Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3332295

Timestamp:

07/22/2025 01:40:25 PM (9 months ago)

Author:

dueclic

Message:

Update to version 3.5.0 from GitHub

Location:

two-factor-login-telegram

Files:

: 18 added
: 2 deleted
: 12 edited
: 1 copied

tags/3.5.0 (copied) (copied from two-factor-login-telegram/trunk)
tags/3.5.0/README.md (modified) (2 diffs)
tags/3.5.0/assets/css/wp-factor-telegram-plugin.css (modified) (1 diff)
tags/3.5.0/assets/js/wp-factor-telegram-plugin.js (modified) (8 diffs)
tags/3.5.0/includes/class-telegram-logs-list-table.php (added)
tags/3.5.0/includes/class-wp-factor-telegram-plugin.php (modified) (31 diffs)
tags/3.5.0/includes/class-wp-telegram.php (modified) (1 diff)
tags/3.5.0/sections (deleted)
tags/3.5.0/templates (added)
tags/3.5.0/templates/configuration.php (added)
tags/3.5.0/templates/error-expired-token.php (added)
tags/3.5.0/templates/error-invalid-token.php (added)
tags/3.5.0/templates/error-security-failed.php (added)
tags/3.5.0/templates/login-form.php (added)
tags/3.5.0/templates/logs-page.php (added)
tags/3.5.0/templates/user-2fa-form.php (added)
tags/3.5.0/two-factor-telegram.php (modified) (2 diffs)
trunk/README.md (modified) (2 diffs)
trunk/assets/css/wp-factor-telegram-plugin.css (modified) (1 diff)
trunk/assets/js/wp-factor-telegram-plugin.js (modified) (8 diffs)
trunk/includes/class-telegram-logs-list-table.php (added)
trunk/includes/class-wp-factor-telegram-plugin.php (modified) (31 diffs)
trunk/includes/class-wp-telegram.php (modified) (1 diff)
trunk/sections (deleted)
trunk/templates (added)
trunk/templates/configuration.php (added)
trunk/templates/error-expired-token.php (added)
trunk/templates/error-invalid-token.php (added)
trunk/templates/error-security-failed.php (added)
trunk/templates/login-form.php (added)
trunk/templates/logs-page.php (added)
trunk/templates/user-2fa-form.php (added)
trunk/two-factor-telegram.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

two-factor-login-telegram/tags/3.5.0/README.md

-                      r3331421
+                      r3332295
 Requires PHP: 7.0
 Tested up to: 6.8
 Stable tag: 3.4
+Stable tag: 3.5.0
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 3.5.0 =
+* **Enhanced Logs System**: Replaced simple logs with professional WP_List_Table implementation featuring pagination (10 items per page), sorting, and bulk actions
+* **Improved User Interface**: Complete UI overhaul with enhanced styling, better form layouts, and improved user experience
+* **Advanced Database Management**: Migrated to MySQL tables for better performance and reliability instead of WordPress options
+* **Better Chat ID Validation**: Enhanced Chat ID validation with proper format checking for both user and group chats
+* **JavaScript Translations**: Implemented proper internationalization for all JavaScript messages using wp_localize_script
+* **Enhanced User Feedback**: Added contextual status messages during 2FA configuration with clear visual indicators
+* **Template System**: Introduced dedicated error templates for better error handling and user guidance
+* **Timestamp Formatting**: Logs now respect WordPress date/time format settings for consistent display
+* **Bug Fixes**: Fixed duplicate Chat ID input elements issue and improved form validation
+* **Performance Improvements**: Optimized database queries and reduced memory usage
 = 3.4 =

two-factor-login-telegram/tags/3.5.0/assets/css/wp-factor-telegram-plugin.css

-                      r2805641
+                      r3332295
 #wpft-howto .ui-accordion-header {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+}
+/* 2FA Configuration Improvements */
+#tg-2fa-configuration {
+    opacity: 0;
+    max-height: 0;
+    overflow: hidden;
+    transition: all 0.3s ease-in-out;
+    transform: translateY(-10px);
+}
+#tg-2fa-configuration.show {
+    opacity: 1;
+    max-height: 1000px;
+    transform: translateY(0);
+}
+#tg-2fa-configuration .form-table {
+    background: #f9f9f9;
+    border-radius: 8px;
+    padding: 20px;
+    margin-top: 15px;
+    border: 1px solid #e1e1e1;
+}
+/* Step indicator */
+.tg-setup-steps {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    color: white;
+    padding: 20px;
+    border-radius: 8px;
+    margin-bottom: 20px;
+}
+.tg-setup-steps ol {
+    margin: 0;
+    padding-left: 20px;
+}
+.tg-setup-steps li {
+    margin-bottom: 10px;
+    line-height: 1.5;
+}
+.tg-setup-steps a {
+    color: #fff;
+    text-decoration: underline;
+}
+.tg-setup-steps strong {
+    font-weight: 600;
+}
+/* Input improvements */
+#tg_wp_factor_chat_id {
+    font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
+    font-size: 14px;
+    padding: 8px 12px;
+    border: 2px solid #ddd;
+    border-radius: 6px;
+    transition: all 0.2s ease;
+}
+#tg_wp_factor_chat_id:focus {
+    border-color: #667eea;
+    box-shadow: 0 0 0 2px rgba(102, 126, 234, 0.2);
+    outline: none;
+}
+#tg_wp_factor_chat_id.input-valid {
+    border-color: #46b450 !important;
+    box-shadow: 0 0 0 2px rgba(70, 180, 80, 0.2) !important;
+}
+/* Button improvements */
+.tg-action-button {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    border: none;
+    color: white;
+    padding: 10px 20px;
+    border-radius: 6px;
+    cursor: pointer;
+    font-weight: 500;
+    transition: all 0.2s ease;
+    position: relative;
+    overflow: hidden;
+}
+.tg-action-button:hover {
+    transform: translateY(-1px);
+    box-shadow: 0 4px 12px rgba(102, 126, 234, 0.3);
+}
+.tg-action-button:active {
+    transform: translateY(0);
+}
+.tg-action-button.disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+    transform: none !important;
+    box-shadow: none !important;
+}
+/* Loading spinner improvements */
+.load-spinner {
+    display: inline-block;
+    margin-left: 10px;
+    vertical-align: middle;
+}
+/* FAQ Section Styling */
+#wpft-howto {
+    margin: 20px 0;
+}
+#wpft-howto h3 {
     background-color: #389abe;
+}
+    color: white;
+    padding: 15px 20px;
+    margin: 20px 0 0 0;
+    font-size: 16px;
+    border-radius: 5px 5px 0 0;
+}
+#wpft-howto .faq-content {
+    background-color: #f9f9f9;
+    padding: 20px;
+    border: 1px solid #ddd;
+    border-top: none;
+    border-radius: 0 0 5px 5px;
+    margin-bottom: 20px;
+}
+#wpft-howto p {
+    margin: 10px 0;
+    line-height: 1.6;
+}
+#wpft-howto ol {
+    margin: 15px 0;
+    padding-left: 20px;
+}
+#wpft-howto li {
+    margin-bottom: 10px;
+    line-height: 1.5;
+}
+#wpft-howto .command {
+    background: #333;
+    color: #fff;
+    padding: 2px 6px;
+    border-radius: 3px;
+    font-family: monospace;
+    font-size: 13px;
+}
+#wpft-howto .screenshot-container {
+    margin: 15px 0;
+    text-align: center;
+    padding: 10px;
+    background: #fff;
+    border: 1px solid #ddd;
+    border-radius: 3px;
+}
+#wpft-howto .help-screenshot {
+    max-width: 100%;
+    height: auto;
+    border: 1px solid #ccc;
+}
+#wpft-howto .notice {
+    padding: 12px;
+    margin: 15px 0;
+    border-left: 4px solid #00a0d2;
+    background: #f7fcfe;
+}
+#wpft-howto .external-link {
+    color: #0073aa;
+    text-decoration: none;
+}
+#wpft-howto .external-link:hover {
+    text-decoration: underline;
+}
+.load-spinner img {
+    width: 20px;
+    height: 20px;
+}
+/* Progress indicator */
+.tg-progress {
+    background: #f0f0f0;
+    border-radius: 10px;
+    height: 6px;
+    overflow: hidden;
+    margin: 15px 0;
+}
+.tg-progress-bar {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    height: 100%;
+    border-radius: 10px;
+    transition: width 0.3s ease;
+    width: 0%;
+}
+/* Status indicators */
+.tg-status {
+    display: inline-flex;
+    align-items: center;
+    padding: 8px 12px;
+    border-radius: 6px;
+    font-size: 12px;
+    font-weight: 500;
+    margin-top: 10px;
+}
+.tg-status.success {
+    background: #d4edda;
+    color: #155724;
+    border: 1px solid #c3e6cb;
+}
+.tg-status.error {
+    background: #f8d7da;
+    color: #721c24;
+    border: 1px solid #f5c6cb;
+}
+.tg-status.warning {
+    background: #fff3cd;
+    color: #856404;
+    border: 1px solid #ffeeba;
+}
+.tg-status::before {
+    content: '';
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    margin-right: 8px;
+}
+.tg-status.success::before {
+    background: #28a745;
+}
+.tg-status.error::before {
+    background: #dc3545;
+}
+.tg-status.warning::before {
+    background: #ffc107;
+}
+/* Confirmation field improvements */
+#factor-chat-confirm {
+    background: #f8f9fa;
+    border-radius: 8px;
+    padding: 15px;
+    border: 1px solid #e9ecef;
+    margin-top: 15px;
+}
+#tg_wp_factor_chat_id_confirm {
+    font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
+    font-size: 14px;
+    padding: 8px 12px;
+    border: 2px solid #ddd;
+    border-radius: 6px;
+    transition: all 0.2s ease;
+}
+#tg_wp_factor_chat_id_confirm:focus {
+    border-color: #667eea;
+    box-shadow: 0 0 0 2px rgba(102, 126, 234, 0.2);
+    outline: none;
+}
+/* Responsive improvements */
+@media (max-width: 768px) {
+    #tg-2fa-configuration .form-table td {
+        display: block;
+        width: 100%;
+        padding-bottom: 10px;
+    }
+    .tg-action-button {
+        width: 100%;
+        margin-top: 10px;
+    }
+}

two-factor-login-telegram/tags/3.5.0/assets/js/wp-factor-telegram-plugin.js

-                      r3168516
+                      r3332295
     var $twbtn = $("#tg_wp_factor_chat_id_send");
     var $twctrl = $("#tg_wp_factor_valid");
+    var $twenabled = $("#tg_wp_factor_enabled");
+    var $twconfig = $("#tg-2fa-configuration");
+    var $tweditbtn = $("#tg-edit-chat-id");
+    var $twconfigrow = $(".tg-configured-row");
     var $twfcr = $("#factor-chat-response");
 …
     function init() {
+        // Handle checkbox toggle for 2FA configuration with smooth animation
+        $twenabled.on("change", function(evt){
+            var isConfigured = $twconfigrow.length > 0;
+            if ($(this).is(":checked") && !isConfigured) {
+                $twconfig.addClass('show').show();
+                updateProgress(25);
+            } else {
+                $twconfig.removeClass('show');
+                setTimeout(function() {
+                    $twconfig.hide();
+                }, 300);
+                $twctrl.val(0);
+                updateProgress(0);
+                resetStatusIndicators();
+            }
+        });
+        // Handle edit button click (when 2FA is already configured)
+        $tweditbtn.on("click", function(evt){
+            evt.preventDefault();
+            // Hide configured row and show configuration form
+            $twconfigrow.hide();
+            $twconfig.addClass('show').show();
+            // Make the input editable and clear it
+            $twfci.prop('readonly', false).removeClass('input-valid').css('background', '').val('');
+            // Reset validation state
+            $twctrl.val(0);
+            updateProgress(25);
+            resetStatusIndicators();
+            // Show modifying status message
+            $('.tg-status.success').removeClass('success').addClass('warning').text(tlj.modifying_setup);
+        });
+        // Watch for changes in Chat ID when in edit mode
+        $twfci.on("input", function(){
+            var currentValue = $(this).val();
+            var originalValue = $(this).data('original-value');
+            // If value changed from original, require re-validation
+            if (currentValue !== originalValue) {
+                $twctrl.val(0);
+                $(this).removeClass('input-valid');
+            }
+        });
+        // Initialize visibility based on checkbox state and configuration
+        var isConfigured = $twconfigrow.length > 0;
+        if ($twenabled.is(":checked") && !isConfigured) {
+            $twconfig.addClass('show').show();
+            updateProgress(25);
+        } else {
+            $twconfig.removeClass('show').hide();
+        }
+        // Store original chat ID value for comparison
+        if ($twfci.length) {
+            $twfci.data('original-value', $twfci.val());
+        }
         $twfci.on("change", function(evt){
            $twctrl.val(0);
+           // Validate Chat ID format (basic validation)
+           validateChatId($(this).val());
         });
         $twbtn.on("click", function(evt){
             evt.preventDefault();
             var chat_id = $twfci.val();
+            if (!validateChatId(chat_id)) {
+                showStatus('#chat-id-status', 'error', tlj.invalid_chat_id);
+                return;
+            }
             send_tg_token(chat_id);
         });
         $twfcheck.on("click", function(evt){
             evt.preventDefault();
             var token = $twfciconf.val();
             var chat_id = $twfci.val();
+            if (!token.trim()) {
+                showStatus('#validation-status', 'error', tlj.enter_confirmation_code);
+                return;
+            }
             check_tg_token(token, chat_id);
         });
 …
                 $twfcheck.addClass('disabled').after('<div class="load-spinner"><img src="'+tlj.spinner+'" /></div>');
                 $twfcr.hide();
+                hideStatus('#validation-status');
             },
             dataType: "json",
 …
                     $twfci.addClass("input-valid");
                     $twctrl.val(1);
+                    updateProgress(100);
+                    showStatus('#validation-status', 'success', tlj.setup_completed);
+                }
                 else {
+                    $twfcr.find(".wpft-notice p").text(response.msg);
+                    $twfcr.show();
+                    showStatus('#validation-status', 'error', response.msg);
                     $twfci.removeClass("input-valid");
                     $twctrl.val(0);
 …
             },
             error: function(xhr, ajaxOptions, thrownError){
+                $twfcr.find(".wpft-notice p").text(tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
+                $twfcr.show();
+                showStatus('#validation-status', 'error', tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
                 $twfci.removeClass("input-valid");
             },
 …
                 $twfcr.hide();
                 $twfconf.hide();
+                hideStatus('#chat-id-status');
             },
             dataType: "json",
 …
                     $twfconf.show();
                     $twfci.removeClass("input-valid");
+                    updateProgress(75);
+                    showStatus('#chat-id-status', 'success', tlj.code_sent);
+                }
                 else {
+                    $twfcr.find(".wpft-notice p").text(response.msg);
+                    $twfcr.show();
+                    showStatus('#chat-id-status', 'error', response.msg);
+                }
             },
             error: function(xhr, ajaxOptions, thrownError){
+                $twfcr.find(".wpft-notice p").text(tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
+                $twfcr.show();
+                showStatus('#chat-id-status', 'error', tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
             },
             complete: function() {
 …
+    }
+    // Helper functions
+    function updateProgress(percentage) {
+        $('#tg-progress-bar').css('width', percentage + '%');
+    }
+    function validateChatId(chatId) {
+        // Telegram Chat ID validation: must be numeric (positive for users, negative for groups)
+        if (!chatId || typeof chatId !== 'string') {
+            return false;
+        }
+        var trimmedId = chatId.trim();
+        if (trimmedId === '') {
+            return false;
+        }
+        // Check if it's a valid number (can be negative for groups)
+        var numericId = parseInt(trimmedId, 10);
+        return !isNaN(numericId) && trimmedId === numericId.toString();
+    }
+    function showStatus(selector, type, message) {
+        var $status = $(selector);
+        $status.removeClass('success error warning')
+               .addClass(type)
+               .text(message)
+               .fadeIn(300);
+    }
+    function hideStatus(selector) {
+        $(selector).fadeOut(300);
+    }
+    function resetStatusIndicators() {
+        hideStatus('#chat-id-status');
+        hideStatus('#validation-status');
+    }
 }(jQuery);

two-factor-login-telegram/tags/3.5.0/includes/class-wp-factor-telegram-plugin.php

-                      r3331421
+                      r3332295
         require_once(dirname(WP_FACTOR_TG_FILE)
             . "/includes/class-wp-telegram.php");
+        require_once(dirname(WP_FACTOR_TG_FILE)
+            . "/includes/class-telegram-logs-list-table.php");
+    }
 …
     /**
-     * Authentication page
+     *
-     * @param $user
-     */
-    private function authentication_page($user)
+    {
-        require_once(ABSPATH . '/wp-admin/includes/template.php');
-        ?>
-        <p class="notice notice-warning">
-            <?php
-            _e("Enter the code sent to your Telegram account.",
-                "two-factor-login-telegram");
-            ?>
-        </p>
-        <p>
-            <label for="authcode" style="padding-top:1em">
-                <?php
-                _e("Authentication code:", "two-factor-login-telegram");
-                ?>
-            </label>
-            <input type="text" name="authcode" id="authcode" class="input"
-                   value="" size="5"/>
-        </p>
-        <?php
-        submit_button(__('Login with Telegram',
-            'two-factor-login-telegram'));
+    }
-    /**
      * Login HTML Page
+     *
 …
+        }
-        login_header();
-        if (!empty($error_msg)) {
-            echo '<div id="login_error"><strong>' . esc_html($error_msg)
-                . '</strong><br /></div>';
+        }
         // Filter hook to add a custom logo to the 2FA login screen
         $plugin_logo = apply_filters('two_factor_login_telegram_logo',
             plugins_url('assets/img/plugin_logo.png', WP_FACTOR_TG_FILE));
+        ?>
+        <style>
+            body.login div#login h1 a {
+                background-image: url("<?php echo esc_url($plugin_logo); ?>");
+            }
+        </style>
+        <form name="validate_tg" id="loginform" action="<?php
+        echo esc_url(site_url('wp-login.php?action=validate_tg',
+            'login_post')); ?>" method="post" autocomplete="off">
+            <input type="hidden" name="nonce"
+                   value="<?php echo wp_create_nonce('wp2fa_telegram_auth_nonce_' . $user->ID); ?>">
+            <input type="hidden" name="wp-auth-id" id="wp-auth-id" value="<?php
+            echo esc_attr($user->ID); ?>"/>
+            <input type="hidden" name="redirect_to" value="<?php
+            echo esc_attr($redirect_to); ?>"/>
+            <input type="hidden" name="rememberme" id="rememberme" value="<?php
+            echo esc_attr($rememberme); ?>"/>
+            <?php
+            $this->authentication_page($user); ?>
+        </form>
+        <p id="backtoblog">
+            <a href="<?php
+            echo esc_url(home_url('/')); ?>" title="<?php
+            __("Are you lost?", "two-factor-login-telegram"); ?>"><?php
+                echo sprintf(__('&larr; Back to %s',
+                    'two-factor-login-telegram'),
+                    get_bloginfo('title', 'display')); ?></a>
+        </p>
+        <?php
+        do_action('login_footer'); ?>
+        <div class="clear"></div>
+        </body>
+        </html>
+        <?php
+        require_once(ABSPATH . '/wp-admin/includes/template.php');
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/login-form.php");
+    }
 …
         $hashed_auth_code = hash('sha256', $authcode);
         $current_datetime = current_time('mysql');
+        $query = $wpdb->prepare(
+        // Check if token exists for this user
+        $token_exists_query = $wpdb->prepare(
             "SELECT COUNT(*)
+        FROM $table_name
+        WHERE auth_code = %s
+        AND user_id = %d
+        AND expiration_date > %s",
+            FROM $table_name
+            WHERE auth_code = %s
+            AND user_id = %d",
+            $hashed_auth_code, $user_id
+        );
+        $token_exists = ($wpdb->get_var($token_exists_query) > 0);
+        if (!$token_exists) {
+            return 'invalid'; // Invalid token
+        }
+        // Check if token is not expired
+        $valid_token_query = $wpdb->prepare(
+            "SELECT COUNT(*)
+            FROM $table_name
+            WHERE auth_code = %s
+            AND user_id = %d
+            AND expiration_date > %s",
             $hashed_auth_code, $user_id, $current_datetime
         );
+        return ($wpdb->get_var($query) > 0);
+        $is_valid = ($wpdb->get_var($valid_token_query) > 0);
+        if (!$is_valid) {
+            return 'expired'; // Token exists but expired
+        }
+        return 'valid'; // Valid token
+    }
 …
+        }
+        if (true !== $this->is_valid_authcode($_REQUEST['authcode'], $user->ID)) {
+        $authcode_validation = $this->is_valid_authcode($_REQUEST['authcode'], $user->ID);
+        if ('valid' !== $authcode_validation) {
             do_action('wp_factor_telegram_failed', $user->user_login);
 …
             $chat_id = $this->get_user_chatid($user->ID);
             $result = $this->telegram->send_tg_token($auth_code, $chat_id, $user->ID);
+            // Determine error message based on validation result
+            $error_message = '';
+            $log_reason = '';
+            if ($authcode_validation === 'expired') {
+                $error_message = __('The verification code has expired. We just sent you a new code, please try again!',
+                    'two-factor-login-telegram');
+                $log_reason = 'expired_verification_code';
+            } else {
+                $error_message = __('Wrong verification code, we just sent a new code, please try again!',
+                    'two-factor-login-telegram');
+                $log_reason = 'wrong_verification_code';
+            }
             $this->log_telegram_action('auth_code_resent', array(
 …
                 'chat_id' => $chat_id,
                 'success' => $result !== false,
                 'reason' => 'wrong_verification_code'
+                'reason' => $log_reason
             ));
+            $this->login_html($user, $_REQUEST['redirect_to'],
+                __('Wrong verification code, we just sent a new code, please try again!',
+                    'two-factor-login-telegram'));
+            $this->login_html($user, $_REQUEST['redirect_to'], $error_message);
             exit;
+        }
 …
     public function configure_tg()
+    {
         require(dirname(WP_FACTOR_TG_FILE) . "/sections/configure_tg.php");
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/configuration.php");
+    }
 …
     public function show_telegram_logs()
+    {
+        $logs = get_option('telegram_bot_logs', array());
+        // Handle clear logs action
+        if (isset($_POST['clear_logs']) && wp_verify_nonce($_POST['_wpnonce'], 'clear_telegram_logs')) {
+            delete_option('telegram_bot_logs');
+            $logs = array();
+            echo '<div class="notice notice-success is-dismissible"><p>' . __('Logs cleared successfully.', 'two-factor-login-telegram') . '</p></div>';
+        }
+        ?>
+        <div class="wrap">
+            <h1><?php _e('Telegram Bot Logs', 'two-factor-login-telegram'); ?></h1>
+            <form method="post">
+                <?php wp_nonce_field('clear_telegram_logs'); ?>
+                <input type="submit" name="clear_logs" class="button button-secondary" value="<?php _e('Clear Logs', 'two-factor-login-telegram'); ?>" onclick="return confirm('<?php _e('Are you sure you want to clear all logs?', 'two-factor-login-telegram'); ?>')">
+            </form>
+            <br>
+            <?php if (empty($logs)): ?>
+                <p><?php _e('No logs available.', 'two-factor-login-telegram'); ?></p>
+            <?php else: ?>
+                <table class="wp-list-table widefat fixed striped">
+                    <thead>
+                        <tr>
+                            <th style="width: 15%;"><?php _e('Timestamp', 'two-factor-login-telegram'); ?></th>
+                            <th style="width: 15%;"><?php _e('Action', 'two-factor-login-telegram'); ?></th>
+                            <th><?php _e('Data', 'two-factor-login-telegram'); ?></th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <?php foreach ($logs as $log): ?>
+                            <tr>
+                                <td><?php echo esc_html($log['timestamp']); ?></td>
+                                <td><?php echo esc_html($log['action']); ?></td>
+                                <td>
+                                    <details>
+                                        <summary><?php _e('View details', 'two-factor-login-telegram'); ?></summary>
+                                        <pre style="background: #f1f1f1; padding: 10px; margin-top: 10px; overflow-x: auto;"><?php echo esc_html(print_r($log['data'], true)); ?></pre>
+                                    </details>
+                                </td>
+                            </tr>
+                        <?php endforeach; ?>
+                    </tbody>
+                </table>
+            <?php endif; ?>
+        </div>
+        <?php
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/logs-page.php");
+    }
 …
+    }
+    function delete_transients($option_name, $old_value, $new_value)
+    {
+        if ($this->namespace === $option_name) {
+            delete_transient(WP_FACTOR_TG_GETME_TRANSIENT);
+            if (!empty($new_value['bot_token'])) {
+                $webhook_url = rest_url('telegram/v1/webhook');
+                $this->telegram->set_bot_token($new_value['bot_token'])->set_webhook($webhook_url);
+            }
+        }
+    function sanitize_settings($input)
+    {
+        // Sanitize input values
+        $sanitized = array();
+        if (isset($input['bot_token'])) {
+            $sanitized['bot_token'] = sanitize_text_field($input['bot_token']);
+        }
+        if (isset($input['chat_id'])) {
+            $sanitized['chat_id'] = sanitize_text_field($input['chat_id']);
+        }
+        if (isset($input['enabled'])) {
+            $sanitized['enabled'] = $input['enabled'] === '1' ? '1' : '0';
+        }
+        if (isset($input['show_site_name'])) {
+            $sanitized['show_site_name'] = $input['show_site_name'] === '1' ? '1' : '0';
+        }
+        if (isset($input['show_site_url'])) {
+            $sanitized['show_site_url'] = $input['show_site_url'] === '1' ? '1' : '0';
+        }
+        if (isset($input['delete_data_on_deactivation'])) {
+            $sanitized['delete_data_on_deactivation'] = $input['delete_data_on_deactivation'] === '1' ? '1' : '0';
+        }
+        // Delete transients when settings are updated
+        delete_transient(WP_FACTOR_TG_GETME_TRANSIENT);
+        // Set webhook if bot token is provided
+        if (!empty($sanitized['bot_token'])) {
+            $webhook_url = rest_url('telegram/v1/webhook');
+            $this->telegram->set_bot_token($sanitized['bot_token'])->set_webhook($webhook_url);
+        }
+        return $sanitized;
+    }
     function tg_register_settings()
+    {
+        register_setting($this->namespace, $this->namespace);
+        register_setting($this->namespace, $this->namespace, array(
+            'sanitize_callback' => array($this, 'sanitize_settings')
+        ));
         add_settings_section($this->namespace . '_section',
             __('Telegram Configuration', "two-factor-login-telegram"), '',
+            $this->namespace . '.php');
+        add_settings_section($this->namespace . '_failed_login_section',
+            __('Failed Login Report', "two-factor-login-telegram"), array($this, 'failed_login_section_callback'),
+            $this->namespace . '.php');
+        add_settings_section($this->namespace . '_data_management_section',
+            __('Data Management', "two-factor-login-telegram"), array($this, 'data_management_section_callback'),
             $this->namespace . '.php');
 …
             $field_args);
+        // Move Chat ID to Failed Login Report section
         $field_args = array(
             'type' => 'text',
             'id' => 'chat_id',
             'name' => 'chat_id',
             'desc' => __('Chat ID (Telegram) for failed login report.',
+            'desc' => __('Enter your Telegram Chat ID to receive notifications about failed login attempts.',
                 "two-factor-login-telegram"),
             'std' => '',
 …
         add_settings_field('chat_id',
             __('Chat ID', "two-factor-login-telegram"), array(
+            __('Chat ID for Reports', "two-factor-login-telegram"), array(
                 $this,
                 'tg_display_setting',
             ), $this->namespace . '.php', $this->namespace . '_section',
+            ), $this->namespace . '.php', $this->namespace . '_failed_login_section',
             $field_args);
 …
             $field_args);
+        // Move Show site name to Failed Login Report section
         $field_args = array(
             'type' => 'checkbox',
             'id' => 'show_site_name',
             'name' => 'show_site_name',
             'desc' => __('Select this checkbox to show site name on failed login attempt message.<br>This option is useful when you use same bot in several sites.',
+            'desc' => __('Include site name in failed login notifications.<br>Useful when using the same bot for multiple sites.',
                 'two-factor-login-telegram'),
             'std' => '',
 …
         add_settings_field('show_site_name',
             __('Show site name?', 'two-factor-login-telegram'), array(
+            __('Show Site Name', 'two-factor-login-telegram'), array(
                 $this,
                 'tg_display_setting',
             ), $this->namespace . '.php', $this->namespace . '_section',
+            ), $this->namespace . '.php', $this->namespace . '_failed_login_section',
             $field_args);
+        // Move Show site URL to Failed Login Report section
         $field_args = array(
             'type' => 'checkbox',
             'id' => 'show_site_url',
             'name' => 'show_site_url',
             'desc' => __('Select this checkbox to show site URL on failed login attempt message.<br>This option is useful when you use same bot in several sites.',
+            'desc' => __('Include site URL in failed login notifications.<br>Useful when using the same bot for multiple sites.',
                 'two-factor-login-telegram'),
             'std' => '',
 …
         add_settings_field('show_site_url',
             __('Show site URL?', 'two-factor-login-telegram'), array(
+            __('Show Site URL', 'two-factor-login-telegram'), array(
                 $this,
                 'tg_display_setting',
+            ), $this->namespace . '.php', $this->namespace . '_section',
+            ), $this->namespace . '.php', $this->namespace . '_failed_login_section',
+            $field_args);
+        // Add data cleanup option to Data Management section
+        $field_args = array(
+            'type' => 'checkbox',
+            'id' => 'delete_data_on_deactivation',
+            'name' => 'delete_data_on_deactivation',
+            'desc' => __('Delete all plugin data when the plugin is deactivated.<br><strong>Warning:</strong> This will permanently remove all settings, user configurations, authentication codes, and logs.',
+                'two-factor-login-telegram'),
+            'std' => '',
+            'label_for' => 'delete_data_on_deactivation',
+            'class' => 'css_class',
+        );
+        add_settings_field('delete_data_on_deactivation',
+            __('Delete Data on Deactivation', 'two-factor-login-telegram'), array(
+                $this,
+                'tg_display_setting',
+            ), $this->namespace . '.php', $this->namespace . '_data_management_section',
             $field_args);
+    }
 …
     /**
+     * Failed login section callback
+     */
+    public function failed_login_section_callback()
+    {
+        echo '<p>' . __('Configure how to receive notifications when someone fails to log in to your site.', 'two-factor-login-telegram') . '</p>';
+    }
+    /**
+     * Data management section callback
+     */
+    public function data_management_section_callback()
+    {
+        echo '<p>' . __('Manage plugin data and cleanup options.', 'two-factor-login-telegram') . '</p>';
+    }
+    /**
      * Action links
+     *
 …
     public function tg_add_two_factor_fields($user)
+    {
+        ?>
+        <h3 id="wptl"><?php
+            _e('2FA with Telegram',
+                'two-factor-login-telegram'); ?></h3>
+        <table class="form-table">
+            <tr>
+                <th>
+                    <label for="tg_wp_factor_enabled"><?php
+                        _e('Enable 2FA',
+                            'two-factor-login-telegram'); ?>
+                    </label>
+                </th>
+                <td colspan="2">
+                    <input type="hidden" name="tg_wp_factor_valid"
+                           id="tg_wp_factor_valid" value="<?php
+                    echo (int)(esc_attr(get_the_author_meta('tg_wp_factor_enabled',
+                            $user->ID)) === "1"); ?>">
+                    <input type="checkbox" name="tg_wp_factor_enabled"
+                           id="tg_wp_factor_enabled" value="1"
+                           class="regular-text" <?php
+                    echo checked(esc_attr(get_the_author_meta('tg_wp_factor_enabled',
+                        $user->ID)), 1); ?> /><br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="3">
+                    <?php
+                    $username = $this->telegram->get_me()->username;
+                    ?>
+                    <div>
+                        <ol>
+                            <li>
+                                <?php
+                                printf(__('Open a conversation with %s and press on <strong>Start</strong>',
+                                    'two-factor-login-telegram'),
+                                    '<a href="https://telegram.me/' . $username
+                                    . '" target="_blank">@' . $username . '</a>');
+                                ?>
+                            </li>
+                            <li>
+                                <?php
+                                printf(__('Type command %s to obtain your Chat ID.',
+                                    "two-factor-login-telegram"),
+                                    '<code>/get_id</code>');
+                                ?>
+                            </li>
+                            <li>
+                                <?php
+                                _e("The bot will reply with your <strong>Chat ID</strong> number",
+                                    'two-factor-login-telegram');
+                                ?>
+                            </li>
+                            <li><?php
+                                _e('Copy your Chat ID and paste it below, then press <strong>Submit code</strong>',
+                                    'two-factor-login-telegram'); ?></li>
+                        </ol>
+                    </div>
+                </td>
+            </tr>
+            <tr>
+                <th>
+                    <label for="tg_wp_factor_chat_id"><?php
+                        _e('Telegram Chat ID',
+                            'two-factor-login-telegram'); ?>
+                    </label></th>
+                <td>
+                    <input type="text" name="tg_wp_factor_chat_id"
+                           id="tg_wp_factor_chat_id" value="<?php
+                    echo esc_attr(get_the_author_meta('tg_wp_factor_chat_id',
+                        $user->ID)); ?>" class="regular-text"/><br/>
+                    <span class="description"><?php
+                        _e('Put your Telegram Chat ID',
+                            'two-factor-login-telegram'); ?></span>
+                </td>
+                <td>
+                    <button class="button" id="tg_wp_factor_chat_id_send"><?php
+                        _e("Submit code",
+                            "two-factor-login-telegram"); ?></button>
+                </td>
+            </tr>
+            <tr id="factor-chat-confirm">
+                <th>
+                    <label for="tg_wp_factor_chat_id_confirm"><?php
+                        _e('Confirmation code',
+                            'two-factor-login-telegram'); ?>
+                    </label></th>
+                <td>
+                    <input type="text" name="tg_wp_factor_chat_id_confirm"
+                           id="tg_wp_factor_chat_id_confirm" value=""
+                           class="regular-text"/><br/>
+                    <span class="description"><?php
+                        _e('Please enter the confirmation code you received on Telegram',
+                            'two-factor-login-telegram'); ?></span>
+                </td>
+                <td>
+                    <button class="button" id="tg_wp_factor_chat_id_check"><?php
+                        _e("Validate",
+                            "two-factor-login-telegram"); ?></button>
+                </td>
+            </tr>
+            <tr id="factor-chat-response">
+                <td colspan="3">
+                    <div class="wpft-notice wpft-notice-warning">
+                        <p></p>
+                    </div>
+                </td>
+            </tr>
+        </table>
+        <?php
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/user-2fa-form.php");
+    }
 …
                 "sendtoken_nonce" => wp_create_nonce('ajax-sendtoken-nonce'),
                 "tokencheck_nonce" => wp_create_nonce('ajax-tokencheck-nonce'),
+                "spinner" => admin_url("/images/spinner.gif")
+                "spinner" => admin_url("/images/spinner.gif"),
+                // Translated messages
+                "invalid_chat_id" => __('Please enter a valid Chat ID', 'two-factor-login-telegram'),
+                "enter_confirmation_code" => __('Please enter the confirmation code', 'two-factor-login-telegram'),
+                "setup_completed" => __('✅ 2FA setup completed successfully!', 'two-factor-login-telegram'),
+                "code_sent" => __('✅ Code sent! Check your Telegram', 'two-factor-login-telegram'),
+                "modifying_setup" => __('⚠️ Modifying 2FA configuration - validation required', 'two-factor-login-telegram')
             ));
 …
             __("Use this code to complete your 2FA setup in WordPress, or click the button below:", "two-factor-login-telegram")
         );
         // Create inline keyboard with validation button
         $reply_markup = null;
         if ($current_user_id) {
             $nonce = wp_create_nonce('telegram_validate_' . $current_user_id . '_' . $auth_code);
             $validation_url = admin_url('admin.php?page=tg-conf&action=telegram_validate&user_id=' . $current_user_id . '&token=' . $auth_code . '&nonce=' . $nonce);
+            $validation_url = admin_url('options-general.php?page=tg-conf&action=telegram_validate&chat_id='.$_POST['chat_id'].'&user_id=' . $current_user_id . '&token=' . $auth_code . '&nonce=' . $nonce);
             $reply_markup = array(
                 'inline_keyboard' => array(
 …
             );
+        }
         $send = $tg->send_with_keyboard($validation_message, $_POST['chat_id'], $reply_markup);
 …
+    }
+    public function tg_save_custom_user_profile_fields($user_id)
+    /**
+     * Save user's 2FA settings
+     *
+     * @param int $user_id User ID
+     * @param string $chat_id Telegram Chat ID
+     * @param bool $enabled Whether 2FA is enabled
+     * @return bool Success status
+     */
+    public function save_user_2fa_settings($user_id, $chat_id, $enabled = true)
+    {
         if (!current_user_can('edit_user', $user_id)) {
 …
+        }
+        if (empty($chat_id)) {
+            return false;
+        }
+        update_user_meta($user_id, 'tg_wp_factor_chat_id', sanitize_text_field($chat_id));
+        update_user_meta($user_id, 'tg_wp_factor_enabled', $enabled ? '1' : '0');
+        return true;
+    }
+    public function tg_save_custom_user_profile_fields($user_id)
+    {
         if ($_POST['tg_wp_factor_valid'] == 0
             || $_POST['tg_wp_factor_chat_id'] == ""
 …
+        }
+        update_user_meta($user_id, 'tg_wp_factor_chat_id',
+            $_POST['tg_wp_factor_chat_id']);
+        update_user_meta($user_id, 'tg_wp_factor_enabled',
+            $_POST['tg_wp_factor_enabled']);
+        return true;
+        return $this->save_user_2fa_settings(
+            $user_id,
+            $_POST['tg_wp_factor_chat_id'],
+            isset($_POST['tg_wp_factor_enabled'])
+        );
+    }
 …
+    }
+    private function create_or_update_activities_table()
+    {
+        global $wpdb;
+        $table_name = $wpdb->prefix . 'wp2fat_activities';
+        $charset_collate = $wpdb->get_charset_collate();
+        $sql = "CREATE TABLE IF NOT EXISTS $table_name (
+        id mediumint(9) NOT NULL AUTO_INCREMENT,
+        timestamp datetime NOT NULL,
+        action varchar(100) NOT NULL,
+        data longtext,
+        PRIMARY KEY (id),
+        KEY timestamp (timestamp),
+        KEY action (action)
+    ) $charset_collate";
+        require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
+        // Esegue la query per creare/aggiornare la tabella
+        dbDelta($sql);
+    }
+    private function migrate_logs_to_activities_table()
+    {
+        global $wpdb;
+        // Check if old logs exist in option
+        $old_logs = get_option('telegram_bot_logs', array());
+        if (!empty($old_logs)) {
+            $activities_table = $wpdb->prefix . 'wp2fat_activities';
+            // Migrate each log entry
+            foreach ($old_logs as $log) {
+                $wpdb->insert(
+                    $activities_table,
+                    array(
+                        'timestamp' => $log['timestamp'],
+                        'action' => $log['action'],
+                        'data' => maybe_serialize($log['data'])
+                    ),
+                    array('%s', '%s', '%s')
+                );
+            }
+            // Delete the old option after migration
+            delete_option('telegram_bot_logs');
+        }
+    }
     function plugin_activation()
+    {
         $this->create_or_update_telegram_auth_codes_table();
+        $this->create_or_update_activities_table();
+        $this->migrate_logs_to_activities_table();
         update_option('wp_factor_plugin_version', WP_FACTOR_PLUGIN_VERSION);
+        // Flush rewrite rules to add our webhook endpoint
+        // Add rewrite rules before flushing
+        $this->add_telegram_rewrite_rules();
+        // Flush rewrite rules to add our new rules
         flush_rewrite_rules();
+    }
+    function plugin_deactivation()
+    {
+        // Check if data cleanup is enabled
+        $plugin_options = get_option($this->namespace, array());
+        if (isset($plugin_options['delete_data_on_deactivation']) && $plugin_options['delete_data_on_deactivation'] === '1') {
+            $this->cleanup_all_plugin_data();
+        }
+        // Always flush rewrite rules on deactivation
+        flush_rewrite_rules();
+    }
+    private function cleanup_all_plugin_data()
+    {
+        global $wpdb;
+        // Delete plugin settings
+        delete_option($this->namespace);
+        delete_option('wp_factor_plugin_version');
+        delete_option('telegram_bot_logs'); // For backward compatibility
+        // Delete auth codes table
+        $auth_codes_table = $wpdb->prefix . 'telegram_auth_codes';
+        $wpdb->query("DROP TABLE IF EXISTS $auth_codes_table");
+        // Delete activities table
+        $activities_table = $wpdb->prefix . 'wp2fat_activities';
+        $wpdb->query("DROP TABLE IF EXISTS $activities_table");
+        // Delete user meta data for all users
+        $wpdb->delete(
+            $wpdb->usermeta,
+            array(
+                'meta_key' => 'tg_wp_factor_chat_id'
+            )
+        );
+        $wpdb->delete(
+            $wpdb->usermeta,
+            array(
+                'meta_key' => 'tg_wp_factor_enabled'
+            )
+        );
+        // Delete all transients related to the plugin
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_wp2fa_telegram_authcode_%'");
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_timeout_wp2fa_telegram_authcode_%'");
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_" . WP_FACTOR_TG_GETME_TRANSIENT . "%'");
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_timeout_" . WP_FACTOR_TG_GETME_TRANSIENT . "%'");
+    }
 …
         if ($installed_version !== WP_FACTOR_PLUGIN_VERSION) {
             $this->create_or_update_telegram_auth_codes_table();
+            $this->create_or_update_activities_table();
+            $this->migrate_logs_to_activities_table();
             update_option('wp_factor_plugin_version', WP_FACTOR_PLUGIN_VERSION);
+        }
 …
         register_activation_hook(WP_FACTOR_TG_FILE, array($this, 'plugin_activation'));
+        register_deactivation_hook(WP_FACTOR_TG_FILE, array($this, 'plugin_deactivation'));
         add_action('plugins_loaded', array($this, 'check_plugin_update'));
 …
                 . plugin_basename(WP_FACTOR_TG_FILE),
                 array($this, 'action_links'));
-            add_action('updated_option', array($this, 'delete_transients'),
-, 3);
+        }
 …
+        }
+        add_action('show_user_profile',
+            array($this, 'tg_add_two_factor_fields'));
+        add_action('edit_user_profile',
+            array($this, 'tg_add_two_factor_fields'));
+        if ($this->is_valid_bot()) {
+            add_action('show_user_profile',
+                array($this, 'tg_add_two_factor_fields'));
+            add_action('edit_user_profile',
+                array($this, 'tg_add_two_factor_fields'));
+        }
         add_action('personal_options_update',
 …
         // Add REST API endpoint for Telegram webhook
         add_action('rest_api_init', array($this, 'register_telegram_webhook_route'));
+        // Add rewrite rules for Telegram confirmation URLs
+        add_action('init', array($this, 'add_telegram_rewrite_rules'));
+        add_action('parse_request', array($this, 'parse_telegram_request'));
+    }
 …
             'permission_callback' => '__return_true',
         ));
+        register_rest_route('telegram/v1', '/confirm/(?P<user_id>\d+)/(?P<token>[a-zA-Z0-9]+)', array(
+            'methods' => 'GET',
+            'callback' => array($this, 'handle_telegram_confirmation'),
+            'permission_callback' => '__return_true',
+            'args' => array(
+                'user_id' => array(
+                    'validate_callback' => function($param, $request, $key) {
+                        return is_numeric($param);
+                    }
+                ),
+                'token' => array(
+                    'validate_callback' => function($param, $request, $key) {
+                        return preg_match('/^[a-zA-Z0-9]+$/', $param);
+                    }
+                ),
+                'nonce' => array(
+                    'required' => true,
+                )
+    }
+    /**
+     * Add rewrite rules for Telegram confirmation URLs
+     */
+    public function add_telegram_rewrite_rules() {
+        add_rewrite_rule(
+            '^telegram-confirm/([0-9]+)/([a-zA-Z0-9]+)/?$',
+            'index.php?telegram_confirm=1&user_id=$matches[1]&token=$matches[2]',
+            'top'
+        );
+        // Add query vars
+        add_filter('query_vars', function($vars) {
+            $vars[] = 'telegram_confirm';
+            $vars[] = 'user_id';
+            $vars[] = 'token';
+            return $vars;
+        });
+    }
+    /**
+     * Parse Telegram confirmation requests
+     */
+    public function parse_telegram_request() {
+        global $wp;
+        if (isset($wp->query_vars['telegram_confirm']) && $wp->query_vars['telegram_confirm'] == 1) {
+            $user_id = intval($wp->query_vars['user_id']);
+            $token = sanitize_text_field($wp->query_vars['token']);
+            $nonce = sanitize_text_field($_GET['nonce'] ?? '');
+            $this->handle_telegram_confirmation_direct($user_id, $token, $nonce);
+        }
+    }
+    /**
+     * Handle Telegram confirmation via direct URL (not REST API)
+     */
+    public function handle_telegram_confirmation_direct($user_id, $token, $nonce) {
+        // Verify nonce
+        if (!wp_verify_nonce($nonce, 'telegram_confirm_' . $user_id . '_' . $token)) {
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => 'invalid_nonce'
+            ));
+            // Include error template
+            require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-security-failed.php");
+        }
+        // Validate the token
+        $authcode_validation = $this->is_valid_authcode($token, $user_id);
+        if ('valid' !== $authcode_validation) {
+            if ($authcode_validation === 'expired') {
+                $log_reason = 'expired_token';
+            } else {
+                $log_reason = 'invalid_token';
+            }
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => $log_reason
+            ));
+            // Include appropriate error template
+            if ($authcode_validation === 'expired') {
+                require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-expired-token.php");
+            } else {
+                require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-invalid-token.php");
+            }
+        }
+        // Get user
+        $user = get_userdata($user_id);
+        if (!$user) {
+            require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-invalid-token.php");
+        }
+        // Log the user in
+        wp_set_auth_cookie($user_id, false);
+        $this->log_telegram_action('confirmation_success', array(
+            'user_id' => $user_id,
+            'user_login' => $user->user_login,
+            'token' => $token,
+            'method' => 'direct_confirmation'
+        ));
+        // Redirect to admin or specified location
+        $redirect_url = apply_filters('telegram_confirmation_redirect_url', admin_url(), $user);
+        // Redirect directly
+        wp_safe_redirect($redirect_url);
+        exit;
+    }
+    /**
+     * Log Telegram bot actions
+     */
+    public function log_telegram_action($action, $data = array()) {
+        global $wpdb;
+        $activities_table = $wpdb->prefix . 'wp2fat_activities';
+        // Insert new log entry
+        $wpdb->insert(
+            $activities_table,
+            array(
+                'timestamp' => current_time('mysql'),
+                'action' => $action,
+                'data' => maybe_serialize($data)
             ),
+        ));
+    }
+    /**
+     * Log Telegram bot actions
+     */
+    private function log_telegram_action($action, $data = array()) {
+        $log_entry = array(
+            'timestamp' => current_time('mysql'),
+            'action' => $action,
+            'data' => $data
+        );
+        $logs = get_option('telegram_bot_logs', array());
+        array_unshift($logs, $log_entry);
+        // Keep only last 100 log entries
+        $logs = array_slice($logs, 0, 100);
+        update_option('telegram_bot_logs', $logs);
+            array('%s', '%s', '%s')
+        );
+        // Clean up old entries - keep only last 1000 entries
+        $wpdb->query("DELETE FROM $activities_table WHERE id NOT IN (SELECT id FROM (SELECT id FROM $activities_table ORDER BY timestamp DESC LIMIT 1000) temp_table)");
+    }
 …
+    }
+    /**
+     * Handle Telegram confirmation via link
+     */
+    public function handle_telegram_confirmation($request) {
+        $user_id = intval($request['user_id']);
+        $token = sanitize_text_field($request['token']);
+        $nonce = sanitize_text_field($request->get_param('nonce'));
+        // Verify nonce
+        if (!wp_verify_nonce($nonce, 'telegram_confirm_' . $user_id . '_' . $token)) {
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => 'invalid_nonce'
+            ));
+            return new WP_Error('invalid_nonce', __('Security check failed.', 'two-factor-login-telegram'), array('status' => 403));
+        }
+        // Validate the token
+        if (!$this->is_valid_authcode($token, $user_id)) {
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => 'invalid_token'
+            ));
+            return new WP_Error('invalid_token', __('Invalid or expired token.', 'two-factor-login-telegram'), array('status' => 400));
+        }
+        // Get user
+        $user = get_userdata($user_id);
+        if (!$user) {
+            return new WP_Error('invalid_user', __('Invalid user.', 'two-factor-login-telegram'), array('status' => 400));
+        }
+        // Log the user in
+        wp_set_auth_cookie($user_id, false);
+        $this->log_telegram_action('confirmation_success', array(
+            'user_id' => $user_id,
+            'user_login' => $user->user_login,
+            'token' => $token,
+            'method' => 'link_confirmation'
+        ));
+        // Redirect to admin or specified location
+        $redirect_url = apply_filters('telegram_confirmation_redirect_url', admin_url(), $user);
+        // Redirect directly instead of returning JSON
+        wp_safe_redirect($redirect_url);
+        exit;
+    }
+}

two-factor-login-telegram/tags/3.5.0/includes/class-wp-telegram.php

r3331421	r3332295
148	148	if ($user_id) {
149	149	$nonce = wp_create_nonce('telegram_confirm_' . $user_id . '_' . $token);
150		$confirmation_url = ~~site_url('/wp-json/telegram/v1/confirm/' . $user_id . '/' . $token . '~~?nonce=' . $nonce);
	150	$confirmation_url = home_url('/telegram-confirm/' . $user_id . '/' . $token . '/?nonce=' . $nonce);
151	151
152	152	$reply_markup = array(

two-factor-login-telegram/tags/3.5.0/two-factor-telegram.php

-                      r3331421
+                      r3332295
  * Plugin URI: https://blog.dueclic.com/wordpress-autenticazione-due-fattori-telegram/
  * Description: This plugin enables two factor authentication with Telegram by increasing your website security and sends an alert every time a wrong login occurs.
  * Version: 3.4
+ * Version: 3.5.0
  * Requires at least: 6.0
  * Tested up to: 6.8
 …
+}
 define('WP_FACTOR_PLUGIN_VERSION', '3.4');
+define('WP_FACTOR_PLUGIN_VERSION', '3.5.0');
 define('WP_FACTOR_AUTHCODE_EXPIRE_SECONDS', 60 * 20);

two-factor-login-telegram/trunk/README.md

-                      r3331421
+                      r3332295
 Requires PHP: 7.0
 Tested up to: 6.8
 Stable tag: 3.4
+Stable tag: 3.5.0
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 …
 == Changelog ==
+= 3.5.0 =
+* **Enhanced Logs System**: Replaced simple logs with professional WP_List_Table implementation featuring pagination (10 items per page), sorting, and bulk actions
+* **Improved User Interface**: Complete UI overhaul with enhanced styling, better form layouts, and improved user experience
+* **Advanced Database Management**: Migrated to MySQL tables for better performance and reliability instead of WordPress options
+* **Better Chat ID Validation**: Enhanced Chat ID validation with proper format checking for both user and group chats
+* **JavaScript Translations**: Implemented proper internationalization for all JavaScript messages using wp_localize_script
+* **Enhanced User Feedback**: Added contextual status messages during 2FA configuration with clear visual indicators
+* **Template System**: Introduced dedicated error templates for better error handling and user guidance
+* **Timestamp Formatting**: Logs now respect WordPress date/time format settings for consistent display
+* **Bug Fixes**: Fixed duplicate Chat ID input elements issue and improved form validation
+* **Performance Improvements**: Optimized database queries and reduced memory usage
 = 3.4 =

two-factor-login-telegram/trunk/assets/css/wp-factor-telegram-plugin.css

-                      r2805641
+                      r3332295
 #wpft-howto .ui-accordion-header {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+}
+/* 2FA Configuration Improvements */
+#tg-2fa-configuration {
+    opacity: 0;
+    max-height: 0;
+    overflow: hidden;
+    transition: all 0.3s ease-in-out;
+    transform: translateY(-10px);
+}
+#tg-2fa-configuration.show {
+    opacity: 1;
+    max-height: 1000px;
+    transform: translateY(0);
+}
+#tg-2fa-configuration .form-table {
+    background: #f9f9f9;
+    border-radius: 8px;
+    padding: 20px;
+    margin-top: 15px;
+    border: 1px solid #e1e1e1;
+}
+/* Step indicator */
+.tg-setup-steps {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    color: white;
+    padding: 20px;
+    border-radius: 8px;
+    margin-bottom: 20px;
+}
+.tg-setup-steps ol {
+    margin: 0;
+    padding-left: 20px;
+}
+.tg-setup-steps li {
+    margin-bottom: 10px;
+    line-height: 1.5;
+}
+.tg-setup-steps a {
+    color: #fff;
+    text-decoration: underline;
+}
+.tg-setup-steps strong {
+    font-weight: 600;
+}
+/* Input improvements */
+#tg_wp_factor_chat_id {
+    font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
+    font-size: 14px;
+    padding: 8px 12px;
+    border: 2px solid #ddd;
+    border-radius: 6px;
+    transition: all 0.2s ease;
+}
+#tg_wp_factor_chat_id:focus {
+    border-color: #667eea;
+    box-shadow: 0 0 0 2px rgba(102, 126, 234, 0.2);
+    outline: none;
+}
+#tg_wp_factor_chat_id.input-valid {
+    border-color: #46b450 !important;
+    box-shadow: 0 0 0 2px rgba(70, 180, 80, 0.2) !important;
+}
+/* Button improvements */
+.tg-action-button {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    border: none;
+    color: white;
+    padding: 10px 20px;
+    border-radius: 6px;
+    cursor: pointer;
+    font-weight: 500;
+    transition: all 0.2s ease;
+    position: relative;
+    overflow: hidden;
+}
+.tg-action-button:hover {
+    transform: translateY(-1px);
+    box-shadow: 0 4px 12px rgba(102, 126, 234, 0.3);
+}
+.tg-action-button:active {
+    transform: translateY(0);
+}
+.tg-action-button.disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+    transform: none !important;
+    box-shadow: none !important;
+}
+/* Loading spinner improvements */
+.load-spinner {
+    display: inline-block;
+    margin-left: 10px;
+    vertical-align: middle;
+}
+/* FAQ Section Styling */
+#wpft-howto {
+    margin: 20px 0;
+}
+#wpft-howto h3 {
     background-color: #389abe;
+}
+    color: white;
+    padding: 15px 20px;
+    margin: 20px 0 0 0;
+    font-size: 16px;
+    border-radius: 5px 5px 0 0;
+}
+#wpft-howto .faq-content {
+    background-color: #f9f9f9;
+    padding: 20px;
+    border: 1px solid #ddd;
+    border-top: none;
+    border-radius: 0 0 5px 5px;
+    margin-bottom: 20px;
+}
+#wpft-howto p {
+    margin: 10px 0;
+    line-height: 1.6;
+}
+#wpft-howto ol {
+    margin: 15px 0;
+    padding-left: 20px;
+}
+#wpft-howto li {
+    margin-bottom: 10px;
+    line-height: 1.5;
+}
+#wpft-howto .command {
+    background: #333;
+    color: #fff;
+    padding: 2px 6px;
+    border-radius: 3px;
+    font-family: monospace;
+    font-size: 13px;
+}
+#wpft-howto .screenshot-container {
+    margin: 15px 0;
+    text-align: center;
+    padding: 10px;
+    background: #fff;
+    border: 1px solid #ddd;
+    border-radius: 3px;
+}
+#wpft-howto .help-screenshot {
+    max-width: 100%;
+    height: auto;
+    border: 1px solid #ccc;
+}
+#wpft-howto .notice {
+    padding: 12px;
+    margin: 15px 0;
+    border-left: 4px solid #00a0d2;
+    background: #f7fcfe;
+}
+#wpft-howto .external-link {
+    color: #0073aa;
+    text-decoration: none;
+}
+#wpft-howto .external-link:hover {
+    text-decoration: underline;
+}
+.load-spinner img {
+    width: 20px;
+    height: 20px;
+}
+/* Progress indicator */
+.tg-progress {
+    background: #f0f0f0;
+    border-radius: 10px;
+    height: 6px;
+    overflow: hidden;
+    margin: 15px 0;
+}
+.tg-progress-bar {
+    background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    height: 100%;
+    border-radius: 10px;
+    transition: width 0.3s ease;
+    width: 0%;
+}
+/* Status indicators */
+.tg-status {
+    display: inline-flex;
+    align-items: center;
+    padding: 8px 12px;
+    border-radius: 6px;
+    font-size: 12px;
+    font-weight: 500;
+    margin-top: 10px;
+}
+.tg-status.success {
+    background: #d4edda;
+    color: #155724;
+    border: 1px solid #c3e6cb;
+}
+.tg-status.error {
+    background: #f8d7da;
+    color: #721c24;
+    border: 1px solid #f5c6cb;
+}
+.tg-status.warning {
+    background: #fff3cd;
+    color: #856404;
+    border: 1px solid #ffeeba;
+}
+.tg-status::before {
+    content: '';
+    width: 8px;
+    height: 8px;
+    border-radius: 50%;
+    margin-right: 8px;
+}
+.tg-status.success::before {
+    background: #28a745;
+}
+.tg-status.error::before {
+    background: #dc3545;
+}
+.tg-status.warning::before {
+    background: #ffc107;
+}
+/* Confirmation field improvements */
+#factor-chat-confirm {
+    background: #f8f9fa;
+    border-radius: 8px;
+    padding: 15px;
+    border: 1px solid #e9ecef;
+    margin-top: 15px;
+}
+#tg_wp_factor_chat_id_confirm {
+    font-family: 'Monaco', 'Menlo', 'Ubuntu Mono', monospace;
+    font-size: 14px;
+    padding: 8px 12px;
+    border: 2px solid #ddd;
+    border-radius: 6px;
+    transition: all 0.2s ease;
+}
+#tg_wp_factor_chat_id_confirm:focus {
+    border-color: #667eea;
+    box-shadow: 0 0 0 2px rgba(102, 126, 234, 0.2);
+    outline: none;
+}
+/* Responsive improvements */
+@media (max-width: 768px) {
+    #tg-2fa-configuration .form-table td {
+        display: block;
+        width: 100%;
+        padding-bottom: 10px;
+    }
+    .tg-action-button {
+        width: 100%;
+        margin-top: 10px;
+    }
+}

two-factor-login-telegram/trunk/assets/js/wp-factor-telegram-plugin.js

-                      r3168516
+                      r3332295
     var $twbtn = $("#tg_wp_factor_chat_id_send");
     var $twctrl = $("#tg_wp_factor_valid");
+    var $twenabled = $("#tg_wp_factor_enabled");
+    var $twconfig = $("#tg-2fa-configuration");
+    var $tweditbtn = $("#tg-edit-chat-id");
+    var $twconfigrow = $(".tg-configured-row");
     var $twfcr = $("#factor-chat-response");
 …
     function init() {
+        // Handle checkbox toggle for 2FA configuration with smooth animation
+        $twenabled.on("change", function(evt){
+            var isConfigured = $twconfigrow.length > 0;
+            if ($(this).is(":checked") && !isConfigured) {
+                $twconfig.addClass('show').show();
+                updateProgress(25);
+            } else {
+                $twconfig.removeClass('show');
+                setTimeout(function() {
+                    $twconfig.hide();
+                }, 300);
+                $twctrl.val(0);
+                updateProgress(0);
+                resetStatusIndicators();
+            }
+        });
+        // Handle edit button click (when 2FA is already configured)
+        $tweditbtn.on("click", function(evt){
+            evt.preventDefault();
+            // Hide configured row and show configuration form
+            $twconfigrow.hide();
+            $twconfig.addClass('show').show();
+            // Make the input editable and clear it
+            $twfci.prop('readonly', false).removeClass('input-valid').css('background', '').val('');
+            // Reset validation state
+            $twctrl.val(0);
+            updateProgress(25);
+            resetStatusIndicators();
+            // Show modifying status message
+            $('.tg-status.success').removeClass('success').addClass('warning').text(tlj.modifying_setup);
+        });
+        // Watch for changes in Chat ID when in edit mode
+        $twfci.on("input", function(){
+            var currentValue = $(this).val();
+            var originalValue = $(this).data('original-value');
+            // If value changed from original, require re-validation
+            if (currentValue !== originalValue) {
+                $twctrl.val(0);
+                $(this).removeClass('input-valid');
+            }
+        });
+        // Initialize visibility based on checkbox state and configuration
+        var isConfigured = $twconfigrow.length > 0;
+        if ($twenabled.is(":checked") && !isConfigured) {
+            $twconfig.addClass('show').show();
+            updateProgress(25);
+        } else {
+            $twconfig.removeClass('show').hide();
+        }
+        // Store original chat ID value for comparison
+        if ($twfci.length) {
+            $twfci.data('original-value', $twfci.val());
+        }
         $twfci.on("change", function(evt){
            $twctrl.val(0);
+           // Validate Chat ID format (basic validation)
+           validateChatId($(this).val());
         });
         $twbtn.on("click", function(evt){
             evt.preventDefault();
             var chat_id = $twfci.val();
+            if (!validateChatId(chat_id)) {
+                showStatus('#chat-id-status', 'error', tlj.invalid_chat_id);
+                return;
+            }
             send_tg_token(chat_id);
         });
         $twfcheck.on("click", function(evt){
             evt.preventDefault();
             var token = $twfciconf.val();
             var chat_id = $twfci.val();
+            if (!token.trim()) {
+                showStatus('#validation-status', 'error', tlj.enter_confirmation_code);
+                return;
+            }
             check_tg_token(token, chat_id);
         });
 …
                 $twfcheck.addClass('disabled').after('<div class="load-spinner"><img src="'+tlj.spinner+'" /></div>');
                 $twfcr.hide();
+                hideStatus('#validation-status');
             },
             dataType: "json",
 …
                     $twfci.addClass("input-valid");
                     $twctrl.val(1);
+                    updateProgress(100);
+                    showStatus('#validation-status', 'success', tlj.setup_completed);
+                }
                 else {
+                    $twfcr.find(".wpft-notice p").text(response.msg);
+                    $twfcr.show();
+                    showStatus('#validation-status', 'error', response.msg);
                     $twfci.removeClass("input-valid");
                     $twctrl.val(0);
 …
             },
             error: function(xhr, ajaxOptions, thrownError){
+                $twfcr.find(".wpft-notice p").text(tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
+                $twfcr.show();
+                showStatus('#validation-status', 'error', tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
                 $twfci.removeClass("input-valid");
             },
 …
                 $twfcr.hide();
                 $twfconf.hide();
+                hideStatus('#chat-id-status');
             },
             dataType: "json",
 …
                     $twfconf.show();
                     $twfci.removeClass("input-valid");
+                    updateProgress(75);
+                    showStatus('#chat-id-status', 'success', tlj.code_sent);
+                }
                 else {
+                    $twfcr.find(".wpft-notice p").text(response.msg);
+                    $twfcr.show();
+                    showStatus('#chat-id-status', 'error', response.msg);
+                }
             },
             error: function(xhr, ajaxOptions, thrownError){
+                $twfcr.find(".wpft-notice p").text(tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
+                $twfcr.show();
+                showStatus('#chat-id-status', 'error', tlj.ajax_error+" "+thrownError+" ("+xhr.state+")");
             },
             complete: function() {
 …
+    }
+    // Helper functions
+    function updateProgress(percentage) {
+        $('#tg-progress-bar').css('width', percentage + '%');
+    }
+    function validateChatId(chatId) {
+        // Telegram Chat ID validation: must be numeric (positive for users, negative for groups)
+        if (!chatId || typeof chatId !== 'string') {
+            return false;
+        }
+        var trimmedId = chatId.trim();
+        if (trimmedId === '') {
+            return false;
+        }
+        // Check if it's a valid number (can be negative for groups)
+        var numericId = parseInt(trimmedId, 10);
+        return !isNaN(numericId) && trimmedId === numericId.toString();
+    }
+    function showStatus(selector, type, message) {
+        var $status = $(selector);
+        $status.removeClass('success error warning')
+               .addClass(type)
+               .text(message)
+               .fadeIn(300);
+    }
+    function hideStatus(selector) {
+        $(selector).fadeOut(300);
+    }
+    function resetStatusIndicators() {
+        hideStatus('#chat-id-status');
+        hideStatus('#validation-status');
+    }
 }(jQuery);

two-factor-login-telegram/trunk/includes/class-wp-factor-telegram-plugin.php

-                      r3331421
+                      r3332295
         require_once(dirname(WP_FACTOR_TG_FILE)
             . "/includes/class-wp-telegram.php");
+        require_once(dirname(WP_FACTOR_TG_FILE)
+            . "/includes/class-telegram-logs-list-table.php");
+    }
 …
     /**
-     * Authentication page
+     *
-     * @param $user
-     */
-    private function authentication_page($user)
+    {
-        require_once(ABSPATH . '/wp-admin/includes/template.php');
-        ?>
-        <p class="notice notice-warning">
-            <?php
-            _e("Enter the code sent to your Telegram account.",
-                "two-factor-login-telegram");
-            ?>
-        </p>
-        <p>
-            <label for="authcode" style="padding-top:1em">
-                <?php
-                _e("Authentication code:", "two-factor-login-telegram");
-                ?>
-            </label>
-            <input type="text" name="authcode" id="authcode" class="input"
-                   value="" size="5"/>
-        </p>
-        <?php
-        submit_button(__('Login with Telegram',
-            'two-factor-login-telegram'));
+    }
-    /**
      * Login HTML Page
+     *
 …
+        }
-        login_header();
-        if (!empty($error_msg)) {
-            echo '<div id="login_error"><strong>' . esc_html($error_msg)
-                . '</strong><br /></div>';
+        }
         // Filter hook to add a custom logo to the 2FA login screen
         $plugin_logo = apply_filters('two_factor_login_telegram_logo',
             plugins_url('assets/img/plugin_logo.png', WP_FACTOR_TG_FILE));
+        ?>
+        <style>
+            body.login div#login h1 a {
+                background-image: url("<?php echo esc_url($plugin_logo); ?>");
+            }
+        </style>
+        <form name="validate_tg" id="loginform" action="<?php
+        echo esc_url(site_url('wp-login.php?action=validate_tg',
+            'login_post')); ?>" method="post" autocomplete="off">
+            <input type="hidden" name="nonce"
+                   value="<?php echo wp_create_nonce('wp2fa_telegram_auth_nonce_' . $user->ID); ?>">
+            <input type="hidden" name="wp-auth-id" id="wp-auth-id" value="<?php
+            echo esc_attr($user->ID); ?>"/>
+            <input type="hidden" name="redirect_to" value="<?php
+            echo esc_attr($redirect_to); ?>"/>
+            <input type="hidden" name="rememberme" id="rememberme" value="<?php
+            echo esc_attr($rememberme); ?>"/>
+            <?php
+            $this->authentication_page($user); ?>
+        </form>
+        <p id="backtoblog">
+            <a href="<?php
+            echo esc_url(home_url('/')); ?>" title="<?php
+            __("Are you lost?", "two-factor-login-telegram"); ?>"><?php
+                echo sprintf(__('&larr; Back to %s',
+                    'two-factor-login-telegram'),
+                    get_bloginfo('title', 'display')); ?></a>
+        </p>
+        <?php
+        do_action('login_footer'); ?>
+        <div class="clear"></div>
+        </body>
+        </html>
+        <?php
+        require_once(ABSPATH . '/wp-admin/includes/template.php');
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/login-form.php");
+    }
 …
         $hashed_auth_code = hash('sha256', $authcode);
         $current_datetime = current_time('mysql');
+        $query = $wpdb->prepare(
+        // Check if token exists for this user
+        $token_exists_query = $wpdb->prepare(
             "SELECT COUNT(*)
+        FROM $table_name
+        WHERE auth_code = %s
+        AND user_id = %d
+        AND expiration_date > %s",
+            FROM $table_name
+            WHERE auth_code = %s
+            AND user_id = %d",
+            $hashed_auth_code, $user_id
+        );
+        $token_exists = ($wpdb->get_var($token_exists_query) > 0);
+        if (!$token_exists) {
+            return 'invalid'; // Invalid token
+        }
+        // Check if token is not expired
+        $valid_token_query = $wpdb->prepare(
+            "SELECT COUNT(*)
+            FROM $table_name
+            WHERE auth_code = %s
+            AND user_id = %d
+            AND expiration_date > %s",
             $hashed_auth_code, $user_id, $current_datetime
         );
+        return ($wpdb->get_var($query) > 0);
+        $is_valid = ($wpdb->get_var($valid_token_query) > 0);
+        if (!$is_valid) {
+            return 'expired'; // Token exists but expired
+        }
+        return 'valid'; // Valid token
+    }
 …
+        }
+        if (true !== $this->is_valid_authcode($_REQUEST['authcode'], $user->ID)) {
+        $authcode_validation = $this->is_valid_authcode($_REQUEST['authcode'], $user->ID);
+        if ('valid' !== $authcode_validation) {
             do_action('wp_factor_telegram_failed', $user->user_login);
 …
             $chat_id = $this->get_user_chatid($user->ID);
             $result = $this->telegram->send_tg_token($auth_code, $chat_id, $user->ID);
+            // Determine error message based on validation result
+            $error_message = '';
+            $log_reason = '';
+            if ($authcode_validation === 'expired') {
+                $error_message = __('The verification code has expired. We just sent you a new code, please try again!',
+                    'two-factor-login-telegram');
+                $log_reason = 'expired_verification_code';
+            } else {
+                $error_message = __('Wrong verification code, we just sent a new code, please try again!',
+                    'two-factor-login-telegram');
+                $log_reason = 'wrong_verification_code';
+            }
             $this->log_telegram_action('auth_code_resent', array(
 …
                 'chat_id' => $chat_id,
                 'success' => $result !== false,
                 'reason' => 'wrong_verification_code'
+                'reason' => $log_reason
             ));
+            $this->login_html($user, $_REQUEST['redirect_to'],
+                __('Wrong verification code, we just sent a new code, please try again!',
+                    'two-factor-login-telegram'));
+            $this->login_html($user, $_REQUEST['redirect_to'], $error_message);
             exit;
+        }
 …
     public function configure_tg()
+    {
         require(dirname(WP_FACTOR_TG_FILE) . "/sections/configure_tg.php");
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/configuration.php");
+    }
 …
     public function show_telegram_logs()
+    {
+        $logs = get_option('telegram_bot_logs', array());
+        // Handle clear logs action
+        if (isset($_POST['clear_logs']) && wp_verify_nonce($_POST['_wpnonce'], 'clear_telegram_logs')) {
+            delete_option('telegram_bot_logs');
+            $logs = array();
+            echo '<div class="notice notice-success is-dismissible"><p>' . __('Logs cleared successfully.', 'two-factor-login-telegram') . '</p></div>';
+        }
+        ?>
+        <div class="wrap">
+            <h1><?php _e('Telegram Bot Logs', 'two-factor-login-telegram'); ?></h1>
+            <form method="post">
+                <?php wp_nonce_field('clear_telegram_logs'); ?>
+                <input type="submit" name="clear_logs" class="button button-secondary" value="<?php _e('Clear Logs', 'two-factor-login-telegram'); ?>" onclick="return confirm('<?php _e('Are you sure you want to clear all logs?', 'two-factor-login-telegram'); ?>')">
+            </form>
+            <br>
+            <?php if (empty($logs)): ?>
+                <p><?php _e('No logs available.', 'two-factor-login-telegram'); ?></p>
+            <?php else: ?>
+                <table class="wp-list-table widefat fixed striped">
+                    <thead>
+                        <tr>
+                            <th style="width: 15%;"><?php _e('Timestamp', 'two-factor-login-telegram'); ?></th>
+                            <th style="width: 15%;"><?php _e('Action', 'two-factor-login-telegram'); ?></th>
+                            <th><?php _e('Data', 'two-factor-login-telegram'); ?></th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        <?php foreach ($logs as $log): ?>
+                            <tr>
+                                <td><?php echo esc_html($log['timestamp']); ?></td>
+                                <td><?php echo esc_html($log['action']); ?></td>
+                                <td>
+                                    <details>
+                                        <summary><?php _e('View details', 'two-factor-login-telegram'); ?></summary>
+                                        <pre style="background: #f1f1f1; padding: 10px; margin-top: 10px; overflow-x: auto;"><?php echo esc_html(print_r($log['data'], true)); ?></pre>
+                                    </details>
+                                </td>
+                            </tr>
+                        <?php endforeach; ?>
+                    </tbody>
+                </table>
+            <?php endif; ?>
+        </div>
+        <?php
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/logs-page.php");
+    }
 …
+    }
+    function delete_transients($option_name, $old_value, $new_value)
+    {
+        if ($this->namespace === $option_name) {
+            delete_transient(WP_FACTOR_TG_GETME_TRANSIENT);
+            if (!empty($new_value['bot_token'])) {
+                $webhook_url = rest_url('telegram/v1/webhook');
+                $this->telegram->set_bot_token($new_value['bot_token'])->set_webhook($webhook_url);
+            }
+        }
+    function sanitize_settings($input)
+    {
+        // Sanitize input values
+        $sanitized = array();
+        if (isset($input['bot_token'])) {
+            $sanitized['bot_token'] = sanitize_text_field($input['bot_token']);
+        }
+        if (isset($input['chat_id'])) {
+            $sanitized['chat_id'] = sanitize_text_field($input['chat_id']);
+        }
+        if (isset($input['enabled'])) {
+            $sanitized['enabled'] = $input['enabled'] === '1' ? '1' : '0';
+        }
+        if (isset($input['show_site_name'])) {
+            $sanitized['show_site_name'] = $input['show_site_name'] === '1' ? '1' : '0';
+        }
+        if (isset($input['show_site_url'])) {
+            $sanitized['show_site_url'] = $input['show_site_url'] === '1' ? '1' : '0';
+        }
+        if (isset($input['delete_data_on_deactivation'])) {
+            $sanitized['delete_data_on_deactivation'] = $input['delete_data_on_deactivation'] === '1' ? '1' : '0';
+        }
+        // Delete transients when settings are updated
+        delete_transient(WP_FACTOR_TG_GETME_TRANSIENT);
+        // Set webhook if bot token is provided
+        if (!empty($sanitized['bot_token'])) {
+            $webhook_url = rest_url('telegram/v1/webhook');
+            $this->telegram->set_bot_token($sanitized['bot_token'])->set_webhook($webhook_url);
+        }
+        return $sanitized;
+    }
     function tg_register_settings()
+    {
+        register_setting($this->namespace, $this->namespace);
+        register_setting($this->namespace, $this->namespace, array(
+            'sanitize_callback' => array($this, 'sanitize_settings')
+        ));
         add_settings_section($this->namespace . '_section',
             __('Telegram Configuration', "two-factor-login-telegram"), '',
+            $this->namespace . '.php');
+        add_settings_section($this->namespace . '_failed_login_section',
+            __('Failed Login Report', "two-factor-login-telegram"), array($this, 'failed_login_section_callback'),
+            $this->namespace . '.php');
+        add_settings_section($this->namespace . '_data_management_section',
+            __('Data Management', "two-factor-login-telegram"), array($this, 'data_management_section_callback'),
             $this->namespace . '.php');
 …
             $field_args);
+        // Move Chat ID to Failed Login Report section
         $field_args = array(
             'type' => 'text',
             'id' => 'chat_id',
             'name' => 'chat_id',
             'desc' => __('Chat ID (Telegram) for failed login report.',
+            'desc' => __('Enter your Telegram Chat ID to receive notifications about failed login attempts.',
                 "two-factor-login-telegram"),
             'std' => '',
 …
         add_settings_field('chat_id',
             __('Chat ID', "two-factor-login-telegram"), array(
+            __('Chat ID for Reports', "two-factor-login-telegram"), array(
                 $this,
                 'tg_display_setting',
             ), $this->namespace . '.php', $this->namespace . '_section',
+            ), $this->namespace . '.php', $this->namespace . '_failed_login_section',
             $field_args);
 …
             $field_args);
+        // Move Show site name to Failed Login Report section
         $field_args = array(
             'type' => 'checkbox',
             'id' => 'show_site_name',
             'name' => 'show_site_name',
             'desc' => __('Select this checkbox to show site name on failed login attempt message.<br>This option is useful when you use same bot in several sites.',
+            'desc' => __('Include site name in failed login notifications.<br>Useful when using the same bot for multiple sites.',
                 'two-factor-login-telegram'),
             'std' => '',
 …
         add_settings_field('show_site_name',
             __('Show site name?', 'two-factor-login-telegram'), array(
+            __('Show Site Name', 'two-factor-login-telegram'), array(
                 $this,
                 'tg_display_setting',
             ), $this->namespace . '.php', $this->namespace . '_section',
+            ), $this->namespace . '.php', $this->namespace . '_failed_login_section',
             $field_args);
+        // Move Show site URL to Failed Login Report section
         $field_args = array(
             'type' => 'checkbox',
             'id' => 'show_site_url',
             'name' => 'show_site_url',
             'desc' => __('Select this checkbox to show site URL on failed login attempt message.<br>This option is useful when you use same bot in several sites.',
+            'desc' => __('Include site URL in failed login notifications.<br>Useful when using the same bot for multiple sites.',
                 'two-factor-login-telegram'),
             'std' => '',
 …
         add_settings_field('show_site_url',
             __('Show site URL?', 'two-factor-login-telegram'), array(
+            __('Show Site URL', 'two-factor-login-telegram'), array(
                 $this,
                 'tg_display_setting',
+            ), $this->namespace . '.php', $this->namespace . '_section',
+            ), $this->namespace . '.php', $this->namespace . '_failed_login_section',
+            $field_args);
+        // Add data cleanup option to Data Management section
+        $field_args = array(
+            'type' => 'checkbox',
+            'id' => 'delete_data_on_deactivation',
+            'name' => 'delete_data_on_deactivation',
+            'desc' => __('Delete all plugin data when the plugin is deactivated.<br><strong>Warning:</strong> This will permanently remove all settings, user configurations, authentication codes, and logs.',
+                'two-factor-login-telegram'),
+            'std' => '',
+            'label_for' => 'delete_data_on_deactivation',
+            'class' => 'css_class',
+        );
+        add_settings_field('delete_data_on_deactivation',
+            __('Delete Data on Deactivation', 'two-factor-login-telegram'), array(
+                $this,
+                'tg_display_setting',
+            ), $this->namespace . '.php', $this->namespace . '_data_management_section',
             $field_args);
+    }
 …
     /**
+     * Failed login section callback
+     */
+    public function failed_login_section_callback()
+    {
+        echo '<p>' . __('Configure how to receive notifications when someone fails to log in to your site.', 'two-factor-login-telegram') . '</p>';
+    }
+    /**
+     * Data management section callback
+     */
+    public function data_management_section_callback()
+    {
+        echo '<p>' . __('Manage plugin data and cleanup options.', 'two-factor-login-telegram') . '</p>';
+    }
+    /**
      * Action links
+     *
 …
     public function tg_add_two_factor_fields($user)
+    {
+        ?>
+        <h3 id="wptl"><?php
+            _e('2FA with Telegram',
+                'two-factor-login-telegram'); ?></h3>
+        <table class="form-table">
+            <tr>
+                <th>
+                    <label for="tg_wp_factor_enabled"><?php
+                        _e('Enable 2FA',
+                            'two-factor-login-telegram'); ?>
+                    </label>
+                </th>
+                <td colspan="2">
+                    <input type="hidden" name="tg_wp_factor_valid"
+                           id="tg_wp_factor_valid" value="<?php
+                    echo (int)(esc_attr(get_the_author_meta('tg_wp_factor_enabled',
+                            $user->ID)) === "1"); ?>">
+                    <input type="checkbox" name="tg_wp_factor_enabled"
+                           id="tg_wp_factor_enabled" value="1"
+                           class="regular-text" <?php
+                    echo checked(esc_attr(get_the_author_meta('tg_wp_factor_enabled',
+                        $user->ID)), 1); ?> /><br/>
+                </td>
+            </tr>
+            <tr>
+                <td colspan="3">
+                    <?php
+                    $username = $this->telegram->get_me()->username;
+                    ?>
+                    <div>
+                        <ol>
+                            <li>
+                                <?php
+                                printf(__('Open a conversation with %s and press on <strong>Start</strong>',
+                                    'two-factor-login-telegram'),
+                                    '<a href="https://telegram.me/' . $username
+                                    . '" target="_blank">@' . $username . '</a>');
+                                ?>
+                            </li>
+                            <li>
+                                <?php
+                                printf(__('Type command %s to obtain your Chat ID.',
+                                    "two-factor-login-telegram"),
+                                    '<code>/get_id</code>');
+                                ?>
+                            </li>
+                            <li>
+                                <?php
+                                _e("The bot will reply with your <strong>Chat ID</strong> number",
+                                    'two-factor-login-telegram');
+                                ?>
+                            </li>
+                            <li><?php
+                                _e('Copy your Chat ID and paste it below, then press <strong>Submit code</strong>',
+                                    'two-factor-login-telegram'); ?></li>
+                        </ol>
+                    </div>
+                </td>
+            </tr>
+            <tr>
+                <th>
+                    <label for="tg_wp_factor_chat_id"><?php
+                        _e('Telegram Chat ID',
+                            'two-factor-login-telegram'); ?>
+                    </label></th>
+                <td>
+                    <input type="text" name="tg_wp_factor_chat_id"
+                           id="tg_wp_factor_chat_id" value="<?php
+                    echo esc_attr(get_the_author_meta('tg_wp_factor_chat_id',
+                        $user->ID)); ?>" class="regular-text"/><br/>
+                    <span class="description"><?php
+                        _e('Put your Telegram Chat ID',
+                            'two-factor-login-telegram'); ?></span>
+                </td>
+                <td>
+                    <button class="button" id="tg_wp_factor_chat_id_send"><?php
+                        _e("Submit code",
+                            "two-factor-login-telegram"); ?></button>
+                </td>
+            </tr>
+            <tr id="factor-chat-confirm">
+                <th>
+                    <label for="tg_wp_factor_chat_id_confirm"><?php
+                        _e('Confirmation code',
+                            'two-factor-login-telegram'); ?>
+                    </label></th>
+                <td>
+                    <input type="text" name="tg_wp_factor_chat_id_confirm"
+                           id="tg_wp_factor_chat_id_confirm" value=""
+                           class="regular-text"/><br/>
+                    <span class="description"><?php
+                        _e('Please enter the confirmation code you received on Telegram',
+                            'two-factor-login-telegram'); ?></span>
+                </td>
+                <td>
+                    <button class="button" id="tg_wp_factor_chat_id_check"><?php
+                        _e("Validate",
+                            "two-factor-login-telegram"); ?></button>
+                </td>
+            </tr>
+            <tr id="factor-chat-response">
+                <td colspan="3">
+                    <div class="wpft-notice wpft-notice-warning">
+                        <p></p>
+                    </div>
+                </td>
+            </tr>
+        </table>
+        <?php
+        require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/user-2fa-form.php");
+    }
 …
                 "sendtoken_nonce" => wp_create_nonce('ajax-sendtoken-nonce'),
                 "tokencheck_nonce" => wp_create_nonce('ajax-tokencheck-nonce'),
+                "spinner" => admin_url("/images/spinner.gif")
+                "spinner" => admin_url("/images/spinner.gif"),
+                // Translated messages
+                "invalid_chat_id" => __('Please enter a valid Chat ID', 'two-factor-login-telegram'),
+                "enter_confirmation_code" => __('Please enter the confirmation code', 'two-factor-login-telegram'),
+                "setup_completed" => __('✅ 2FA setup completed successfully!', 'two-factor-login-telegram'),
+                "code_sent" => __('✅ Code sent! Check your Telegram', 'two-factor-login-telegram'),
+                "modifying_setup" => __('⚠️ Modifying 2FA configuration - validation required', 'two-factor-login-telegram')
             ));
 …
             __("Use this code to complete your 2FA setup in WordPress, or click the button below:", "two-factor-login-telegram")
         );
         // Create inline keyboard with validation button
         $reply_markup = null;
         if ($current_user_id) {
             $nonce = wp_create_nonce('telegram_validate_' . $current_user_id . '_' . $auth_code);
             $validation_url = admin_url('admin.php?page=tg-conf&action=telegram_validate&user_id=' . $current_user_id . '&token=' . $auth_code . '&nonce=' . $nonce);
+            $validation_url = admin_url('options-general.php?page=tg-conf&action=telegram_validate&chat_id='.$_POST['chat_id'].'&user_id=' . $current_user_id . '&token=' . $auth_code . '&nonce=' . $nonce);
             $reply_markup = array(
                 'inline_keyboard' => array(
 …
             );
+        }
         $send = $tg->send_with_keyboard($validation_message, $_POST['chat_id'], $reply_markup);
 …
+    }
+    public function tg_save_custom_user_profile_fields($user_id)
+    /**
+     * Save user's 2FA settings
+     *
+     * @param int $user_id User ID
+     * @param string $chat_id Telegram Chat ID
+     * @param bool $enabled Whether 2FA is enabled
+     * @return bool Success status
+     */
+    public function save_user_2fa_settings($user_id, $chat_id, $enabled = true)
+    {
         if (!current_user_can('edit_user', $user_id)) {
 …
+        }
+        if (empty($chat_id)) {
+            return false;
+        }
+        update_user_meta($user_id, 'tg_wp_factor_chat_id', sanitize_text_field($chat_id));
+        update_user_meta($user_id, 'tg_wp_factor_enabled', $enabled ? '1' : '0');
+        return true;
+    }
+    public function tg_save_custom_user_profile_fields($user_id)
+    {
         if ($_POST['tg_wp_factor_valid'] == 0
             || $_POST['tg_wp_factor_chat_id'] == ""
 …
+        }
+        update_user_meta($user_id, 'tg_wp_factor_chat_id',
+            $_POST['tg_wp_factor_chat_id']);
+        update_user_meta($user_id, 'tg_wp_factor_enabled',
+            $_POST['tg_wp_factor_enabled']);
+        return true;
+        return $this->save_user_2fa_settings(
+            $user_id,
+            $_POST['tg_wp_factor_chat_id'],
+            isset($_POST['tg_wp_factor_enabled'])
+        );
+    }
 …
+    }
+    private function create_or_update_activities_table()
+    {
+        global $wpdb;
+        $table_name = $wpdb->prefix . 'wp2fat_activities';
+        $charset_collate = $wpdb->get_charset_collate();
+        $sql = "CREATE TABLE IF NOT EXISTS $table_name (
+        id mediumint(9) NOT NULL AUTO_INCREMENT,
+        timestamp datetime NOT NULL,
+        action varchar(100) NOT NULL,
+        data longtext,
+        PRIMARY KEY (id),
+        KEY timestamp (timestamp),
+        KEY action (action)
+    ) $charset_collate";
+        require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
+        // Esegue la query per creare/aggiornare la tabella
+        dbDelta($sql);
+    }
+    private function migrate_logs_to_activities_table()
+    {
+        global $wpdb;
+        // Check if old logs exist in option
+        $old_logs = get_option('telegram_bot_logs', array());
+        if (!empty($old_logs)) {
+            $activities_table = $wpdb->prefix . 'wp2fat_activities';
+            // Migrate each log entry
+            foreach ($old_logs as $log) {
+                $wpdb->insert(
+                    $activities_table,
+                    array(
+                        'timestamp' => $log['timestamp'],
+                        'action' => $log['action'],
+                        'data' => maybe_serialize($log['data'])
+                    ),
+                    array('%s', '%s', '%s')
+                );
+            }
+            // Delete the old option after migration
+            delete_option('telegram_bot_logs');
+        }
+    }
     function plugin_activation()
+    {
         $this->create_or_update_telegram_auth_codes_table();
+        $this->create_or_update_activities_table();
+        $this->migrate_logs_to_activities_table();
         update_option('wp_factor_plugin_version', WP_FACTOR_PLUGIN_VERSION);
+        // Flush rewrite rules to add our webhook endpoint
+        // Add rewrite rules before flushing
+        $this->add_telegram_rewrite_rules();
+        // Flush rewrite rules to add our new rules
         flush_rewrite_rules();
+    }
+    function plugin_deactivation()
+    {
+        // Check if data cleanup is enabled
+        $plugin_options = get_option($this->namespace, array());
+        if (isset($plugin_options['delete_data_on_deactivation']) && $plugin_options['delete_data_on_deactivation'] === '1') {
+            $this->cleanup_all_plugin_data();
+        }
+        // Always flush rewrite rules on deactivation
+        flush_rewrite_rules();
+    }
+    private function cleanup_all_plugin_data()
+    {
+        global $wpdb;
+        // Delete plugin settings
+        delete_option($this->namespace);
+        delete_option('wp_factor_plugin_version');
+        delete_option('telegram_bot_logs'); // For backward compatibility
+        // Delete auth codes table
+        $auth_codes_table = $wpdb->prefix . 'telegram_auth_codes';
+        $wpdb->query("DROP TABLE IF EXISTS $auth_codes_table");
+        // Delete activities table
+        $activities_table = $wpdb->prefix . 'wp2fat_activities';
+        $wpdb->query("DROP TABLE IF EXISTS $activities_table");
+        // Delete user meta data for all users
+        $wpdb->delete(
+            $wpdb->usermeta,
+            array(
+                'meta_key' => 'tg_wp_factor_chat_id'
+            )
+        );
+        $wpdb->delete(
+            $wpdb->usermeta,
+            array(
+                'meta_key' => 'tg_wp_factor_enabled'
+            )
+        );
+        // Delete all transients related to the plugin
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_wp2fa_telegram_authcode_%'");
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_timeout_wp2fa_telegram_authcode_%'");
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_" . WP_FACTOR_TG_GETME_TRANSIENT . "%'");
+        $wpdb->query("DELETE FROM $wpdb->options WHERE option_name LIKE '_transient_timeout_" . WP_FACTOR_TG_GETME_TRANSIENT . "%'");
+    }
 …
         if ($installed_version !== WP_FACTOR_PLUGIN_VERSION) {
             $this->create_or_update_telegram_auth_codes_table();
+            $this->create_or_update_activities_table();
+            $this->migrate_logs_to_activities_table();
             update_option('wp_factor_plugin_version', WP_FACTOR_PLUGIN_VERSION);
+        }
 …
         register_activation_hook(WP_FACTOR_TG_FILE, array($this, 'plugin_activation'));
+        register_deactivation_hook(WP_FACTOR_TG_FILE, array($this, 'plugin_deactivation'));
         add_action('plugins_loaded', array($this, 'check_plugin_update'));
 …
                 . plugin_basename(WP_FACTOR_TG_FILE),
                 array($this, 'action_links'));
-            add_action('updated_option', array($this, 'delete_transients'),
-, 3);
+        }
 …
+        }
+        add_action('show_user_profile',
+            array($this, 'tg_add_two_factor_fields'));
+        add_action('edit_user_profile',
+            array($this, 'tg_add_two_factor_fields'));
+        if ($this->is_valid_bot()) {
+            add_action('show_user_profile',
+                array($this, 'tg_add_two_factor_fields'));
+            add_action('edit_user_profile',
+                array($this, 'tg_add_two_factor_fields'));
+        }
         add_action('personal_options_update',
 …
         // Add REST API endpoint for Telegram webhook
         add_action('rest_api_init', array($this, 'register_telegram_webhook_route'));
+        // Add rewrite rules for Telegram confirmation URLs
+        add_action('init', array($this, 'add_telegram_rewrite_rules'));
+        add_action('parse_request', array($this, 'parse_telegram_request'));
+    }
 …
             'permission_callback' => '__return_true',
         ));
+        register_rest_route('telegram/v1', '/confirm/(?P<user_id>\d+)/(?P<token>[a-zA-Z0-9]+)', array(
+            'methods' => 'GET',
+            'callback' => array($this, 'handle_telegram_confirmation'),
+            'permission_callback' => '__return_true',
+            'args' => array(
+                'user_id' => array(
+                    'validate_callback' => function($param, $request, $key) {
+                        return is_numeric($param);
+                    }
+                ),
+                'token' => array(
+                    'validate_callback' => function($param, $request, $key) {
+                        return preg_match('/^[a-zA-Z0-9]+$/', $param);
+                    }
+                ),
+                'nonce' => array(
+                    'required' => true,
+                )
+    }
+    /**
+     * Add rewrite rules for Telegram confirmation URLs
+     */
+    public function add_telegram_rewrite_rules() {
+        add_rewrite_rule(
+            '^telegram-confirm/([0-9]+)/([a-zA-Z0-9]+)/?$',
+            'index.php?telegram_confirm=1&user_id=$matches[1]&token=$matches[2]',
+            'top'
+        );
+        // Add query vars
+        add_filter('query_vars', function($vars) {
+            $vars[] = 'telegram_confirm';
+            $vars[] = 'user_id';
+            $vars[] = 'token';
+            return $vars;
+        });
+    }
+    /**
+     * Parse Telegram confirmation requests
+     */
+    public function parse_telegram_request() {
+        global $wp;
+        if (isset($wp->query_vars['telegram_confirm']) && $wp->query_vars['telegram_confirm'] == 1) {
+            $user_id = intval($wp->query_vars['user_id']);
+            $token = sanitize_text_field($wp->query_vars['token']);
+            $nonce = sanitize_text_field($_GET['nonce'] ?? '');
+            $this->handle_telegram_confirmation_direct($user_id, $token, $nonce);
+        }
+    }
+    /**
+     * Handle Telegram confirmation via direct URL (not REST API)
+     */
+    public function handle_telegram_confirmation_direct($user_id, $token, $nonce) {
+        // Verify nonce
+        if (!wp_verify_nonce($nonce, 'telegram_confirm_' . $user_id . '_' . $token)) {
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => 'invalid_nonce'
+            ));
+            // Include error template
+            require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-security-failed.php");
+        }
+        // Validate the token
+        $authcode_validation = $this->is_valid_authcode($token, $user_id);
+        if ('valid' !== $authcode_validation) {
+            if ($authcode_validation === 'expired') {
+                $log_reason = 'expired_token';
+            } else {
+                $log_reason = 'invalid_token';
+            }
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => $log_reason
+            ));
+            // Include appropriate error template
+            if ($authcode_validation === 'expired') {
+                require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-expired-token.php");
+            } else {
+                require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-invalid-token.php");
+            }
+        }
+        // Get user
+        $user = get_userdata($user_id);
+        if (!$user) {
+            require_once(dirname(WP_FACTOR_TG_FILE) . "/templates/error-invalid-token.php");
+        }
+        // Log the user in
+        wp_set_auth_cookie($user_id, false);
+        $this->log_telegram_action('confirmation_success', array(
+            'user_id' => $user_id,
+            'user_login' => $user->user_login,
+            'token' => $token,
+            'method' => 'direct_confirmation'
+        ));
+        // Redirect to admin or specified location
+        $redirect_url = apply_filters('telegram_confirmation_redirect_url', admin_url(), $user);
+        // Redirect directly
+        wp_safe_redirect($redirect_url);
+        exit;
+    }
+    /**
+     * Log Telegram bot actions
+     */
+    public function log_telegram_action($action, $data = array()) {
+        global $wpdb;
+        $activities_table = $wpdb->prefix . 'wp2fat_activities';
+        // Insert new log entry
+        $wpdb->insert(
+            $activities_table,
+            array(
+                'timestamp' => current_time('mysql'),
+                'action' => $action,
+                'data' => maybe_serialize($data)
             ),
+        ));
+    }
+    /**
+     * Log Telegram bot actions
+     */
+    private function log_telegram_action($action, $data = array()) {
+        $log_entry = array(
+            'timestamp' => current_time('mysql'),
+            'action' => $action,
+            'data' => $data
+        );
+        $logs = get_option('telegram_bot_logs', array());
+        array_unshift($logs, $log_entry);
+        // Keep only last 100 log entries
+        $logs = array_slice($logs, 0, 100);
+        update_option('telegram_bot_logs', $logs);
+            array('%s', '%s', '%s')
+        );
+        // Clean up old entries - keep only last 1000 entries
+        $wpdb->query("DELETE FROM $activities_table WHERE id NOT IN (SELECT id FROM (SELECT id FROM $activities_table ORDER BY timestamp DESC LIMIT 1000) temp_table)");
+    }
 …
+    }
+    /**
+     * Handle Telegram confirmation via link
+     */
+    public function handle_telegram_confirmation($request) {
+        $user_id = intval($request['user_id']);
+        $token = sanitize_text_field($request['token']);
+        $nonce = sanitize_text_field($request->get_param('nonce'));
+        // Verify nonce
+        if (!wp_verify_nonce($nonce, 'telegram_confirm_' . $user_id . '_' . $token)) {
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => 'invalid_nonce'
+            ));
+            return new WP_Error('invalid_nonce', __('Security check failed.', 'two-factor-login-telegram'), array('status' => 403));
+        }
+        // Validate the token
+        if (!$this->is_valid_authcode($token, $user_id)) {
+            $this->log_telegram_action('confirmation_failed', array(
+                'user_id' => $user_id,
+                'token' => $token,
+                'reason' => 'invalid_token'
+            ));
+            return new WP_Error('invalid_token', __('Invalid or expired token.', 'two-factor-login-telegram'), array('status' => 400));
+        }
+        // Get user
+        $user = get_userdata($user_id);
+        if (!$user) {
+            return new WP_Error('invalid_user', __('Invalid user.', 'two-factor-login-telegram'), array('status' => 400));
+        }
+        // Log the user in
+        wp_set_auth_cookie($user_id, false);
+        $this->log_telegram_action('confirmation_success', array(
+            'user_id' => $user_id,
+            'user_login' => $user->user_login,
+            'token' => $token,
+            'method' => 'link_confirmation'
+        ));
+        // Redirect to admin or specified location
+        $redirect_url = apply_filters('telegram_confirmation_redirect_url', admin_url(), $user);
+        // Redirect directly instead of returning JSON
+        wp_safe_redirect($redirect_url);
+        exit;
+    }
+}

two-factor-login-telegram/trunk/includes/class-wp-telegram.php

r3331421	r3332295
148	148	if ($user_id) {
149	149	$nonce = wp_create_nonce('telegram_confirm_' . $user_id . '_' . $token);
150		$confirmation_url = ~~site_url('/wp-json/telegram/v1/confirm/' . $user_id . '/' . $token . '~~?nonce=' . $nonce);
	150	$confirmation_url = home_url('/telegram-confirm/' . $user_id . '/' . $token . '/?nonce=' . $nonce);
151	151
152	152	$reply_markup = array(

two-factor-login-telegram/trunk/two-factor-telegram.php

-                      r3331421
+                      r3332295
  * Plugin URI: https://blog.dueclic.com/wordpress-autenticazione-due-fattori-telegram/
  * Description: This plugin enables two factor authentication with Telegram by increasing your website security and sends an alert every time a wrong login occurs.
  * Version: 3.4
+ * Version: 3.5.0
  * Requires at least: 6.0
  * Tested up to: 6.8
 …
+}
 define('WP_FACTOR_PLUGIN_VERSION', '3.4');
+define('WP_FACTOR_PLUGIN_VERSION', '3.5.0');
 define('WP_FACTOR_AUTHCODE_EXPIRE_SECONDS', 60 * 20);

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Download in other formats: