public function Config(&$contentopts)
{
$info = $this->GetInfo();
$contentopts["fields"][] = array("title" => "Maximum Days", "type" => "text", "name" => "sso_remember_me_maxdays", "value" => BB_GetValue("sso_remember_me_maxdays", $info["maxdays"]), "desc" => "The maximum number of days that a user may remember their sign in for.");
$contentopts["fields"][] = array("title" => "Allow Bypass Two-Factor Authentication?", "type" => "select", "name" => "sso_remember_me_bypass_twofactor", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_remember_me_bypass_twofactor", (string) (int) $info["bypass_twofactor"]), "desc" => "Allows the user to bypass two-factor authentication (if any) for subsequent sign-ins.");
$contentopts["fields"][] = array("title" => "Reset Secret Key?", "type" => "select", "name" => "sso_remember_me_resetkey", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_remember_me_resetkey", "0"), "desc" => "Resets the internal key and initialization vector used to encrypt the Remember Me cookie. Will cause all existing cookies to become invalid.");
}
public function Config(&$contentopts)
{
$info = $this->GetInfo();
$contentopts["fields"][] = array("title" => "Minimum Password Strength", "type" => "text", "name" => "sso_password_minbits", "value" => BB_GetValue("sso_password_minbits", $info["minbits"]), "desc" => "The minimum number of bits of entropy required. An eight character password is approximately 18 bits according to NIST.");
$contentopts["fields"][] = array("title" => "Deep Analyze Passwords?", "type" => "select", "name" => "sso_password_analyze", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_password_analyze", (string) (int) $info["analyze"]), "desc" => "Performs in-depth analysis of user-submitted passwords against a 300,000+ word dictionary, keyboard shifting attacks, etc. Takes up to 2 seconds and 4MB RAM to analyze each password.");
$contentopts["fields"][] = array("title" => "Deep Analyze AJAX Passwords?", "type" => "select", "name" => "sso_password_analyze_ajax", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_password_analyze_ajax", (string) (int) $info["analyze_ajax"]), "desc" => "Performs in-depth analysis of user-submitted passwords when checking via AJAX. Requires the 'Deep Analyze Passwords' option to be enabled.");
$contentopts["fields"][] = array("title" => "Suggest Random Password Ideas?", "type" => "select", "name" => "sso_password_suggest", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_password_suggest", (string) (int) $info["suggest"]), "desc" => "Suggests some words from the dictionary to use as part of a password.");
$contentopts["fields"][] = array("title" => "Password Expiration", "type" => "text", "name" => "sso_password_expire", "value" => BB_GetValue("sso_password_expire", $info["expire"]), "desc" => "The number of days until a password expires and the user is required to create a new one upon successful login. Set to 0 for no expiration.");
}
public function Config(&$contentopts)
{
$info = $this->GetInfo();
$contentopts["fields"][] = array("title" => "From Address", "type" => "text", "name" => "sso_email_two_factor_email_from", "value" => BB_GetValue("sso_email_two_factor_email_from", $info["email_from"]), "desc" => "The from address for the e-mail message to send to users with the two-factor authentication code. Leave blank for the server default.");
$contentopts["fields"][] = array("title" => "Subject Line", "type" => "text", "name" => "sso_email_two_factor_email_subject", "value" => BB_GetValue("sso_email_two_factor_email_subject", $info["email_subject"]), "desc" => "The subject line for the e-mail message to send to users with their two-factor authentication code.");
$contentopts["fields"][] = array("title" => "HTML Message", "type" => "textarea", "height" => "300px", "name" => "sso_email_two_factor_email_msg", "value" => BB_GetValue("sso_email_two_factor_email_msg", $info["email_msg"]), "desc" => "The HTML e-mail message to send to users with their two-factor authentication code. @USERNAME@, @EMAIL@, and @TWOFACTOR@ are special strings that will be replaced with user and system generated values. @TWOFACTOR@ is required.");
$contentopts["fields"][] = array("title" => "Window Size", "type" => "text", "name" => "sso_email_two_factor_window", "value" => BB_GetValue("sso_email_two_factor_window", $info["window"]), "desc" => "The length of time, in seconds, each authentication code is valid for. Valid range is 30 to 300. Default is 300.");
$contentopts["fields"][] = array("title" => "Clock Drift", "type" => "text", "name" => "sso_email_two_factor_clock_drift", "value" => BB_GetValue("sso_email_two_factor_clock_drift", $info["clock_drift"]), "desc" => "The amount of clock drift, in seconds, to allow for each authentication code. Valid range is 0 to the window size. Default is 60.");
}
public function Config(&$contentopts)
{
$info = $this->GetInfo();
$contentopts["fields"][] = array("title" => "reCAPTCHA Public/Site Key", "type" => "text", "name" => "sso_recaptcha_publickey", "value" => BB_GetValue("sso_recaptcha_publickey", $info["publickey"]), "htmldesc" => "You get a public/site key when you <a href=\"https://www.google.com/recaptcha/admin/list\" target=\"_blank\">sign up for the reCAPTCHA service</a>. reCAPTCHA will not work without a public/site key!");
$contentopts["fields"][] = array("title" => "reCAPTCHA Private/Secret Key", "type" => "text", "name" => "sso_recaptcha_privatekey", "value" => BB_GetValue("sso_recaptcha_privatekey", $info["privatekey"]), "htmldesc" => "You get a private/secret key when you <a href=\"https://www.google.com/recaptcha/admin/list\" target=\"_blank\">sign up for the reCAPTCHA service</a>. reCAPTCHA will not work without a private/secret key!");
$contentopts["fields"][] = array("title" => "reCAPTCHA Theme", "type" => "select", "name" => "sso_recaptcha_theme", "options" => array("light" => "Light", "dark" => "Dark"), "select" => BB_GetValue("sso_recaptcha_theme", $info["theme2"]), "desc" => "Select the theme to use. The default theme works well with most web designs.");
$contentopts["fields"][] = array("title" => "Registration reCAPTCHA?", "type" => "select", "name" => "sso_recaptcha_register", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_recaptcha_register", (string) (int) $info["register"]), "desc" => "Require reCAPTCHA entry during registration.");
$contentopts["fields"][] = array("title" => "reCAPTCHA Login/Recovery Attempts Interval", "type" => "text", "name" => "sso_recaptcha_login_interval", "value" => BB_GetValue("sso_recaptcha_login_interval", $info["login_interval"]), "desc" => "The interval, in seconds, over which failed login and recovery attempts will be measured. Default is 900 (15 minutes).");
$contentopts["fields"][] = array("title" => "reCAPTCHA Login/Recovery Attempts Per Interval", "type" => "text", "name" => "sso_recaptcha_login_attempts", "value" => BB_GetValue("sso_recaptcha_login_attempts", $info["login_attempts"]), "desc" => "The number of failed login and recovery attempts that may be made within the specified interval above from a single IP address before reCAPTCHA is required. Default is 3.");
$contentopts["fields"][] = array("title" => "Remember Correct reCAPTCHAs?", "type" => "select", "name" => "sso_recaptcha_remember", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_recaptcha_remember", (string) (int) $info["remember"]), "desc" => "Remembers a correct reCAPTCHA entry on a per-session basis. Once the CAPTCHA is solved, it won't be displayed to the user again for that session.");
}
private function DisplaySignup($userinfo, $admin)
{
global $sso_target_url;
$data = @json_decode(@file_get_contents(SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/sms_mms_gateways.txt"));
if (is_object($data)) {
$info = $this->GetInfo();
if ($admin) {
$options = array("" => "None");
$country = $info["first"];
if ($country != "" && isset($data->countries->{$country}) && isset($data->sms_carriers->{$country})) {
$options2 = array();
foreach ($data->sms_carriers->{$country} as $key => $item) {
$options2[$country . "-" . $key] = $item[0];
}
$options[$data->countries->{$country}] = $options2;
unset($data->sms_carriers->{$country});
}
foreach ($data->sms_carriers as $country => $items) {
$options2 = array();
foreach ($items as $key => $item) {
$options2[$country . "-" . $key] = $item[0];
}
$options[$data->countries->{$country}] = $options2;
}
$result = array(array("title" => "Mobile Phone Number", "type" => "text", "name" => "sso_login_sms_recovery_phone", "value" => BB_GetValue("sso_login_sms_recovery_phone", ""), "desc" => "Optional. Can be used to recover access to this account."), array("title" => "Mobile Phone Carrier", "type" => "select", "name" => "sso_login_sms_recovery_carrier", "options" => $options, "select" => BB_GetValue("sso_login_sms_recovery_carrier", ""), "desc" => "Required when Mobile Phone Number is specified."));
return $result;
} else {
$carrier = SSO_FrontendFieldValue($userinfo !== false ? "sso_login_sms_recovery_carrier_update" : "sso_login_sms_recovery_carrier", $userinfo !== false && isset($userinfo["sso_sms_recovery"]) ? $userinfo["sso_sms_recovery"]["carrier"] : "");
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Your Mobile Phone Number"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text sso_login_changehook_smsrecovery" type="text" name="<?php
echo SSO_FrontendField($userinfo !== false ? "sso_login_sms_recovery_phone_update" : "sso_login_sms_recovery_phone");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue($userinfo !== false ? "sso_login_sms_recovery_phone_update" : "sso_login_sms_recovery_phone", $userinfo !== false && isset($userinfo["sso_sms_recovery"]) ? $userinfo["sso_sms_recovery"]["phone"] : ""));
?>
" /></div>
<div class="sso_main_formdesc"><?php
echo htmlspecialchars(BB_Translate("Optional. Can be used to recover access to this account."));
?>
</div>
</div>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate("Your Mobile Phone Carrier"));
?>
</div>
<div class="sso_main_formdata"><select class="sso_main_dropdown sso_login_changehook_smsrecovery" name="<?php
echo SSO_FrontendField($userinfo !== false ? "sso_login_sms_recovery_carrier_update" : "sso_login_sms_recovery_carrier");
?>
">
<option value=""<?php
if ($carrier == "") {
echo " selected";
}
?>
><?php
echo htmlspecialchars(BB_Translate("None"));
?>
</option>
<?php
$country = $info["first"];
if ($country != "" && isset($data->countries->{$country}) && isset($data->sms_carriers->{$country})) {
?>
<optgroup label="<?php
echo htmlspecialchars(BB_Translate($data->countries->{$country}));
?>
">
<?php
foreach ($data->sms_carriers->{$country} as $key => $item) {
$select = $country . "-" . $key;
?>
<option value="<?php
echo htmlspecialchars($select);
?>
"<?php
if ($carrier == $select) {
echo " selected";
}
?>
><?php
echo htmlspecialchars(BB_Translate($item[0]));
?>
</option>
<?php
}
?>
</optgroup>
<?php
unset($data->sms_carriers->{$country});
}
foreach ($data->sms_carriers as $country => $items) {
?>
<optgroup label="<?php
echo htmlspecialchars(BB_Translate($data->countries->{$country}));
?>
">
<?php
foreach ($items as $key => $item) {
$select = $country . "-" . $key;
?>
<option value="<?php
echo htmlspecialchars($select);
?>
"<?php
if ($carrier == $select) {
echo " selected";
}
?>
><?php
echo htmlspecialchars(BB_Translate($item[0]));
?>
</option>
<?php
}
?>
</optgroup>
<?php
}
?>
</select></div>
<div class="sso_main_formresult sso_sms_recovery_result"></div>
</div>
<script type="text/javascript">
var SSO_SendFields_SMSRecovery_data = {};
function SSO_SendFields_SMSRecovery()
{
var found = false;
jQuery('.sso_login_changehook_smsrecovery').each(function() {
if (SSO_SendFields_SMSRecovery_data[this.name] != jQuery(this).val())
{
SSO_SendFields_SMSRecovery_data[this.name] = jQuery(this).val();
found = true;
}
});
if (found)
{
jQuery('.sso_sms_recovery_result').html('<div class="sso_main_formchecking"><?php
echo BB_JSSafe(BB_Translate("Checking..."));
?>
</div>');
jQuery('.sso_sms_recovery_result').load('<?php
echo BB_JSSafe($userinfo !== false ? $sso_target_url . "&sso_login_action=update_info&sso_v=" . urlencode($_REQUEST["sso_v"]) . "&sso_ajax=1" : $sso_target_url . "&sso_login_action=signup_check&sso_ajax=1");
?>
', SSO_SendFields_SMSRecovery_data);
}
}
jQuery(function() {
jQuery('.sso_login_changehook_smsrecovery').each(function() {
SSO_SendFields_SMSRecovery_data[this.name] = jQuery(this).val();
});
jQuery('.sso_login_changehook_smsrecovery').change(SSO_SendFields_SMSRecovery);
jQuery('select.sso_login_changehook_smsrecovery').keyup(SSO_SendFields_SMSRecovery);
});
</script>
<?php
}
}
}
public function Config()
{
global $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields;
if ($sso_site_admin && $sso_settings["sso_facebook"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
$_REQUEST["app_id"] = trim($_REQUEST["app_id"]);
$_REQUEST["app_secret"] = trim($_REQUEST["app_secret"]);
if ($_REQUEST["app_id"] == "") {
BB_SetPageMessage("info", "The 'Facebook App ID' field is empty.");
} else {
if ($_REQUEST["app_secret"] == "") {
BB_SetPageMessage("info", "The 'Facebook App Secret' field is empty.");
}
}
$sso_settings["sso_facebook"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
$sso_settings["sso_facebook"]["app_id"] = $_REQUEST["app_id"];
$sso_settings["sso_facebook"]["app_secret"] = $_REQUEST["app_secret"];
foreach (self::$fieldmap as $key => $info) {
$sso_settings["sso_facebook"]["map_" . $key] = SSO_IsField($_REQUEST["map_" . $key]) ? $_REQUEST["map_" . $key] : "";
}
$sso_settings["sso_facebook"]["username_blacklist"] = $_REQUEST["username_blacklist"];
$sso_settings["sso_facebook"]["email_bad_domains"] = $_REQUEST["email_bad_domains"];
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider. Mapping additional fields that require extra permissions will significantly reduce the likelihood the user will sign in.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_facebook", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Facebook App ID", "type" => "text", "name" => "app_id", "value" => BB_GetValue("app_id", $sso_settings["sso_facebook"]["app_id"]), "htmldesc" => "You get a Facebook App ID when you <a href=\"https://developers.facebook.com/\" target=\"_blank\">register as a Facebook developer</a> and then <a href=\"https://developers.facebook.com/apps\" target=\"_blank\">create a Facebook application</a>. This provider will not work without an App ID."), array("title" => "Facebook App Secret", "type" => "text", "name" => "app_secret", "value" => BB_GetValue("app_secret", $sso_settings["sso_facebook"]["app_secret"]), "htmldesc" => "You get a Facebook App Secret when you <a href=\"https://developers.facebook.com/\" target=\"_blank\">register as a Facebook developer</a> and then <a href=\"https://developers.facebook.com/apps\" target=\"_blank\">create a Facebook application</a>. This provider will not work without an App Secret.")), "submit" => "Save", "focus" => true);
foreach (self::$fieldmap as $key => $info) {
$contentopts["fields"][] = array("title" => BB_Translate("Map %s", $info["title"]), "type" => "select", "name" => "map_" . $key, "options" => $sso_select_fields, "select" => BB_GetValue("map_" . $key, (string) $sso_settings["sso_facebook"]["map_" . $key]), "desc" => $info["extra"] == "" ? BB_Translate("The field in the SSO system to map the %s to.%s", BB_Translate($info["desc"]), isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : "") : BB_Translate("The field in the SSO system to map the %s to. Mapping this field will request the '%s' permission from the user" . ($info["extra"] != "email" ? " and will require approval from Facebook" : "") . ".%s", BB_Translate($info["desc"]), $info["extra"], isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : ""));
}
$contentopts["fields"][] = array("title" => "Username Blacklist", "type" => "textarea", "height" => "300px", "name" => "username_blacklist", "value" => BB_GetValue("username_blacklist", $sso_settings["sso_facebook"]["username_blacklist"]), "desc" => "A blacklist of words that a username may not contain. One per line. Username must be mapped.");
$contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_facebook"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts. One per line. E-mail Address must be mapped.");
SSO_AppendIPFields($contentopts, $sso_settings["sso_facebook"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_facebook"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_facebook"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_facebook"]["enabled"] && $_REQUEST["action2"] == "enable") {
$sso_settings["sso_facebook"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
}
}
}
}
function BB_PropertyForm($options)
{
global $bb_formtables, $bb_formwidths;
if (!isset($bb_formtables) || !is_bool($bb_formtables)) {
$bb_formtables = true;
}
if (!isset($bb_formwidths) || !is_bool($bb_formwidths)) {
$bb_formwidths = true;
}
$dateused = false;
$accordionused = false;
$multiselectused = array();
$multiselectheight = 200;
$tableorderused = false;
$tablestickyheaderused = false;
$autofocus = false;
// Certain types of fields require the Admin Pack extras package.
$jqueryuiused = false;
if (defined("BB_ROOT_URL")) {
$rooturl = BB_ROOT_URL;
} else {
if (defined("ROOT_URL")) {
$rooturl = ROOT_URL;
} else {
$rooturl = BB_GetRequestURLBase();
if (substr($rooturl, -1) != "/") {
$rooturl = dirname($rooturl);
}
if (substr($rooturl, -1) == "/") {
$rooturl = substr($rooturl, 0, -1);
}
}
}
if (defined("BB_SUPPORT_PATH")) {
$supportpath = BB_SUPPORT_PATH;
} else {
if (defined("SUPPORT_PATH")) {
$supportpath = SUPPORT_PATH;
} else {
$supportpath = "support";
}
}
?>
<noscript><style type="text/css">
div.maincontent div.proptitle div.navbutton { display: none; }
div.leftnav { display: block; }
</style></noscript>
<div class="proptitle"><div id="navbutton">Menu</div><div id="navdropdown"></div><?php
echo htmlspecialchars(BB_Translate($options["title"]));
?>
</div>
<div class="propdesc"><?php
echo htmlspecialchars(BB_Translate($options["desc"]));
if (isset($options["htmldesc"])) {
echo $options["htmldesc"];
}
?>
</div>
<div class="propinfo"></div>
<div class="propmain">
<?php
if (isset($options["submit"]) || isset($options["useform"]) && $options["useform"]) {
?>
<form id="propform" method="post" enctype="multipart/form-data" action="<?php
echo htmlspecialchars(BB_GetRequestURLBase());
?>
">
<?php
$extra = array();
if (isset($options["hidden"])) {
foreach ($options["hidden"] as $name => $value) {
?>
<input type="hidden" name="<?php
echo htmlspecialchars($name);
?>
" value="<?php
echo htmlspecialchars($value);
?>
" />
<?php
if ($options["nonce"] != $name) {
$extra[$name] = $value;
}
}
?>
<input type="hidden" name="sec_extra" value="<?php
echo htmlspecialchars(implode(",", array_keys($extra)));
?>
" />
<input type="hidden" name="sec_t" value="<?php
echo htmlspecialchars(BB_CreateSecurityToken($options["hidden"][$options["nonce"]], $extra));
?>
" />
<?php
}
unset($extra);
}
if (isset($options["fields"])) {
?>
<div class="formfields<?php
if (count($options["fields"]) == 1 && !isset($options["fields"][0]["title"]) && !isset($options["fields"][0]["htmltitle"])) {
echo " alt";
}
?>
">
<?php
$insiderow = false;
$insideaccordion = false;
foreach ($options["fields"] as $num => $field) {
if (is_string($field)) {
if ($field == "split" && !$insiderow) {
echo "<hr />";
} else {
if ($field == "endaccordion" || $field == "endaccordian") {
if ($insiderow) {
?>
</tr></table></div>
<?php
$insiderow = false;
}
?>
</div>
</div>
<?php
$insideaccordion = false;
} else {
if ($field == "nosplit") {
if ($insideaccordion) {
$firstaccordionitem = true;
}
} else {
if ($field == "startrow") {
if ($insiderow) {
echo "</tr><tr>";
} else {
if ($bb_formtables) {
$insiderow = true;
?>
<div class="fieldtablewrap<?php
if ($insideaccordion && $firstaccordionitem) {
echo " firstitem";
}
?>
"><table class="rowwrap"><tr>
<?php
$firstaccordionitem = false;
}
}
} else {
if ($field == "endrow" && $bb_formtables) {
?>
</tr></table></div>
<?php
$insiderow = false;
} else {
if (substr($field, 0, 5) == "html:") {
echo substr($field, 5);
}
}
}
}
}
}
} else {
if ($field["type"] == "accordion" || $field["type"] == "accordian") {
if ($insiderow) {
?>
</tr></table></div>
<?php
$insiderow = false;
}
if ($insideaccordion) {
?>
</div>
<h3><?php
echo htmlspecialchars(BB_Translate($field["title"]));
?>
</h3>
<div class="formaccordionitems">
<?php
} else {
?>
<div class="formaccordionwrap">
<h3><?php
echo htmlspecialchars(BB_Translate($field["title"]));
?>
</h3>
<div class="formaccordionitems">
<?php
$insideaccordion = true;
$accordionused = true;
}
$firstaccordionitem = true;
} else {
if ($insiderow) {
echo "<td>";
}
?>
<div class="formitem<?php
echo isset($field["split"]) && $field["split"] === false || $insideaccordion && $firstaccordionitem ? " firstitem" : "";
?>
">
<?php
$firstaccordionitem = false;
if (isset($field["title"])) {
if (is_string($field["title"])) {
?>
<div class="formitemtitle"><?php
echo htmlspecialchars(BB_Translate($field["title"]));
?>
</div>
<?php
}
} else {
if (isset($field["htmltitle"])) {
?>
<div class="formitemtitle"><?php
echo BB_Translate($field["htmltitle"]);
?>
</div>
<?php
} else {
if ($field["type"] == "checkbox" && $insiderow) {
?>
<div class="formitemtitle"> </div>
<?php
}
}
}
if (isset($field["width"]) && !$bb_formwidths) {
unset($field["width"]);
}
if (isset($field["name"]) && isset($field["default"])) {
if ($field["type"] == "select") {
if (!isset($field["select"])) {
$field["select"] = BB_GetValue($field["name"], $field["default"]);
if (is_array($field["select"])) {
$field["select"] = BB_SelectValues($field["select"]);
}
}
} else {
if (!isset($field["value"])) {
$field["value"] = BB_GetValue($field["name"], $field["default"]);
}
}
}
switch ($field["type"]) {
case "static":
?>
<div class="static"<?php
if (isset($field["width"])) {
echo " style=\"width: " . htmlspecialchars($field["width"]) . ";\"";
}
?>
><?php
echo htmlspecialchars($field["value"]);
?>
</div>
<?php
break;
case "text":
if ($autofocus === false) {
$autofocus = htmlspecialchars("f" . $num . "_" . $field["name"]);
}
?>
<input class="text"<?php
if (isset($field["width"])) {
echo " style=\"width: " . htmlspecialchars($field["width"]) . ";\"";
}
?>
type="text" id="<?php
echo htmlspecialchars("f" . $num . "_" . $field["name"]);
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
" value="<?php
echo htmlspecialchars($field["value"]);
?>
" />
<?php
break;
case "password":
if ($autofocus === false) {
$autofocus = htmlspecialchars("f" . $num . "_" . $field["name"]);
}
?>
<input class="text"<?php
if (isset($field["width"])) {
echo " style=\"width: " . htmlspecialchars($field["width"]) . ";\"";
}
?>
type="password" id="<?php
echo htmlspecialchars("f" . $num . "_" . $field["name"]);
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
" value="<?php
echo htmlspecialchars($field["value"]);
?>
" />
<?php
break;
case "checkbox":
if ($autofocus === false) {
$autofocus = htmlspecialchars("f" . $num . "_" . $field["name"]);
}
?>
<input class="checkbox" type="checkbox" id="<?php
echo htmlspecialchars("f" . $num . "_" . $field["name"]);
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
" value="<?php
echo htmlspecialchars($field["value"]);
?>
"<?php
if (isset($field["check"]) && $field["check"]) {
echo " checked";
}
?>
/>
<label for="<?php
echo htmlspecialchars("f" . $num . "_" . $field["name"]);
?>
"><?php
echo htmlspecialchars(BB_Translate($field["display"]));
?>
</label>
<?php
break;
case "select":
if ($autofocus === false) {
$autofocus = htmlspecialchars("f" . $num . "_" . $field["name"]);
}
if (!isset($field["multiple"]) || $field["multiple"] !== true) {
$mode = "select";
} else {
if (!isset($field["mode"]) || $field["mode"] != "flat" && $field["mode"] != "dropdown" && $field["mode"] != "tags" && $field["mode"] != "select") {
$mode = "checkbox";
} else {
$mode = $field["mode"];
}
}
if (!isset($field["width"]) && !isset($field["height"])) {
$style = "";
} else {
$style = array();
if (isset($field["width"])) {
$style[] = "width: " . htmlspecialchars($field["width"]);
}
if (isset($field["height"]) && isset($field["multiple"]) && $field["multiple"] === true) {
$style[] = "height: " . htmlspecialchars($field["height"]);
$multiselectheight = (int) $field["height"];
}
$style = " style=\"" . implode("; ", $style) . ";\"";
}
if (!isset($field["select"])) {
$field["select"] = array();
} else {
if (is_string($field["select"])) {
$field["select"] = array($field["select"] => true);
}
}
$idbase = htmlspecialchars("f" . $num . "_" . $field["name"]);
if ($mode == "checkbox") {
$idnum = 0;
foreach ($field["options"] as $name => $value) {
if (is_array($value)) {
foreach ($value as $name2 => $value2) {
$id = $idbase . ($idnum ? "_" . $idnum : "");
?>
<input class="checkbox" type="checkbox" id="<?php
echo $id;
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
[]" value="<?php
echo htmlspecialchars($name2);
?>
"<?php
if (isset($field["select"][$name2])) {
echo " checked";
}
?>
/>
<label for="<?php
echo $id;
?>
"><?php
echo htmlspecialchars(BB_Translate($name));
?>
- <?php
echo $value2 == "" ? " " : htmlspecialchars(BB_Translate($value2));
?>
</label><br />
<?php
$idnum++;
}
} else {
$id = $idbase . ($idnum ? "_" . $idnum : "");
?>
<input class="checkbox" type="checkbox" id="<?php
echo $id;
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
[]" value="<?php
echo htmlspecialchars($name);
?>
"<?php
if (isset($field["select"][$name])) {
echo " checked";
}
?>
/>
<label for="<?php
echo $id;
?>
"><?php
echo $value == "" ? " " : htmlspecialchars(BB_Translate($value));
?>
</label><br />
<?php
$idnum++;
}
}
} else {
?>
<select class="<?php
echo isset($field["multiple"]) && $field["multiple"] === true ? "multi" : "single";
?>
" id="<?php
echo $idbase;
?>
" name="<?php
echo htmlspecialchars($field["name"]) . (isset($field["multiple"]) && $field["multiple"] === true ? "[]" : "");
?>
"<?php
if (isset($field["multiple"]) && $field["multiple"] === true) {
echo " multiple";
}
echo $style;
?>
>
<?php
foreach ($field["options"] as $name => $value) {
if (is_array($value)) {
?>
<optgroup label="<?php
echo htmlspecialchars(BB_Translate($name));
?>
">
<?php
foreach ($value as $name2 => $value2) {
?>
<option value="<?php
echo htmlspecialchars($name2);
?>
"<?php
if (isset($field["select"][$name2])) {
echo " selected";
}
?>
><?php
echo $value2 == "" ? " " : htmlspecialchars(BB_Translate($value2));
?>
</option>
<?php
}
?>
</optgroup>
<?php
} else {
?>
<option value="<?php
echo htmlspecialchars($name);
?>
"<?php
if (isset($field["select"][$name])) {
echo " selected";
}
?>
><?php
echo $value == "" ? " " : htmlspecialchars(BB_Translate($value));
?>
</option>
<?php
}
}
?>
</select>
<?php
if (isset($field["multiple"]) && $field["multiple"] === true) {
if (!$jqueryuiused) {
BB_OutputJQueryUI($rooturl, $supportpath);
$jqueryuiused = true;
}
if ($mode == "tags") {
if (!isset($multiselectused[$mode])) {
?>
<link rel="stylesheet" href="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-select2/select2.css");
?>
" type="text/css" media="all" />
<script type="text/javascript" src="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-select2/select2.min.js");
?>
"></script>
<?php
}
?>
<script type="text/javascript">
$(function() {
if (jQuery.fn.select2) $('div.formfields div.formitem select.multi[name="<?php
echo BB_JSSafe($field["name"] . "[]");
?>
"]').select2({ <?php
if (isset($field["mininput"])) {
echo "minimumInputLength: " . (int) $field["mininput"];
}
?>
});
else alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery UI select2 for multiple selection field.\n\\This feature requires AdminPack Extras."));
?>
');
});
</script>
<?php
} else {
if ($mode == "dropdown") {
if (!isset($multiselectused[$mode])) {
?>
<link rel="stylesheet" href="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-widget/jquery.multiselect.css");
?>
" type="text/css" media="all" />
<link rel="stylesheet" href="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-widget/jquery.multiselect.filter.css");
?>
" type="text/css" media="all" />
<script type="text/javascript" src="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-widget/jquery.multiselect.min.js");
?>
"></script>
<script type="text/javascript" src="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-widget/jquery.multiselect.filter.js");
?>
"></script>
<?php
}
?>
<script type="text/javascript">
$(function() {
if (jQuery.fn.multiselect && jQuery.fn.multiselectfilter) $('div.formfields div.formitem select.multi[name="<?php
echo BB_JSSafe($field["name"] . "[]");
?>
"]').multiselect({ selectedText: '<?php
echo BB_JSSafe(BB_Translate("# of # selected"));
?>
', selectedList: 5, height: <?php
echo $multiselectheight;
?>
, position: { my: 'left top', at: 'left bottom', collision: 'flip' } }).multiselectfilter();
else alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery UI multiselect widget or multiselectfilter for dropdown multiple selection field.\n\\This feature requires AdminPack Extras."));
?>
');
});
</script>
<?php
} else {
if ($mode == "flat") {
if (!isset($multiselectused[$mode])) {
?>
<link rel="stylesheet" href="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-flat/css/jquery.uix.multiselect.css");
?>
" type="text/css" media="all" />
<script type="text/javascript" src="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/multiselect-flat/js/jquery.uix.multiselect.js");
?>
"></script>
<?php
}
?>
<script type="text/javascript">
$(function() {
if (jQuery.fn.multiselect)
{
$('div.formfields div.formitem select.multi[name="<?php
echo BB_JSSafe($field["name"] . "[]");
?>
"]').multiselect({ availableListPosition: <?php
echo $bb_formtables ? "'left'" : "'top'";
?>
, sortable: true, sortMethod: null });
$(window).resize(function() {
$('div.formfields div.formitem select.multi[name="<?php
echo BB_JSSafe($field["name"] . "[]");
?>
"]').multiselect('refresh');
});
}
else
{
alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery UI multiselect plugin for flat multiple selection field.\n\\This feature requires AdminPack Extras."));
?>
');
}
});
</script>
<div style="clear: both;"></div>
<?php
}
}
}
$multiselectused[$mode] = true;
}
}
break;
case "textarea":
if ($autofocus === false) {
$autofocus = htmlspecialchars("f" . $num . "_" . $field["name"]);
}
if (!isset($field["width"]) && !isset($field["height"])) {
$style = "";
} else {
$style = array();
if (isset($field["width"])) {
$style[] = "width: " . htmlspecialchars($field["width"]);
}
if (isset($field["height"])) {
$style[] = "height: " . htmlspecialchars($field["height"]);
}
$style = " style=\"" . implode("; ", $style) . ";\"";
}
?>
<div class="textareawrap"><textarea class="text"<?php
echo $style;
?>
id="<?php
echo htmlspecialchars("f" . $num . "_" . $field["name"]);
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
" rows="5" cols="50"><?php
echo htmlspecialchars($field["value"]);
?>
</textarea></div>
<?php
break;
case "table":
$order = isset($field["order"]) ? $field["order"] : "";
$idbase = "f" . $num . "_" . (isset($field["name"]) ? $field["name"] : "table");
if ($bb_formtables) {
?>
<table id="<?php
echo htmlspecialchars($idbase);
?>
"<?php
if (isset($field["class"])) {
echo " class=\"" . htmlspecialchars($field["class"]) . "\"";
}
if (isset($field["width"])) {
echo " style=\"width: " . htmlspecialchars($field["width"]) . "\"";
}
?>
>
<thead>
<tr<?php
if ($order != "") {
echo " id=\"" . htmlspecialchars($idbase . "_head") . "\"";
}
?>
class="head<?php
if ($order != "") {
echo " nodrag nodrop";
}
?>
">
<?php
if ($order != "") {
?>
<th><?php
echo htmlspecialchars(BB_Translate($order));
?>
</th>
<?php
}
foreach ($field["cols"] as $num2 => $col) {
?>
<th><?php
echo htmlspecialchars(BB_Translate($col));
?>
</th>
<?php
}
?>
</tr>
</thead>
<tbody>
<?php
$rownum = 0;
$altrow = false;
if (isset($field["callback"]) && is_callable($field["callback"])) {
$field["rows"] = call_user_func($field["callback"]);
}
while (count($field["rows"])) {
foreach ($field["rows"] as $row) {
?>
<tr<?php
if ($order != "") {
echo " id=\"" . htmlspecialchars($idbase . "_" . $rownum) . "\"";
}
?>
class="row<?php
if ($altrow) {
echo " altrow";
}
?>
">
<?php
if ($order != "") {
?>
<td class="draghandle"> </td>
<?php
}
$num2 = 0;
foreach ($row as $col) {
?>
<td<?php
if (count($row) < count($field["cols"]) && $num2 + 1 == count($row)) {
echo " colspan=\"" . (count($field["cols"]) - count($row) + 1) . "\"";
}
?>
><?php
echo $col;
?>
</td>
<?php
$num2++;
}
?>
</tr>
<?php
$rownum++;
$altrow = !$altrow;
}
if (isset($field["callback"]) && is_callable($field["callback"])) {
$field["rows"] = call_user_func($field["callback"]);
} else {
$field["rows"] = array();
}
}
?>
</tbody>
</table>
<?php
if ($order != "") {
if (!$tableorderused) {
?>
<script type="text/javascript" src="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/jquery.tablednd-20140418.min.js");
?>
"></script>
<?php
$tableorderused = true;
}
?>
<script type="text/javascript">
if (jQuery.fn.tableDnD)
{
InitPropertiesTableDragAndDrop('<?php
echo BB_JSSafe($idbase);
?>
'<?php
if (isset($field["reordercallback"])) {
echo ", " . $field["reordercallback"];
}
?>
);
}
else
{
alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery TableDnD plugin for drag-and-drop row ordering.\n\\This feature requires AdminPack Extras."));
?>
');
}
</script>
<?php
}
if (isset($field["stickyheader"]) && $field["stickyheader"]) {
if (!$tablestickyheaderused) {
?>
<script type="text/javascript" src="<?php
echo htmlspecialchars($rooturl . "/" . $supportpath . "/jquery.stickytableheaders.min.js");
?>
"></script>
<?php
$tablestickyheaderused = true;
}
?>
<script type="text/javascript">
if (jQuery.fn.stickyTableHeaders)
{
$('#<?php
echo BB_JSSafe($idbase);
?>
').stickyTableHeaders();
}
else
{
alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery Sticky Table Headers plugin.\n\\This feature requires AdminPack Extras."));
?>
');
}
</script>
<?php
}
} else {
?>
<div class="nontablewrap" id="<?php
echo htmlspecialchars("f" . $num . "_" . (isset($field["name"]) ? $field["name"] : "table"));
?>
">
<?php
$altrow = false;
foreach ($field["rows"] as $num2 => $row) {
?>
<div class="nontable_row<?php
if ($altrow) {
echo " altrow";
}
if (!$num2) {
echo " firstrow";
}
?>
">
<?php
foreach ($row as $num3 => $col) {
?>
<div class="nontable_th<?php
if (!$num3) {
echo " firstcol";
}
?>
"><?php
echo htmlspecialchars(BB_Translate($field["cols"][$num3]));
?>
</div>
<div class="nontable_td"><?php
echo $col;
?>
</div>
<?php
}
?>
</div>
<?php
$altrow = !$altrow;
}
?>
</div>
<?php
}
break;
case "file":
if ($autofocus === false) {
$autofocus = htmlspecialchars("f" . $num . "_" . $field["name"]);
}
?>
<input class="text" type="file" id="<?php
echo htmlspecialchars("f" . $num . "_" . $field["name"]);
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
" />
<?php
break;
case "date":
if ($autofocus === false) {
$autofocus = htmlspecialchars("f" . $num . "_" . $field["name"]);
}
?>
<input class="date"<?php
if (isset($field["width"])) {
echo " style=\"width: " . htmlspecialchars($field["width"]) . "\"";
}
?>
type="text" id="<?php
echo htmlspecialchars("f" . $num . "_" . $field["name"]);
?>
" name="<?php
echo htmlspecialchars($field["name"]);
?>
" value="<?php
echo htmlspecialchars($field["value"]);
?>
" />
<?php
$dateused = true;
break;
case "custom":
echo $field["value"];
break;
}
if (isset($field["desc"]) && $field["desc"] != "") {
?>
<div class="formitemdesc"><?php
echo htmlspecialchars(BB_Translate($field["desc"]));
?>
</div>
<?php
} else {
if (isset($field["htmldesc"]) && $field["htmldesc"] != "") {
?>
<div class="formitemdesc"><?php
echo $field["htmldesc"];
?>
</div>
<?php
}
}
?>
</div>
<?php
if ($insiderow) {
echo "</td>";
}
}
}
}
if ($insiderow) {
?>
</tr></table></div>
<?php
}
if ($insideaccordion) {
?>
</div>
</div>
<?php
}
?>
</div>
<?php
}
if (isset($options["submit"])) {
if (is_string($options["submit"])) {
$options["submit"] = array($options["submit"]);
}
?>
<div class="formsubmit">
<?php
foreach ($options["submit"] as $val) {
?>
<input class="submit" type="submit"<?php
if (isset($options["submitname"])) {
echo " name=\"" . htmlspecialchars($options["submitname"]) . "\"";
}
?>
value="<?php
echo htmlspecialchars(BB_Translate($val));
?>
" />
<?php
}
?>
</div>
<?php
}
if (isset($options["submit"]) || isset($options["useform"]) && $options["useform"]) {
?>
</form>
<?php
}
?>
</div>
<?php
if ($dateused) {
if (!$jqueryuiused) {
BB_OutputJQueryUI($rooturl, $supportpath);
$jqueryuiused = true;
}
?>
<script type="text/javascript">
$(function() {
if (jQuery.fn.datepicker) $('div.formfields div.formitem input.date').datepicker({ dateFormat: 'yy-mm-dd' });
else alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery UI for date field.\n\nThis feature requires AdminPack Extras."));
?>
');
});
</script>
<?php
}
if ($accordionused) {
if (!$jqueryuiused) {
BB_OutputJQueryUI($rooturl, $supportpath);
$jqueryuiused = true;
}
?>
<script type="text/javascript">
$(function() {
if (jQuery.fn.accordion) $('div.formaccordionwrap').accordion({ collapsible : true, active : false, heightStyle : 'content' });
else alert('<?php
echo BB_JSSafe(BB_Translate("Warning: Missing jQuery UI for accordion.\n\nThis feature requires AdminPack Extras."));
?>
');
});
</script>
<?php
}
if (isset($options["focus"]) && (is_string($options["focus"]) || $options["focus"] === true && $autofocus !== false)) {
?>
<script type="text/javascript">
$('#<?php
echo BB_JSSafe(is_string($options["focus"]) ? $options["focus"] : $autofocus);
?>
').focus();
</script>
<?php
}
}
private function SignupUpdateCheck($ajax, $userrow, $userinfo, $admin)
{
global $sso_settings, $sso_db;
$sso_db_sso_login_users = SSO_DB_PREFIX . "p_sso_login_users";
$result = array("errors" => array(), "warnings" => array(), "success" => "");
$field = $admin ? BB_GetValue("email", false) : SSO_FrontendFieldValue($userrow === false ? "email" : "update_email");
if ((!$ajax || $field !== false) && ($userrow === false || $sso_settings["sso_login"]["change_email"]) && ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "email")) {
if ($field === false || trim($field) == "") {
$result["errors"][] = BB_Translate("E-mail Address field is empty.");
} else {
define("CS_TRANSLATE_FUNC", "BB_Translate");
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/smtp.php";
$email = SMTP::MakeValidEmailAddress($field);
if (!$email["success"]) {
$result["errors"][] = BB_Translate("Invalid e-mail address. %s", $email["error"]);
} else {
if ($email["email"] != trim($field)) {
$result["warnings"][] = BB_Translate("Invalid e-mail address. Perhaps you meant '%s' instead?", $email["email"]);
}
$domain = strtolower(substr($email["email"], strrpos($email["email"], "@") + 1));
$y = strlen($domain);
$baddomains = explode("\n", strtolower($sso_settings["sso_login"]["email_bad_domains"]));
foreach ($baddomains as $baddomain) {
$baddomain = trim($baddomain);
if ($baddomain != "") {
$y2 = strlen($baddomain);
if ($domain == $baddomain || $y < $y2 && substr($domain, $y - $y2 - 1, 1) == "." && substr($domain, $y - $y2) == $baddomain) {
$result["errors"][] = BB_Translate("E-mail address is in a blacklisted domain.");
break;
}
}
}
try {
if (!count($result["errors"]) && ($userrow === false || $userrow->email != $email["email"]) && $sso_db->GetOne("SELECT", array(array("id"), "FROM" => "?", "WHERE" => "email = ?", "LIMIT" => "1"), $sso_db_sso_login_users, $email["email"]) !== false) {
$result["errors"][] = BB_Translate("E-mail address is already in use.");
}
} catch (Exception $e) {
$result["errors"][] = BB_Translate("Database query error.");
}
$result["success"] = BB_Translate("E-mail address looks okay.");
}
}
}
if ($ajax && count($result["errors"])) {
return $result;
}
$field = $admin ? BB_GetValue("username", false) : SSO_FrontendFieldValue($userrow === false ? "username" : "update_username");
if ((!$ajax || $field !== false) && ($userrow === false || $sso_settings["sso_login"]["change_username"]) && ($sso_settings["sso_login"]["install_type"] == "email_username" || $sso_settings["sso_login"]["install_type"] == "username")) {
if ($field === false || trim($field) == "") {
$result["errors"][] = BB_Translate("Username field is empty.");
} else {
if (UTF8::strlen($field) < $sso_settings["sso_login"]["username_minlen"]) {
$result["errors"][] = BB_Translate("Username must be at least %d characters.", $sso_settings["sso_login"]["username_minlen"]);
}
$blacklist = explode("\n", str_replace("\r", "\n", $sso_settings["sso_login"]["username_blacklist"]));
foreach ($blacklist as $word) {
$word = trim($word);
if ($word != "" && stripos($field, $word) !== false) {
$result["errors"][] = BB_Translate("Username contains a blocked word.");
break;
}
}
try {
if (!count($result["errors"]) && ($userrow === false || $userrow->username != trim($field)) && $sso_db->GetOne("SELECT", array(array("id"), "FROM" => "?", "WHERE" => "username = ?", "LIMIT" => "1"), $sso_db_sso_login_users, trim($field)) !== false) {
$result["errors"][] = BB_Translate("Username is already in use.");
}
} catch (Exception $e) {
$result["errors"][] = BB_Translate("Database query error.");
}
$result["success"] = BB_Translate("Username is available.");
}
}
if ($ajax && count($result["errors"])) {
return $result;
}
$field = $admin ? false : SSO_FrontendFieldValue($userrow === false ? "createpass" : "update_pass");
if ((!$ajax || $field !== false) && !$admin) {
if ($field === false || trim($field) == "") {
if ($userrow === false) {
$result["errors"][] = BB_Translate("Password field is empty.");
}
} else {
if (UTF8::strlen($field) < $sso_settings["sso_login"]["password_minlen"]) {
$result["errors"][] = BB_Translate("Password must be at least %d characters.", $sso_settings["sso_login"]["password_minlen"]);
}
$result["success"] = BB_Translate("Password looks okay.");
}
}
if ($ajax && count($result["errors"])) {
return $result;
}
$field = $admin ? BB_GetValue("two_factor_method", false) : SSO_FrontendFieldValue($userrow === false ? "two_factor_method" : "update_two_factor_method");
if (!$ajax && $sso_settings["sso_login"]["require_two_factor"]) {
if ($field === false || trim($field) == "") {
$result["errors"][] = BB_Translate("A two-factor authentication method is required.");
}
}
foreach ($this->activemodules as &$instance) {
if ($userinfo === false) {
$instance->SignupCheck($result, $ajax, $admin);
} else {
$instance->UpdateInfoCheck($result, $userinfo, $ajax);
}
if ($ajax && count($result["errors"])) {
return $result;
}
}
return $result;
}
private function DisplaySignup($userinfo, $admin)
{
$info = $this->GetInfo();
if ($info["cookiekey"] != "" && $info["cookieiv"] != "" && $info["cookiekey2"] != "" && $info["cookieiv2"] != "") {
if ($userinfo !== false && isset($userinfo["sso_antiphish"])) {
$phrase = $userinfo["sso_antiphish"];
} else {
if (!$info["suggest"]) {
$phrase = "";
} else {
$phrase = BB_Translate($admin ? "[User's name]" : "[Your name]");
$phrase .= " " . SSO_GetRandomWord(false, array(BB_Translate("will"), BB_Translate("won't"), BB_Translate("may"), BB_Translate("might"), BB_Translate("could"), BB_Translate("couldn't")));
$phrase .= " " . SSO_GetRandomWord(false, array(BB_Translate("eat"), BB_Translate("consume"), BB_Translate("beat"), BB_Translate("hurl"), BB_Translate("launch"), BB_Translate("punch")));
$phrase .= " " . strtoupper(SSO_GetRandomWord()) . SSO_GetRandomWord(false, array(BB_Translate("."), BB_Translate("!")));
$phrase = trim(preg_replace('/\\s+/', " ", $phrase));
}
}
if ($admin) {
$result = array(array("title" => "Anti-Phishing Phrase", "type" => "text", "name" => "sso_login_antiphish", "value" => BB_GetValue("sso_login_antiphish", $phrase), "desc" => "Sets an anti-phishing phrase for the user."));
return $result;
} else {
?>
<div class="sso_main_formitem">
<div class="sso_main_formtitle"><?php
echo htmlspecialchars(BB_Translate($userinfo !== false && isset($userinfo["sso_antiphish"]) ? "Your Anti-Phishing Phrase" : "Choose Anti-Phishing Phrase"));
?>
</div>
<div class="sso_main_formdata"><input class="sso_main_text sso_login_changehook" type="text" name="<?php
echo SSO_FrontendField($userinfo === false ? "sso_login_antiphish" : "sso_login_antiphish_update");
?>
" value="<?php
echo htmlspecialchars(SSO_FrontendFieldValue($userinfo === false ? "sso_login_antiphish" : "sso_login_antiphish_update", $phrase));
?>
" /></div>
</div>
<?php
}
}
}
public function Config()
{
global $sso_rng, $sso_db, $sso_db_apikeys, $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields;
$sso_db_sso_remote = SSO_DB_PREFIX . "p_sso_remote";
$sso_db_sso_remote_users = SSO_DB_PREFIX . "p_sso_remote_users";
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "editremote") {
$row = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_sso_remote, $_REQUEST["id"]);
if ($row) {
$info = unserialize($row->info);
if (isset($_REQUEST["name"])) {
if (strlen($_REQUEST["name"]) > 75) {
BB_SetPageMessage("error", "'Name' can only be 75 characters long.");
}
if ($_REQUEST["name"] != $row->name && $sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) {
BB_SetPageMessage("error", "The specified remote 'Name' already exists.");
}
$apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]);
if ($apirow === false) {
BB_SetPageMessage("error", "The specified 'API Key ID' is not valid.");
} else {
$apiinfo = unserialize($apirow->info);
if (!isset($apiinfo["type"])) {
$apiinfo["type"] = "normal";
}
if ($apiinfo["type"] != "remote") {
BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key.");
}
}
$info["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
try {
$info["icon"] = $_REQUEST["icon"];
$info["notes"] = $_REQUEST["notes"];
$info["automate"] = $_REQUEST["automate"] > 0;
$sso_db->Query("UPDATE", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "apikey_id" => $_REQUEST["apikey_id"], "info" => serialize($info)), "WHERE" => "id = ?"), $row->id);
SSO_ConfigRedirect("editremote", array("id" => $row->id), "success", BB_Translate("Successfully updated the remote."));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to update the remote. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Edit the remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "editremote", "id" => $row->id), "fields" => array(array("title" => "Remote Key", "type" => "static", "value" => $row->remotekey . "-" . $row->id), array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", $row->name), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", $row->apikey_id), "desc" => "A valid remote API key ID."), array("title" => "Icon URL", "type" => "text", "name" => "icon", "value" => BB_GetValue("icon", $info["icon"]), "desc" => "An optional URL to a 48x48 pixel icon. The URL should start with 'https://'."), array("title" => "Notes", "type" => "textarea", "name" => "notes", "value" => BB_GetValue("notes", $info["notes"]), "desc" => "Optional extra information about this remote such as contract details."), array("title" => "Automate Validation Phase?", "type" => "select", "name" => "automate", "options" => array("No", "Yes"), "select" => BB_GetValue("automate", (string) (int) $info["automate"]), "desc" => "Whether or not to attempt to automate the validation phase after authenticating the user.")), "submit" => "Save", "focus" => true);
SSO_AppendIPFields($contentopts, $info["iprestrict"]);
BB_GeneratePage("Edit Remote", $sso_menuopts, $contentopts);
}
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "addremote") {
if (isset($_REQUEST["name"])) {
if ($_REQUEST["name"] == "") {
BB_SetPageMessage("error", "Please fill in 'Name'.");
}
if (strlen($_REQUEST["name"]) > 75) {
BB_SetPageMessage("error", "'Name' can only be 75 characters long.");
}
if ($sso_db->GetOne("SELECT", array("COUNT(*)", "FROM" => "?", "WHERE" => "name = ?"), $sso_db_sso_remote, $_REQUEST["name"])) {
BB_SetPageMessage("error", "The specified remote 'Name' already exists.");
}
$apirow = $sso_db->GetRow("SELECT", array("*", "FROM" => "?", "WHERE" => "id = ?"), $sso_db_apikeys, $_REQUEST["apikey_id"]);
if ($apirow === false) {
BB_SetPageMessage("error", "The specified 'API Key ID' is not valid.");
} else {
$apiinfo = unserialize($apirow->info);
if (!isset($apiinfo["type"])) {
$apiinfo["type"] = "normal";
}
if ($apiinfo["type"] != "remote") {
BB_SetPageMessage("error", "The specified 'API Key ID' is not a remote API key.");
}
}
if (BB_GetPageMessageType() != "error") {
try {
$remotekey = $sso_rng->GenerateString();
$info = array("icon" => "", "notes" => "", "iprestrict" => SSO_InitIPFields(), "automate" => false);
$sso_db->Query("INSERT", array($sso_db_sso_remote, array("name" => $_REQUEST["name"], "remotekey" => $remotekey, "apikey_id" => $_REQUEST["apikey_id"], "created" => CSDB::ConvertToDBTime(time()), "info" => serialize($info)), "AUTO INCREMENT" => "id"));
$id = $sso_db->GetInsertID();
SSO_ConfigRedirect("editremote", array("id" => $id), "success", BB_Translate("Successfully created the remote."));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the remote. " . $e->getMessage());
}
}
}
$contentopts = array("desc" => BB_Translate("Add a remote."), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "addremote"), "fields" => array(array("title" => "Name", "type" => "text", "name" => "name", "value" => BB_GetValue("name", ""), "desc" => "The name of this remote. Usually the name of the business or a business unit that will use this remote to sign in (e.g. Intel). Must be unique."), array("title" => "API Key ID", "type" => "text", "name" => "apikey_id", "value" => BB_GetValue("apikey_id", ""), "desc" => "A valid remote API key ID.")), "submit" => "Create", "focus" => true);
BB_GeneratePage("Add Remote", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "manageremotes") {
$desc = "<br />";
$desc .= SSO_CreateConfigLink("Add Remote", "addremote");
$rows = array();
$result = $sso_db->Query("SELECT", array("r.id, r.name, r.apikey_id, a.id AS a_id", "FROM" => "? AS r LEFT OUTER JOIN ? AS a ON (r.apikey_id = a.id)"), $sso_db_sso_remote, $sso_db_apikeys);
while ($row = $result->NextRow()) {
$rows[] = array($row->id, htmlspecialchars($row->name), $row->a_id > 0 ? "<a href=\"" . BB_GetRequestURLBase() . "?action=editapikey&id=" . $row->apikey_id . "&sec_t=" . BB_CreateSecurityToken("editapikey") . "\">" . $row->apikey_id . "</a>" : BB_Translate("<i>Invalid</i>"), SSO_CreateConfigLink("Edit", "editremote", array("id" => $row->id)) . " | " . SSO_CreateConfigLink("Delete", "deleteremote", array("id" => $row->id), "Are you sure you want to delete this remote?"));
}
$contentopts = array("desc" => BB_Translate("Manage the remotes."), "htmldesc" => $desc, "fields" => array(array("type" => "table", "cols" => array("ID", "Name", "API Key", "Options"), "rows" => $rows)));
BB_GeneratePage("Manage Remotes", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
$sso_settings["sso_remote"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
$sso_settings["sso_remote"]["map_remote_id"] = SSO_IsField($_REQUEST["map_remote_id"]) ? $_REQUEST["map_remote_id"] : "";
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Map Remote ID", "type" => "select", "name" => "map_remote_id", "options" => $sso_select_fields, "select" => BB_GetValue("map_remote_id", (string) $sso_settings["sso_remote"]["map_remote_id"]), "desc" => "The field in the SSO system to map the remote ID to. This allows applications to identify an organization and sign all users at that organization into a single instance.")), "submit" => "Save", "focus" => true);
SSO_AppendIPFields($contentopts, $sso_settings["sso_remote"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_remote"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_remote"]["enabled"] && $_REQUEST["action2"] == "enable") {
$sso_settings["sso_remote"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_remote"]["installed"] && $_REQUEST["action2"] == "install") {
if (isset($_REQUEST["install"])) {
if ($sso_db->TableExists($sso_db_sso_remote)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote . "' already exists.");
}
if ($sso_db->TableExists($sso_db_sso_remote_users)) {
BB_SetPageMessage("error", "The database table '" . $sso_db_sso_remote_users . "' already exists.");
}
if (BB_GetPageMessageType() != "error") {
try {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_remote, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "name" => array("STRING", 1, 75, "NOT NULL" => true), "remotekey" => array("STRING", 1, 64, "NOT NULL" => true), "apikey_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true), "info" => array("STRING", 3, "NOT NULL" => true)), array(array("UNIQUE", array("name"), "NAME" => $sso_db_sso_remote . "_name"), array("KEY", array("apikey_id"), "NAME" => $sso_db_sso_remote . "_apikey_id"))));
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote) . "'. " . $e->getMessage());
}
if (BB_GetPageMessageType() != "error") {
try {
$sso_db->Query("CREATE TABLE", array($sso_db_sso_remote_users, array("id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true, "PRIMARY KEY" => true, "AUTO INCREMENT" => true), "remote_id" => array("INTEGER", 8, "UNSIGNED" => true, "NOT NULL" => true), "user_id" => array("STRING", 1, 255, "NOT NULL" => true), "created" => array("DATETIME", "NOT NULL" => true)), array(array("UNIQUE", array("remote_id", "user_id"), "NAME" => $sso_db_sso_remote_users . "_remote_user_id"))));
$sso_settings["sso_remote"]["installed"] = true;
$sso_settings["sso_remote"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
SSO_ConfigRedirect("manageremotes", array(), "success", BB_Translate("Successfully installed the %s provider.", $this->DisplayName()));
}
} catch (Exception $e) {
BB_SetPageMessage("error", "Unable to create the database table '" . htmlspecialchars($sso_db_sso_remote_users) . "'. " . $e->getMessage());
}
}
}
}
$contentopts = array("desc" => BB_Translate("Install the %s provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_remote", "action2" => "install", "install" => "1"), "fields" => array(), "submit" => "Install", "focus" => true);
BB_GeneratePage(BB_Translate("Install %s", $this->DisplayName()), $sso_menuopts, $contentopts);
}
}
}
}
}
}
}
}
public function Config()
{
global $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields;
if ($sso_site_admin && $sso_settings["sso_ldap"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
$_REQUEST["server"] = trim($_REQUEST["server"]);
$_REQUEST["dn"] = trim($_REQUEST["dn"]);
if ($_REQUEST["server"] == "") {
BB_SetPageMessage("info", "The 'LDAP Server URL' field is empty.");
} else {
if ($_REQUEST["dn"] == "") {
BB_SetPageMessage("info", "The 'LDAP Distinguished Name' field is empty.");
} else {
if (!function_exists("ldap_connect")) {
BB_SetPageMessage("info", "The ldap_connect() function does not exist. LDAP won't work until the LDAP PHP extension is enabled.");
}
}
}
require_once SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/http.php";
$url = HTTP::ExtractURL($_REQUEST["server"]);
if ($url["scheme"] != "ldap") {
BB_SetPageMessage("error", "The 'LDAP Server URL' field has an invalid scheme.");
} else {
if ($url["host"] == "") {
BB_SetPageMessage("error", "The 'LDAP Server URL' field has an invalid host.");
}
}
$sso_settings["sso_ldap"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
$sso_settings["sso_ldap"]["server"] = $_REQUEST["server"];
$sso_settings["sso_ldap"]["dn"] = $_REQUEST["dn"];
$sso_settings["sso_ldap"]["map_username"] = SSO_IsField($_REQUEST["map_username"]) ? $_REQUEST["map_username"] : "";
$sso_settings["sso_ldap"]["remove_domain"] = $_REQUEST["remove_domain"] > 0;
$sso_settings["sso_ldap"]["map_custom"] = trim($_REQUEST["map_custom"]);
$sso_settings["sso_ldap"]["password"] = $_REQUEST["password"] > 0;
$sso_settings["sso_ldap"]["debug"] = $_REQUEST["debug"] > 0;
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider. This provider is intended to be used behind a firewall in a relatively trusted environment. Use the IP whitelist to control access to this provider.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_ldap", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "LDAP Server URL", "type" => "text", "name" => "server", "value" => BB_GetValue("server", $sso_settings["sso_ldap"]["server"]), "desc" => "The LDAP URL to a LDAP server. Should be in the format 'ldap://server[:port]/'. Default port is 389."), array("title" => "LDAP Distinguished Name", "type" => "text", "name" => "dn", "value" => BB_GetValue("dn", $sso_settings["sso_ldap"]["dn"]), "desc" => "The LDAP Distinguished Name (DN) pattern to use to check logins against and load user information. Should be in the format 'CN=@USERNAME@,OU=users,DC=somewhere,DC=com' or similar. The special string @USERNAME@ will be replaced with the username."), array("title" => "Map Username", "type" => "select", "name" => "map_username", "options" => $sso_select_fields, "select" => BB_GetValue("map_username", (string) $sso_settings["sso_ldap"]["map_username"]), "desc" => "The field in the SSO system to map the username to. Overrides any custom mapping."), array("title" => "Remove Domain", "type" => "select", "name" => "remove_domain", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("remove_domain", (string) (int) $sso_settings["sso_ldap"]["remove_domain"]), "desc" => "Remove domain prefix from the above mapped username. (e.g. 'NT\\username' becomes 'username')"), array("title" => "Custom Mapping", "type" => "textarea", "name" => "map_custom", "value" => BB_GetValue("map_custom", $sso_settings["sso_ldap"]["map_custom"]), "desc" => "The fields in the SSO system to map LDAP fields to. Format is 'ldapfield=ssofield'. One mapping per line. See 'Debugging Mode' below to turn on debugging to discover valid LDAP field names. See the 'Map Username' dropdown above for valid SSO field names."), array("title" => "Require Password", "type" => "select", "name" => "password", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("password", (string) (int) $sso_settings["sso_ldap"]["password"]), "desc" => "Require passwords to not be empty strings."), array("title" => "Debugging Mode", "type" => "select", "name" => "debug", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("debug", (string) (int) $sso_settings["sso_ldap"]["debug"]), "desc" => "Turn on debugging mode to get an idea of what LDAP fields are available for your LDAP server. When enabled and a login is successful, this will output the fields and data of the user, then output successfully mapped LDAP to SSO fields, and then exit.")), "submit" => "Save", "focus" => true);
SSO_AppendIPFields($contentopts, $sso_settings["sso_ldap"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_ldap"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_ldap"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_ldap"]["enabled"] && $_REQUEST["action2"] == "enable") {
if (!function_exists("ldap_connect")) {
BB_RedirectPage("error", "The ldap_connect() function does not exist. LDAP won't work until the LDAP PHP extension is enabled.");
}
$sso_settings["sso_ldap"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
}
}
}
}
function SSO_AppendIPFields(&$contentopts, $info, $full = false)
{
global $sso_select_fields;
$contentopts["fields"][] = "split";
if (!$full) {
$contentopts["fields"][] = array("title" => "Whitelist/Blacklist Options", "type" => "accordion");
}
$contentopts["fields"][] = array("title" => "Whitelist IP Address Patterns", "type" => "textarea", "height" => "250px", "name" => "sso_ipaddr__patterns", "value" => BB_GetValue("sso_ipaddr__patterns", $info["patterns"]), "desc" => "A whitelist of IP address patterns that allows access to " . ($full ? "the SSO server" : "this provider") . ". One pattern per line. (e.g. '10.0.0-15,17.*')");
if (!$full) {
$contentopts["fields"][] = array("title" => "Check Blacklists", "type" => "select", "name" => "sso_ipaddr__allchecks", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_ipaddr__allchecks", (string) (int) $info["allchecks"]), "desc" => "Check the blacklists below when a user selects this provider.");
}
$contentopts["fields"][] = array("title" => "DNSRBL - DNS Reverse Blacklists", "type" => "textarea", "height" => "250px", "name" => "sso_ipaddr__dnsrbl_lists", "value" => BB_GetValue("sso_ipaddr__dnsrbl_lists", $info["dnsrbl_lists"]), "htmldesc" => "Enter one or more DNSRBL entries ([website_url_of_dnsrbl|]domain[|required_response|alternate_response|...]). One entry per line.");
$contentopts["fields"][] = array("title" => "DNSRBL - Minimum Matches", "type" => "text", "name" => "sso_ipaddr__dnsrbl_mincount", "value" => BB_GetValue("sso_ipaddr__dnsrbl_mincount", $info["dnsrbl_mincount"]), "desc" => "The minimum number of blacklists an IP address has to be on in order to be denied access.");
$contentopts["fields"][] = array("title" => "GeoIP - IP Geolocation Blacklists", "type" => "textarea", "height" => "250px", "name" => "sso_ipaddr__geoip_lists", "value" => BB_GetValue("sso_ipaddr__geoip_lists", $info["geoip_lists"]), "htmldesc" => "Enter one or more geographic areas to blacklist with semi-colon separated key-value pairs (key=value[;key=value])." . ($full ? " Valid keys can be found below." : "") . " One entry per line. Example: 'city=Austin;region=TX' would ban any IP address that evaluated to Austin, TX." . (file_exists(SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/GeoLite2-City.mmdb") || file_exists(SSO_ROOT_PATH . "/" . SSO_SUPPORT_PATH . "/GeoIP2-City.mmdb") ? "" : " IP address to location requires the GeoIP2 City or <a href=\"http://dev.maxmind.com/geoip/geoip2/geolite2/\" target=\"_blank\">GeoLite2 City</a> database. This message will no longer appear when either database is correctly installed in the 'support' subdirectory."));
if ($full) {
$geoip_opts = SSO_GetGeoIPOpts();
foreach ($geoip_opts as $opt => $val) {
$contentopts["fields"][] = array("title" => "GeoIP - Map '" . $opt . "'", "type" => "select", "name" => "sso_ipaddr__geoip_map_" . $opt, "options" => $sso_select_fields, "select" => BB_GetValue("sso_ipaddr__geoip_map_" . $opt, (string) $info["geoip_map_" . $opt]), "desc" => "The field in the SSO system to map '" . $opt . "' to.");
}
$contentopts["fields"][] = array("title" => "IP Address Cache Length (Days)", "type" => "text", "name" => "sso_ipaddr__ip_cache_len", "value" => BB_GetValue("sso_ipaddr__ip_cache_len", $info["ip_cache_len"]), "desc" => "The length of time, in days, the results of queries against spam databases and other information for an IP address are cached. Used to avoid hitting query limits of most systems and improve performance.");
} else {
$contentopts["fields"][] = "endaccordion";
}
}
while ($row = $result->NextRow()) {
$ipaddr = IPAddr::NormalizeIP($row->ipaddr);
$info = unserialize($row->info);
$spammer = false;
if (isset($info["spaminfo"])) {
foreach ($sso_providers as $provider => &$instance) {
if (isset($info["spaminfo"][$provider]) && $info["spaminfo"][$provider]["spammer"]) {
$spammer = true;
}
}
}
$rows[] = array(htmlspecialchars($ipaddr["ipv4"] != "" ? $ipaddr["ipv4"] : $ipaddr["shortipv6"]), htmlspecialchars(BB_Translate($spammer ? "Yes" : "No")), BB_FormatTimestamp("M j, Y @ g:i A", CSDB::ConvertFromDBTime($row->created)), "<a href=\"" . BB_GetRequestURLBase() . "?action=viewipaddr&id=" . $row->id . "&sec_t=" . BB_CreateSecurityToken("viewipaddr") . "\">" . htmlspecialchars(BB_Translate("View")) . "</a>");
}
$table = array("title" => "Last 48 Hours", "type" => "table", "cols" => array("IP Address", "Spammer?", "Created", "Options"), "rows" => $rows, "desc" => "New IP addresses in the last 48 hours.");
}
$contentopts = array("desc" => "Manage the IP address cache.", "htmldesc" => $desc, "nonce" => "action", "hidden" => array("action" => "manageipcache"), "fields" => array($table, "split", array("title" => "Find IP Address", "type" => "text", "name" => "ipaddr", "value" => BB_GetValue("ipaddr", ""), "desc" => "Enter an IP address or IP address pattern to search for. (e.g. '10.0.0-15,17.*')")), "submit" => "Search", "focus" => false);
BB_GeneratePage("Manage IP Cache", $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && isset($_REQUEST["action"]) && $_REQUEST["action"] == "resetsessions") {
$sso_db->Query("TRUNCATE TABLE", array($sso_db_user_sessions));
$sso_db->Query("TRUNCATE TABLE", array($sso_db_temp_sessions));
BB_RedirectPage("success", "Successfully reset all sessions.");
} else {
$contentopts = array("desc" => "Pick an option from the menu.");
BB_GeneratePage("Home", $sso_menuopts, $contentopts);
}
}
}
}
}
}
public function Config(&$contentopts)
{
$info = $this->GetInfo();
$contentopts["fields"][] = array("title" => "Total Requests Interval", "type" => "text", "name" => "sso_ratelimit_system_interval", "value" => BB_GetValue("sso_ratelimit_system_interval", $info["system_interval"]), "desc" => "The interval, in seconds, over which requests to the Generic Login provider will be measured. Default is 86400 (1 day).");
$contentopts["fields"][] = array("title" => "Total Requests Per Interval", "type" => "text", "name" => "sso_ratelimit_system_requests", "value" => BB_GetValue("sso_ratelimit_system_requests", $info["system_requests"]), "desc" => "The number of requests to the Generic Login provider that may be made within the specified interval above from a single IP address. This includes AJAX callbacks. Default is 2880 (one request every 30 seconds).");
$contentopts["fields"][] = array("title" => "Login/Recovery Attempts Interval", "type" => "text", "name" => "sso_ratelimit_login_interval", "value" => BB_GetValue("sso_ratelimit_login_interval", $info["login_interval"]), "desc" => "The interval, in seconds, over which failed login and recovery attempts will be measured. Default is 900 (15 minutes).");
$contentopts["fields"][] = array("title" => "Login/Recovery Attempts Per Interval", "type" => "text", "name" => "sso_ratelimit_login_attempts", "value" => BB_GetValue("sso_ratelimit_login_attempts", $info["login_attempts"]), "desc" => "The number of failed login and recovery attempts that may be made within the specified interval above from a single IP address. Default is 20 (slightly more than one attempt per minute).");
$contentopts["fields"][] = array("title" => "Two-Factor Authentication Per Login Attempt", "type" => "text", "name" => "sso_ratelimit_two_factor_attempts", "value" => BB_GetValue("sso_ratelimit_two_factor_attempts", $info["two_factor_attempts"]), "desc" => "The number of failed two-factor authentication attempts that may be made before the user is required to sign in again. Default is 3.");
$contentopts["fields"][] = array("title" => "Registrations Interval", "type" => "text", "name" => "sso_ratelimit_register_interval", "value" => BB_GetValue("sso_ratelimit_register_interval", $info["register_interval"]), "desc" => "The interval, in seconds, over which new registrations will be measured. Default is 28800 (8 hours).");
$contentopts["fields"][] = array("title" => "Registrations Per Interval", "type" => "text", "name" => "sso_ratelimit_register_num", "value" => BB_GetValue("sso_ratelimit_register_num", $info["register_num"]), "desc" => "The number of new registrations that may be made within the specified interval above from a single IP address. Default is 1 (up to 3 registrations per day).");
}
public function Config()
{
global $sso_site_admin, $sso_settings, $sso_menuopts, $sso_select_fields, $sso_provider;
if ($sso_site_admin && $sso_settings["sso_google"]["enabled"] && $_REQUEST["action2"] == "config") {
if (isset($_REQUEST["configsave"])) {
$_REQUEST["client_id"] = trim($_REQUEST["client_id"]);
$_REQUEST["client_secret"] = trim($_REQUEST["client_secret"]);
if ($_REQUEST["client_id"] == "") {
BB_SetPageMessage("info", "The 'Google API Client ID' field is empty.");
} else {
if ($_REQUEST["client_secret"] == "") {
BB_SetPageMessage("info", "The 'Google API Client Secret' field is empty.");
}
}
$sso_settings["sso_google"]["iprestrict"] = SSO_ProcessIPFields();
if (BB_GetPageMessageType() != "error") {
$sso_settings["sso_google"]["client_id"] = $_REQUEST["client_id"];
$sso_settings["sso_google"]["client_secret"] = $_REQUEST["client_secret"];
foreach (self::$fieldmap as $key => $info) {
$sso_settings["sso_google"]["map_" . $key] = SSO_IsField($_REQUEST["map_" . $key]) ? $_REQUEST["map_" . $key] : "";
}
$sso_settings["sso_google"]["email_bad_domains"] = $_REQUEST["email_bad_domains"];
if (!SSO_SaveSettings()) {
BB_SetPageMessage("error", "Unable to save settings.");
} else {
if (BB_GetPageMessageType() == "info") {
SSO_ConfigRedirect("config", array(), "info", $_REQUEST["bb_msg"] . " " . BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
} else {
SSO_ConfigRedirect("config", array(), "success", BB_Translate("Successfully updated the %s provider configuration.", $this->DisplayName()));
}
}
}
}
$contentopts = array("desc" => BB_Translate("Configure the %s provider. Mapping additional fields that require extra permissions will significantly reduce the likelihood the user will sign in.", $this->DisplayName()), "nonce" => "action", "hidden" => array("action" => "config", "provider" => "sso_google", "action2" => "config", "configsave" => "1"), "fields" => array(array("title" => "Google API Redirect URI", "type" => "static", "value" => BB_GetRequestHost() . SSO_ROOT_URL . "/index.php?sso_provider=" . urlencode($sso_provider) . "&sso_google_action=signin", "htmldesc" => "<br />When you <a href=\"https://code.google.com/apis/console/\" target=\"_blank\">create a Google APIs Project OAuth 2.0 token</a>, use the above URL for the 'Authorized Redirect URI' under the advanced settings. OAuth 2.0 access can be set up under the 'API Access' tab of a Google APIs Project. This provider will not work without a correct Redirect URI."), array("title" => "Google API Client ID", "type" => "text", "name" => "client_id", "value" => BB_GetValue("client_id", $sso_settings["sso_google"]["client_id"]), "htmldesc" => "You get a Google API Client ID when you <a href=\"https://code.google.com/apis/console/\" target=\"_blank\">create a Google APIs Project OAuth 2.0 token</a>. OAuth 2.0 access can be set up under the 'API Access' tab of a Google APIs Project. This provider will not work without a Client ID."), array("title" => "Google API Client Secret", "type" => "text", "name" => "client_secret", "value" => BB_GetValue("client_secret", $sso_settings["sso_google"]["client_secret"]), "htmldesc" => "You get a Google API Client Secret when you <a href=\"https://code.google.com/apis/console/\" target=\"_blank\">create a Google APIs Project OAuth 2.0 token</a>. OAuth 2.0 access can be set up under the 'API Access' tab of a Google APIs Project. This provider will not work without a Client Secret.")), "submit" => "Save", "focus" => true);
foreach (self::$fieldmap as $key => $info) {
$contentopts["fields"][] = array("title" => BB_Translate("Map %s", $info["title"]), "type" => "select", "name" => "map_" . $key, "options" => $sso_select_fields, "select" => BB_GetValue("map_" . $key, (string) $sso_settings["sso_google"]["map_" . $key]), "desc" => $info["extra"] == "" ? BB_Translate("The field in the SSO system to map the %s to.%s", BB_Translate($info["desc"]), isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : "") : BB_Translate("The field in the SSO system to map the %s to. Mapping this field will request the '%s' permission from the user.%s", BB_Translate($info["desc"]), $info["extra"], isset($info["notes"]) ? " " . BB_Translate($info["notes"]) : ""));
}
$contentopts["fields"][] = array("title" => "E-mail Domain Blacklist", "type" => "textarea", "height" => "300px", "name" => "email_bad_domains", "value" => BB_GetValue("email_bad_domains", $sso_settings["sso_google"]["email_bad_domains"]), "desc" => "A blacklist of e-mail address domains that are not allowed to create accounts. One per line. E-mail Address must be mapped.");
SSO_AppendIPFields($contentopts, $sso_settings["sso_google"]["iprestrict"]);
BB_GeneratePage(BB_Translate("Configure %s", $this->DisplayName()), $sso_menuopts, $contentopts);
} else {
if ($sso_site_admin && $sso_settings["sso_google"]["enabled"] && $_REQUEST["action2"] == "disable") {
$sso_settings["sso_google"]["enabled"] = false;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully disabled the %s provider.", $this->DisplayName()));
}
} else {
if ($sso_site_admin && !$sso_settings["sso_google"]["enabled"] && $_REQUEST["action2"] == "enable") {
$sso_settings["sso_google"]["enabled"] = true;
if (!SSO_SaveSettings()) {
BB_RedirectPage("error", "Unable to save settings.");
} else {
BB_RedirectPage("success", BB_Translate("Successfully enabled the %s provider.", $this->DisplayName()));
}
}
}
}
}
public function Config(&$contentopts)
{
$info = $this->GetInfo();
$contentopts["fields"][] = array("title" => "Terms Of Service", "type" => "textarea", "height" => "300px", "name" => "sso_tos_terms", "value" => BB_GetValue("sso_tos_terms", $info["terms"]), "desc" => "The URL of your terms of service or the document's text itself.");
$contentopts["fields"][] = array("title" => "Privacy Policy", "type" => "textarea", "height" => "300px", "name" => "sso_tos_privacy", "value" => BB_GetValue("sso_tos_privacy", $info["privacy"]), "desc" => "The URL of your privacy policy or the document's text itself.");
}
public function Config(&$contentopts)
{
$info = $this->GetInfo();
$contentopts["fields"][] = array("title" => "Generate QR Codes", "type" => "select", "name" => "sso_google_authenticator_generate_qr_codes", "options" => array(1 => "Yes", 0 => "No"), "select" => BB_GetValue("sso_google_authenticator_generate_qr_codes", (string) (int) $info["generate_qr_codes"]), "desc" => "Displays a Google Authenticator compatible QR code to the user during sign up and account recovery.");
$contentopts["fields"][] = array("title" => "Clock Drift", "type" => "text", "name" => "sso_google_authenticator_clock_drift", "value" => BB_GetValue("sso_google_authenticator_clock_drift", (string) (int) $info["clock_drift"]), "desc" => "The amount of clock drift, in seconds, to allow for each authentication code. Range is 0 to 30. Default is 5.");
}
