/**
* Gets the local instance of OpenID_Store_CacheLite
*
* @return OpenID_Store_CacheLite
*/
protected function getOpenIDStore()
{
if ($this->openid === null) {
$this->openid = new OpenID_Store_CacheLite();
OpenID::setStore($this->openid);
}
return $this->openid;
}
function login()
{
if ($_POST['openid_action'] == "login") {
$openid = new OpenID();
$openid->SetIdentity($_POST['openid_url']);
$openid->SetTrustRoot('http://' . $_SERVER["HTTP_HOST"]);
$openid->SetRequiredFields(array('nickname', 'email', 'fullname'));
//$openid->SetOptionalFields(array('dob','gender','postcode','country','language','timezone'));
if ($openid->GetOpenIDServer()) {
$openid->SetApprovedURL('http://' . $_SERVER["HTTP_HOST"] . $_SERVER["PATH_INFO"]);
$openid->Redirect();
} else {
$error = $openid->GetError();
$this->message = "ERROR CODE: " . $error['code'] . "<br/>";
$this->message .= "ERROR DESCRIPTION: " . $error['description'] . "<br/>";
}
exit;
} else {
if ($_GET['openid_mode'] == 'id_res') {
$openid = new OpenID();
$openid->SetIdentity($_GET['openid_identity']);
$openid_validation_result = $openid->ValidateWithServer();
if ($openid_validation_result == true) {
$this->user->set('nickname', $_GET['openid_sreg_nickname']);
$this->user->set('identity', $_GET['openid_identity']);
$this->message = "Welcome " . $this->user->get('nickname');
} else {
if ($openid->IsError() == true) {
$error = $openid->GetError();
$this->message = "ERROR CODE: " . $error['code'] . "<br/>";
$this->message .= "ERROR DESCRIPTION: " . $error['description'] . "<br/>";
} else {
$this->message = "INVALID AUTHORIZATION";
}
}
} else {
if ($_GET['openid_mode'] == 'cancel') {
$this->message = "USER CANCELED REQUEST";
}
}
}
}
/**
* getServiceContent
*
* @param mixed $identifier Identifier
* @param bool $skipcache Whether or not to skip cache
*
* @access public
* @return void
*/
function getServiceContent($identifier, $skipcache)
{
$content = null;
if (!$skipcache) {
$store = OpenID::getStore();
$d = $store->getDiscover($identifier);
if ($d === false) {
$d = new OpenID_Discover($identifier);
try {
$result = $d->discover();
if ($result === false) {
$content = 'Discovery failed';
return $content;
}
$store->setDiscover($d);
} catch (OpenID_Exception $e) {
return get_class($e) . ': ' . $e->getMessage();
}
} else {
$cache = true;
}
} else {
$d = new OpenID_Discover($identifier);
try {
$result = $d->discover();
if ($result === false) {
$content = 'Discovery failed';
return $content;
}
} catch (OpenID_Exception $e) {
return get_class($e) . ': ' . $e->getMessage();
}
}
$content = array();
if (!empty($cache)) {
$content['cached'] = true;
}
$content['OpenID_Discover'] = $d->services;
$extensions = array('OAuth', 'AX', 'SREG11', 'UI');
$supported = array();
foreach ($extensions as $extension) {
$supported[$extension] = $d->extensionSupported($extension);
}
$content['Extensions Supported'] = $supported;
return $content;
}
/**
* Changing authentication method?
* Only appropriate for people using OpenID.
*
* @param bool $saving = false
*/
public function action_authentication($saving = false)
{
global $context, $cur_profile, $post_errors, $modSettings;
$memID = currentMemberID();
loadLanguage('Login');
loadTemplate('ProfileOptions');
// We are saving?
if ($saving) {
// Moving to password passed authentication?
if ($_POST['authenticate'] == 'passwd') {
// Didn't enter anything?
if ($_POST['passwrd1'] == '') {
$post_errors[] = 'no_password';
} elseif (!isset($_POST['passwrd2']) || $_POST['passwrd1'] != $_POST['passwrd2']) {
$post_errors[] = 'bad_new_password';
} else {
require_once SUBSDIR . '/Auth.subs.php';
$passwordErrors = validatePassword($_POST['passwrd1'], $cur_profile['member_name'], array($cur_profile['real_name'], $cur_profile['email_address']));
// Were there errors?
if ($passwordErrors != null) {
$post_errors[] = 'password_' . $passwordErrors;
}
}
if (empty($post_errors)) {
// Integration?
call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd1']));
// Go then.
require_once SUBSDIR . '/Auth.subs.php';
$new_pass = $_POST['passwrd1'];
$passwd = validateLoginPassword($new_pass, '', $cur_profile['member_name'], true);
// Do the important bits.
updateMemberData($memID, array('openid_uri' => '', 'passwd' => $passwd));
if ($context['user']['is_owner']) {
setLoginCookie(60 * $modSettings['cookieTime'], $memID, hash('sha256', $new_pass . $cur_profile['password_salt']));
redirectexit('action=profile;area=authentication;updated');
} else {
redirectexit('action=profile;u=' . $memID);
}
}
return true;
} elseif ($_POST['authenticate'] == 'openid' && !empty($_POST['openid_identifier'])) {
require_once SUBSDIR . '/OpenID.subs.php';
require_once SUBSDIR . '/Members.subs.php';
$openID = new OpenID();
$_POST['openid_identifier'] = $openID->canonize($_POST['openid_identifier']);
if (memberExists($_POST['openid_identifier'])) {
$post_errors[] = 'openid_in_use';
} elseif (empty($post_errors)) {
// Authenticate using the new OpenID URI first to make sure they didn't make a mistake.
if ($context['user']['is_owner']) {
$_SESSION['new_openid_uri'] = $_POST['openid_identifier'];
$openID->validate($_POST['openid_identifier'], false, null, 'change_uri');
} else {
updateMemberData($memID, array('openid_uri' => $_POST['openid_identifier']));
}
}
}
}
// Some stuff.
$context['member']['openid_uri'] = $cur_profile['openid_uri'];
$context['auth_method'] = empty($cur_profile['openid_uri']) ? 'password' : 'openid';
$context['sub_template'] = 'authentication_method';
loadJavascriptFile('register.js');
}
public function index($user_id = 0)
{
// Set messages to display on the login page for the user
$message = FALSE;
$message_class = 'login_error';
$auth = Auth::instance();
// If already logged in redirect to user account page
$insufficient_role = FALSE;
if ($auth->logged_in()) {
// Redirect users to the relevant dashboard
if ($auth->logged_in('login')) {
url::redirect($auth->get_user()->dashboard());
}
$insufficient_role = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.insufficient_role');
}
// setup and initialize form field names
$form = array('action' => '', 'username' => '', 'password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'resetemail' => '', 'confirmation_email' => '');
// copy the form as errors, so the errors will be stored with keys corresponding to the form field names
$errors = $form;
$form_error = FALSE;
$openid_error = FALSE;
$success = FALSE;
$change_pw_success = FALSE;
$new_confirm_email_form = FALSE;
$action = isset($_POST["action"]) ? $_POST["action"] : "";
// Override success variable if change_pw_success GET var is set
if (isset($_GET["change_pw_success"])) {
$change_pw_success = TRUE;
$message_class = 'login_success';
$message = Kohana::lang('ui_main.password_changed_successfully');
}
// Show send new confirm email form
if (isset($_GET["new_confirm_email"])) {
$new_confirm_email_form = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.must_confirm_email_address');
}
// Show send new confirm email form
if (isset($_GET["confirmation_failure"])) {
$new_confirm_email_form = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.confirm_email_failed');
}
// Show that confirming the email address was a success
if (isset($_GET["confirmation_success"])) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.confirm_email_successful');
}
// Is this a password reset request? We need to show the password reset form if it is
if (isset($_GET["reset"])) {
$this->template->token = $this->uri->segment(4);
$this->template->changeid = $this->uri->segment(3);
}
// Regular Form Post for Signin
// check, has the form been submitted, if so, setup validation
if ($_POST and isset($_POST["action"]) and $_POST["action"] == "signin") {
// START: Signin Process
$post = Validation::factory($_POST);
$post->pre_filter('trim');
$post->add_rules('username', 'required');
$post->add_rules('password', 'required');
if ($post->validate(FALSE)) {
// Sanitize $_POST data removing all inputs without rules
$postdata_array = $post->safe_array();
// Flip this flag to flase to skip the login
$valid_login = TRUE;
// Load the user
$user = ORM::factory('user', $postdata_array['username']);
$remember = isset($post->remember) ? TRUE : FALSE;
// Allow a login with username or email address, but we need to figure out which is
// which so we can pass the appropriate variable on login. Mostly used for RiverID
$email = $postdata_array['username'];
if (valid::email($email) == FALSE) {
// Invalid Email, we need to grab it from the user account instead
$email = $user->email;
if (valid::email($email) == FALSE and kohana::config('riverid.enable') == TRUE) {
// We don't have any valid email for this user.
// Only skip login if we are authenticating with RiverID.
$valid_login = FALSE;
}
}
// Auth Login requires catching exceptions to properly show errors
try {
$login = $auth->login($user, $postdata_array['password'], $remember, $email);
// Attempt a login
if ($login and $valid_login) {
// Action::user_login - User Logged In
Event::run('ushahidi_action.user_login', $user);
// Exists Redirect to Dashboard
url::redirect($user->dashboard());
} else {
// If user isn't confirmed, redirect to resend confirmation page
if (Kohana::config('settings.require_email_confirmation') and ORM::factory('user', $user)->confirmed == 0) {
url::redirect("login?new_confirm_email");
}
// Generic Error if exception not passed
$post->add_error('password', 'login error');
}
} catch (Exception $e) {
$error_message = $e->getMessage();
// We use a "custom" message because of RiverID.
$post->add_error('password', $error_message);
}
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Signin Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "new") {
// START: New User Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
$post->add_callbacks('username', array($this, 'username_exists_chk'));
$post->add_callbacks('email', array($this, 'email_exists_chk'));
// If Password field is not blank
if (!empty($post->password)) {
$post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]');
}
//pass the post object to any plugins that care to know.
Event::run('ushahidi_action.users_add_login_form', $post);
if ($post->validate()) {
$riverid_id = false;
if (kohana::config('riverid.enable') == true) {
$riverid = new RiverID();
$riverid->email = $post->email;
$riverid->password = $post->password;
$riverid->register();
$riverid_id = $riverid->user_id;
}
$user = User_Model::create_user($post->email, $post->password, $riverid_id, $post->name);
//pass the new user on to any plugins that care to know
Event::run('ushahidi_action.user_edit', $user);
// Send Confirmation email
$email_sent = $this->_send_email_confirmation($user);
if ($email_sent) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
} else {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_account_creation_successful');
}
$success = TRUE;
$action = "";
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: New User Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "forgot") {
// START: Forgot Password Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('resetemail', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->resetemail);
// Existing User??
if ($user->loaded) {
$email_sent = FALSE;
// Determine which reset method to use. The options are to use the RiverID server
// or to use the normal method which just resets the password locally.
if (Kohana::config('riverid.enable') == TRUE and !empty($user->riverid)) {
// Reset on RiverID Server
$secret_link = url::site('login/index/' . $user->id . '/%token%?reset');
$message = $this->_email_resetlink_message($user->name, $secret_link);
$riverid = new RiverID();
$riverid->email = $post->resetemail;
$email_sent = $riverid->requestpassword($message);
} else {
// Reset locally
$secret = $user->forgot_password_token();
$secret_link = url::site('login/index/' . $user->id . '/' . urlencode($secret) . '?reset');
$email_sent = $this->_email_resetlink($post->resetemail, $user->name, $secret_link);
}
if ($email_sent == TRUE) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
} else {
$message_class = 'login_error';
$message = Kohana::lang('ui_main.unable_send_email');
}
$success = TRUE;
$action = "";
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Forgot Password Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "changepass") {
// START: Password Change Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('token', 'required');
$post->add_rules('changeid', 'required');
$post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash');
$post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]');
if ($post->validate()) {
$success = $this->_new_password($post->changeid, $post->password, $post->token);
if ($success == TRUE) {
// We don't need to see this page anymore if we were successful. We want to go
// to the login form and let the user know that they were successful at
// changing their password
url::redirect("login?change_pw_success");
exit;
}
$post->add_error('token', 'invalid');
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Password Change Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "resend_confirmation") {
// START: Confirmation Email Resend Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('confirmation_email', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->confirmation_email);
if ($user->loaded) {
// Send Confirmation email
$email_sent = $this->_send_email_confirmation($user);
if ($email_sent) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
$success = TRUE;
} else {
$message_class = 'login_error';
$message = Kohana::lang('ui_main.unable_send_email');
$success = FALSE;
}
} else {
// ERROR: User doesn't exist
$message_class = 'login_error';
$message = Kohana::lang('ui_main.login_email_doesnt_exist');
$success = FALSE;
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
}
// Only if we allow OpenID, should we even try this
if (Kohana::config('config.allow_openid') == TRUE) {
// START: OpenID Shenanigans
// OpenID Post
try {
$openid = new OpenID();
// Retrieve the Name (if available) and Email
$openid->required = array("namePerson", "contact/email");
if (!$openid->mode) {
if (isset($_POST["openid_identifier"])) {
$openid->identity = $_POST["openid_identifier"];
header("Location: " . $openid->authUrl());
}
} elseif ($openid->mode == "cancel") {
$openid_error = TRUE;
$message_class = 'login_error';
$message = "You have canceled authentication!";
} else {
if ($openid->validate()) {
// Does User Exist?
$openid_user = ORM::factory("openid")->where("openid", $openid->identity)->find();
if ($openid_user->loaded and $openid_user->user) {
// First log all other sessions out
$auth->logout();
// Initiate Ushahidi side login + AutoLogin
$auth->force_login($openid_user->user->username);
// Exists Redirect to Dashboard
url::redirect($user->dashboard());
} else {
// Does this openid have the required email??
$new_openid = $openid->getAttributes();
if (!isset($new_openid["contact/email"]) or empty($new_openid["contact/email"])) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $openid->identity . " has not been logged in. No Email Address Found.";
} else {
// Create new User and save OpenID
$user = ORM::factory("user");
// But first... does this email address already exist
// in the system?
if ($user->email_exists($new_openid["contact/email"])) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $new_openid["contact/email"] . " is already registered in our system.";
} else {
$username = "******" . time();
// Random User Name from TimeStamp - can be changed later
$password = text::random("alnum", 16);
// Create Random Strong Password
// Name Available?
$user->name = (isset($new_openid["namePerson"]) and !empty($new_openid["namePerson"])) ? $new_openid["namePerson"] : $username;
$user->username = $username;
$user->password = $password;
$user->email = $new_openid["contact/email"];
// Add New Roles
$user->add(ORM::factory('role', 'login'));
$user->add(ORM::factory('role', 'member'));
$user->save();
// Save OpenID and Association
$openid_user->user_id = $user->id;
$openid_user->openid = $openid->identity;
$openid_user->openid_email = $new_openid["contact/email"];
$openid_user->openid_server = $openid->server;
$openid_user->openid_date = date("Y-m-d H:i:s");
$openid_user->save();
// Initiate Ushahidi side login + AutoLogin
$auth->login($username, $password, TRUE);
// Redirect to Dashboard
url::redirect($user->dashboard());
}
}
}
} else {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $openid->identity . "has not been logged in.";
}
}
} catch (ErrorException $e) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $e->getMessage();
}
// END: OpenID Shenanigans
}
// Set the little badge under the form informing users that their logins are being managed
// by an external service.
$this->template->riverid_information = '';
if (kohana::config('riverid.enable') == TRUE) {
$riverid = new RiverID();
$this->template->riverid_information = Kohana::lang('ui_main.riverid_information', $riverid->name);
$this->template->riverid_url = $riverid->url;
}
$this->template->errors = $errors;
$this->template->success = $success;
$this->template->change_pw_success = $change_pw_success;
$this->template->form = $form;
$this->template->form_error = $form_error;
$this->template->new_confirm_email_form = $new_confirm_email_form;
// Message to user
$this->template->message_class = $message_class;
$this->template->message = $message;
// This just means the user isn't a member or an admin, so they have nowhere to go, but they are logged in.
$this->template->insufficient_role = $insufficient_role;
$this->template->site_name = Kohana::config('settings.site_name');
$this->template->site_tagline = Kohana::config('settings.site_tagline');
// Javascript Header
$this->template->js = new View('login/login_js');
$this->template->js->action = $action;
// Header Nav
$header_nav = new View('header_nav');
$this->template->header_nav = $header_nav;
$this->template->header_nav->loggedin_user = FALSE;
if (isset(Auth::instance()->get_user()->id)) {
// Load User
$this->template->header_nav->loggedin_role = Auth::instance()->get_user()->dashboard();
$this->template->header_nav->loggedin_user = Auth::instance()->get_user();
}
$this->template->header_nav->site_name = Kohana::config('settings.site_name');
}
/**
* testVerifyResponseNonceFail
*
* @return void
*/
public function testVerifyResponseNonceFail()
{
$store = $this->getMock('OpenID_Store_Mock', array('getNonce'));
OpenID::setStore($store);
$this->nonce = new OpenID_Nonce($this->opURL, $this->skew, $store);
$store->expects($this->once())->method('getNonce')->will($this->returnValue(true));
$nonce = gmstrftime('%Y-%m-%dT%H:%M:%SZ', time()) . '12345abcde';
$this->assertFalse($this->nonce->verifyResponseNonce($nonce));
}
function addOpenIDPannel($comment, $prefix)
{
$context = Model_Context::getInstance();
if (!isActivePlugin('CL_OpenID')) {
return $comment;
}
$openid_identity = Acl::getIdentity('openid');
$whatisopenid = '<a target="_blank" href="' . _text('http://www.google.co.kr/search?q=OpenID&lr=lang_ko') . '"><span style="color:#ff6200">' . _text('오픈아이디란?') . '</span></a>';
//$lastcomment = ' | <a href="#" onClick="recallLastComment([##_article_rep_id_##]); return false"><span style="color:#ff6200">'._text('마지막 댓글로 채우기').'</span></a>';
$lastcomment = '';
$openidOnlySettingNotice = '';
if ($context->getProperty('blog.AddCommentMode', '') == 'openid') {
$openidOnlySettingNotice = "<b>" . _text('오픈아이디로만 댓글을 남길 수 있습니다') . "</b>";
}
$tag_login = '******' . $context->getProperty('uri.blog') . '/login/openid/guest?requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="color:#ff6200">' . _text('로그인') . '</span></a>';
$tag_logoff = '<a href="' . $context->getProperty('uri.blog') . '/login/openid?action=logout&requestURI=' . urlencode($_SERVER["REQUEST_URI"]) . '"><span style="">' . _text('로그아웃') . '</span></a>';
$pannel = '<div class="commentOuterPannel">' . CRLF;
$openid_input = 'OPENID_TAG_NEEDED';
$cookie_openid = '';
if (!empty($_COOKIE['openid'])) {
$cookie_openid = $_COOKIE['openid'];
}
if ($openidOnlySettingNotice || $openid_identity) {
$checked1 = 'checked="checked"';
$checked2 = '';
$disabled1 = '';
$disabled2 = 'disabled="disabled"';
} else {
$checked1 = '';
$checked2 = 'checked="checked"';
$disabled1 = 'disabled="disabled"';
$disabled2 = '';
}
$pannel_style = "style=\"width:100%; text-align:left\"";
$radio_style = "style=\"width:15px;vertical-align:text-bottom;height:15px;border:0px;margin:0px;padding:0px;\"";
$label_style = "style=\"display:inline;margin-top:0px;padding-left:0px;cursor:pointer\"";
$openid_input_style = 'style="padding-left:21px;width:165px;background-image:url(' . $context->getProperty('service.path') . '/resources/image/icon_openid.gif' . ');' . 'background-repeat:no-repeat;background-position:0px center"';
if ($openid_identity) {
$openid_input = '<span><a href="' . $openid_identity . '">' . OpenID::getDisplayName($openid_identity) . '</a></span>' . CRLF;
$openid_input .= '<input type="hidden" name="openid_identifier" id="openid_identifier_[##_article_rep_id_##]" value="' . htmlentities($openid_identity) . '" />';
$openid_input = _text('현재 로그인한 오픈아이디') . ' ' . $openid_input;
$_COOKIE['guestHomepage'] = $_SESSION['openid']['homepage'];
$_COOKIE['guestName'] = $_SESSION['openid']['nickname'];
} else {
if (preg_match('/.*?(<input[^>]+_(?:guest|rp)_input_homepage_[^>]+>).*/sm', $comment, $match)) {
$openid_input = $match[1];
$openid_input = str_replace('homepage_[##', 'openid_identifier_[##', $openid_input);
$openid_input = str_replace('[##_' . $prefix . '_input_homepage_##]', 'openid_identifier', $openid_input);
$openid_input = preg_replace('/value=(?:"|\')?(?:[^"\']+)(?:"|\')?/', 'value="' . $cookie_openid . '"', $openid_input);
$openid_input = preg_replace('/style=("|\')?([^"\']+)("|\')?/', '', $openid_input);
$openid_input = preg_replace('/(value=(?:"|\'))/', $openid_input_style . ' $1', $openid_input);
}
}
if ($disabled1) {
$openid_input = preg_replace('/(name=(?:"|\'))/', $disabled1 . ' $1', $openid_input);
}
if ($disabled2) {
$comment = preg_replace("/(.*)(<input)((?:[^>]+)name_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
$comment = preg_replace("/(.*)(<input)((?:[^>]+)password_\\[##_article_rep_id_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
$comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_name_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
$comment = preg_replace("/(.*)(<input)((?:[^>]+)\\[##_{$prefix}_input_password_##\\](?:[^>]+)>(?:.*))/sm", "\$1\$2 {$disabled2} \$3", $comment);
}
$pannel .= '<div class="commentTypeOpenid" ' . $pannel_style . '>' . '<input class="commentTypeCheckbox" ' . $checked1 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_openid" ' . CRLF . 'name="comment_type" value="openid" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=true;this.form.openid_identifier.disabled=false;this.form.openid_identifier.disabled=false;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_openid" ' . $label_style . '>' . _text('오픈아이디로 글쓰기') . '</label> <span>[' . ($openid_identity ? $tag_logoff : $tag_login) . '][' . $whatisopenid . $lastcomment . ']</span></div>' . CRLF;
/* Opera browser does not work with single 'this.form.openid_identifier.disabled=false;', is it a bug? */
$pannel .= '<div style="padding:5px 0 5px 0px;width:100%;">' . $openid_input . '</div>' . CRLF;
$pannel .= '<div class="commentTypeNamepassword" ' . $pannel_style . ' >' . CRLF . '<input class="commentTypeCheckbox" ' . $checked2 . ' type="radio" ' . CRLF . $radio_style . CRLF . 'id="comment_type_[##_article_rep_id_##]_idpwd" ' . CRLF . 'name="comment_type" value="idpwd" ' . CRLF . 'onclick="this.form.[##_' . $prefix . '_input_name_##].disabled=this.form.[##_' . $prefix . '_input_password_##].disabled=false;this.form.openid_identifier.disabled=true;this.form.openid_identifier.disabled=true;"' . CRLF . '/> ' . CRLF . '<label for="comment_type_[##_article_rep_id_##]_idpwd" ' . $label_style . '>' . _text('이름/비밀번호로 글쓰기') . '</label> ' . $openidOnlySettingNotice . '</div>' . CRLF;
$comment = $pannel . $comment . "</div>";
return $comment;
}
/**
* Checks the signature of an OpenID_Message using this association
*
* @param OpenID_Message $message Instance of OpenID_Message
*
* @throws OpenID_Association_Exception if the handles don't match
* @return bool true if the signatures match, false otherwise
*/
public function checkMessageSignature(OpenID_Message $message)
{
// Make sure the handles match for this OP and response
if ($this->assocHandle != $message->get('openid.assoc_handle')) {
throw new OpenID_Association_Exception('Association handles do not match');
}
// Make sure the OP Endpoints match for this association and response
if ($this->uri != $message->get('openid.op_endpoint')) {
throw new OpenID_Association_Exception('Endpoint URLs do not match');
}
if (!strlen($message->get('openid.signed'))) {
OpenID::setLastEvent(__METHOD__, 'openid.signed is empty');
return false;
}
$list = explode(',', $message->get('openid.signed'));
// Create a message with only keys in the signature
$signedOnly = $this->getMessageForSigning($message);
$signedOnlyDigest = base64_encode($this->hashHMAC($signedOnly));
$event = array('assocHandle' => $this->assocHandle, 'algo' => $this->getAlgorithm(), 'secret' => $this->sharedSecret, 'openid.sig' => $message->get('openid.sig'), 'signature' => $signedOnlyDigest, 'SignedKVFormat' => $signedOnly, 'MessageHTTPFormat' => $message->getHTTPFormat(), 'phpInput' => file_get_contents('php://input'));
OpenID::setLastEvent(__METHOD__, print_r($event, true));
return $signedOnlyDigest == $message->get('openid.sig');
}
/**
* Constructor. Enables libxml internal errors, normalized the identifier.
*
* @param mixed $identifier The user supplied identifier
*
* @return void
*/
public function __construct($identifier)
{
libxml_use_internal_errors(true);
$this->identifier = OpenID::normalizeIdentifier($identifier);
}
/**
* testValidateDiscoverFail
*
* @expectedException OpenID_Assertion_Exception
* @return void
*/
public function testValidateDiscoverFail()
{
OpenID::setStore($this->store);
$this->assertion = $this->getMock('OpenID_Assertion', array('getHTTPRequest2Instance', 'getDiscover'), array($this->message, new Net_URL2($this->requestedURL), $this->clockSkew));
}
/**
* This function does daily cleaning up:
*
* - decrements warning levels if it's enabled
* - consolidate spider statistics
* - fix MySQL version
* - regenerate Diffie-Hellman keys for OpenID
* - remove obsolete login history logs
*/
public function daily_maintenance()
{
global $modSettings, $db_type;
$db = database();
// First clean out the cache.
clean_cache('data');
// If warning decrement is enabled and we have people who have not had a new warning in 24 hours, lower their warning level.
list(, , $modSettings['warning_decrement']) = explode(',', $modSettings['warning_settings']);
if ($modSettings['warning_decrement']) {
// Find every member who has a warning level...
$request = $db->query('', '
SELECT id_member, warning
FROM {db_prefix}members
WHERE warning > {int:no_warning}', array('no_warning' => 0));
$members = array();
while ($row = $db->fetch_assoc($request)) {
$members[$row['id_member']] = $row['warning'];
}
$db->free_result($request);
// Have some members to check?
if (!empty($members)) {
// Find out when they were last warned.
$request = $db->query('', '
SELECT id_recipient, MAX(log_time) AS last_warning
FROM {db_prefix}log_comments
WHERE id_recipient IN ({array_int:member_list})
AND comment_type = {string:warning}
GROUP BY id_recipient', array('member_list' => array_keys($members), 'warning' => 'warning'));
$member_changes = array();
while ($row = $db->fetch_assoc($request)) {
// More than 24 hours ago?
if ($row['last_warning'] <= time() - 86400) {
$member_changes[] = array('id' => $row['id_recipient'], 'warning' => $members[$row['id_recipient']] >= $modSettings['warning_decrement'] ? $members[$row['id_recipient']] - $modSettings['warning_decrement'] : 0);
}
}
$db->free_result($request);
// Have some members to change?
if (!empty($member_changes)) {
foreach ($member_changes as $change) {
updateMemberData($change['id'], array('warning' => $change['warning']));
}
}
}
}
// Do any spider stuff.
if (!empty($modSettings['spider_mode']) && $modSettings['spider_mode'] > 1) {
// We'll need this.
require_once SUBSDIR . '/SearchEngines.subs.php';
consolidateSpiderStats();
}
// Check the database version - for some buggy MySQL version.
$server_version = $db->db_server_info();
if ($db_type == 'mysql' && in_array(substr($server_version, 0, 6), array('5.0.50', '5.0.51'))) {
updateSettings(array('db_mysql_group_by_fix' => '1'));
} elseif (!empty($modSettings['db_mysql_group_by_fix'])) {
$db->query('', '
DELETE FROM {db_prefix}settings
WHERE variable = {string:mysql_fix}', array('mysql_fix' => 'db_mysql_group_by_fix'));
}
// Regenerate the Diffie-Hellman keys if OpenID is enabled.
if (!empty($modSettings['enableOpenID'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$openID = new OpenID();
$openID->setup_DH(true);
} elseif (!empty($modSettings['dh_keys'])) {
$db->query('', '
DELETE FROM {db_prefix}settings
WHERE variable = {string:dh_keys}', array('dh_keys' => 'dh_keys'));
}
// Clean up some old login history information.
$db->query('', '
DELETE FROM {db_prefix}member_logins
WHERE time > {int:oldLogins}', array('oldLogins' => !empty($modSettings['loginHistoryDays']) ? 60 * 60 * $modSettings['loginHistoryDays'] : 108000));
// Log we've done it...
return true;
}
FlashMessage::add('Momentan nu putem accepta OpenID de la acest furnizor. Problema nu ține de noi, dar vom încerca să o reparăm.');
}
} else {
// asume plain OpenID
$isOpenidConnect = false;
}
}
if (!FlashMessage::getMessage()) {
if ($isOpenidConnect) {
try {
$oidc->authenticate($oidcId, $oidcSecret);
} catch (OpenIDException $e) {
FlashMessage::add($e->getMessage());
}
} else {
$authResult = OpenID::beginAuth($openid, null);
if ($authResult != null) {
SmartyWrap::displayWithoutSkin('auth/beginAuth.ihtml');
exit;
}
}
}
}
if ($devel) {
SmartyWrap::assign('allowFakeUsers', true);
SmartyWrap::assign('privilegeNames', $PRIV_NAMES);
SmartyWrap::assign('fakeUserNick', 'test' . rand(10000, 99999));
}
SmartyWrap::assign('openid', $openid);
SmartyWrap::assign('page_title', 'Autentificare cu OpenID');
SmartyWrap::assign('suggestHiddenSearchForm', true);
/**
* Check if the user is who he/she says he is.
*
* What it does:
* - This function makes sure the user is who they claim to be by requiring a
* password to be typed in every hour.
* - This check can be turned on and off by the securityDisable setting.
* - Uses the adminLogin() function of subs/Auth.subs.php if they need to login,
* which saves all request (POST and GET) data.
*
* @param string $type = admin
*/
function validateSession($type = 'admin')
{
global $modSettings, $user_info, $user_settings;
// Guests are not welcome here.
is_not_guest();
// Validate what type of session check this is.
$types = array();
call_integration_hook('integrate_validateSession', array(&$types));
$type = in_array($type, $types) || $type == 'moderate' ? $type : 'admin';
// Set the lifetime for our admin session. Default is ten minutes.
$refreshTime = 600;
if (isset($modSettings['admin_session_lifetime'])) {
// Maybe someone is paranoid or mistakenly misconfigured the param? Give them at least 5 minutes.
if ($modSettings['admin_session_lifetime'] < 5) {
$refreshTime = 300;
} elseif ($modSettings['admin_session_lifetime'] > 14400) {
$refreshTime = 86400;
} else {
$refreshTime = $modSettings['admin_session_lifetime'] * 60;
}
}
// If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode.
if (isset($_GET['xml'])) {
$refreshTime += 600;
}
// Is the security option off?
if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) {
return;
}
// If their admin or moderator session hasn't expired yet, let it pass, let the admin session trump a moderation one as well
if (!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time() || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()) {
return;
}
require_once SUBSDIR . '/Auth.subs.php';
// Comming from the login screen
if (isset($_POST[$type . '_pass']) || isset($_POST[$type . '_hash_pass'])) {
checkSession();
validateToken('admin-login');
// Hashed password, ahoy!
if (isset($_POST[$type . '_hash_pass']) && strlen($_POST[$type . '_hash_pass']) === 64) {
// Allow integration to verify the password
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_hash_pass'], true)), true);
$password = $_POST[$type . '_hash_pass'];
if ($good_password || validateLoginPassword($password, $user_info['passwd'])) {
$_SESSION[$type . '_time'] = time();
unset($_SESSION['request_referer']);
return;
}
}
// Posting the password... check it.
if (isset($_POST[$type . '_pass']) && str_replace('*', '', $_POST[$type . '_pass']) !== '') {
// Give integrated systems a chance to verify this password
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_pass'], false)), true);
// Password correct?
$password = $_POST[$type . '_pass'];
if ($good_password || validateLoginPassword($password, $user_info['passwd'], $user_info['username'])) {
$_SESSION[$type . '_time'] = time();
unset($_SESSION['request_referer']);
return;
}
}
}
// OpenID?
if (!empty($user_settings['openid_uri'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$openID = new OpenID();
$openID->revalidate();
$_SESSION[$type . '_time'] = time();
unset($_SESSION['request_referer']);
return;
}
// Better be sure to remember the real referer
if (empty($_SESSION['request_referer'])) {
$_SESSION['request_referer'] = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
} elseif (empty($_POST)) {
unset($_SESSION['request_referer']);
}
// Need to type in a password for that, man.
if (!isset($_GET['xml'])) {
adminLogin($type);
} else {
return 'session_verify_fail';
}
}
/**
* Callback action handler for OpenID
*/
public function action_openidreturn()
{
global $modSettings, $context, $user_settings;
// We'll need our subs.
require_once SUBSDIR . '/OpenID.subs.php';
// Is OpenID even enabled?
if (empty($modSettings['enableOpenID'])) {
fatal_lang_error('no_access', false);
}
// The OpenID provider did not respond with the OpenID mode? Throw an error..
if (!isset($_GET['openid_mode'])) {
fatal_lang_error('openid_return_no_mode', false);
}
// @todo Check for error status!
if ($_GET['openid_mode'] != 'id_res') {
fatal_lang_error('openid_not_resolved');
}
// this has annoying habit of removing the + from the base64 encoding. So lets put them back.
foreach (array('openid_assoc_handle', 'openid_invalidate_handle', 'openid_sig', 'sf') as $key) {
if (isset($_GET[$key])) {
$_GET[$key] = str_replace(' ', '+', $_GET[$key]);
}
}
$openID = new OpenID();
// Did they tell us to remove any associations?
if (!empty($_GET['openid_invalidate_handle'])) {
$openID->removeAssociation($_GET['openid_invalidate_handle']);
}
// Get the OpenID server info.
$server_info = $openID->getServerInfo($_GET['openid_identity']);
// Get the association data.
$assoc = $openID->getAssociation($server_info['server'], $_GET['openid_assoc_handle'], true);
if ($assoc === null) {
fatal_lang_error('openid_no_assoc');
}
$secret = base64_decode($assoc['secret']);
$signed = explode(',', $_GET['openid_signed']);
$verify_str = '';
foreach ($signed as $sign) {
$verify_str .= $sign . ':' . strtr($_GET['openid_' . str_replace('.', '_', $sign)], array('&' => '&')) . "\n";
}
$verify_str = base64_encode(hash_hmac('sha1', $verify_str, $secret, true));
// Verify the OpenID signature.
if ($verify_str != $_GET['openid_sig']) {
fatal_lang_error('openid_sig_invalid', 'critical');
}
if (!isset($_SESSION['openid']['saved_data'][$_GET['t']])) {
fatal_lang_error('openid_load_data');
}
$openid_uri = $_SESSION['openid']['saved_data'][$_GET['t']]['openid_uri'];
$modSettings['cookieTime'] = $_SESSION['openid']['saved_data'][$_GET['t']]['cookieTime'];
if (empty($openid_uri)) {
fatal_lang_error('openid_load_data');
}
// Any save fields to restore?
$context['openid_save_fields'] = isset($_GET['sf']) ? unserialize(base64_decode($_GET['sf'])) : array();
$context['openid_claimed_id'] = $_GET['openid_claimed_id'];
// Is there a user with this OpenID_uri?
$member_found = memberByOpenID($context['openid_claimed_id']);
if (empty($member_found) && isset($_GET['sa']) && $_GET['sa'] == 'change_uri' && !empty($_SESSION['new_openid_uri']) && $_SESSION['new_openid_uri'] == $context['openid_claimed_id']) {
// Update the member.
updateMemberData($user_settings['id_member'], array('openid_uri' => $context['openid_claimed_id']));
unset($_SESSION['new_openid_uri']);
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $context['openid_claimed_id']);
// Send them back to profile.
redirectexit('action=profile;area=authentication;updated');
} elseif (empty($member_found)) {
// Store the received openid info for the user when returned to the registration page.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $context['openid_claimed_id']);
if (isset($_GET['openid_sreg_nickname'])) {
$_SESSION['openid']['nickname'] = $_GET['openid_sreg_nickname'];
}
if (isset($_GET['openid_sreg_email'])) {
$_SESSION['openid']['email'] = $_GET['openid_sreg_email'];
}
if (isset($_GET['openid_sreg_dob'])) {
$_SESSION['openid']['dob'] = $_GET['openid_sreg_dob'];
}
if (isset($_GET['openid_sreg_gender'])) {
$_SESSION['openid']['gender'] = $_GET['openid_sreg_gender'];
}
// Were we just verifying the registration state?
if (isset($_GET['sa']) && $_GET['sa'] == 'register2') {
require_once CONTROLLERDIR . '/Register.controller.php';
$controller = new Register_Controller();
return $controller->action_register2(true);
} else {
redirectexit('action=register');
}
} elseif (isset($_GET['sa']) && $_GET['sa'] == 'revalidate' && $user_settings['openid_uri'] == $openid_uri) {
$_SESSION['openid_revalidate_time'] = time();
// Restore the get data.
require_once SUBSDIR . '/Auth.subs.php';
$_SESSION['openid']['saved_data'][$_GET['t']]['get']['openid_restore_post'] = $_GET['t'];
$query_string = construct_query_string($_SESSION['openid']['saved_data'][$_GET['t']]['get']);
redirectexit($query_string);
} else {
$user_settings = $member_found;
// @Todo: this seems outdated?
$user_settings['passwd'] = sha1(strtolower($user_settings['member_name']) . $secret);
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt']));
// Cleanup on Aisle 5.
$_SESSION['openid'] = array('verified' => true, 'openid_uri' => $context['openid_claimed_id']);
require_once CONTROLLERDIR . '/Auth.controller.php';
// Activation required?
if (!checkActivation()) {
return;
}
// Finally do the login.
doLogin();
}
}
/**
* Creates a nonce and also stores it.
*
* @param int $length Lenth of the random string, defaults to 6
* @param int $time A unix timestamp in seconds
*
* @return string The nonce
* @see createNonce()
*/
public function createNonceAndStore($length = 6, $time = null)
{
$nonce = $this->createNonce($length, $time);
OpenID::getStore()->setNonce($nonce, $this->opEndpointURL);
return $nonce;
}
/**
* Common method for creating a cache key based on the normalized identifier
*
* @param string $identifier User supplied identifier
*
* @return string md5 of the normalized identifier
*/
protected function getDiscoverCacheKey($identifier)
{
return md5(OpenID::normalizeIdentifier($identifier));
}
<?php
require_once "../../phplib/util.php";
util_assertNotMirror();
util_assertNotLoggedIn();
$data = OpenID::finishAuth();
if (!$data) {
smarty_assign('page_title', 'Autentificare cu OpenID');
smarty_assign('suggestHiddenSearchForm', true);
smarty_displayCommonPageWithSkin('auth/login.ihtml');
exit;
}
$user = User::get_by_identity($data['identity']);
if ($user) {
session_login($user, $data);
} else {
// First time logging in, must claim an existing account or create a new one
$user = isset($data['email']) ? User::get_by_email($data['email']) : null;
$loginType = $user ? 0 : (isset($data['fullname']) ? 1 : (isset($data['nickname']) ? 2 : 3));
// Store the identity in a temporary file. Don't print it in the form, because then it can be faked on the next page.
$randString = util_randomCapitalLetterString(20);
FileCache::put($randString, $data);
smarty_assign('page_title', 'Autentificare cu OpenID');
smarty_assign('suggestHiddenSearchForm', true);
smarty_assign('data', $data);
smarty_assign('randString', $randString);
smarty_assign('loginType', $loginType);
smarty_displayCommonPageWithSkin('auth/chooseIdentity.ihtml');
}
/**
* Allow the change or view of profiles.
* Loads the profile menu.
*
* @see Action_Controller::action_index()
*/
public function action_index()
{
global $txt, $scripturl, $user_info, $context, $user_profile, $cur_profile;
global $modSettings, $memberContext, $profile_vars, $post_errors, $user_settings;
// Don't reload this as we may have processed error strings.
if (empty($post_errors)) {
loadLanguage('Profile+Drafts');
}
loadTemplate('Profile');
require_once SUBSDIR . '/Menu.subs.php';
require_once SUBSDIR . '/Profile.subs.php';
$memID = currentMemberID();
$context['id_member'] = $memID;
$cur_profile = $user_profile[$memID];
// Let's have some information about this member ready, too.
loadMemberContext($memID);
$context['member'] = $memberContext[$memID];
// Is this the profile of the user himself or herself?
$context['user']['is_owner'] = $memID == $user_info['id'];
/**
* Define all the sections within the profile area!
* We start by defining the permission required - then we take this and turn
* it into the relevant context ;)
*
* Possible fields:
* For Section:
* - string $title: Section title.
* - array $areas: Array of areas within this section.
*
* For Areas:
* - string $label: Text string that will be used to show the area in the menu.
* - string $file: Optional text string that may contain a file name that's needed for inclusion in order to display the area properly.
* - string $custom_url: Optional href for area.
* - string $function: Function to execute for this section.
* - bool $enabled: Should area be shown?
* - string $sc: Session check validation to do on save - note without this save will get unset - if set.
* - bool $hidden: Does this not actually appear on the menu?
* - bool $password: Whether to require the user's password in order to save the data in the area.
* - array $subsections: Array of subsections, in order of appearance.
* - array $permission: Array of permissions to determine who can access this area. Should contain arrays $own and $any.
*/
$profile_areas = array('info' => array('title' => $txt['profileInfo'], 'areas' => array('summary' => array('label' => $txt['summary'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_summary', 'token' => 'profile-aa%u', 'token_type' => 'get', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'statistics' => array('label' => $txt['statPanel'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_statPanel', 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'showposts' => array('label' => $txt['showPosts'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_showPosts', 'subsections' => array('messages' => array($txt['showMessages'], array('profile_view_own', 'profile_view_any')), 'topics' => array($txt['showTopics'], array('profile_view_own', 'profile_view_any')), 'unwatchedtopics' => array($txt['showUnwatched'], array('profile_view_own', 'profile_view_any'), 'enabled' => $modSettings['enable_unwatch'] && $context['user']['is_owner']), 'attach' => array($txt['showAttachments'], array('profile_view_own', 'profile_view_any'))), 'permission' => array('own' => 'profile_view_own', 'any' => 'profile_view_any')), 'showdrafts' => array('label' => $txt['drafts_show'], 'file' => 'Draft.controller.php', 'controller' => 'Draft_Controller', 'function' => 'action_showProfileDrafts', 'enabled' => !empty($modSettings['drafts_enabled']) && $context['user']['is_owner'], 'permission' => array('own' => 'profile_view_own', 'any' => array())), 'showlikes' => array('label' => $txt['likes_show'], 'file' => 'Likes.controller.php', 'controller' => 'Likes_Controller', 'function' => 'action_showProfileLikes', 'enabled' => !empty($modSettings['likes_enabled']) && $context['user']['is_owner'], 'subsections' => array('given' => array($txt['likes_given'], array('profile_view_own')), 'received' => array($txt['likes_received'], array('profile_view_own'))), 'permission' => array('own' => 'profile_view_own', 'any' => array())), 'permissions' => array('label' => $txt['showPermissions'], 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_showPermissions', 'permission' => array('own' => 'manage_permissions', 'any' => 'manage_permissions')), 'history' => array('label' => $txt['history'], 'file' => 'ProfileHistory.controller.php', 'controller' => 'ProfileHistory_Controller', 'function' => 'action_index', 'subsections' => array('activity' => array($txt['trackActivity'], 'moderate_forum'), 'ip' => array($txt['trackIP'], 'moderate_forum'), 'edits' => array($txt['trackEdits'], 'moderate_forum'), 'logins' => array($txt['trackLogins'], array('profile_view_own', 'moderate_forum'))), 'permission' => array('own' => 'moderate_forum', 'any' => 'moderate_forum')), 'viewwarning' => array('label' => $txt['profile_view_warnings'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && $cur_profile['warning'] && (!empty($modSettings['warning_show']) && ($context['user']['is_owner'] || $modSettings['warning_show'] == 2)), 'file' => 'ProfileInfo.controller.php', 'controller' => 'ProfileInfo_Controller', 'function' => 'action_viewWarning', 'permission' => array('own' => 'profile_view_own', 'any' => 'issue_warning')))), 'edit_profile' => array('title' => $txt['profileEdit'], 'areas' => array('account' => array('label' => $txt['account'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_account', 'enabled' => $context['user']['is_admin'] || $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'sc' => 'post', 'token' => 'profile-ac%u', 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own', 'manage_membergroups'), 'any' => array('profile_identity_any', 'manage_membergroups'))), 'forumprofile' => array('label' => $txt['forumprofile'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_forumProfile', 'sc' => 'post', 'token' => 'profile-fp%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own', 'profile_title_own', 'profile_title_any'), 'any' => array('profile_extra_any', 'profile_title_any'))), 'theme' => array('label' => $txt['theme'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_themepick', 'sc' => 'post', 'token' => 'profile-th%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'authentication' => array('label' => $txt['authentication'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_authentication', 'enabled' => !empty($modSettings['enableOpenID']) || !empty($cur_profile['openid_uri']), 'sc' => 'post', 'token' => 'profile-au%u', 'hidden' => empty($modSettings['enableOpenID']) && empty($cur_profile['openid_uri']), 'password' => true, 'permission' => array('own' => array('profile_identity_any', 'profile_identity_own'), 'any' => array('profile_identity_any'))), 'notification' => array('label' => $txt['notifications'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_notification', 'sc' => 'post', 'token' => 'profile-nt%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'contactprefs' => array('label' => $txt['contactprefs'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_pmprefs', 'enabled' => allowedTo(array('profile_extra_own', 'profile_extra_any')), 'sc' => 'post', 'token' => 'profile-pm%u', 'permission' => array('own' => array('pm_read'), 'any' => array('profile_extra_any'))), 'ignoreboards' => array('label' => $txt['ignoreboards'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_ignoreboards', 'enabled' => !empty($modSettings['allow_ignore_boards']), 'sc' => 'post', 'token' => 'profile-ib%u', 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array('profile_extra_any'))), 'lists' => array('label' => $txt['editBuddyIgnoreLists'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_editBuddyIgnoreLists', 'enabled' => !empty($modSettings['enable_buddylist']) && $context['user']['is_owner'], 'sc' => 'post', 'token' => 'profile-bl%u', 'subsections' => array('buddies' => array($txt['editBuddies']), 'ignore' => array($txt['editIgnoreList'])), 'permission' => array('own' => array('profile_extra_any', 'profile_extra_own'), 'any' => array())), 'groupmembership' => array('label' => $txt['groupmembership'], 'file' => 'ProfileOptions.controller.php', 'controller' => 'ProfileOptions_Controller', 'function' => 'action_groupMembership', 'enabled' => !empty($modSettings['show_group_membership']) && $context['user']['is_owner'], 'sc' => 'request', 'token' => 'profile-gm%u', 'token_type' => 'request', 'permission' => array('own' => array('profile_view_own'), 'any' => array('manage_membergroups'))))), 'profile_action' => array('title' => $txt['profileAction'], 'areas' => array('sendpm' => array('label' => $txt['profileSendIm'], 'custom_url' => $scripturl . '?action=pm;sa=send', 'permission' => array('own' => array(), 'any' => array('pm_send'))), 'issuewarning' => array('label' => $txt['profile_issue_warning'], 'enabled' => in_array('w', $context['admin_features']) && !empty($modSettings['warning_enable']) && (!$context['user']['is_owner'] || $context['user']['is_admin']), 'file' => 'ProfileAccount.controller.php', 'controller' => 'ProfileAccount_Controller', 'function' => 'action_issuewarning', 'token' => 'profile-iw%u', 'permission' => array('own' => array(), 'any' => array('issue_warning'))), 'banuser' => array('label' => $txt['profileBanUser'], 'custom_url' => $scripturl . '?action=admin;area=ban;sa=add', 'enabled' => $cur_profile['id_group'] != 1 && !in_array(1, explode(',', $cur_profile['additional_groups'])), 'permission' => array('own' => array(), 'any' => array('manage_bans'))), 'subscriptions' => array('label' => $txt['subscriptions'], 'file' => 'ProfileSubscriptions.controller.php', 'controller' => 'ProfileSubscriptions_Controller', 'function' => 'action_subscriptions', 'enabled' => !empty($modSettings['paid_enabled']), 'permission' => array('own' => array('profile_view_own'), 'any' => array('moderate_forum'))), 'deleteaccount' => array('label' => $txt['deleteAccount'], 'file' => 'ProfileAccount.controller.php', 'controller' => 'ProfileAccount_Controller', 'function' => 'action_deleteaccount', 'sc' => 'post', 'token' => 'profile-da%u', 'password' => true, 'permission' => array('own' => array('profile_remove_any', 'profile_remove_own'), 'any' => array('profile_remove_any'))), 'activateaccount' => array('file' => 'ProfileAccount.controller.php', 'controller' => 'ProfileAccount_Controller', 'function' => 'action_activateaccount', 'sc' => 'get', 'token' => 'profile-aa%u', 'permission' => array('own' => array(), 'any' => array('moderate_forum'))))));
// Is there an updated message to show?
if (isset($_GET['updated'])) {
$context['profile_updated'] = $txt['profile_updated_own'];
}
// Set a few options for the menu.
$menuOptions = array('disable_url_session_check' => true, 'hook' => 'profile', 'extra_url_parameters' => array('u' => $context['id_member']), 'default_include_dir' => CONTROLLERDIR);
// Actually create the menu!
$profile_include_data = createMenu($profile_areas, $menuOptions);
unset($profile_areas);
// If it said no permissions that meant it wasn't valid!
if ($profile_include_data && empty($profile_include_data['permission'])) {
$profile_include_data['enabled'] = false;
}
// No menu and guest? A warm welcome to register
if (!$profile_include_data && $user_info['is_guest']) {
is_not_guest();
}
// No menu means no access.
if (!$profile_include_data || isset($profile_include_data['enabled']) && $profile_include_data['enabled'] === false) {
fatal_lang_error('no_access', false);
}
// Make a note of the Unique ID for this menu.
$context['profile_menu_id'] = $context['max_menu_id'];
$context['profile_menu_name'] = 'menu_data_' . $context['profile_menu_id'];
// Set the selected item - now it's been validated.
$current_area = $profile_include_data['current_area'];
$context['menu_item_selected'] = $current_area;
// Before we go any further, let's work on the area we've said is valid.
// Note this is done here just in case we ever compromise the menu function in error!
$this->_completed_save = false;
$context['do_preview'] = isset($_REQUEST['preview_signature']);
// Are we saving data in a valid area?
if (isset($profile_include_data['sc']) && (isset($_REQUEST['save']) || $context['do_preview'])) {
checkSession($profile_include_data['sc']);
$this->_completed_save = true;
}
// Does this require session validating?
if (!empty($area['validate']) || isset($_REQUEST['save']) && !$context['user']['is_owner']) {
validateSession();
}
// Do we need to perform a token check?
if (!empty($profile_include_data['token'])) {
if ($profile_include_data['token'] !== true) {
$token_name = str_replace('%u', $context['id_member'], $profile_include_data['token']);
} else {
$token_name = 'profile-u' . $context['id_member'];
}
if (isset($profile_include_data['token_type']) && in_array($profile_include_data['token_type'], array('request', 'post', 'get'))) {
$token_type = $profile_include_data['token_type'];
} else {
$token_type = 'post';
}
if (isset($_REQUEST['save'])) {
validateToken($token_name, $token_type);
}
}
// Permissions for good measure.
if (!empty($profile_include_data['permission'])) {
isAllowedTo($profile_include_data['permission'][$context['user']['is_owner'] ? 'own' : 'any']);
}
// Create a token if needed.
if (!empty($profile_include_data['token'])) {
createToken($token_name, $token_type);
$context['token_check'] = $token_name;
}
// Build the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : ''), 'name' => sprintf($txt['profile_of_username'], $context['member']['name']));
if (!empty($profile_include_data['label'])) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'], 'name' => $profile_include_data['label']);
}
if (!empty($profile_include_data['current_subsection']) && $profile_include_data['subsections'][$profile_include_data['current_subsection']][0] != $profile_include_data['label']) {
$context['linktree'][] = array('url' => $scripturl . '?action=profile' . ($memID != $user_info['id'] ? ';u=' . $memID : '') . ';area=' . $profile_include_data['current_area'] . ';sa=' . $profile_include_data['current_subsection'], 'name' => $profile_include_data['subsections'][$profile_include_data['current_subsection']][0]);
}
// Set the template for this area... if you still can :P
// and add the profile layer.
$context['sub_template'] = $profile_include_data['function'];
Template_Layers::getInstance()->add('profile');
loadJavascriptFile('profile.js');
// All the subactions that require a user password in order to validate.
$check_password = $context['user']['is_owner'] && !empty($profile_include_data['password']);
$context['require_password'] = $check_password && empty($user_settings['openid_uri']);
// These will get populated soon!
$post_errors = array();
$profile_vars = array();
// Right - are we saving - if so let's save the old data first.
if ($this->_completed_save) {
// Clean up the POST variables.
$_POST = htmltrim__recursive($_POST);
$_POST = htmlspecialchars__recursive($_POST);
if ($check_password) {
// If we're using OpenID try to revalidate.
if (!empty($user_settings['openid_uri'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$openID = new OpenID();
$openID->revalidate();
} else {
// You didn't even enter a password!
if (trim($_POST['oldpasswrd']) == '') {
$post_errors[] = 'no_password';
}
// Since the password got modified due to all the $_POST cleaning, lets undo it so we can get the correct password
$_POST['oldpasswrd'] = un_htmlspecialchars($_POST['oldpasswrd']);
// Does the integration want to check passwords?
$good_password = in_array(true, call_integration_hook('integrate_verify_password', array($cur_profile['member_name'], $_POST['oldpasswrd'], false)), true);
// Start up the password checker, we have work to do
require_once SUBSDIR . '/Auth.subs.php';
// Bad password!!!
if (!$good_password && !validateLoginPassword($_POST['oldpasswrd'], $user_info['passwd'], $user_profile[$memID]['member_name'])) {
$post_errors[] = 'bad_password';
}
// Warn other elements not to jump the gun and do custom changes!
if (in_array('bad_password', $post_errors)) {
$context['password_auth_failed'] = true;
}
}
}
// Change the IP address in the database.
if ($context['user']['is_owner']) {
$profile_vars['member_ip'] = $user_info['ip'];
}
// Now call the sub-action function...
if ($current_area == 'activateaccount') {
if (empty($post_errors)) {
require_once CONTROLLERDIR . '/ProfileAccount.controller.php';
$controller = new ProfileAccount_Controller();
$controller->action_activateaccount();
}
} elseif ($current_area == 'deleteaccount') {
if (empty($post_errors)) {
require_once CONTROLLERDIR . '/ProfileAccount.controller.php';
$controller = new ProfileAccount_Controller();
$controller->action_deleteaccount2();
redirectexit();
}
} elseif ($current_area == 'groupmembership' && empty($post_errors)) {
require_once CONTROLLERDIR . '/ProfileOptions.controller.php';
$controller = new Profileoptions_Controller();
$msg = $controller->action_groupMembership2();
// Whatever we've done, we have nothing else to do here...
redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=groupmembership' . (!empty($msg) ? ';msg=' . $msg : ''));
} elseif ($current_area == 'authentication') {
require_once CONTROLLERDIR . '/ProfileOptions.controller.php';
$controller = new ProfileOptions_Controller();
$controller->action_authentication(true);
} elseif (in_array($current_area, array('account', 'forumprofile', 'theme', 'contactprefs'))) {
saveProfileFields();
} else {
$force_redirect = true;
saveProfileChanges($profile_vars, $memID);
}
call_integration_hook('integrate_profile_save', array(&$profile_vars, &$post_errors, $memID));
// There was a problem, let them try to re-enter.
if (!empty($post_errors)) {
// Load the language file so we can give a nice explanation of the errors.
loadLanguage('Errors');
$context['post_errors'] = $post_errors;
} elseif (!empty($profile_vars)) {
// If we've changed the password, notify any integration that may be listening in.
if (isset($profile_vars['passwd'])) {
call_integration_hook('integrate_reset_pass', array($cur_profile['member_name'], $cur_profile['member_name'], $_POST['passwrd2']));
}
updateMemberData($memID, $profile_vars);
// What if this is the newest member?
if ($modSettings['latestMember'] == $memID) {
updateStats('member');
} elseif (isset($profile_vars['real_name'])) {
updateSettings(array('memberlist_updated' => time()));
}
// If the member changed his/her birthdate, update calendar statistics.
if (isset($profile_vars['birthdate']) || isset($profile_vars['real_name'])) {
updateSettings(array('calendar_updated' => time()));
}
// Anything worth logging?
if (!empty($context['log_changes']) && !empty($modSettings['modlog_enabled'])) {
$log_changes = array();
foreach ($context['log_changes'] as $k => $v) {
$log_changes[] = array('action' => $k, 'log_type' => 'user', 'extra' => array_merge($v, array('applicator' => $user_info['id'], 'member_affected' => $memID)));
}
logActions($log_changes);
}
// Have we got any post save functions to execute?
if (!empty($context['profile_execute_on_save'])) {
foreach ($context['profile_execute_on_save'] as $saveFunc) {
$saveFunc();
}
}
// Let them know it worked!
$context['profile_updated'] = $context['user']['is_owner'] ? $txt['profile_updated_own'] : sprintf($txt['profile_updated_else'], $cur_profile['member_name']);
// Invalidate any cached data.
cache_put_data('member_data-profile-' . $memID, null, 0);
}
}
// Have some errors for some reason?
if (!empty($post_errors)) {
// Set all the errors so the template knows what went wrong.
foreach ($post_errors as $error_type) {
$context['modify_error'][$error_type] = true;
}
} elseif (!empty($profile_vars) && $context['user']['is_owner'] && !$context['do_preview']) {
redirectexit('action=profile;area=' . $current_area . ';updated');
} elseif (!empty($force_redirect)) {
redirectexit('action=profile' . ($context['user']['is_owner'] ? '' : ';u=' . $memID) . ';area=' . $current_area);
}
// Let go to the right place
if (isset($profile_include_data['file'])) {
require_once $profile_include_data['file'];
}
callMenu($profile_include_data);
// Set the page title if it's not already set...
if (!isset($context['page_title'])) {
$context['page_title'] = $txt['profile'] . (isset($txt[$current_area]) ? ' - ' . $txt[$current_area] : '');
}
}
/**
* Actually logs you in.
*
* What it does:
* - checks credentials and checks that login was successful.
* - it employs protection against a specific IP or user trying to brute force
* a login to an account.
* - upgrades password encryption on login, if necessary.
* - after successful login, redirects you to $_SESSION['login_url'].
* - accessed from ?action=login2, by forms.
*
* On error, uses the same templates action_login() uses.
*/
public function action_login2()
{
global $txt, $scripturl, $user_info, $user_settings, $modSettings, $context, $sc;
// Load cookie authentication and all stuff.
require_once SUBSDIR . '/Auth.subs.php';
// Beyond this point you are assumed to be a guest trying to login.
if (!$user_info['is_guest']) {
redirectexit();
}
// Are you guessing with a script?
checkSession('post');
validateToken('login');
spamProtection('login');
// Set the login_url if it's not already set (but careful not to send us to an attachment).
if (empty($_SESSION['login_url']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'dlattach') === false && preg_match('~(board|topic)[=,]~', $_SESSION['old_url']) != 0 || isset($_GET['quicklogin']) && isset($_SESSION['old_url']) && strpos($_SESSION['old_url'], 'login') === false) {
$_SESSION['login_url'] = $_SESSION['old_url'];
}
// Been guessing a lot, haven't we?
if (isset($_SESSION['failed_login']) && $_SESSION['failed_login'] >= $modSettings['failed_login_threshold'] * 3) {
fatal_lang_error('login_threshold_fail', 'critical');
}
// Set up the cookie length. (if it's invalid, just fall through and use the default.)
if (isset($_POST['cookieneverexp']) || !empty($_POST['cookielength']) && $_POST['cookielength'] == -1) {
$modSettings['cookieTime'] = 3153600;
} elseif (!empty($_POST['cookielength']) && ($_POST['cookielength'] >= 1 || $_POST['cookielength'] <= 525600)) {
$modSettings['cookieTime'] = (int) $_POST['cookielength'];
}
loadLanguage('Login');
// Load the template stuff
loadTemplate('Login');
loadJavascriptFile('sha256.js', array('defer' => true));
$context['sub_template'] = 'login';
// Set up the default/fallback stuff.
$context['default_username'] = isset($_POST['user']) ? preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($_POST['user'], ENT_COMPAT, 'UTF-8')) : '';
$context['default_password'] = '';
$context['never_expire'] = $modSettings['cookieTime'] == 525600 || $modSettings['cookieTime'] == 3153600;
$context['login_errors'] = array($txt['error_occurred']);
$context['page_title'] = $txt['login'];
// Add the login chain to the link tree.
$context['linktree'][] = array('url' => $scripturl . '?action=login', 'name' => $txt['login']);
// This is an OpenID login. Let's validate...
if (!empty($_POST['openid_identifier']) && !empty($modSettings['enableOpenID'])) {
require_once SUBSDIR . '/OpenID.subs.php';
$open_id = new OpenID();
if ($open_id->validate($_POST['openid_identifier']) !== 'no_data') {
return $open_id;
} else {
$context['login_errors'] = array($txt['openid_not_found']);
return;
}
}
// You forgot to type your username, dummy!
if (!isset($_POST['user']) || $_POST['user'] == '') {
$context['login_errors'] = array($txt['need_username']);
return;
}
// No one needs a username that long, plus we only support 80 chars in the db
if (Util::strlen($_POST['user']) > 80) {
$_POST['user'] = Util::substr($_POST['user'], 0, 80);
}
// Can't use a password > 64 characters sorry, to long and only good for a DoS attack
// Plus we expect a 64 character one from SHA-256
if (isset($_POST['passwrd']) && strlen($_POST['passwrd']) > 64 || isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) > 64) {
$context['login_errors'] = array($txt['improper_password']);
return;
}
// Hmm... maybe 'admin' will login with no password. Uhh... NO!
if ((!isset($_POST['passwrd']) || $_POST['passwrd'] == '') && (!isset($_POST['hash_passwrd']) || strlen($_POST['hash_passwrd']) != 64)) {
$context['login_errors'] = array($txt['no_password']);
return;
}
// No funky symbols either.
if (preg_match('~[<>&"\'=\\\\]~', preg_replace('~(&#(\\d{1,7}|x[0-9a-fA-F]{1,6});)~', '', $_POST['user'])) != 0) {
$context['login_errors'] = array($txt['error_invalid_characters_username']);
return;
}
// Are we using any sort of integration to validate the login?
if (in_array('retry', call_integration_hook('integrate_validate_login', array($_POST['user'], isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) == 40 ? $_POST['hash_passwrd'] : null, $modSettings['cookieTime'])), true)) {
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
return;
}
// Find them... if we can
$user_settings = loadExistingMember($_POST['user']);
// Let them try again, it didn't match anything...
if (empty($user_settings)) {
$context['login_errors'] = array($txt['username_no_exist']);
return;
}
// Figure out if the password is using Elk's encryption - if what they typed is right.
if (isset($_POST['hash_passwrd']) && strlen($_POST['hash_passwrd']) === 64) {
// Challenge what was passed
$valid_password = validateLoginPassword($_POST['hash_passwrd'], $user_settings['passwd']);
// Let them in
if ($valid_password) {
$sha_passwd = $_POST['hash_passwrd'];
$valid_password = true;
} elseif (preg_match('/^[0-9a-f]{40}$/i', $user_settings['passwd']) && isset($_POST['old_hash_passwrd']) && $_POST['old_hash_passwrd'] === hash('sha1', $user_settings['passwd'] . $sc)) {
// Old password passed, turn off hashing and ask for it again so we can update the db to something more secure.
$context['login_errors'] = array($txt['login_hash_error']);
$context['disable_login_hashing'] = true;
unset($user_settings);
return;
} else {
// Don't allow this!
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
$_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1;
// To many tries, maybe they need a reminder
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
// Wrong password, lets enable plain text responses in case form hashing is causing problems
$context['disable_login_hashing'] = true;
$context['login_errors'] = array($txt['incorrect_password']);
unset($user_settings);
return;
}
}
} else {
// validateLoginPassword will hash this like the form normally would and check its valid
$sha_passwd = $_POST['passwrd'];
$valid_password = validateLoginPassword($sha_passwd, $user_settings['passwd'], $user_settings['member_name']);
}
// Bad password! Thought you could fool the database?!
if ($valid_password === false) {
// Let's be cautious, no hacking please. thanx.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood']);
// Maybe we were too hasty... let's try some other authentication methods.
$other_passwords = $this->_other_passwords($user_settings);
// Whichever encryption it was using, let's make it use ElkArte's now ;).
if (in_array($user_settings['passwd'], $other_passwords)) {
$user_settings['passwd'] = validateLoginPassword($sha_passwd, '', '', true);
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
// Update the password hash and set up the salt.
updateMemberData($user_settings['id_member'], array('passwd' => $user_settings['passwd'], 'password_salt' => $user_settings['password_salt'], 'passwd_flood' => ''));
} else {
// They've messed up again - keep a count to see if they need a hand.
$_SESSION['failed_login'] = isset($_SESSION['failed_login']) ? $_SESSION['failed_login'] + 1 : 1;
// Hmm... don't remember it, do you? Here, try the password reminder ;).
if ($_SESSION['failed_login'] >= $modSettings['failed_login_threshold']) {
redirectexit('action=reminder');
} else {
// Log an error so we know that it didn't go well in the error log.
log_error($txt['incorrect_password'] . ' - <span class="remove">' . $user_settings['member_name'] . '</span>', 'user');
$context['login_errors'] = array($txt['incorrect_password']);
return;
}
}
} elseif (!empty($user_settings['passwd_flood'])) {
// Let's be sure they weren't a little hacker.
validatePasswordFlood($user_settings['id_member'], $user_settings['passwd_flood'], true);
// If we got here then we can reset the flood counter.
updateMemberData($user_settings['id_member'], array('passwd_flood' => ''));
}
// Correct password, but they've got no salt; fix it!
if ($user_settings['password_salt'] == '') {
$user_settings['password_salt'] = substr(md5(mt_rand()), 0, 4);
updateMemberData($user_settings['id_member'], array('password_salt' => $user_settings['password_salt']));
}
// Check their activation status.
if (!checkActivation()) {
return;
}
doLogin();
}
/**
* Validates the nonce embedded in the openid.return_to paramater and deletes
* it from storage.. (For use with OpenID 1.1 only)
*
* @return void
* @throws OpenID_Assertion_Exception on invalid or non-existing nonce
*/
protected function validateReturnToNonce()
{
$returnTo = $this->message->get('openid.return_to');
if ($returnTo === null) {
// Must be a checkid_immediate negative assertion.
$rtURL2 = new Net_URL2($this->message->get('openid.user_setup_url'));
$rtqs = $rtURL2->getQueryVariables();
$returnTo = $rtqs['openid.return_to'];
$identity = $rtqs['openid.identity'];
}
$netURL = new Net_URL2($returnTo);
$qs = $netURL->getQueryVariables();
if (!array_key_exists(OpenID_Nonce::RETURN_TO_NONCE, $qs)) {
throw new OpenID_Assertion_Exception('Missing OpenID 1.1 return_to nonce');
}
if (!isset($identity)) {
$identity = $this->message->get('openid.identity');
}
$nonce = $qs[OpenID_Nonce::RETURN_TO_NONCE];
$discover = $this->getDiscover($identity);
$endPoint = $discover->services[0];
$URIs = $endPoint->getURIs();
$opURL = array_shift($URIs);
$fromStore = self::getStore()->getNonce(urldecode($nonce), $opURL);
// Observing
$logMessage = "returnTo: {$returnTo}\n";
$logMessage .= 'OP URIs: ' . print_r($endPoint->getURIs(), true) . "\n";
$logMessage .= 'Nonce in storage?: ' . var_export($fromStore, true) . "\n";
OpenID::setLastEvent(__METHOD__, $logMessage);
if (!$fromStore) {
throw new OpenID_Assertion_Exception('Invalid OpenID 1.1 return_to nonce in response');
}
self::getStore()->deleteNonce($nonce, $opURL);
}
public function index($user_id = 0)
{
$auth = Auth::instance();
// If already logged in redirect to user account page
// Otherwise attempt to auto login if autologin cookie can be found
// (Set when user previously logged in and ticked 'stay logged in')
if ($auth->logged_in() or $auth->auto_login()) {
if ($user = Session::instance()->get('auth_user', FALSE) and $auth->logged_in('member')) {
url::redirect('members/dashboard');
}
}
// setup and initialize form field names
$form = array('action' => '', 'username' => '', 'password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'resetemail' => '');
// copy the form as errors, so the errors will be stored with keys corresponding to the form field names
$errors = $form;
$form_error = FALSE;
$openid_error = FALSE;
$success = FALSE;
$action = isset($_POST["action"]) ? $_POST["action"] : "";
// Is this a password reset request?
if (isset($_GET["reset"])) {
$this->_new_password($user_id, $this->uri->segment(5));
$success = TRUE;
}
// Regular Form Post for Signin
// check, has the form been submitted, if so, setup validation
if ($_POST and isset($_POST["action"]) and $_POST["action"] == "signin") {
$post = Validation::factory($_POST);
$post->pre_filter('trim');
$post->add_rules('username', 'required');
$post->add_rules('password', 'required');
if ($post->validate()) {
// Sanitize $_POST data removing all inputs without rules
$postdata_array = $post->safe_array();
// Load the user
$user = ORM::factory('user', $postdata_array['username']);
// If no user with that username found
if (!$user->id) {
$post->add_error('username', 'login error');
} else {
$remember = isset($post->remember) ? TRUE : FALSE;
// Attempt a login
if ($auth->login($user, $postdata_array['password'], $remember)) {
// Exists Redirect to Dashboard
url::redirect("members/dashboard");
} else {
$post->add_error('password', 'login error');
}
}
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "new") {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('username', 'required', 'length[3,16]', 'alpha_numeric');
$post->add_rules('password', 'required', 'length[5,30]', 'alpha_numeric');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
$post->add_callbacks('username', array($this, 'username_exists_chk'));
$post->add_callbacks('email', array($this, 'email_exists_chk'));
// If Password field is not blank
if (!empty($post->password)) {
$post->add_rules('password', 'required', 'length[5,16]', 'alpha_numeric', 'matches[password_again]');
}
if ($post->validate()) {
$user = ORM::factory('user');
$user->name = $post->name;
$user->email = $post->email;
$user->username = $post->username;
$user->password = $post->password;
// Add New Roles
$user->add(ORM::factory('role', 'login'));
$user->add(ORM::factory('role', 'member'));
$user->save();
// Send Confirmation email
$this->_send_email_confirmation($user);
$success = TRUE;
$action = "";
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "forgot") {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('resetemail', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->resetemail);
// Existing User??
if ($user->loaded == true) {
// Secret consists of email and the last_login field.
// So as soon as the user logs in again,
// the reset link expires automatically.
$secret = $auth->hash_password($user->email . $user->last_login);
$secret_link = url::site('members/login/index/' . $user->id . '/' . $secret . "?reset");
$details_sent = $this->_email_resetlink($post->resetemail, $user->name, $secret_link);
if ($details_sent) {
$password_reset = TRUE;
}
$success = TRUE;
$action = "";
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
}
// OpenID Post
try {
$openid = new OpenID();
// Retrieve the Name (if available) and Email
$openid->required = array("namePerson", "contact/email");
if (!$openid->mode) {
if (isset($_POST["openid_identifier"])) {
$openid->identity = $_POST["openid_identifier"];
header("Location: " . $openid->authUrl());
}
} elseif ($openid->mode == "cancel") {
$openid_error = "You have canceled authentication!";
} else {
if ($openid->validate()) {
// Does User Exist?
$openid_user = ORM::factory("openid")->where("openid", $openid->identity)->find();
if ($openid_user->loaded and $openid_user->user) {
// First log all other sessions out
$auth->logout();
// Initiate Ushahidi side login + AutoLogin
$auth->force_login($openid_user->user->username);
// Exists Redirect to Dashboard
url::redirect("members/dashboard");
} else {
// Does this openid have the required email??
$new_openid = $openid->getAttributes();
if (!isset($new_openid["contact/email"]) or empty($new_openid["contact/email"])) {
$openid_error = $openid->identity . " has not been logged in. No Email Address Found.";
} else {
// Create new User and save OpenID
$user = ORM::factory("user");
// But first... does this email address already exist
// in the system?
if ($user->email_exists($new_openid["contact/email"])) {
$openid_error = $new_openid["contact/email"] . " is already registered in our system.";
} else {
$username = "******" . time();
// Random User Name from TimeStamp - can be changed later
$password = text::random("alnum", 16);
// Create Random Strong Password
// Name Available?
$user->name = (isset($new_openid["namePerson"]) and !empty($new_openid["namePerson"])) ? $new_openid["namePerson"] : $username;
$user->username = $username;
$user->password = $password;
$user->email = $new_openid["contact/email"];
// Add New Roles
$user->add(ORM::factory('role', 'login'));
$user->add(ORM::factory('role', 'member'));
$user->save();
// Save OpenID and Association
$openid_user->user_id = $user->id;
$openid_user->openid = $openid->identity;
$openid_user->openid_email = $new_openid["contact/email"];
$openid_user->openid_server = $openid->server;
$openid_user->openid_date = date("Y-m-d H:i:s");
$openid_user->save();
// Initiate Ushahidi side login + AutoLogin
$auth->login($username, $password, TRUE);
// Redirect to Dashboard
url::redirect("members/dashboard");
}
}
}
} else {
$openid_error = $openid->identity . "has not been logged in.";
}
}
} catch (ErrorException $e) {
$openid_error = $e->getMessage();
}
$this->template->errors = $errors;
$this->template->success = $success;
$this->template->form = $form;
$this->template->form_error = $form_error;
$this->template->openid_error = $openid_error;
$this->template->site_name = Kohana::config('settings.site_name');
$this->template->site_tagline = Kohana::config('settings.site_tagline');
// Javascript Header
$this->template->js = new View('members/login_js');
$this->template->js->action = $action;
}
/**
* Actually sends the assocition request to the OP Endpoing URL.
*
* @return OpenID_Message
* @see associate()
*/
protected function sendAssociationRequest()
{
if ($this->message->get('openid.session_type') == self::SESSION_TYPE_NO_ENCRYPTION) {
$this->message->delete('openid.dh_consumer_public');
$this->message->delete('openid.dh_modulus');
$this->message->delete('openid.dh_gen');
} else {
$this->initDH();
}
$response = $this->directRequest($this->opEndpointURL, $this->message);
$message = new OpenID_Message($response->getBody(), OpenID_Message::FORMAT_KV);
OpenID::setLastEvent(__METHOD__, print_r($message->getArrayFormat(), true));
return $message;
}
function logout()
{
Acl::authorize('openid', null);
OpenID::setCookie('openid_auto', 'n');
OpenIDConsumer::clearUserInfo();
}
/**
* Performs the first step of a Diffie-Hellman key exchange by generating
* private and public DH values based on given prime number $p and
* generator $g. Both sides of key exchange MUST have the same prime number
* and generator. In this case they will able to create a random shared
* secret that is never send from one to the other.
*
* @param string $p prime number in binary representation
* @param string $g generator in binary representation
* @param string $priv_key private key in binary representation
* @return mixed
*/
public static function createDhKey($p, $g, $priv_key = null)
{
if (function_exists('openssl_dh_compute_key')) {
$dh_details = array('p' => $p, 'g' => $g);
if ($priv_key !== null) {
$dh_details['priv_key'] = $priv_key;
}
return openssl_pkey_new(array('dh' => $dh_details));
} else {
$bn_p = self::binToBigNum($p);
$bn_g = self::binToBigNum($g);
if ($priv_key === null) {
$priv_key = self::randomBytes(OpenID::strlen($p));
}
$bn_priv_key = self::binToBigNum($priv_key);
if (extension_loaded('gmp')) {
$bn_pub_key = gmp_powm($bn_g, $bn_priv_key, $bn_p);
} else {
if (extension_loaded('bcmath')) {
$bn_pub_key = bcpowmod($bn_g, $bn_priv_key, $bn_p);
}
}
$pub_key = self::bigNumToBin($bn_pub_key);
return array('p' => $bn_p, 'g' => $bn_g, 'priv_key' => $bn_priv_key, 'pub_key' => $bn_pub_key, 'details' => array('p' => $p, 'g' => $g, 'priv_key' => $priv_key, 'pub_key' => $pub_key));
}
}
/**
* Gets an instance of OpenID_Discover from the SQL server if it exists.
*
* @param string $identifier The user supplied identifier
*
* @return false on failure, OpenID_Discover on success
*/
public function getDiscover($identifier)
{
$normalized = OpenID::normalizeIdentifier($identifier);
$sql = "SELECT serialized_discover\n FROM {$this->tableNames['discovery']}\n WHERE identifier = ?\n AND expires > ?";
$result = $this->prepareExecute($sql, array($normalized, time()));
if (!$result->numRows()) {
return false;
}
$row = $result->fetchRow(MDB2_FETCHMODE_ASSOC);
$result->free();
return unserialize($row['serialized_discover']);
}
/**
* Adds a nonce to the openid.return_to URL parameter. Only used in OpenID 1.1
*
* @return void
*/
protected function addNonce()
{
$nonce = $this->getNonce()->createNonceAndStore();
$returnToURL = new Net_URL2($this->message->get('openid.return_to'));
$returnToURL->setQueryVariable(OpenID_Nonce::RETURN_TO_NONCE, urlencode($nonce));
$this->message->set('openid.return_to', $returnToURL->getURL());
// Observing
$logMessage = "Nonce: {$nonce}\n";
$logMessage = 'New ReturnTo: ' . $returnToURL->getURL() . "\n";
$logMessage .= 'OP URIs: ' . print_r($this->serviceEndpoint->getURIs(), true);
OpenID::setLastEvent(__METHOD__, $logMessage);
}
/**
* Actually register the member.
* @todo split this function in two functions:
* - a function that handles action=register2, which needs no parameter;
* - a function that processes the case of OpenID verification.
*
* @param bool $verifiedOpenID = false
*/
public function action_register2($verifiedOpenID = false)
{
global $txt, $modSettings, $context, $user_info;
// Start collecting together any errors.
$reg_errors = Error_Context::context('register', 0);
// We can't validate the token and the session with OpenID enabled.
if (!$verifiedOpenID) {
checkSession();
if (!validateToken('register', 'post', true, false)) {
$reg_errors->addError('token_verification');
}
}
// Did we save some open ID fields?
if ($verifiedOpenID && !empty($context['openid_save_fields'])) {
foreach ($context['openid_save_fields'] as $id => $value) {
$_POST[$id] = $value;
}
}
// You can't register if it's disabled.
if (!empty($modSettings['registration_method']) && $modSettings['registration_method'] == 3) {
fatal_lang_error('registration_disabled', false);
}
// If we're using an agreement checkbox, did they check it?
if (!empty($modSettings['checkboxAgreement']) && !empty($_POST['checkbox_agreement'])) {
$_SESSION['registration_agreed'] = true;
}
// Things we don't do for people who have already confirmed their OpenID allegances via register.
if (!$verifiedOpenID) {
// Well, if you don't agree, you can't register.
if (!empty($modSettings['requireAgreement']) && empty($_SESSION['registration_agreed'])) {
redirectexit();
}
// Make sure they came from *somewhere*, have a session.
if (!isset($_SESSION['old_url'])) {
redirectexit('action=register');
}
// If we don't require an agreement, we need a extra check for coppa.
if (empty($modSettings['requireAgreement']) && !empty($modSettings['coppaAge'])) {
$_SESSION['skip_coppa'] = !empty($_POST['accept_agreement']);
}
// Are they under age, and under age users are banned?
if (!empty($modSettings['coppaAge']) && empty($modSettings['coppaType']) && empty($_SESSION['skip_coppa'])) {
loadLanguage('Login');
fatal_lang_error('under_age_registration_prohibited', false, array($modSettings['coppaAge']));
}
// Check the time gate for miscreants. First make sure they came from somewhere that actually set it up.
if (empty($_SESSION['register']['timenow']) || empty($_SESSION['register']['limit'])) {
redirectexit('action=register');
}
// Failing that, check the time limit for exessive speed.
if (time() - $_SESSION['register']['timenow'] < $_SESSION['register']['limit']) {
loadLanguage('Login');
$reg_errors->addError('too_quickly');
}
// Check whether the visual verification code was entered correctly.
if (!empty($modSettings['reg_verification'])) {
require_once SUBSDIR . '/VerificationControls.class.php';
$verificationOptions = array('id' => 'register');
$context['visual_verification'] = create_control_verification($verificationOptions, true);
if (is_array($context['visual_verification'])) {
foreach ($context['visual_verification'] as $error) {
$reg_errors->addError($error);
}
}
}
}
foreach ($_POST as $key => $value) {
if (!is_array($_POST[$key])) {
$_POST[$key] = htmltrim__recursive(str_replace(array("\n", "\r"), '', $_POST[$key]));
}
}
// Collect all extra registration fields someone might have filled in.
$possible_strings = array('birthdate', 'time_format', 'buddy_list', 'pm_ignore_list', 'smiley_set', 'personal_text', 'avatar', 'lngfile', 'location', 'secret_question', 'secret_answer', 'website_url', 'website_title');
$possible_ints = array('pm_email_notify', 'notify_types', 'id_theme', 'gender');
$possible_floats = array('time_offset');
$possible_bools = array('notify_announcements', 'notify_regularity', 'notify_send_body', 'hide_email', 'show_online');
if (isset($_POST['secret_answer']) && $_POST['secret_answer'] != '') {
$_POST['secret_answer'] = md5($_POST['secret_answer']);
}
// Needed for isReservedName() and registerMember().
require_once SUBSDIR . '/Members.subs.php';
// Validation... even if we're not a mall.
if (isset($_POST['real_name']) && (!empty($modSettings['allow_editDisplayName']) || allowedTo('moderate_forum'))) {
$_POST['real_name'] = trim(preg_replace('~[\\t\\n\\r \\x0B\\0\\x{A0}\\x{AD}\\x{2000}-\\x{200F}\\x{201F}\\x{202F}\\x{3000}\\x{FEFF}]+~u', ' ', $_POST['real_name']));
if (trim($_POST['real_name']) != '' && !isReservedName($_POST['real_name']) && Util::strlen($_POST['real_name']) < 60) {
$possible_strings[] = 'real_name';
}
}
// Handle a string as a birthdate...
if (isset($_POST['birthdate']) && $_POST['birthdate'] != '') {
$_POST['birthdate'] = strftime('%Y-%m-%d', strtotime($_POST['birthdate']));
} elseif (!empty($_POST['bday1']) && !empty($_POST['bday2'])) {
$_POST['birthdate'] = sprintf('%04d-%02d-%02d', empty($_POST['bday3']) ? 0 : (int) $_POST['bday3'], (int) $_POST['bday1'], (int) $_POST['bday2']);
}
// By default assume email is hidden, only show it if we tell it to.
$_POST['hide_email'] = !empty($_POST['allow_email']) ? 0 : 1;
// Validate the passed language file.
if (isset($_POST['lngfile']) && !empty($modSettings['userLanguage'])) {
// Do we have any languages?
$context['languages'] = getLanguages();
// Did we find it?
if (isset($context['languages'][$_POST['lngfile']])) {
$_SESSION['language'] = $_POST['lngfile'];
} else {
unset($_POST['lngfile']);
}
} else {
unset($_POST['lngfile']);
}
// Some of these fields we may not want.
if (!empty($modSettings['registration_fields'])) {
// But we might want some of them if the admin asks for them.
$standard_fields = array('location', 'gender');
$reg_fields = explode(',', $modSettings['registration_fields']);
$exclude_fields = array_diff($standard_fields, $reg_fields);
// Website is a little different
if (!in_array('website', $reg_fields)) {
$exclude_fields = array_merge($exclude_fields, array('website_url', 'website_title'));
}
// We used to accept signature on registration but it's being abused by spammers these days, so no more.
$exclude_fields[] = 'signature';
} else {
$exclude_fields = array('signature', 'location', 'gender', 'website_url', 'website_title');
}
$possible_strings = array_diff($possible_strings, $exclude_fields);
$possible_ints = array_diff($possible_ints, $exclude_fields);
$possible_floats = array_diff($possible_floats, $exclude_fields);
$possible_bools = array_diff($possible_bools, $exclude_fields);
// Set the options needed for registration.
$regOptions = array('interface' => 'guest', 'username' => !empty($_POST['user']) ? $_POST['user'] : '', 'email' => !empty($_POST['email']) ? $_POST['email'] : '', 'password' => !empty($_POST['passwrd1']) ? $_POST['passwrd1'] : '', 'password_check' => !empty($_POST['passwrd2']) ? $_POST['passwrd2'] : '', 'openid' => !empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '', 'auth_method' => !empty($_POST['authenticate']) ? $_POST['authenticate'] : '', 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => true, 'send_welcome_email' => !empty($modSettings['send_welcomeEmail']), 'require' => !empty($modSettings['coppaAge']) && !$verifiedOpenID && empty($_SESSION['skip_coppa']) ? 'coppa' : (empty($modSettings['registration_method']) ? 'nothing' : ($modSettings['registration_method'] == 1 ? 'activation' : 'approval')), 'extra_register_vars' => array(), 'theme_vars' => array());
// Include the additional options that might have been filled in.
foreach ($possible_strings as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = Util::htmlspecialchars($_POST[$var], ENT_QUOTES);
}
}
foreach ($possible_ints as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (int) $_POST[$var];
}
}
foreach ($possible_floats as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = (double) $_POST[$var];
}
}
foreach ($possible_bools as $var) {
if (isset($_POST[$var])) {
$regOptions['extra_register_vars'][$var] = empty($_POST[$var]) ? 0 : 1;
}
}
// Registration options are always default options...
if (isset($_POST['default_options'])) {
$_POST['options'] = isset($_POST['options']) ? $_POST['options'] + $_POST['default_options'] : $_POST['default_options'];
}
$regOptions['theme_vars'] = isset($_POST['options']) && is_array($_POST['options']) ? $_POST['options'] : array();
// Make sure they are clean, dammit!
$regOptions['theme_vars'] = htmlspecialchars__recursive($regOptions['theme_vars']);
// Check whether we have fields that simply MUST be displayed?
require_once SUBSDIR . '/Profile.subs.php';
loadCustomFields(0, 'register');
foreach ($context['custom_fields'] as $row) {
// Don't allow overriding of the theme variables.
if (isset($regOptions['theme_vars'][$row['colname']])) {
unset($regOptions['theme_vars'][$row['colname']]);
}
// Prepare the value!
$value = isset($_POST['customfield'][$row['colname']]) ? trim($_POST['customfield'][$row['colname']]) : '';
// We only care for text fields as the others are valid to be empty.
if (!in_array($row['type'], array('check', 'select', 'radio'))) {
// Is it too long?
if ($row['field_length'] && $row['field_length'] < Util::strlen($value)) {
$reg_errors->addError(array('custom_field_too_long', array($row['name'], $row['field_length'])));
}
// Any masks to apply?
if ($row['type'] == 'text' && !empty($row['mask']) && $row['mask'] != 'none') {
// @todo We never error on this - just ignore it at the moment...
if ($row['mask'] == 'email' && !isValidEmail($value)) {
$reg_errors->addError(array('custom_field_invalid_email', array($row['name'])));
} elseif ($row['mask'] == 'number' && preg_match('~[^\\d]~', $value)) {
$reg_errors->addError(array('custom_field_not_number', array($row['name'])));
} elseif (substr($row['mask'], 0, 5) == 'regex' && trim($value) !== '' && preg_match(substr($row['mask'], 5), $value) === 0) {
$reg_errors->addError(array('custom_field_inproper_format', array($row['name'])));
}
}
}
// Is this required but not there?
if (trim($value) == '' && $row['show_reg'] > 1) {
$reg_errors->addError(array('custom_field_empty', array($row['name'])));
}
}
// Lets check for other errors before trying to register the member.
if ($reg_errors->hasErrors()) {
$_REQUEST['step'] = 2;
// If they've filled in some details but made an error then they need less time to finish
$_SESSION['register']['limit'] = 4;
return $this->action_register();
}
// If they're wanting to use OpenID we need to validate them first.
if (empty($_SESSION['openid']['verified']) && !empty($_POST['authenticate']) && $_POST['authenticate'] == 'openid') {
// What do we need to save?
$save_variables = array();
foreach ($_POST as $k => $v) {
if (!in_array($k, array('sc', 'sesc', $context['session_var'], 'passwrd1', 'passwrd2', 'regSubmit'))) {
$save_variables[$k] = $v;
}
}
require_once SUBSDIR . '/OpenID.subs.php';
$openID = new OpenID();
$openID->validate($_POST['openid_identifier'], false, $save_variables);
} elseif ($verifiedOpenID || (!empty($_POST['openid_identifier']) || !empty($_SESSION['openid']['openid_uri'])) && $_POST['authenticate'] == 'openid') {
$regOptions['username'] = !empty($_POST['user']) && trim($_POST['user']) != '' ? $_POST['user'] : $_SESSION['openid']['nickname'];
$regOptions['email'] = !empty($_POST['email']) && trim($_POST['email']) != '' ? $_POST['email'] : $_SESSION['openid']['email'];
$regOptions['auth_method'] = 'openid';
$regOptions['openid'] = !empty($_SESSION['openid']['openid_uri']) ? $_SESSION['openid']['openid_uri'] : (!empty($_POST['openid_identifier']) ? $_POST['openid_identifier'] : '');
}
// Registration needs to know your IP
$req = request();
$regOptions['ip'] = $user_info['ip'];
$regOptions['ip2'] = $req->ban_ip();
$memberID = registerMember($regOptions, 'register');
// If there are "important" errors and you are not an admin: log the first error
// Otherwise grab all of them and don't log anything
if ($reg_errors->hasErrors(1) && !$user_info['is_admin']) {
foreach ($reg_errors->prepareErrors(1) as $error) {
fatal_error($error, 'general');
}
}
// Was there actually an error of some kind dear boy?
if ($reg_errors->hasErrors()) {
$_REQUEST['step'] = 2;
return $this->action_register();
}
// Do our spam protection now.
spamProtection('register');
// We'll do custom fields after as then we get to use the helper function!
if (!empty($_POST['customfield'])) {
require_once SUBSDIR . '/Profile.subs.php';
makeCustomFieldChanges($memberID, 'register');
}
// If COPPA has been selected then things get complicated, setup the template.
if (!empty($modSettings['coppaAge']) && empty($_SESSION['skip_coppa'])) {
redirectexit('action=coppa;member=' . $memberID);
} elseif (!empty($modSettings['registration_method'])) {
loadTemplate('Register');
$context += array('page_title' => $txt['register'], 'title' => $txt['registration_successful'], 'sub_template' => 'after', 'description' => $modSettings['registration_method'] == 2 ? $txt['approval_after_registration'] : $txt['activate_after_registration']);
} else {
call_integration_hook('integrate_activate', array($regOptions['username']));
setLoginCookie(60 * $modSettings['cookieTime'], $memberID, hash('sha256', Util::strtolower($regOptions['username']) . $regOptions['password'] . $regOptions['register_vars']['password_salt']));
redirectexit('action=auth;sa=check;member=' . $memberID, $context['server']['needs_login_fix']);
}
}
function openid2()
{
$this->set('title', 'OpenID');
$this->expect(is_null($this->get('ERROR')), 'No errors expected at this point', 'ERROR variable is set: ' . $this->get('ERROR.text'));
$openid = new OpenID();
$this->expect($openid->verified(), 'OpenID account verified: ' . $openid->identity, 'OpenID account failed verification: ' . $openid->identity);
echo $this->render('basic/results.htm');
}
/**
* testObservers
*
* @return void
*/
public function testObservers()
{
$event1 = array('name' => 'foo1', 'data' => 'bar1');
$event2 = array('name' => 'foo2', 'data' => 'bar2');
$mock = new OpenID_Observer_Mock();
OpenID::attach($mock);
// Test skipping existing observers
OpenID::attach($mock);
try {
OpenID::setLastEvent($event1['name'], $event1['data']);
// should not execute
$this->assertTrue(false);
} catch (OpenID_Exception $e) {
}
$this->assertSame($event1, OpenID::getLastEvent());
OpenID::detach($mock);
// Test skipping missing observers
OpenID::detach($mock);
OpenID::setLastEvent($event2['name'], $event2['data']);
$this->assertSame($event2, OpenID::getLastEvent());
}
/**
* Gets the OpenID_Store_Interface instance. If none has been set, then the
* default store is used (CacheLite).
*
* @return OpenID_Store_Interface
*/
public static function getStore()
{
if (!self::$store instanceof OpenID_Store_Interface) {
self::$store = OpenID_Store::factory();
}
return self::$store;
}
