 614 621 value += ' '; … … 619 626 620 627 this.value = value; 621 console.log(value);622 628 // Auto-submit if it's the expected length. 623 629 if ( expectedLength && value.replace( / /g, '' ).length == expectedLength ) { 624 630 if ( undefined !== form.requestSubmit ) { 625 form.requestSubmit();626 form.submit.disabled = "disabled";631 //form.requestSubmit(); 632 //form.submit.disabled = "disabled"; 627 633 } 628 634 } … … 702 708 } 703 709 $error_message = 'Code is invalid.'; 704 self::login_html( $user, $login_nonce, $redirect_to, $ _POST, $error_message );710 self::login_html( $user, $login_nonce, $redirect_to, $error_message ); 705 711 exit; 706 712 }else{
Note: See TracChangeset
for help on using the changeset viewer.