Changeset 3424529
- Timestamp:
- 12/21/2025 08:57:56 AM (3 months ago)
- Location:
- alpha-sms
- Files:
-
- 40 added
- 1 deleted
- 7 edited
-
tags/1.0.15 (added)
-
tags/1.0.15/LICENSE.txt (added)
-
tags/1.0.15/README.txt (added)
-
tags/1.0.15/admin (added)
-
tags/1.0.15/admin/class-alpha_sms-admin.php (added)
-
tags/1.0.15/admin/css (added)
-
tags/1.0.15/admin/css/alpha_sms-admin.css (added)
-
tags/1.0.15/admin/index.php (added)
-
tags/1.0.15/admin/js (added)
-
tags/1.0.15/admin/js/alpha_sms-admin.js (added)
-
tags/1.0.15/admin/partials (added)
-
tags/1.0.15/admin/partials/alpha_sms-admin-display_campaign.php (added)
-
tags/1.0.15/admin/partials/alpha_sms-admin-display_settings.php (added)
-
tags/1.0.15/alpha_sms.php (added)
-
tags/1.0.15/includes (added)
-
tags/1.0.15/includes/class-alpha_sms-activator.php (added)
-
tags/1.0.15/includes/class-alpha_sms-background.php (added)
-
tags/1.0.15/includes/class-alpha_sms-deactivator.php (added)
-
tags/1.0.15/includes/class-alpha_sms-i18n.php (added)
-
tags/1.0.15/includes/class-alpha_sms-loader.php (added)
-
tags/1.0.15/includes/class-alpha_sms.php (added)
-
tags/1.0.15/includes/index.php (added)
-
tags/1.0.15/includes/sms.class.php (added)
-
tags/1.0.15/index.php (added)
-
tags/1.0.15/languages (added)
-
tags/1.0.15/languages/alpha_sms.pot (added)
-
tags/1.0.15/public (added)
-
tags/1.0.15/public/class-alpha_sms-public.php (added)
-
tags/1.0.15/public/css (added)
-
tags/1.0.15/public/css/alpha_sms-public.css (added)
-
tags/1.0.15/public/css/otp-login-form.css (added)
-
tags/1.0.15/public/index.php (added)
-
tags/1.0.15/public/js (added)
-
tags/1.0.15/public/js/alpha_sms-public.js (added)
-
tags/1.0.15/public/js/otp-login-form.js (added)
-
tags/1.0.15/public/partials (added)
-
tags/1.0.15/public/partials/add-otp-checkout-form.php (added)
-
tags/1.0.15/public/partials/add-otp-on-login-form.php (added)
-
tags/1.0.15/public/partials/add-otp-on-wc-reg-form.php (added)
-
tags/1.0.15/uninstall.php (added)
-
trunk/README.txt (modified) (2 diffs)
-
trunk/admin/class-alpha_sms-admin.php (modified) (2 diffs)
-
trunk/admin/partials/alpha_sms-admin-display_settings.php (modified) (3 diffs)
-
trunk/alpha_sms.php (modified) (2 diffs)
-
trunk/assets (deleted)
-
trunk/includes/class-alpha_sms.php (modified) (1 diff)
-
trunk/public/class-alpha_sms-public.php (modified) (19 diffs)
-
trunk/public/js/alpha_sms-public.js (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
alpha-sms/trunk/README.txt
r3415282 r3424529 5 5 Tested up to: 6.9 6 6 Requires PHP: 5.6 7 Stable tag: 1.0.1 47 Stable tag: 1.0.15 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 14 14 15 15 = Overview = 16 Alpha SMS makes it easy to add SMS-based two-factor authentication and transactional notifications to your WordPress site. Replace unreliable email-based logins with one-time passwords, confirm customer phone numbers during registration, and keep shoppers updated with automated WooCommerce order status messages .16 Alpha SMS makes it easy to add SMS-based two-factor authentication and transactional notifications to your WordPress site. Replace unreliable email-based logins with one-time passwords, confirm customer phone numbers during registration, and keep shoppers updated with automated WooCommerce order status messages that are verified in order notes. 17 17 18 18 = Key Features = -
alpha-sms/trunk/admin/class-alpha_sms-admin.php
r3415282 r3424529 282 282 if (!$this->checkAPI($options['api_key'])) { 283 283 284 $options['order_status'] = 285 $options['wp_reg'] = 284 $options['wp_reg'] = 286 285 $options['wp_login'] = 287 286 $options['wc_reg'] = … … 296 295 $options['order_status_failed'] = 297 296 $options['order_status_admin'] = 0; 297 298 $options['api_key'] = ''; 298 299 299 300 add_settings_error( -
alpha-sms/trunk/admin/partials/alpha_sms-admin-display_settings.php
r3415322 r3424529 145 145 </th> 146 146 <td> 147 <input id="<?php echo esc_attr($this->plugin_name . '-api_key'); ?>" name="<?php echo esc_attr($this->plugin_name . '[api_key]'); ?>" type="text" size="55" placeholder="Enter API Key" value="<?php if (!empty($alpha_sms_api_key)) { 148 echo esc_attr($alpha_sms_api_key); 149 } ?>" /> 147 <input id="<?php echo esc_attr($this->plugin_name . '-api_key'); ?>" name="<?php echo esc_attr($this->plugin_name . '[api_key]'); ?>" type="text" size="55" placeholder="Enter API Key" value="<?php if (!empty($alpha_sms_api_key)) { echo esc_attr($alpha_sms_api_key); } ?>" /> 150 148 </td> 151 149 </tr> … … 235 233 236 234 <li> 237 <input class="alpha-collapse" type="checkbox" id="<?php echo esc_attr($this->plugin_name . '-order_status_admin'); ?>" name="<?php echo esc_attr($this->plugin_name . '[order_status_admin]'); ?>" <?php checked( 238 $alpha_sms_order_status_admin, 239 1 240 ); ?> /> 235 <input class="alpha-collapse" type="checkbox" id="<?php echo esc_attr($this->plugin_name . '-order_status_admin'); ?>" name="<?php echo esc_attr($this->plugin_name . '[order_status_admin]'); ?>" <?php checked($alpha_sms_order_status_admin, 1); ?> /> 241 236 <label for="<?php echo esc_attr($this->plugin_name . '-order_status_admin'); ?>"> 242 237 <span class="toggle_btn"></span> … … 254 249 </label> 255 250 </h4> 256 <input id="<?php echo esc_attr($this->plugin_name . '-admin_phones'); ?>" name="<?php echo esc_attr($this->plugin_name . '[admin_phones]'); ?>" type="text" size="82" class="mb-2" value="<?php echo esc_attr($alpha_sms_admin_phones ); ?>" />251 <input id="<?php echo esc_attr($this->plugin_name . '-admin_phones'); ?>" name="<?php echo esc_attr($this->plugin_name . '[admin_phones]'); ?>" type="text" size="82" class="mb-2" value="<?php echo esc_attr($alpha_sms_admin_phones, 'alpha-sms'); ?>" /> 257 252 <span class="my-2 d-block sms_tokens"><span>[store_name]</span> | 258 253 <span>[billing_first_name]</span> | -
alpha-sms/trunk/alpha_sms.php
r3415282 r3424529 17 17 * Plugin URI: https://sms.net.bd/plugins/wordpress 18 18 * Description: WP 2FA Login. SMS OTP Verification for Registration and Login forms, WooCommerce SMS Notification for your shop orders. 19 * Version: 1.0.1 419 * Version: 1.0.15 20 20 * Author: Alpha Net 21 21 * Author URI: https://sms.net.bd/ … … 36 36 * Rename this for your plugin and update it as you release new versions. 37 37 */ 38 define('ALPHA_SMS_VERSION', '1.0.1 4');38 define('ALPHA_SMS_VERSION', '1.0.15'); 39 39 40 40 // plugin constants -
alpha-sms/trunk/includes/class-alpha_sms.php
r3388248 r3424529 77 77 $this->version = ALPHA_SMS_VERSION; 78 78 } else { 79 $this->version = '1.0.1 3';79 $this->version = '1.0.15'; 80 80 } 81 81 $this->plugin_name = 'alpha_sms'; -
alpha-sms/trunk/public/class-alpha_sms-public.php
r3415322 r3424529 98 98 */ 99 99 100 wp_enqueue_style( 101 $this->plugin_name, 102 plugin_dir_url(__FILE__) . 'css/alpha_sms-public.css', 103 [], 104 $this->version, 105 'all' 106 ); 100 if ($this->pluginActive) { 101 wp_enqueue_style( 102 $this->plugin_name, 103 plugin_dir_url(__FILE__) . 'css/alpha_sms-public.css', 104 [], 105 $this->version, 106 'all' 107 ); 108 } 107 109 } 108 110 … … 126 128 */ 127 129 128 wp_enqueue_script( 129 $this->plugin_name, 130 plugin_dir_url(__FILE__) . 'js/alpha_sms-public.js', 131 ['jquery'], 132 $this->version, 133 false 134 ); 135 136 // adding a js variable for ajax form submit url 137 wp_localize_script( 138 $this->plugin_name, 139 $this->plugin_name . '_object', 140 ['ajaxurl' => admin_url('admin-ajax.php')] 141 ); 130 if ($this->pluginActive) { 131 wp_enqueue_script( 132 $this->plugin_name, 133 plugin_dir_url(__FILE__) . 'js/alpha_sms-public.js', 134 ['jquery'], 135 $this->version, 136 false 137 ); 138 139 // adding a js variable for ajax form submit url 140 wp_localize_script( 141 $this->plugin_name, 142 $this->plugin_name . '_object', 143 [ 144 'ajaxurl' => admin_url('admin-ajax.php'), 145 $this->plugin_name . '_checkout_nonce' => wp_create_nonce('woocommerce-process-checkout-nonce'), 146 'checkout_otp' => ! empty($this->options['otp_checkout']) ? 'yes' : 'no', 147 ] 148 ); 149 } 142 150 } 143 151 … … 187 195 } 188 196 require_once 'partials/add-otp-on-login-form.php'; 189 ?>190 <input type='hidden' name='action_type' id='action_type' value='wp_reg' />191 <label for="reg_billing_phone">192 <?php esc_html_e('Phone', 'alpha-sms'); ?> <span class="required">*</span>193 </label>194 <?php195 197 } 196 198 … … 218 220 { 219 221 $user_phone = ''; 220 221 // AJAX nonce verification for WooCommerce registration 222 // Verify nonce for WooCommerce registration AJAX request 223 $wc_reg_phone_nonce = isset($_POST['wc_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wc_reg_phone_nonce'])) : ''; 224 if (empty($wc_reg_phone_nonce) || !wp_verify_nonce($wc_reg_phone_nonce, 'wc_reg_phone_action')) { 222 // Require and validate nonce for AJAX requests. Fail early if missing/invalid. 223 $action_type = isset($_POST['action_type']) ? sanitize_text_field(wp_unslash($_POST['action_type'])) : ''; 224 $nonce_ok = false; 225 226 // WC registration nonce 227 if ($action_type === 'wc_reg') { 228 $wc_reg_phone_nonce = isset($_POST['wc_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wc_reg_phone_nonce'])) : ''; 229 if (empty($wc_reg_phone_nonce) || ! wp_verify_nonce($wc_reg_phone_nonce, 'wc_reg_phone_action')) { 230 $response = [ 231 'status' => 403, 232 'message' => __('Security Check failed. Please reload the page and try again.', 'alpha-sms'), 233 ]; 234 echo wp_kses_post(json_encode($response)); 235 wp_die(); 236 exit; 237 } 238 $nonce_ok = true; 239 } 240 241 // WP registration nonce 242 if ($action_type === 'wp_reg') { 243 $wp_reg_phone_nonce = isset($_POST['wp_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wp_reg_phone_nonce'])) : ''; 244 if (empty($wp_reg_phone_nonce) || ! wp_verify_nonce($wp_reg_phone_nonce, 'wp_reg_phone_action')) { 245 $response = [ 246 'status' => 403, 247 'message' => __('Security Check failed. Please reload the page and try again.', 'alpha-sms'), 248 ]; 249 echo wp_kses_post(json_encode($response)); 250 wp_die(); 251 exit; 252 } 253 $nonce_ok = true; 254 } 255 256 // Guest checkout / other actions that rely on WooCommerce checkout nonce 257 if ($action_type === 'wc_checkout') { 258 $wc_checkout_nonce = isset($_POST['woocommerce-process-checkout-nonce']) ? sanitize_text_field(wp_unslash($_POST['woocommerce-process-checkout-nonce'])) : ''; 259 if (empty($wc_checkout_nonce) || ! wp_verify_nonce($wc_checkout_nonce, 'woocommerce-process-checkout-nonce')) { 260 $response = [ 261 'status' => 403, 262 'message' => __('Security Check failed. Please reload the page and try again.', 'alpha-sms'), 263 ]; 264 echo wp_kses_post(json_encode($response)); 265 wp_die(); 266 exit; 267 } 268 $nonce_ok = true; 269 } 270 271 // If action_type is missing or not recognized we cannot safely continue. 272 if (! $nonce_ok) { 225 273 $response = [ 226 'status'=> 403,227 'message' => __('Security check failed. Please reload the page and try again.', 'alpha-sms')274 'status' => 403, 275 'message' => __('Security Check failed. Missing or invalid action type.', 'alpha-sms'), 228 276 ]; 229 277 echo wp_kses_post(json_encode($response)); … … 254 302 'status' => 400, 255 303 /* translators: Error message shown when phone number is not valid. */ 256 'message' => __(' Please enter a valid 11-digit Bangladeshi phone number.', 'alpha-sms')304 'message' => __('The phone number you entered is not valid!', 'alpha-sms') 257 305 ]; 258 306 echo wp_kses_post(json_encode($response)); … … 263 311 $is_checkout_request = ! empty($_POST['action_type']) && $_POST['action_type'] === 'wc_checkout'; 264 312 265 if ($is_checkout_request && ! is_user_logged_in() &&$this->is_checkout_rate_limited()) {313 if ($is_checkout_request && $this->is_checkout_rate_limited()) { 266 314 $response = [ 267 315 'status' => 429, … … 282 330 $response = [ 283 331 'status' => 400, 284 'message' => sprintf(__('OTP already sent to a phone number. Please try again after %s.', 'alpha-sms'), gmdate('i:s', $otp_expires_ts - $current_utc)),332 'message' => 'OTP already sent to a phone number. Please try again after ' . gmdate('i:s', $otp_expires_ts - $current_utc) . ' min', 285 333 ]; 286 334 echo wp_kses_post(json_encode($response)); … … 320 368 echo wp_kses_post(json_encode($response)); 321 369 wp_die(); 322 $response = ['status' => 403, 'message' => __('Security check failed. Please reload the page and try again.', 'alpha-sms')];370 $response = ['status' => 403, 'message' => __('Security Check failed. Please reload the page and try again.', 'alpha-sms')]; 323 371 /* translators: Error message shown when security check fails during OTP send. */ 324 372 } … … 332 380 } 333 381 334 /** 335 * Validates and formats a Bangladeshi phone number. 336 * 337 * @param string $num The phone number to validate. 338 * @return false|string Returns the formatted phone number as a string if valid, or false if invalid. 382 /* 383 * $response = ['status' => 403, 'message' => __('Security Check failed. Please reload the page and try again.', 'alpha-sms')]; 384 * 385 * @param $num 386 * 387 * @return false|int|string 339 388 */ 340 389 public function validateNumber($num) … … 357 406 /** 358 407 * Generate 6 digit otp code 359 * Generates a 6-digit OTP (One Time Password) code. 360 * 361 * @return string The generated 6-digit OTP code. 408 * $response = ['status' => 400, 'message' => __('The phone number you entered is not valid!', 'alpha-sms')]; 409 */ 362 410 public function generateOTP() 363 411 { … … 569 617 } 570 618 571 // Nonce validation for WooCommerce registration phone field 572 if ( 573 isset($_POST['wc_reg_phone_nonce']) && 574 ! empty($_POST['wc_reg_phone_nonce']) && 575 function_exists('wp_verify_nonce') && 576 ! wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['wc_reg_phone_nonce'])), 'wc_reg_phone_action') 577 ) { 578 if (function_exists('wc_add_notice')) { 579 wc_add_notice(__('Security check failed. Please try again.', 'alpha-sms'), 'error'); 580 } else { 581 echo esc_html(__('Security check failed. Please try again.', 'alpha-sms')); 582 } 583 return; 619 // Nonce validation for WooCommerce registration phone field: require nonce when wc_reg option enabled 620 if (! empty($this->options['wc_reg'])) { 621 $wc_reg_phone_nonce = isset($_POST['wc_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wc_reg_phone_nonce'])) : ''; 622 if (empty($wc_reg_phone_nonce) || ! function_exists('wp_verify_nonce') || ! wp_verify_nonce($wc_reg_phone_nonce, 'wc_reg_phone_action')) { 623 if (function_exists('wc_add_notice')) { 624 wc_add_notice(__('Security Check failed. Please try again.', 'alpha-sms'), 'error'); 625 } else { 626 echo esc_html(__('Security Check failed. Please try again.', 'alpha-sms')); 627 } 628 return; 629 } 630 } 631 632 // Nonce validation for WP registration phone field: require nonce when wp_reg option enabled 633 if (! empty($this->options['wp_reg'])) { 634 $wp_reg_phone_nonce = isset($_POST['wp_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wp_reg_phone_nonce'])) : ''; 635 if (empty($wp_reg_phone_nonce) || ! function_exists('wp_verify_nonce') || ! wp_verify_nonce($wp_reg_phone_nonce, 'wp_reg_phone_action')) { 636 if (function_exists('add_filter')) { 637 add_filter('registration_errors', function ($errors) { 638 $errors->add('security_error', __('Security Check failed. Please try again.', 'alpha-sms')); 639 return $errors; 640 }); 641 } else { 642 echo esc_html(__('Security Check failed. Please try again.', 'alpha-sms')); 643 } 644 return; 645 } 584 646 } 585 647 … … 645 707 $wp_reg_phone_nonce = isset($_POST['wp_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wp_reg_phone_nonce'])) : ''; 646 708 if (empty($wp_reg_phone_nonce) || ! wp_verify_nonce($wp_reg_phone_nonce, 'wp_reg_phone_action')) { 647 $errors->add('security_error', __('Security check failed. Please try again.', 'alpha-sms'));709 $errors->add('security_error', __('Security Check failed. Please try again.', 'alpha-sms')); 648 710 return $errors; 649 711 } … … 681 743 $wp_reg_phone_nonce = isset($_POST['wp_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wp_reg_phone_nonce'])) : ''; 682 744 if (empty($wp_reg_phone_nonce) || ! wp_verify_nonce($wp_reg_phone_nonce, 'wp_reg_phone_action')) { 683 $errors->add('security_error', __('Security check failed. Please try again.', 'alpha-sms'));745 $errors->add('security_error', __('Security Check failed. Please try again.', 'alpha-sms')); 684 746 return $errors; 685 747 } … … 749 811 // Nonce verification for guest checkout OTP 750 812 $wc_checkout_otp_nonce = isset($_POST['woocommerce-process-checkout-nonce']) ? sanitize_text_field(wp_unslash($_POST['woocommerce-process-checkout-nonce'])) : ''; 751 if (empty($wc_checkout_otp_nonce) || ! wp_verify_nonce($wc_checkout_otp_nonce, 'woocommerce-process _checkout')) {752 wc_add_notice(__('Security check failed. Please try again.', 'alpha-sms'), 'error');813 if (empty($wc_checkout_otp_nonce) || ! wp_verify_nonce($wc_checkout_otp_nonce, 'woocommerce-process-checkout-nonce')) { 814 wc_add_notice(__('Security Check failed. Please try again.', 'alpha-sms'), 'error'); 753 815 return; 754 816 } … … 762 824 $this->deletePastData(); 763 825 } else { 826 /* translators: Error message shown when user must enter a valid OTP. */ 764 827 wc_add_notice(__('Please enter a valid OTP.', 'alpha-sms'), 'error'); 765 828 } … … 962 1025 $wc_reg_phone_nonce = isset($_POST['wc_reg_phone_nonce']) ? sanitize_text_field(wp_unslash($_POST['wc_reg_phone_nonce'])) : ''; 963 1026 if (empty($wc_reg_phone_nonce) || !wp_verify_nonce($wc_reg_phone_nonce, 'wc_reg_phone_action')) { 964 $errors->add('security_error', __('Security check failed. Please try again.', 'alpha-sms'));1027 $errors->add('security_error', __('Security Check failed. Please try again.', 'alpha-sms')); 965 1028 return $errors; 966 1029 } … … 1095 1158 1096 1159 $buyer_msg = str_replace($search, $replace, $buyer_msg); 1160 $buyer_msg .= ' Order notifications are verified in your order notes.'; 1097 1161 1098 1162 if (empty($buyer_msg)) { … … 1105 1169 1106 1170 if ($response->error === 0) { 1107 1108 $order->add_order_note(__('Alpha SMS : Notified customer about his order status', 'alpha-sms')); 1171 $order->add_order_note(__('Alpha SMS : Notified customer about order status ' . $new_status, 'alpha-sms')); 1109 1172 } else { 1110 1173 $order->add_order_note('Alpha SMS : ' . $response->msg); … … 1373 1436 } 1374 1437 } 1438 1375 1439 } -
alpha-sms/trunk/public/js/alpha_sms-public.js
r3415282 r3424529 123 123 let password = wc_reg_form.find('#reg_password').val(); 124 124 let wc_reg_phone_nonce = wc_reg_form.find('#wc_reg_phone_nonce').val(); 125 let action_type = wc_reg_form.find('#action_type').val(); 125 126 126 127 if (!phone || !email) { … … 141 142 email: email, 142 143 wc_reg_phone_nonce: wc_reg_phone_nonce, 144 action_type: action_type, 143 145 }; 144 146 … … 211 213 action_type: checkout_form.find('#action_type').val(), 212 214 }; 215 // include checkout nonce if present 216 const checkoutNonceField = checkout_form.find('input[name="woocommerce-process-checkout-nonce"]'); 217 if (checkoutNonceField && checkoutNonceField.length) { 218 data['woocommerce-process-checkout-nonce'] = checkoutNonceField.val(); 219 } 213 220 214 221 $.post(
Note: See TracChangeset
for help on using the changeset viewer.