Revert the WP2FA changes

Author: wpdev10

admin/class-admin.php

@@ -1330,6 +1330,10 @@ public function handle_bulk_user_type_change() {
             wp_die( __( 'Security check failed. Please try again.' ) );
         }
 
+        if ( ! current_user_can( 'edit_users' ) ) {
+            wp_die( __( 'You do not have permission to perform this action.' ) );
+        }
+
         $new_user_type = absint( $_GET['uwp_new_user_type'] );
 
         if ( ! $new_user_type ) {

includes/class-forms.php

@@ -1162,7 +1162,10 @@ public function process_login() {
 
 		remove_action( 'authenticate', 'gglcptch_login_check', 21 );
 
-        userswp_disable_wp2fa_temporarily();
+		global $wp2fa;
+		if ( wp_doing_ajax() && isset( $wp2fa ) && ! empty( $wp2fa ) ) {
+			remove_action( 'wp_login', array( $wp2fa->login, 'wp_login' ), 20 );
+		}
 
 		$user = wp_signon(
 			array(
@@ -1172,11 +1175,9 @@ public function process_login() {
 			)
 		);
 
-        //userswp_restore_wp2fa_hooks();
-
 		add_action( 'authenticate', 'gglcptch_login_check', 21, 1 );
 
-		if ( wp_doing_ajax() && ! is_wp_error( $user ) && function_exists('\WP2FA\Admin\Helpers\User_Helper') && \WP2FA\Admin\Helpers\User_Helper($user->ID) ) {
+		if ( wp_doing_ajax() && ! is_wp_error( $user ) && isset( $wp2fa ) && ! empty( $wp2fa ) ) {
 
 			$two_fa = $this->check_2fa( $user );
 			if ( isset( $two_fa ) && ! empty( $two_fa ) ) {
@@ -1249,6 +1250,7 @@ public function check_2fa( $user ) {
 			$user = wp_get_current_user();
 		}
 
+		global $wp2fa;
 		$errors = new WP_Error();
 
 		if ( ! \WP2FA\Admin\Helpers\User_Helper::is_user_using_two_factor( $user->ID ) ) {
@@ -1433,6 +1435,8 @@ public function process_login_2fa() {
 			wp_send_json_error( array( 'message' => $message ) );
 		}
 
+		global $wp2fa;
+
 		$nonce = ( isset( $_POST['wp-auth-nonce'] ) ) ? sanitize_textarea_field( wp_unslash( $_POST['wp-auth-nonce'] ) ) : '';
 		if ( true !== \WP2FA\Authenticator\Login::verify_login_nonce( $user->ID, $nonce ) ) {